Verify Stripe callbacks

This commit is contained in:
Mark Veidemanis 2022-07-21 13:48:56 +01:00
parent c14c94f6f6
commit ae8da03c3c
Signed by: m
GPG Key ID: 5ACFCEED46C0904F
1 changed files with 17 additions and 1 deletions

View File

@ -4,10 +4,11 @@ from datetime import datetime
import stripe
from django.conf import settings
from django.contrib.auth.mixins import LoginRequiredMixin
from django.http import JsonResponse
from django.http import HttpResponse, JsonResponse
from django.shortcuts import redirect, render
from django.urls import reverse, reverse_lazy
from django.views import View
from django.views.decorators.csrf import csrf_exempt
from django.views.generic.edit import CreateView
from rest_framework.parsers import JSONParser
from rest_framework.views import APIView
@ -74,7 +75,22 @@ class Portal(LoginRequiredMixin, View):
class Callback(APIView):
parser_classes = [JSONParser]
@csrf_exempt
def post(self, request):
payload = request.body
sig_header = request.META["HTTP_STRIPE_SIGNATURE"]
try:
stripe.Webhook.construct_event(
payload, sig_header, settings.STRIPE_ENDPOINT_SECRET
)
except ValueError:
# Invalid payload
return HttpResponse(status=400)
except stripe.error.SignatureVerificationError:
# Invalid signature
return HttpResponse(status=400)
pp.pprint(request.data)
if request.data is None:
return JsonResponse({"success": False}, status=500)