def postback(request): """Verify signature from BlueVia and set contribution to paid.""" result = client.verify_bluevia_jwt(request.raw_post_data) if not result['valid']: ip = (request.META.get('HTTP_X_FORWARDED_FOR', '') or request.META.get('REMOTE_ADDR', '')) if not ip: ip = '(unknown)' log.info('Received invalid bluevia postback from IP %s' % ip) return http.HttpResponseBadRequest('invalid request') data = jwt.decode(request.raw_post_data, verify=False) # TODO(Kumar) verify all JWT dict keys and values. bug 776646. product_data = urlparse.parse_qs(data['request']['productData']) cn = get_object_or_404(Contribution, uuid=product_data['contrib_uuid'][0]) cn.update(type=amo.CONTRIB_PURCHASE) # TODO(Kumar) notify dev via default postback URL. bug 776646. trans_id = data['response']['transactionID'] return http.HttpResponse(trans_id)
def postback(request): """Verify signature from BlueVia and set contribution to paid.""" signed_jwt = request.raw_post_data if waffle.flag_is_active(request, 'solitude-payments'): result = client.verify_bluevia_jwt(signed_jwt) else: result = verify_bluevia_jwt(signed_jwt) if not result['valid']: ip = (request.META.get('HTTP_X_FORWARDED_FOR', '') or request.META.get('REMOTE_ADDR', '')) if not ip: ip = '(unknown)' log.info('Received invalid bluevia postback from IP %s' % ip) return http.HttpResponseBadRequest('invalid request') # From here on, let all exceptions raise. The JWT comes from BlueVia # so if anything fails we want to know ASAP. data = jwt.decode(signed_jwt, verify=False) verify_claims(data) iss, aud, product_data, trans_id = verify_keys(data, ('iss', 'aud', 'request.productData', 'response.transactionID')) log.info('received BlueVia postback JWT: iss:%s aud:%s ' 'trans_id:%s product_data:%s' % (iss, aud, trans_id, product_data)) pd = urlparse.parse_qs(product_data) contrib_uuid = pd['contrib_uuid'][0] try: contrib = Contribution.objects.get(uuid=contrib_uuid) except Contribution.DoesNotExist: etype, val, tb = sys.exc_info() raise LookupError('BlueVia JWT (iss:%s, aud:%s) for trans_id %s ' 'links to contrib %s which doesn\'t exist' % (iss, aud, trans_id, contrib_uuid)), None, tb contrib.update(type=amo.CONTRIB_PURCHASE, bluevia_transaction_id=trans_id) tasks.purchase_notify.delay(signed_jwt, contrib.pk) return http.HttpResponse(trans_id)