zulip/corporate/views/webhook.py

import json
import logging

import stripe
from django.conf import settings
from django.contrib.contenttypes.models import ContentType
from django.http import HttpRequest, HttpResponse
from django.views.decorators.csrf import csrf_exempt

from corporate.lib.stripe import STRIPE_API_VERSION
from corporate.lib.stripe_event_handler import (
    handle_checkout_session_completed_event,
    handle_payment_intent_payment_failed_event,
    handle_payment_intent_succeeded_event,
)
from corporate.models import Event, PaymentIntent, Session
from zproject.config import get_secret

billing_logger = logging.getLogger("corporate.stripe")


@csrf_exempt
def stripe_webhook(request: HttpRequest) -> HttpResponse:
    stripe_webhook_endpoint_secret = get_secret("stripe_webhook_endpoint_secret", "")
    if (
        stripe_webhook_endpoint_secret and not settings.TEST_SUITE
    ):  # nocoverage: We can't verify the signature in test suite since we fetch the events
        # from Stripe events API and manually post to the webhook endpoint.
        try:
            stripe_event = stripe.Webhook.construct_event(
                request.body,
                request.headers["Stripe-Signature"],
                stripe_webhook_endpoint_secret,
            )
        except ValueError:
            return HttpResponse(status=400)
        except stripe.error.SignatureVerificationError:
            return HttpResponse(status=400)
    else:
        assert not settings.PRODUCTION
        try:
            stripe_event = stripe.Event.construct_from(json.loads(request.body), stripe.api_key)
        except Exception:
            return HttpResponse(status=400)

    if stripe_event.api_version != STRIPE_API_VERSION:
        error_message = f"Mismatch between billing system Stripe API version({STRIPE_API_VERSION}) and Stripe webhook event API version({stripe_event.api_version})."
        billing_logger.error(error_message)
        return HttpResponse(status=400)

    if stripe_event.type not in [
        "checkout.session.completed",
        "payment_intent.succeeded",
        "payment_intent.payment_failed",
    ]:
        return HttpResponse(status=200)

    if Event.objects.filter(stripe_event_id=stripe_event.id).exists():
        return HttpResponse(status=200)

    event = Event(stripe_event_id=stripe_event.id, type=stripe_event.type)

    if stripe_event.type == "checkout.session.completed":
        stripe_session = stripe_event.data.object
        assert isinstance(stripe_session, stripe.checkout.Session)
        try:
            session = Session.objects.get(stripe_session_id=stripe_session.id)
        except Session.DoesNotExist:
            return HttpResponse(status=200)
        event.content_type = ContentType.objects.get_for_model(Session)
        event.object_id = session.id
        event.save()
        handle_checkout_session_completed_event(stripe_session, event)
    elif stripe_event.type == "payment_intent.succeeded":
        stripe_payment_intent = stripe_event.data.object
        assert isinstance(stripe_payment_intent, stripe.PaymentIntent)
        try:
            payment_intent = PaymentIntent.objects.get(
                stripe_payment_intent_id=stripe_payment_intent.id
            )
        except PaymentIntent.DoesNotExist:
            # PaymentIntent that was not manually created from the billing system.
            # Could be an Invoice getting paid which is not an event we are interested in.
            return HttpResponse(status=200)
        event.content_type = ContentType.objects.get_for_model(PaymentIntent)
        event.object_id = payment_intent.id
        event.save()
        handle_payment_intent_succeeded_event(stripe_payment_intent, event)
    elif stripe_event.type == "payment_intent.payment_failed":
        stripe_payment_intent = stripe_event.data.object
        try:
            assert isinstance(stripe_payment_intent, stripe.PaymentIntent)
            payment_intent = PaymentIntent.objects.get(
                stripe_payment_intent_id=stripe_payment_intent.id
            )
        except PaymentIntent.DoesNotExist:
            # PaymentIntent that was not manually created from the billing system.
            # Could be an Invoice getting paid which is not an event we are interested in.
            return HttpResponse(status=200)
        event.content_type = ContentType.objects.get_for_model(PaymentIntent)
        event.object_id = payment_intent.id
        event.save()
        handle_payment_intent_payment_failed_event(stripe_payment_intent, event)
    return HttpResponse(status=200)
billing: Migrate to Stripe hosted checkout page. 2021-08-29 15:33:29 +02:00			`import json`
			`import logging`

			`import stripe`
			`from django.conf import settings`
			`from django.contrib.contenttypes.models import ContentType`
			`from django.http import HttpRequest, HttpResponse`
			`from django.views.decorators.csrf import csrf_exempt`

billing: Enforce the Stripe API version is in sync with billing system. 2021-09-07 17:53:27 +02:00			`from corporate.lib.stripe import STRIPE_API_VERSION`
billing: Migrate to Stripe hosted checkout page. 2021-08-29 15:33:29 +02:00			`from corporate.lib.stripe_event_handler import (`
			`handle_checkout_session_completed_event,`
			`handle_payment_intent_payment_failed_event,`
			`handle_payment_intent_succeeded_event,`
			`)`
			`from corporate.models import Event, PaymentIntent, Session`
			`from zproject.config import get_secret`

