Mirror
/
app-MAIL-temp
mirror of https://github.com/simple-login/app.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

return 400 in paddle callback if verification fails

This commit is contained in:
Son NK 2019-12-14 21:19:46 +02:00
parent eba9e889bf
commit fd5b4f91f9
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
server.py
View File

@ -10,6 +10,7 @@ from flask_debugtoolbar import DebugToolbarExtension
from flask_login import current_user
from sentry_sdk.integrations.flask import FlaskIntegration
from app import paddle_utils
from app.admin_model import SLModelView, SLAdminIndexView
from app.api.base import api_bp
from app.auth.base import auth_bp
@ -277,7 +278,13 @@ def setup_paddle_callback(app: Flask):
request.form.get("subscription_id"),
request.form.get("subscription_plan_id"),
)
LOG.debug("paddle full request %s", request.form)
# make sure the request comes from Paddle
if not paddle_utils.verify_incoming_request(dict(request.form)):
LOG.error(
"request not coming from paddle. Request data:%s", dict(request.form)
)
return "KO", 400
if (
request.form.get("alert_name") == "subscription_created"