commit b78727a9d5256c5573e0ab0d84660e29fc5826d7
parent b2dc8a96eb08bea0e55ce89cab0d2a5265201f65
Author: NicholasFarrow <nicholas.w.farrow@gmail.com>
Date: Fri, 22 Jan 2021 23:00:45 +1100
broken key variables in webhook
Diffstat:
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/gateways/woo_webhook.py b/gateways/woo_webhook.py
@@ -6,17 +6,19 @@ import time
import requests
def hook(btcpyment_secret, payload, payment):
+ key = codecs.decode(secret, 'hex')
+
# Calculate a secret that is required to send back to the
# woocommerce gateway, proving we did not modify id nor amount.
secret_seed = bytes(int(100*float(payload['amount'])) * int(payload['id']))
- secret = hmac.new(btcpyment_secret, secret_seed, hashlib.sha256).hexdigest()
+ secret = hmac.new(key, secret_seed, hashlib.sha256).hexdigest()
# The main signature which proves we have paid, and very recently!
paid_time = int(time.time())
params = {"wc-api":"wc_btcpyment_gateway", 'id' : payload['id'], 'time' : str(paid_time)}
message = (str(paid_time) + '.' + json.dumps(params, separators=(',', ':'))).encode('utf-8')
- key = codecs.decode(secret, 'hex')
+ key = codecs.decode(btcpyment_secret, 'hex')
hash = hmac.new(key, message, hashlib.sha256).hexdigest()
headers={'Content-Type': 'application/json', 'X-Signature' : hash, 'X-Secret': secret}
