rework epay callback validation

2016-05-17 07:42:31 +02:00 · 2016-05-17 07:42:31 +02:00 · c1203db188
parent 12d76f4330
commit c1203db188
2 changed files with 12 additions and 3 deletions
--- a/shop/epay.py
+++ b/shop/epay.py
@ -17,3 +17,12 @@ def calculate_epay_hash(order, request):
    epay_hash = hashlib.md5(hashstring).hexdigest()
    return epay_hash

+
+def validate_epay_callback(query):
+    hashstring = ''
+    for key, value in query.iteritems():
+        if key != 'hash':
+            hashstring += value
+    hash = hashlib.md5(hashstring).hexdigest()
+    return hash == query['hash']
+
--- a/shop/views.py
+++ b/shop/views.py
@ -23,7 +23,7 @@ from shop.models import (
    EpayCallback,
 )
 from .forms import AddToOrderForm
-from .epay import calculate_epay_hash
+from .epay import calculate_epay_hash, validate_epay_callback


 class EnsureUserOwnsOrderMixin(SingleObjectMixin):
@ -279,8 +279,8 @@ class EpayCallbackView(View):
            )
            order = get_object_or_404(Order, pk=query.get('orderid'))

-            epay_hash = calculate_epay_hash(order, request)
-            if not epay_hash == query.get('hash'):
+            if not validate_epay_callback(query):
+                print "bad epay callback!"
                return HttpResponse(status=400)

            EpayPayment.objects.create(