Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix processing of account.application.deauthorized events #33

Merged
merged 1 commit into from
Oct 26, 2017
Merged

Fix processing of account.application.deauthorized events #33

merged 1 commit into from
Oct 26, 2017

Conversation

ticosax
Copy link

@ticosax ticosax commented Oct 26, 2017

don't try to fetch the event as we lost access to remote account

@codecov
Copy link

codecov bot commented Oct 26, 2017
edited
Loading

Codecov Report

Merging #33 into next will increase coverage by <.01%.
The diff coverage is 100%.

Impacted file tree graph

@@            Coverage Diff             @@
##             next      #33      +/-   ##
==========================================
+ Coverage   99.05%   99.06%   +<.01%     
==========================================
  Files          34       34              
  Lines        1799     1814      +15     
  Branches      159      160       +1     
==========================================
+ Hits         1782     1797      +15     
  Misses          9        9              
  Partials        8        8
Flag Coverage Δ
#py36dj111psql 99.06% <100%> (ø) ⬆️
#py36dj20psql 99.06% <100%> (ø) ⬆️
Impacted Files Coverage Δ
pinax/stripe/utils.py 100% <100%> (ø) ⬆️
pinax/stripe/webhooks.py 100% <100%> (ø) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4b13057...5ed86af. Read the comment docs.

blueyed
blueyed reviewed Oct 26, 2017
View reviewed changes
pinax/stripe/webhooks.py Outdated
)
except stripe.error.PermissionError as exc:
if stripe_account_id not in str(exc):
raise exc
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be more specific, and needs to cover the re-raise.

blueyed
blueyed reviewed Oct 26, 2017
View reviewed changes
pinax/stripe/webhooks.py Outdated
"""
Validate incoming events.

We don't fetch remote the event as we lost access to the account where the event belongs.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

doc needs to be adjusted.

blueyed
blueyed reviewed Oct 26, 2017
View reviewed changes
pinax/stripe/webhooks.py Outdated
@@ -144,8 +144,30 @@ class AccountApplicationDeauthorizeWebhook(Webhook):
name = "account.application.deauthorized"
description = "Occurs whenever a user deauthorizes an application. Sent to the related application only."

def validate(self):
"""
Validate incoming events.
Copy link

@blueyed blueyed Oct 26, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

*"Specialized validation of incoming events."

blueyed
blueyed reviewed Oct 26, 2017
View reviewed changes
pinax/stripe/webhooks.py Outdated
self.event.validated_message = self.event.webhook_message
self.event.stripe_account = self.stripe_account
else:
raise ValueError("The remote account is still valid. This might be a hostile event.")
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

changed the message, please pull.

@ticosax ticosax force-pushed the signal-account-deauthorize branch 2 times, most recently from d49106b to 5ed86af Compare October 26, 2017 14:22
@ticosax
Fix processing of account.application.deauthorized events
5ed86af 
don't try to fetch the event as we lost access to remote account
@ticosax ticosax merged commit 22be75b into lock8:next Oct 26, 2017
@ticosax ticosax deleted the signal-account-deauthorize branch October 26, 2017 14:26
blueyed
blueyed reviewed Oct 26, 2017
View reviewed changes
pinax/stripe/tests/test_webhooks.py
webhook_message=data,
)
RetrieveMock.side_effect = stripe.error.PermissionError(
"The provided key 'sk_test_********************abcd' does not have access to account 'acc_aa'")
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That wasn't the full message, was it?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes

blueyed
blueyed reviewed Oct 26, 2017
View reviewed changes
pinax/stripe/webhooks.py
to make you believe the account has been disabled despite it is still functioning.
"""
stripe_account_id = self.event.webhook_message["account"]
self.stripe_account = models.Account.objects.filter(stripe_id=stripe_account_id).first()
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

.get()?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want to blow up in case we are not in sync ?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in #35

blueyed
blueyed reviewed Oct 26, 2017
View reviewed changes
pinax/stripe/webhooks.py
self.event.validated_message = self.event.webhook_message
self.event.stripe_account = self.stripe_account
else:
raise ValueError("The remote account still valid. this might be an hostile event")
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tried twice to fix this: c962eaf

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pushing to my fork is fine when I don't work on it.
it means I have time to read the notification.
thank you anyway

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure. There is --force-with-lease for git-push to only force-push is what you expect it to be.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@blueyed blueyed blueyed left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ticosax @blueyed