Razorpay Webhook 签名验证错误

【问题标题】:Razorpay Webhook signature verification errorRazorpay Webhook 签名验证错误
【发布时间】:2019-05-11 10:19:30
【问题描述】:

我在尝试验证从 Razorpay 收到的 webhook 请求时收到 TypeError: encoding without a string argument

我已经使用 Flask 在 Python3.6 中编写了代码。

我知道这与 request.data 有关,我作为参数传递,但无法解决问题。

以下是调用 webhook 时执行的代码:

@app.route('/razorpay', methods=['POST'])
def razorpay_webhook():
    webhook_secret: str = MY_WEBHOOK_SECRET
    signature = request.headers['X-Razorpay-Signature']
    client = razorpay.Client(auth=(MY_KEY, MY_SIGNATURE))
    verify = client.utility.verify_webhook_signature(request.data, signature, webhook_secret)

我得到的错误如下:

2018-12-10T13:32:16.177198+00:00 app[web.1]: [2018-12-10 13:32:16,174] ERROR in app: Exception on /razorpay [POST]
2018-12-10T13:32:16.177227+00:00 app[web.1]: Traceback (most recent call last):
2018-12-10T13:32:16.177229+00:00 app[web.1]:   File "/app/.heroku/python/lib/python3.6/site-packages/flask/app.py", line 2292, in wsgi_app
2018-12-10T13:32:16.177231+00:00 app[web.1]:     response = self.full_dispatch_request()
2018-12-10T13:32:16.177233+00:00 app[web.1]:   File "/app/.heroku/python/lib/python3.6/site-packages/flask/app.py", line 1815, in full_dispatch_request
2018-12-10T13:32:16.177235+00:00 app[web.1]:     rv = self.handle_user_exception(e)
2018-12-10T13:32:16.177237+00:00 app[web.1]:   File "/app/.heroku/python/lib/python3.6/site-packages/flask/app.py", line 1718, in handle_user_exception
2018-12-10T13:32:16.177238+00:00 app[web.1]:     reraise(exc_type, exc_value, tb)
2018-12-10T13:32:16.177240+00:00 app[web.1]:   File "/app/.heroku/python/lib/python3.6/site-packages/flask/_compat.py", line 35, in reraise
2018-12-10T13:32:16.177243+00:00 app[web.1]:     raise value
2018-12-10T13:32:16.177244+00:00 app[web.1]:   File "/app/.heroku/python/lib/python3.6/site-packages/flask/app.py", line 1813, in full_dispatch_request
2018-12-10T13:32:16.177246+00:00 app[web.1]:     rv = self.dispatch_request()
2018-12-10T13:32:16.177247+00:00 app[web.1]:   File "/app/.heroku/python/lib/python3.6/site-packages/flask/app.py", line 1799, in dispatch_request
2018-12-10T13:32:16.177250+00:00 app[web.1]:     return self.view_functions[rule.endpoint](**req.view_args)
2018-12-10T13:32:16.177251+00:00 app[web.1]:   File "/app/app.py", line 81, in razorpay_webook
2018-12-10T13:32:16.177253+00:00 app[web.1]:     verify = client.utility.verify_webhook_signature(request.data, signature, webhook_secret)
2018-12-10T13:32:16.177255+00:00 app[web.1]:   File "/app/.heroku/python/lib/python3.6/site-packages/razorpay/utility/utility.py", line 25, in verify_webhook_signature
2018-12-10T13:32:16.177256+00:00 app[web.1]:     self.verify_signature(body, signature, secret)
2018-12-10T13:32:16.177258+00:00 app[web.1]:   File "/app/.heroku/python/lib/python3.6/site-packages/razorpay/utility/utility.py", line 30, in verify_signature
2018-12-10T13:32:16.177260+00:00 app[web.1]:     body = bytes(body, 'utf-8')
2018-12-10T13:32:16.177269+00:00 app[web.1]: TypeError: encoding without a string argument

编辑

将代码中request.data 的行更改为str(request.data) 解决了上述错误。但现在我收到如下新错误:

