main.py 3.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384
  1. # Part of Odoo. See LICENSE file for full copyright and licensing details.
  2. import hmac
  3. import logging
  4. import pprint
  5. from werkzeug.exceptions import Forbidden
  6. from odoo import http
  7. from odoo.exceptions import ValidationError
  8. from odoo.http import request
  9. _logger = logging.getLogger(__name__)
  10. class FlutterwaveController(http.Controller):
  11. _return_url = '/payment/flutterwave/return'
  12. _webhook_url = '/payment/flutterwave/webhook'
  13. @http.route(_return_url, type='http', methods=['GET'], auth='public')
  14. def flutterwave_return_from_checkout(self, **data):
  15. """ Process the notification data sent by Flutterwave after redirection from checkout.
  16. :param dict data: The notification data.
  17. """
  18. _logger.info("Handling redirection from Flutterwave with data:\n%s", pprint.pformat(data))
  19. # Handle the notification data.
  20. if data.get('status') != 'cancelled':
  21. request.env['payment.transaction'].sudo()._handle_notification_data('flutterwave', data)
  22. else: # The customer cancelled the payment by clicking on the close button.
  23. pass # Don't try to process this case because the transaction id was not provided.
  24. # Redirect the user to the status page.
  25. return request.redirect('/payment/status')
  26. @http.route(_webhook_url, type='http', methods=['POST'], auth='public', csrf=False)
  27. def flutterwave_webhook(self):
  28. """ Process the notification data sent by Flutterwave to the webhook.
  29. :return: An empty string to acknowledge the notification.
  30. :rtype: str
  31. """
  32. data = request.get_json_data()
  33. _logger.info("Notification received from Flutterwave with data:\n%s", pprint.pformat(data))
  34. if data['event'] == 'charge.completed':
  35. try:
  36. # Check the origin of the notification.
  37. tx_sudo = request.env['payment.transaction'].sudo()._get_tx_from_notification_data(
  38. 'flutterwave', data['data']
  39. )
  40. signature = request.httprequest.headers.get('verif-hash')
  41. self._verify_notification_signature(signature, tx_sudo)
  42. # Handle the notification data.
  43. notification_data = data['data']
  44. tx_sudo._handle_notification_data('flutterwave', notification_data)
  45. except ValidationError: # Acknowledge the notification to avoid getting spammed.
  46. _logger.exception("Unable to handle the notification data; skipping to acknowledge")
  47. return request.make_json_response('')
  48. @staticmethod
  49. def _verify_notification_signature(received_signature, tx_sudo):
  50. """ Check that the received signature matches the expected one.
  51. :param dict received_signature: The signature received with the notification data.
  52. :param recordset tx_sudo: The sudoed transaction referenced by the notification data, as a
  53. `payment.transaction` record.
  54. :return: None
  55. :raise Forbidden: If the signatures don't match.
  56. """
  57. # Check for the received signature.
  58. if not received_signature:
  59. _logger.warning("Received notification with missing signature.")
  60. raise Forbidden()
  61. # Compare the received signature with the expected signature.
  62. expected_signature = tx_sudo.provider_id.flutterwave_webhook_secret
  63. if not hmac.compare_digest(received_signature, expected_signature):
  64. _logger.warning("Received notification with invalid signature.")
  65. raise Forbidden()