rework epay callback validation
This commit is contained in:
parent
12d76f4330
commit
c1203db188
|
@ -17,3 +17,12 @@ def calculate_epay_hash(order, request):
|
|||
epay_hash = hashlib.md5(hashstring).hexdigest()
|
||||
return epay_hash
|
||||
|
||||
|
||||
def validate_epay_callback(query):
|
||||
hashstring = ''
|
||||
for key, value in query.iteritems():
|
||||
if key != 'hash':
|
||||
hashstring += value
|
||||
hash = hashlib.md5(hashstring).hexdigest()
|
||||
return hash == query['hash']
|
||||
|
||||
|
|
|
@ -23,7 +23,7 @@ from shop.models import (
|
|||
EpayCallback,
|
||||
)
|
||||
from .forms import AddToOrderForm
|
||||
from .epay import calculate_epay_hash
|
||||
from .epay import calculate_epay_hash, validate_epay_callback
|
||||
|
||||
|
||||
class EnsureUserOwnsOrderMixin(SingleObjectMixin):
|
||||
|
@ -279,8 +279,8 @@ class EpayCallbackView(View):
|
|||
)
|
||||
order = get_object_or_404(Order, pk=query.get('orderid'))
|
||||
|
||||
epay_hash = calculate_epay_hash(order, request)
|
||||
if not epay_hash == query.get('hash'):
|
||||
if not validate_epay_callback(query):
|
||||
print "bad epay callback!"
|
||||
return HttpResponse(status=400)
|
||||
|
||||
EpayPayment.objects.create(
|
||||
|
|
Loading…
Reference in a new issue