rework epay callback validation

This commit is contained in:
Thomas Steen Rasmussen 2016-05-17 07:42:31 +02:00
parent 12d76f4330
commit c1203db188
2 changed files with 12 additions and 3 deletions

View file

@ -17,3 +17,12 @@ def calculate_epay_hash(order, request):
epay_hash = hashlib.md5(hashstring).hexdigest()
return epay_hash
def validate_epay_callback(query):
hashstring = ''
for key, value in query.iteritems():
if key != 'hash':
hashstring += value
hash = hashlib.md5(hashstring).hexdigest()
return hash == query['hash']

View file

@ -23,7 +23,7 @@ from shop.models import (
EpayCallback,
)
from .forms import AddToOrderForm
from .epay import calculate_epay_hash
from .epay import calculate_epay_hash, validate_epay_callback
class EnsureUserOwnsOrderMixin(SingleObjectMixin):
@ -279,8 +279,8 @@ class EpayCallbackView(View):
)
order = get_object_or_404(Order, pk=query.get('orderid'))
epay_hash = calculate_epay_hash(order, request)
if not epay_hash == query.get('hash'):
if not validate_epay_callback(query):
print "bad epay callback!"
return HttpResponse(status=400)
EpayPayment.objects.create(