All geek questions in one place

Facebook Credits Callback to Django

This question follows the previous one I posted: Django Callback on Facebook Credits

So basically, I have a static HTML page with a button. After clicking the button, a purchase dialog for Facebook Credits will appear.

As shown on Facebook on the blog , here is my link page to view the HTML source.

I have a kind of URL that is a link registered with Facebook Developers. The view is as follows:

def fb_credits_callback(request): #Data array that will be returned data = { } string = '' if request.method == 'GET': string = 'GET' elif request.method == 'POST': string = 'POST' send_mail( 'TestDare Debug', 'Received '+string+" request", ' registration@my _domain.com', [' my_personal_email@gmail.com '], fail_silently=True ) signed_request = request['signed_request'] plain_request = parse_signed_request(signed_request, FACEBOOK_APP_ID)

Now, of course, this is only a preliminary test (there is a lot of debugging to do this later), but I don’t even receive an email when I click on the button on my page. This means that for some reason, Facebook is not making a callback for my application. If I perform a GET for this view, I receive an email as expected.

When the button is pressed, the following error appears:

"Failed to process your payment. Sorry, but we had problems processing your payment. You did not pay for this transaction. Please try again."

If someone can help me track why the callback is not working, I would really appreciate it.

thanks

+4
source share
1 answer

The signed_request parameter is an easy way to make sure that the data you receive is the actual data sent by Facebook. it is signed using the privacy of your application, which is known only to you and Facebook. If someone had to make changes to the data, the signature will no longer be verified, because they will not know your privacy application will also update the signature.

As I found out, Facebook python-sdk does not support the parsing request parameter .

Here is the code snippet for parsing "signed_request".

 import base64 import hashlib import hmac import simplejson as json def base64_url_decode(inp): padding_factor = (4 - len(inp) % 4) % 4 inp += "="*padding_factor return base64.b64decode(unicode(inp).translate(dict(zip(map(ord, u'-_'), u'+/')))) def parse_signed_request(signed_request, secret): l = signed_request.split('.', 2) encoded_sig = l[0] payload = l[1] sig = base64_url_decode(encoded_sig) data = json.loads(base64_url_decode(payload)) if data.get('algorithm').upper() != 'HMAC-SHA256': log.error('Unknown algorithm') return None else: expected_sig = hmac.new(secret, msg=payload, digestmod=hashlib.sha256).digest() if sig != expected_sig: return None else: log.debug('valid signed request received..') return data

I know that base64_url_decode has some kind of critical code because translate, maketrans doesn't work so well with unicode strings. In any case, if you have any questions, just leave a line in the following messages.

You can find myabe here in more detail .

Thanks..

+4
source

Source: https://habr.com/ru/post/1393735/

More articles:


All Articles