如何解决如何使用 django-paypal 的 hooks.py 查看发送的支付属性?
我按照 https://django-paypal.readthedocs.io/en/stable/standard/ipn.html 将 django-paypal 的 PayPal 标准 IPN 用于 Django 电子商务网站。
我不明白我应该如何使用 hooks.py 中的信号来确保其他人不会更改“业务”和“金额”等属性。我找不到任何关于它的好例子的帖子。他们中的大多数只是忽略 hooks.py 文件。这个文件'hooks.py'是安全所必需的吗?如果是,我应该在 hooks.py 中返回什么(对于这两种情况:发现属性已更改且付款失败;并且属性未更改且一切正常)?非常感谢。
views.py
from django.core.urlresolvers import reverse
from django.shortcuts import render
from paypal.standard.forms import PayPalPaymentsForm
def view_that_asks_for_money(request):
# What you want the button to do.
paypal_dict = {
"business": "receiver_email@example.com","amount": "10000000.00","item_name": "name of the item","invoice": "unique-invoice-id","notify_url": request.build_absolute_uri(reverse('paypal-ipn')),"return": request.build_absolute_uri(reverse('your-return-view')),"cancel_return": request.build_absolute_uri(reverse('your-cancel-view')),"custom": "premium_plan",# Custom command to correlate to some function later (optional)
}
# Create the instance.
form = PayPalPaymentsForm(initial=paypal_dict)
context = {"form": form}
return render(request,"payment.html",context)
你的项目/hooks.py
from paypal.standard.models import ST_PP_COMPLETED
from paypal.standard.ipn.signals import valid_ipn_received
def show_me_the_money(sender,**kwargs):
ipn_obj = sender
if ipn_obj.payment_status == ST_PP_COMPLETED:
# WARNING !
# Check that the receiver email is the same we prevIoUsly
# set on the `business` field. (The user Could tamper with
# that fields on the payment form before it goes to PayPal)
if ipn_obj.receiver_email != "receiver_email@example.com":
# Not a valid payment
return
# ALSO: for the same reason,you need to check the amount
# received,`custom` etc. are all what you expect or what
# is allowed.
# Undertake some action depending upon `ipn_obj`.
if ipn_obj.custom == "premium_plan":
price = ...
else:
price = ...
if ipn_obj.mc_gross == price and ipn_obj.mc_currency == 'USD':
...
else:
#...
valid_ipn_received.connect(show_me_the_money)
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
