Verify Stripe callbacks

This commit is contained in:
Mark Veidemanis 2022-07-21 13:48:56 +01:00
parent c14c94f6f6
commit ae8da03c3c
Signed by: m
GPG Key ID: 5ACFCEED46C0904F
1 changed files with 17 additions and 1 deletions

View File

@ -4,10 +4,11 @@ from datetime import datetime
import stripe import stripe
from django.conf import settings from django.conf import settings
from django.contrib.auth.mixins import LoginRequiredMixin from django.contrib.auth.mixins import LoginRequiredMixin
from django.http import JsonResponse from django.http import HttpResponse, JsonResponse
from django.shortcuts import redirect, render from django.shortcuts import redirect, render
from django.urls import reverse, reverse_lazy from django.urls import reverse, reverse_lazy
from django.views import View from django.views import View
from django.views.decorators.csrf import csrf_exempt
from django.views.generic.edit import CreateView from django.views.generic.edit import CreateView
from rest_framework.parsers import JSONParser from rest_framework.parsers import JSONParser
from rest_framework.views import APIView from rest_framework.views import APIView
@ -74,7 +75,22 @@ class Portal(LoginRequiredMixin, View):
class Callback(APIView): class Callback(APIView):
parser_classes = [JSONParser] parser_classes = [JSONParser]
@csrf_exempt
def post(self, request): def post(self, request):
payload = request.body
sig_header = request.META["HTTP_STRIPE_SIGNATURE"]
try:
stripe.Webhook.construct_event(
payload, sig_header, settings.STRIPE_ENDPOINT_SECRET
)
except ValueError:
# Invalid payload
return HttpResponse(status=400)
except stripe.error.SignatureVerificationError:
# Invalid signature
return HttpResponse(status=400)
pp.pprint(request.data) pp.pprint(request.data)
if request.data is None: if request.data is None:
return JsonResponse({"success": False}, status=500) return JsonResponse({"success": False}, status=500)