jaro | Stripe Developers | Page 1

bold wrenBOT May 16, 2023, 11:50 AM

#

obsidian pine May 16, 2023, 11:51 AM

#

hi! I'd start by adding logging to print out the exact values of all the variables payload, sig_header, endpoint_secret in the code and inspecting them carefully

spring hornet May 16, 2023, 12:01 PM

#

like if they are correctly set? if this is what you suggest then yes, its correct.

obsidian pine May 16, 2023, 12:02 PM

#

can you share a specific example like the exact output of printing those in a case where it doesn't work?

also share the complete code you've written

#

for the endpoint_secret you can redact it for sharing here but keep the first 5 and last 4 characters

spring hornet May 16, 2023, 12:07 PM

#

Its failing in
stripe.WebhookSignature class, in verify_header
there is this code :

signed_payload = "%d.%s" % (timestamp, payload)
expected_sig = cls._compute_signature(signed_payload, secret)
if not any(util.secure_compare(expected_sig, s) for s in signatures):
raise error.SignatureVerificationError(
"No signatures found matching the expected signature for "
"payload",
header,
payload,
)

And this is my updated implementation of receiver
class StripeWebhookHandler(APIView):
permission_classes = [AllowAny]

def post(self, request, *args, **kwargs):
    stripe.api_key = "sk_test....v6DF"
    endpoint_secret = "whsec_....1d81"

    event = None
    payload = request.data
    sig_header = request.headers['STRIPE_SIGNATURE']

    try:
      # This part is failing and is raising SignatureVerificationError
        event = stripe.Webhook.construct_event(
            payload, sig_header, endpoint_secret
        )
    except ValueError as e:
        logger.error(f"Invalid payload! Error: {repr(e)}")
        return Response(status=400)
    except stripe.error.SignatureVerificationError as e:
        logger.error(f"Invalid signature! Error: {repr(e)}")
        return Response(status=400)

    # Handle the event
    if event['type'] == 'subscription_schedule.created':
            # handle stuff
    else:
        print('Unhandled event type {}'.format(event['type']))

obsidian pine May 16, 2023, 12:08 PM

#

what's the value of payload when you get the error?

#

also note the code you copied from our docs is for Flask, not Django

#

the way to access the raw incoming HTTP Post data might be different in Django

#

for example I think it's request.body in that framework and not request.data https://stackoverflow.com/questions/72115626/why-does-the-stripe-signature-header-never-match-the-signature-of-request-body

spring hornet May 16, 2023, 12:11 PM

#

📎 message.txt

#

this is the payload
and its the same, request.body in django... same as in flask

obsidian pine May 16, 2023, 12:12 PM

#

that value is not correct since it's an actual Python dict

spring hornet May 16, 2023, 12:13 PM

#

you are right

obsidian pine May 16, 2023, 12:13 PM

#

you need to get the actual raw string out of the request body(you'll know you have it when there is whitespace and tabs in the string), what you have there is a Python dict created from something parsing the JSON into an object

spring hornet May 16, 2023, 12:13 PM

#

it needs to be request.body -> by raw you mean bytes

obsidian pine May 16, 2023, 12:13 PM

#

I mean a string, like maybe taking the input as bytes, treating it as utf-8 and converting to a string

spring hornet May 16, 2023, 12:14 PM

#

yes, as you are saying

#

thanks for help! cheers!

#jaro