# Webhooks for external integrations. import time from typing import Dict, Optional, Sequence, Tuple from django.http import HttpRequest, HttpResponse from zerver.decorator import webhook_view from zerver.lib.exceptions import UnsupportedWebhookEventType from zerver.lib.request import REQ, has_request_variables from zerver.lib.response import json_success from zerver.lib.timestamp import timestamp_to_datetime from zerver.lib.validator import ( WildValue, check_anything, check_bool, check_int, check_none_or, check_string, to_wild_value, ) from zerver.lib.webhooks.common import check_send_webhook_message from zerver.models import UserProfile class SuppressedEvent(Exception): pass class NotImplementedEventType(SuppressedEvent): pass ALL_EVENT_TYPES = [ "charge.dispute.closed", "charge.dispute.created", "charge.failed", "charge.succeeded", "charge.succeeded", "customer.created", "customer.created", "customer.deleted", "customer.discount.created", "customer.subscription.created", "customer.subscription.deleted", "customer.subscription.trial_will_end", "customer.subscription.updated", "customer.updated", "invoice.created", "invoice.updated", "invoice.payment_failed", "invoiceitem.created", "charge.refund.updated", "charge.refund.updated", ] @webhook_view("Stripe", all_event_types=ALL_EVENT_TYPES) @has_request_variables def api_stripe_webhook( request: HttpRequest, user_profile: UserProfile, payload: WildValue = REQ(argument_type="body", converter=to_wild_value), stream: str = REQ(default="test"), ) -> HttpResponse: try: topic, body = topic_and_body(payload) except SuppressedEvent: # nocoverage return json_success(request) check_send_webhook_message( request, user_profile, topic, body, payload["type"].tame(check_string) ) return json_success(request) def topic_and_body(payload: WildValue) -> Tuple[str, str]: event_type = payload["type"].tame( check_string ) # invoice.created, customer.subscription.created, etc if len(event_type.split(".")) == 3: category, resource, event = event_type.split(".") else: resource, event = event_type.split(".") category = resource object_ = payload["data"]["object"] # The full, updated Stripe object # Set the topic to the customer_id when we can topic = "" customer_id = object_.get("customer").tame(check_none_or(check_string)) if customer_id is not None: # Running into the 60 character topic limit. # topic = '[{}](https://dashboard.stripe.com/customers/{})' % (customer_id, customer_id) topic = customer_id body = None def update_string(blacklist: Sequence[str] = []) -> str: assert "previous_attributes" in payload["data"] previous_attributes = { key: value for key, value in payload["data"]["previous_attributes"].items() if key not in blacklist } if not previous_attributes: # nocoverage raise SuppressedEvent() return "".join( "\n* " + attribute.replace("_", " ").capitalize() + " is now " + stringify(object_[attribute].tame(check_anything)) for attribute in sorted(previous_attributes.keys()) ) def default_body(update_blacklist: Sequence[str] = []) -> str: body = "{resource} {verbed}".format( resource=linkified_id(object_["id"].tame(check_string)), verbed=event.replace("_", " ") ) if event == "updated": return body + update_string(blacklist=update_blacklist) return body if category == "account": # nocoverage if resource == "account": if event == "updated": if "previous_attributes" not in payload["data"]: raise SuppressedEvent() topic = "account updates" body = update_string() else: # Part of Stripe Connect raise NotImplementedEventType() if category == "application_fee": # nocoverage # Part of Stripe Connect raise NotImplementedEventType() if category == "balance": # nocoverage # Not that interesting to most businesses, I think raise NotImplementedEventType() if category == "charge": if resource == "charge": if not topic: # only in legacy fixtures topic = "charges" body = "{resource} for {amount} {verbed}".format( resource=linkified_id(object_["id"].tame(check_string)), amount=amount_string( object_["amount"].tame(check_int), object_["currency"].tame(check_string) ), verbed=event, ) if object_["failure_code"]: # nocoverage body += ". Failure code: {}".format(object_["failure_code"].tame(check_string)) if resource == "dispute": topic = "disputes" body = default_body() + ". Current status: {status}.".format( status=object_["status"].tame(check_string).replace("_", " ") ) if resource == "refund": topic = "refunds" body = "A {resource} for a {charge} of {amount} was updated.".format( resource=linkified_id(object_["id"].tame(check_string), lower=True), charge=linkified_id(object_["charge"].tame(check_string), lower=True), amount=amount_string( object_["amount"].tame(check_int), object_["currency"].tame(check_string) ), ) if category == "checkout_beta": # nocoverage # Not sure what this is raise NotImplementedEventType() if category == "coupon": # nocoverage # Not something that likely happens programmatically raise NotImplementedEventType() if category == "customer": if resource == "customer": # Running into the 60 character topic limit. # topic = '[{}](https://dashboard.stripe.com/customers/{})' % (object_['id'], object_['id']) topic = object_["id"].tame(check_string) body = default_body(update_blacklist=["delinquent", "currency", "default_source"]) if event == "created": if object_["email"]: body += "\nEmail: {}".format(object_["email"].tame(check_string)) if object_["metadata"]: # nocoverage for key, value in object_["metadata"].items(): body += f"\n{key}: {value}" if resource == "discount": body = "Discount {verbed} ([{coupon_name}]({coupon_url})).".format( verbed=event.replace("_", " "), coupon_name=object_["coupon"]["name"].tame(check_string), coupon_url="https://dashboard.stripe.com/{}/{}".format( "coupons", object_["coupon"]["id"].tame(check_string) ), ) if resource == "source": # nocoverage body = default_body() if resource == "subscription": body = default_body() if event == "trial_will_end": DAY = 60 * 60 * 24 # seconds in a day # Basically always three: https://stripe.com/docs/api/python#event_types body += " in {days} days".format( days=int((object_["trial_end"].tame(check_int) - time.time() + DAY // 2) // DAY) ) if event == "created": if object_["plan"]: body += "\nPlan: [{plan_nickname}](https://dashboard.stripe.com/plans/{plan_id})".format( plan_nickname=object_["plan"]["nickname"].tame(check_string), plan_id=object_["plan"]["id"].tame(check_string), ) if object_["quantity"]: body += "\nQuantity: {}".format(object_["quantity"].tame(check_int)) if "billing" in object_: # nocoverage body += "\nBilling method: {}".format( object_["billing"].tame(check_string).replace("_", " ") ) if category == "file": # nocoverage topic = "files" body = default_body() + " ({purpose}). \nTitle: {title}".format( purpose=object_["purpose"].tame(check_string).replace("_", " "), title=object_["title"].tame(check_string), ) if category == "invoice": if event == "upcoming": # nocoverage body = "Upcoming invoice created" elif ( event == "updated" and payload["data"]["previous_attributes"].get("paid").tame(check_none_or(check_bool)) is False and object_["paid"].tame(check_bool) is True and object_["amount_paid"].tame(check_int) != 0 and object_["amount_remaining"].tame(check_int) == 0 ): # We are taking advantage of logical AND short circuiting here since we need the else # statement below. object_id = object_["id"].tame(check_string) invoice_link = f"https://dashboard.stripe.com/invoices/{object_id}" body = f"[Invoice]({invoice_link}) is now paid" else: body = default_body( update_blacklist=[ "lines", "description", "number", "finalized_at", "status_transitions", "payment_intent", ] ) if event == "created": # Could potentially add link to invoice PDF here body += " ({reason})\nTotal: {total}\nAmount due: {due}".format( reason=object_["billing_reason"].tame(check_string).replace("_", " "), total=amount_string( object_["total"].tame(check_int), object_["currency"].tame(check_string) ), due=amount_string( object_["amount_due"].tame(check_int), object_["currency"].tame(check_string) ), ) if category == "invoiceitem": body = default_body(update_blacklist=["description", "invoice"]) if event == "created": body += " for {amount}".format( amount=amount_string( object_["amount"].tame(check_int), object_["currency"].tame(check_string) ) ) if category.startswith("issuing"): # nocoverage # Not implemented raise NotImplementedEventType() if category.startswith("order"): # nocoverage # Not implemented raise NotImplementedEventType() if category in [ "payment_intent", "payout", "plan", "product", "recipient", "reporting", "review", "sigma", "sku", "source", "subscription_schedule", "topup", "transfer", ]: # nocoverage # Not implemented. In theory doing something like # body = default_body() # may not be hard for some of these raise NotImplementedEventType() if body is None: raise UnsupportedWebhookEventType(event_type) return (topic, body) def amount_string(amount: int, currency: str) -> str: zero_decimal_currencies = [ "bif", "djf", "jpy", "krw", "pyg", "vnd", "xaf", "xpf", "clp", "gnf", "kmf", "mga", "rwf", "vuv", "xof", ] if currency in zero_decimal_currencies: decimal_amount = str(amount) # nocoverage else: decimal_amount = f"{float(amount) * 0.01:.02f}" if currency == "usd": # nocoverage return "$" + decimal_amount return decimal_amount + f" {currency.upper()}" def linkified_id(object_id: str, lower: bool = False) -> str: names_and_urls: Dict[str, Tuple[str, Optional[str]]] = { # Core resources "ch": ("Charge", "charges"), "cus": ("Customer", "customers"), "dp": ("Dispute", "disputes"), "du": ("Dispute", "disputes"), "file": ("File", "files"), "link": ("File link", "file_links"), "pi": ("Payment intent", "payment_intents"), "po": ("Payout", "payouts"), "prod": ("Product", "products"), "re": ("Refund", "refunds"), "tok": ("Token", "tokens"), # Payment methods # payment methods have URL prefixes like /customers/cus_id/sources "ba": ("Bank account", None), "card": ("Card", None), "src": ("Source", None), # Billing # coupons have a configurable id, but the URL prefix is /coupons # discounts don't have a URL, I think "in": ("Invoice", "invoices"), "ii": ("Invoice item", "invoiceitems"), # products are covered in core resources # plans have a configurable id, though by default they are created with this pattern # 'plan': ('Plan', 'plans'), "sub": ("Subscription", "subscriptions"), "si": ("Subscription item", "subscription_items"), # I think usage records have URL prefixes like /subscription_items/si_id/usage_record_summaries "mbur": ("Usage record", None), # Undocumented :| "py": ("Payment", "payments"), "pyr": ("Refund", "refunds"), # Pseudo refunds. Not fully tested. # Connect, Fraud, Orders, etc not implemented } name, url_prefix = names_and_urls[object_id.split("_")[0]] if lower: # nocoverage name = name.lower() if url_prefix is None: # nocoverage return name return f"[{name}](https://dashboard.stripe.com/{url_prefix}/{object_id})" def stringify(value: object) -> str: if isinstance(value, int) and value > 1500000000 and value < 2000000000: return timestamp_to_datetime(value).strftime("%b %d, %Y, %H:%M:%S %Z") return str(value)