2018-12-11T04:24:16.973496+00:00 app[web.1]: Traceback (most recent call last):
2018-12-11T04:24:16.973500+00:00 app[web.1]:   File "/app/.heroku/python/lib/python3.6/site-packages/flask/app.py", line 2292, in wsgi_app
2018-12-11T04:24:16.973502+00:00 app[web.1]:     response = self.full_dispatch_request()
2018-12-11T04:24:16.973503+00:00 app[web.1]:   File "/app/.heroku/python/lib/python3.6/site-packages/flask/app.py", line 1815, in full_dispatch_request
2018-12-11T04:24:16.973505+00:00 app[web.1]:     rv = self.handle_user_exception(e)
2018-12-11T04:24:16.973507+00:00 app[web.1]:   File "/app/.heroku/python/lib/python3.6/site-packages/flask/app.py", line 1718, in handle_user_exception
2018-12-11T04:24:16.973508+00:00 app[web.1]:     reraise(exc_type, exc_value, tb)
2018-12-11T04:24:16.973510+00:00 app[web.1]:   File "/app/.heroku/python/lib/python3.6/site-packages/flask/_compat.py", line 35, in reraise
2018-12-11T04:24:16.973512+00:00 app[web.1]:     raise value
2018-12-11T04:24:16.973514+00:00 app[web.1]:   File "/app/.heroku/python/lib/python3.6/site-packages/flask/app.py", line 1813, in full_dispatch_request
2018-12-11T04:24:16.973515+00:00 app[web.1]:     rv = self.dispatch_request()
2018-12-11T04:24:16.973517+00:00 app[web.1]:   File "/app/.heroku/python/lib/python3.6/site-packages/flask/app.py", line 1799, in dispatch_request
2018-12-11T04:24:16.973519+00:00 app[web.1]:     return self.view_functions[rule.endpoint](**req.view_args)
2018-12-11T04:24:16.973520+00:00 app[web.1]:   File "/app/app.py", line 81, in razorpay_webook
2018-12-11T04:24:16.973522+00:00 app[web.1]:     verify = client.utility.verify_webhook_signature(str(request.data), signature, webhook_secret)
2018-12-11T04:24:16.973524+00:00 app[web.1]:   File "/app/.heroku/python/lib/python3.6/site-packages/razorpay/utility/utility.py", line 25, in verify_webhook_signature
2018-12-11T04:24:16.973526+00:00 app[web.1]:     self.verify_signature(body, signature, secret)
2018-12-11T04:24:16.973527+00:00 app[web.1]:   File "/app/.heroku/python/lib/python3.6/site-packages/razorpay/utility/utility.py", line 45, in verify_signature
2018-12-11T04:24:16.973529+00:00 app[web.1]:     'Razorpay Signature Verification Failed')
2018-12-11T04:24:16.973536+00:00 app[web.1]: razorpay.errors.SignatureVerificationError: Razorpay Signature Verification Failed

我已经仔细检查过,我传递的所有值都是正确的。那么可能是什么问题呢?

【问题讨论】:

  • 这个问题你解决了吗?你有什么解决方案请分享,我陷入了这个问题??
  • 抱歉,当时我没能解决这个问题,后来我们从 Razorpay 切换到了另一个服务,所以之后不要再调查了。
  • 您可以验证用户代理作为验证步骤,但建议进行签名验证。 @RaviBhushan
  • 我已经发布了有效的答案,试试吧

标签: python flask razorpay


【解决方案1】:

stringify json 请求数据后,在 django 中运行,试试这个,它会 100% 运行

payload_body = json.dumps(request.data, separators=(',', ':'))
    verify = client.utility.verify_webhook_signature(payload_body, signature, webhook_secret)

如果在烧瓶中遇到问题,则使用

payload_body = json.dumps(request.json, separators=(',', ':'))

【讨论】:

  • 您在编辑后阅读:有问题吗?第一个错误已解决,并出现第二个错误
  • 是的,我遇到了同样的错误,这个解决方案已经解决了这两个问题
  • 好的,我一会儿去看看。因为我们已经切换了服务。我确实在某处有旧代码。
  • 是的,会这样做
  • @RaviBhushan 我试过你的解决方案,我得到“字节类型的对象不是 JSON 可序列化的”。你能澄清一下吗?
【解决方案2】:

将 webhook 请求正文转换为字符串并删除所有尾随空格并修复缩进级别会有所帮助。

import razorpay
client = razorpay.Client(auth=("<YOUR_KEY_ID>", "<YOUR_KEY_SECRET>"))
client.utility.verify_webhook_signature(json.dumps(body, separators=(',', ':')), signature, secret)

【讨论】:

  • 我试过这个,但我得到 Razorpay 签名验证失败。我也试过verify = client.utility.verify_webhook_signature(request.data.decode('utf-8'), webhook_signature, webhook_secret),输出是None。
【解决方案3】:

使用 Java 的 Razorpay webhook 签名验证(发布,因为它可能有助于其他在类似集成中苦苦挣扎的人)

@POST
@Path("/event")
public Response webhookEvent(@Context HttpServletRequest request) throws IOException,RazorpayException {
    String signature = request.getHeader("X-Razorpay-Signature");
    String body = org.apache.commons.io.IOUtils.toString(new BufferedReader(new InputStreamReader(request.getInputStream())));
    if(!isValidRequest(body, signature, "your secret")) {
        return Response.status(Response.Status.BAD_REQUEST).build();
    }
    JSONObject event = new JSONObject(body);
    // do stuff with the event
    return Response.status(Response.Status.OK).build();
}

private boolean isValidRequest(String body, String signature, String secret) throws RazorpayException {
    if(!Utils.verifyWebhookSignature(body, signature, secret)) {
        log.error("Invalid signature received in the request {}", signature);
        return false;
    }
    return true;
}

【讨论】:

    猜你喜欢
    • 2016-03-16
    • 2020-07-17
    • 2021-12-25
    • 2022-06-28
    • 2021-09-07
    • 2020-08-22
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode