forked from dj-stripe/dj-stripe
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathviews.py
60 lines (46 loc) · 2.11 KB
/
views.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
"""
dj-stripe - Views related to the djstripe app.
"""
import logging
from django.http import HttpResponse, HttpResponseBadRequest
from django.shortcuts import get_object_or_404
from django.utils.decorators import method_decorator
from django.views.decorators.csrf import csrf_exempt
from django.views.generic import View
from .models import WebhookEndpoint, WebhookEventTrigger
logger = logging.getLogger(__name__)
@method_decorator(csrf_exempt, name="dispatch")
class ProcessWebhookView(View):
"""
A Stripe Webhook handler view.
This will create a WebhookEventTrigger instance, verify it,
then attempt to process it.
If the webhook cannot be verified, returns HTTP 400.
If an exception happens during processing, returns HTTP 500.
"""
def post(self, request, uuid=None):
# https://stripe.com/docs/webhooks/signatures
if "stripe-signature" not in request.headers:
# Do not even attempt to process/store the event if there is
# no signature in the headers so we avoid overfilling the db.
logger.error("HTTP_STRIPE_SIGNATURE is missing")
return HttpResponseBadRequest()
# uuid is passed for new-style webhook views only.
# old-style defaults to no account.
if uuid:
# If the UUID is invalid (does not exist), this will throw a 404.
# Note that this happens after the HTTP_STRIPE_SIGNATURE check on purpose.
webhook_endpoint = get_object_or_404(WebhookEndpoint, djstripe_uuid=uuid)
else:
webhook_endpoint = None
trigger = WebhookEventTrigger.from_request(
request, webhook_endpoint=webhook_endpoint
)
if trigger.is_test_event:
# Since we don't do signature verification, we have to skip trigger.valid
return HttpResponse("Test webhook successfully received and discarded!")
if not trigger.valid:
# Webhook Event did not validate, return 400
logger.error("Trigger object did not validate")
return HttpResponseBadRequest()
return HttpResponse(str(trigger.id))