			`billing_logger = logging.getLogger("corporate.stripe")`


			`@csrf_exempt`
			`def stripe_webhook(request: HttpRequest) -> HttpResponse:`
			`stripe_webhook_endpoint_secret = get_secret("stripe_webhook_endpoint_secret", "")`
			`if (`
			`stripe_webhook_endpoint_secret and not settings.TEST_SUITE`
			`): # nocoverage: We can't verify the signature in test suite since we fetch the events`
			`# from Stripe events API and manually post to the webhook endpoint.`
			`try:`
			`stripe_event = stripe.Webhook.construct_event(`
			`request.body,`
webhook: Do not allow None default for headers. Signed-off-by: Zixuan James Li <p359101898@gmail.com> 2022-07-06 21:49:29 +02:00			`request.headers["Stripe-Signature"],`
billing: Migrate to Stripe hosted checkout page. 2021-08-29 15:33:29 +02:00			`stripe_webhook_endpoint_secret,`
			`)`
			`except ValueError:`
			`return HttpResponse(status=400)`
			`except stripe.error.SignatureVerificationError:`
			`return HttpResponse(status=400)`
			`else:`
			`assert not settings.PRODUCTION`
			`try:`
			`stripe_event = stripe.Event.construct_from(json.loads(request.body), stripe.api_key)`
			`except Exception:`
			`return HttpResponse(status=400)`

billing: Enforce the Stripe API version is in sync with billing system. 2021-09-07 17:53:27 +02:00			`if stripe_event.api_version != STRIPE_API_VERSION:`
			`error_message = f"Mismatch between billing system Stripe API version({STRIPE_API_VERSION}) and Stripe webhook event API version({stripe_event.api_version})."`
			`billing_logger.error(error_message)`
			`return HttpResponse(status=400)`

billing: Migrate to Stripe hosted checkout page. 2021-08-29 15:33:29 +02:00			`if stripe_event.type not in [`
			`"checkout.session.completed",`
			`"payment_intent.succeeded",`
			`"payment_intent.payment_failed",`
			`]:`
			`return HttpResponse(status=200)`

			`if Event.objects.filter(stripe_event_id=stripe_event.id).exists():`
			`return HttpResponse(status=200)`

			`event = Event(stripe_event_id=stripe_event.id, type=stripe_event.type)`

			`if stripe_event.type == "checkout.session.completed":`
			`stripe_session = stripe_event.data.object`
			`assert isinstance(stripe_session, stripe.checkout.Session)`
			`try:`
			`session = Session.objects.get(stripe_session_id=stripe_session.id)`
			`except Session.DoesNotExist:`
			`return HttpResponse(status=200)`
			`event.content_type = ContentType.objects.get_for_model(Session)`
			`event.object_id = session.id`
			`event.save()`
			`handle_checkout_session_completed_event(stripe_session, event)`
			`elif stripe_event.type == "payment_intent.succeeded":`
			`stripe_payment_intent = stripe_event.data.object`
			`assert isinstance(stripe_payment_intent, stripe.PaymentIntent)`
			`try:`
			`payment_intent = PaymentIntent.objects.get(`
			`stripe_payment_intent_id=stripe_payment_intent.id`
			`)`
			`except PaymentIntent.DoesNotExist:`
			`# PaymentIntent that was not manually created from the billing system.`
docs: Fix many spelling mistakes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2022-02-08 00:13:33 +01:00			`# Could be an Invoice getting paid which is not an event we are interested in.`
billing: Migrate to Stripe hosted checkout page. 2021-08-29 15:33:29 +02:00			`return HttpResponse(status=200)`
			`event.content_type = ContentType.objects.get_for_model(PaymentIntent)`
			`event.object_id = payment_intent.id`
			`event.save()`
			`handle_payment_intent_succeeded_event(stripe_payment_intent, event)`
			`elif stripe_event.type == "payment_intent.payment_failed":`
			`stripe_payment_intent = stripe_event.data.object`
			`try:`
			`assert isinstance(stripe_payment_intent, stripe.PaymentIntent)`
			`payment_intent = PaymentIntent.objects.get(`
			`stripe_payment_intent_id=stripe_payment_intent.id`
			`)`
			`except PaymentIntent.DoesNotExist:`
			`# PaymentIntent that was not manually created from the billing system.`
docs: Fix many spelling mistakes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2022-02-08 00:13:33 +01:00			`# Could be an Invoice getting paid which is not an event we are interested in.`
billing: Migrate to Stripe hosted checkout page. 2021-08-29 15:33:29 +02:00			`return HttpResponse(status=200)`
			`event.content_type = ContentType.objects.get_for_model(PaymentIntent)`
			`event.object_id = payment_intent.id`
			`event.save()`
			`handle_payment_intent_payment_failed_event(stripe_payment_intent, event)`
			`return HttpResponse(status=200)`