def validate(self, api_key=None): """ The original contents of the Event message must be confirmed by refetching it and comparing the fetched data with the original data. This function makes an API call to Stripe to redownload the Event data and returns whether or not it matches the WebhookEventTrigger data. """ local_data = self.json_body if "id" not in local_data or "livemode" not in local_data: return False if self.is_test_event: logger.info("Test webhook received: {}".format(local_data)) return False if djstripe_settings.WEBHOOK_VALIDATION is None: # validation disabled return True elif ( djstripe_settings.WEBHOOK_VALIDATION == "verify_signature" and djstripe_settings.WEBHOOK_SECRET ): # HTTP headers are case-insensitive, but we store them as a dict. headers = CaseInsensitiveMapping(self.headers) try: stripe.WebhookSignature.verify_header( self.body, headers.get("stripe-signature"), djstripe_settings.WEBHOOK_SECRET, djstripe_settings.WEBHOOK_TOLERANCE, ) except stripe.error.SignatureVerificationError: return False else: return True livemode = local_data["livemode"] api_key = api_key or djstripe_settings.get_default_api_key(livemode) # Retrieve the event using the api_version specified in itself with stripe_temporary_api_version(local_data["api_version"], validate=False): remote_data = Event.stripe_class.retrieve( id=local_data["id"], api_key=api_key ) return local_data["data"] == remote_data["data"]
def __init__(self, data): """ Populate the initial data using __setitem__ to ensure values are correctly encoded. """ if not isinstance(data, Mapping): data = { k: v for k, v in CaseInsensitiveMapping._destruct_iterable_mapping_values(data) } self._store = {} for header, value in data.items(): self[header] = value
def test_str(self): dict1 = CaseInsensitiveMapping({'Accept': 'application/json'}) dict2 = CaseInsensitiveMapping({'content-type': 'text/html'}) self.assertEqual(str(dict1), str({'Accept': 'application/json'})) self.assertEqual(str(dict2), str({'content-type': 'text/html'}))
def test_create_with_invalid_key(self): msg = 'Element key 1 invalid, only strings are allowed' with self.assertRaisesMessage(ValueError, msg): CaseInsensitiveMapping([(1, '2')])
def test_create_with_invalid_values(self): msg = 'dictionary update sequence element #1 has length 4; 2 is required' with self.assertRaisesMessage(ValueError, msg): CaseInsensitiveMapping([('Key1', 'Val1'), 'Key2'])
def setUp(self): self.dict1 = CaseInsensitiveMapping({ 'Accept': 'application/json', 'content-type': 'text/html', })
class CaseInsensitiveMappingTests(SimpleTestCase): def setUp(self): self.dict1 = CaseInsensitiveMapping({ 'Accept': 'application/json', 'content-type': 'text/html', }) def test_create_with_invalid_values(self): msg = 'dictionary update sequence element #1 has length 4; 2 is required' with self.assertRaisesMessage(ValueError, msg): CaseInsensitiveMapping([('Key1', 'Val1'), 'Key2']) def test_create_with_invalid_key(self): msg = 'Element key 1 invalid, only strings are allowed' with self.assertRaisesMessage(ValueError, msg): CaseInsensitiveMapping([(1, '2')]) def test_list(self): self.assertEqual(list(self.dict1), ['Accept', 'content-type']) def test_dict(self): self.assertEqual(dict(self.dict1), {'Accept': 'application/json', 'content-type': 'text/html'}) def test_repr(self): dict1 = CaseInsensitiveMapping({'Accept': 'application/json'}) dict2 = CaseInsensitiveMapping({'content-type': 'text/html'}) self.assertEqual(repr(dict1), repr({'Accept': 'application/json'})) self.assertEqual(repr(dict2), repr({'content-type': 'text/html'})) def test_str(self): dict1 = CaseInsensitiveMapping({'Accept': 'application/json'}) dict2 = CaseInsensitiveMapping({'content-type': 'text/html'}) self.assertEqual(str(dict1), str({'Accept': 'application/json'})) self.assertEqual(str(dict2), str({'content-type': 'text/html'})) def test_equal(self): self.assertEqual(self.dict1, {'Accept': 'application/json', 'content-type': 'text/html'}) self.assertNotEqual(self.dict1, {'accept': 'application/jso', 'Content-Type': 'text/html'}) self.assertNotEqual(self.dict1, 'string') def test_items(self): other = {'Accept': 'application/json', 'content-type': 'text/html'} self.assertEqual(sorted(self.dict1.items()), sorted(other.items())) def test_copy(self): copy = self.dict1.copy() self.assertIs(copy, self.dict1) self.assertEqual(copy, self.dict1) def test_getitem(self): self.assertEqual(self.dict1['Accept'], 'application/json') self.assertEqual(self.dict1['accept'], 'application/json') self.assertEqual(self.dict1['aCCept'], 'application/json') self.assertEqual(self.dict1['content-type'], 'text/html') self.assertEqual(self.dict1['Content-Type'], 'text/html') self.assertEqual(self.dict1['Content-type'], 'text/html') def test_in(self): self.assertIn('Accept', self.dict1) self.assertIn('accept', self.dict1) self.assertIn('aCCept', self.dict1) self.assertIn('content-type', self.dict1) self.assertIn('Content-Type', self.dict1) def test_del(self): self.assertIn('Accept', self.dict1) msg = "'CaseInsensitiveMapping' object does not support item deletion" with self.assertRaisesMessage(TypeError, msg): del self.dict1['Accept'] self.assertIn('Accept', self.dict1) def test_set(self): self.assertEqual(len(self.dict1), 2) msg = "'CaseInsensitiveMapping' object does not support item assignment" with self.assertRaisesMessage(TypeError, msg): self.dict1['New Key'] = 1 self.assertEqual(len(self.dict1), 2)
def test_str(self): dict1 = CaseInsensitiveMapping({"Accept": "application/json"}) dict2 = CaseInsensitiveMapping({"content-type": "text/html"}) self.assertEqual(str(dict1), str({"Accept": "application/json"})) self.assertEqual(str(dict2), str({"content-type": "text/html"}))
def test_create_with_invalid_values(self): msg = "dictionary update sequence element #1 has length 4; 2 is required" with self.assertRaisesMessage(ValueError, msg): CaseInsensitiveMapping([("Key1", "Val1"), "Key2"])
def setUp(self): self.dict1 = CaseInsensitiveMapping({ "Accept": "application/json", "content-type": "text/html", })
class CaseInsensitiveMappingTests(SimpleTestCase): def setUp(self): self.dict1 = CaseInsensitiveMapping({ "Accept": "application/json", "content-type": "text/html", }) def test_create_with_invalid_values(self): msg = "dictionary update sequence element #1 has length 4; 2 is required" with self.assertRaisesMessage(ValueError, msg): CaseInsensitiveMapping([("Key1", "Val1"), "Key2"]) def test_create_with_invalid_key(self): msg = "Element key 1 invalid, only strings are allowed" with self.assertRaisesMessage(ValueError, msg): CaseInsensitiveMapping([(1, "2")]) def test_list(self): self.assertEqual(list(self.dict1), ["Accept", "content-type"]) def test_dict(self): self.assertEqual( dict(self.dict1), { "Accept": "application/json", "content-type": "text/html" }, ) def test_repr(self): dict1 = CaseInsensitiveMapping({"Accept": "application/json"}) dict2 = CaseInsensitiveMapping({"content-type": "text/html"}) self.assertEqual(repr(dict1), repr({"Accept": "application/json"})) self.assertEqual(repr(dict2), repr({"content-type": "text/html"})) def test_str(self): dict1 = CaseInsensitiveMapping({"Accept": "application/json"}) dict2 = CaseInsensitiveMapping({"content-type": "text/html"}) self.assertEqual(str(dict1), str({"Accept": "application/json"})) self.assertEqual(str(dict2), str({"content-type": "text/html"})) def test_equal(self): self.assertEqual(self.dict1, { "Accept": "application/json", "content-type": "text/html" }) self.assertNotEqual(self.dict1, { "accept": "application/jso", "Content-Type": "text/html" }) self.assertNotEqual(self.dict1, "string") def test_items(self): other = {"Accept": "application/json", "content-type": "text/html"} self.assertEqual(sorted(self.dict1.items()), sorted(other.items())) def test_copy(self): copy = self.dict1.copy() self.assertIs(copy, self.dict1) self.assertEqual(copy, self.dict1) def test_getitem(self): self.assertEqual(self.dict1["Accept"], "application/json") self.assertEqual(self.dict1["accept"], "application/json") self.assertEqual(self.dict1["aCCept"], "application/json") self.assertEqual(self.dict1["content-type"], "text/html") self.assertEqual(self.dict1["Content-Type"], "text/html") self.assertEqual(self.dict1["Content-type"], "text/html") def test_in(self): self.assertIn("Accept", self.dict1) self.assertIn("accept", self.dict1) self.assertIn("aCCept", self.dict1) self.assertIn("content-type", self.dict1) self.assertIn("Content-Type", self.dict1) def test_del(self): self.assertIn("Accept", self.dict1) msg = "'CaseInsensitiveMapping' object does not support item deletion" with self.assertRaisesMessage(TypeError, msg): del self.dict1["Accept"] self.assertIn("Accept", self.dict1) def test_set(self): self.assertEqual(len(self.dict1), 2) msg = "'CaseInsensitiveMapping' object does not support item assignment" with self.assertRaisesMessage(TypeError, msg): self.dict1["New Key"] = 1 self.assertEqual(len(self.dict1), 2)
def validate( self, api_key: str = None, secret: str = djstripe_settings.WEBHOOK_SECRET, tolerance: int = djstripe_settings.WEBHOOK_TOLERANCE, validation_method=djstripe_settings.WEBHOOK_VALIDATION, ): """ The original contents of the Event message must be confirmed by refetching it and comparing the fetched data with the original data. This function makes an API call to Stripe to redownload the Event data and returns whether or not it matches the WebhookEventTrigger data. """ local_data = self.json_body if "id" not in local_data or "livemode" not in local_data: logger.error( '"id" not in json body or "livemode" not in json body(%s)', local_data) return False if self.is_test_event: logger.info( "Test webhook received and discarded: {}".format(local_data)) return False if validation_method is None: # validation disabled warnings.warn("WEBHOOK VALIDATION is disabled.") return True elif validation_method == "verify_signature": if not secret: raise ValueError( "Cannot verify event signature without a secret") # HTTP headers are case-insensitive, but we store them as a dict. headers = CaseInsensitiveMapping(self.headers) signature = headers.get("stripe-signature") local_cli_signing_secret = headers.get("x-djstripe-webhook-secret") try: # check if the x-djstripe-webhook-secret Custom Header exists if local_cli_signing_secret: # Set Endpoint Signing Secret to the output of Stripe CLI # for signature verification secret = local_cli_signing_secret stripe.WebhookSignature.verify_header(self.body, signature, secret, tolerance) except stripe.error.SignatureVerificationError: logger.exception("Failed to verify header") return False else: return True livemode = local_data["livemode"] api_key = api_key or djstripe_settings.get_default_api_key(livemode) # Retrieve the event using the api_version specified in itself with stripe_temporary_api_version(local_data["api_version"], validate=False): remote_data = Event.stripe_class.retrieve(id=local_data["id"], api_key=api_key) return local_data["data"] == remote_data["data"]