在Django中调用回调URL时出现禁止(403)错误 [英] Forbidden (403) error when calling the callback URL in django
问题描述
我正在使用Django Web应用程序.我将 paytm付款网关与django应用程序相连.我根据文档做了所有操作,并且一切正常.差不多.
I am working on a django webapp. I connected the paytm payment gateway with the django app. I did everything according to the docs, and everything works. almost.
付款结束后,调用回调URL时出现问题.
I am having a problem when calling the callback URL once the payment is over.
这是代码
def donate(request):
if request.method == "POST":
form = DonateForm(request.POST)
name = request.POST.get('firstName')
phone = request.POST.get('phone')
email = request.POST.get('email')
amount = float("{0:.2f}".format(int(request.POST.get('amount'))))
ord_id = OrdID()
cust_id = CustID()
paytm_params = {
"MID" : MERCHANTID,
"WEBSITE" : "WEBSTAGING",
"INDUSTRY_TYPE_ID" : "Retail",
"CHANNEL_ID" : "WEB",
"ORDER_ID" : ord_id,
"CUST_ID" : cust_id,
"MOBILE_NO" : phone,
"EMAIL" : email,
"TXN_AMOUNT" : str(amount),
"CALLBACK_URL" : "http://127.0.0.1:8000/payment/status",
}
paytm_params['CHECKSUMHASH'] = Checksum.generate_checksum(paytm_params, MERCHANTKEY)
return render(request, 'paytm.html', {'paytm_params': paytm_params})
else:
form = DonateForm()
context = {'Donate': form}
return render(request, 'donate.html', context=context)
@csrf_exempt
def handlerequest(request):
if request.method == 'POST':
form = request.POST
response_dict = {}
for i in form.keys():
response_dict[i] = form[i]
if i == 'CHECKSUMHASH':
checksum = form[i]
print(checksum)
verify = Checksum.verify_checksum(response_dict, MERCHANTKEY, checksum)
if verify:
if response_dict['RESPCODE'] == '01':
print('order successful')
else:
print('error: ' + response_dict['RESPMSG'])
return render(request, 'paymentstatus.html', {'response': response_dict})
urls.py
path('donate', views.donate, name='donate'),
path('payment/status', views.handlerequest, name='handlerequest'),
donate.html
<form class="test_paytm" action="{% url 'donate' %}" method="post">
{% csrf_token %}
<div class="row">
<div class="col">
{{ Donate.firstName|as_crispy_field }}
</div>
<div class="col">
{{ Donate.lastName|as_crispy_field }}
</div>
</div>
<div class="row">
<div class="col">
{{ Donate.email|as_crispy_field }}
</div>
<div class="col">
{{ Donate.phone|as_crispy_field }}
</div>
</div>
<div class="row">
<div class="col">
{{ Donate.amount|as_crispy_field }}
</div>
</div>
<button type="submit" name="button" class="btn btn-lg mb-5 contact_submit">Donate</button>
</form>
paytm.html
<html>
<head>
<title>Merchant Check Out Page</title>
</head>
<body>
<center>
<h1>Please do not refresh this page...</h1>
</center>
<form method="post" action="https://securegw.paytm.in/order/process" name="paytm">
{% for key, value in paytm_params.items %}
<input type="hidden" name="{{key}}" value="{{value}}">
{% endfor %}
</form>
</body>
<script type="text/javascript">
document.paytm.submit()
</script>
</html>
paymentstatus.html
<div class="container">
{% if response_dict.RESPCODE == 01 %}
<center>
<h2>Thank you for your donation</h2>
<p>
We are thrilled to have your support. Through your donation we will be able to accomplish our goal. You truly make the difference for us, and we are
extremely grateful!
</p>
</center>
<h3>Order ID: {{response_dict.ORDERID}}</h3>
<h3>Order Date: {{response_dict.TXNDATE}}</h3>
<h3>Amount: {{response_dict.TXNAMOUNT}}</h3>
<h3>Payment Mode: {{response_dict.PAYMENTMODE}}</h3>
{% else %}
<center>
<p>
There seems to be a problem. We will try to fix this from our end.
</p>
</center>
{% endif %}
</div>
但是付款一旦结束,网站就无法正确地从 views.py
调用 handlerequest
.这就是为什么我添加了 @csrf_exempt
以便外部页面可以毫无问题地调用url的原因.但是我仍然收到403错误.我不确定自己在做什么错
But once the payment is over, The website is not calling handlerequest
from views.py
correctly. That is why I had added the @csrf_exempt
so that an outside page can call the url without any issues. But I am still getting the 403 error. I am not sure what I am doing wrong
我已经在问题中添加了 paytm.html
代码.我个人不认为问题出在此页面上,因为该页面所做的只是重定向到paytm的支付网关页面.我面临的问题是当返回到我的网址即. paymentstatus.html
.这是通过 handlerequest
视图进行的.捐赠过程如下
I have added the paytm.html
code to the question. I personally dont feel that the problem is with this page, as all that the page does is redirect to the payment gateway page of paytm. The problem I am facing is when returning back to my url ie. paymentstatus.html
. That is through the handlerequest
view. The donation process is as follows
- 用户在
donate.html
中填写表单,然后点击捐赠"按钮. -
paytm.html
获取信息并自动路由到paytm付款网关 - 用户进行捐赠.
- URL从paytm付款网关路由回到我的URL.
- 显示
paymentstatus.html
页面.
- user fills out form in
donate.html
and clicks the donate button. paytm.html
gets the information and automatically routes to paytm payment gateway- User makes the donation.
- The URL routes back from the paytm payment gateway back to my URL.
- The
paymentstatus.html
page is displayed.
由于要从外部网址调用 paymentstatus.html
页,因此需要提供 csrf_exempt
.但是由于某些原因,这不起作用
As the paymentstatus.html
page is being called from an external url, csrf_exempt
is required, which I have provided. But for some reason that does not work
当我与Paytm的技术团队交谈时,他们告诉我必须接受POST中的回调URL.我与之交谈的人,在django的经验很少,无法进一步帮助我.我不太确定 接受POST中的响应 是什么意思.有人可以帮我吗?
When I spoke to the technical team at Paytm they told me that I had to accept the callback URL in POST. The person I spoke to, had little experience in django and could not help me further. I am not really sure what accepting the response in POST means. Can someone help me out?
编辑了 handlerequest视图
推荐答案
设置回调网址:
这很简单,您所要做的就是在Django应用中添加一个新的url,然后使用您要调用的API注册它,我对PAYTM并不陌生,但是您肯定会找到一个地方通过您的信息中心或具有CLI界面的控制台进行注册.
Setting callback url:
it is very simple matter, all you have to do is to add a new url in your Django app then register it with the API you are calling, I am not familiar at all with PAYTM however definitely you will find a place to register it through your dashboard or if they have CLI interface.
#urls.py
path('payment/status/', views.check_status, name='payment_status') # the same full url to register in callback url in their website
#views.py
@csrf_exempt # API doesn't know how to send you csrf token
def check_status(request):
if request.method == 'POST':
print(request.POST)# examine the data returned from the API
顺便说一句,如果您要在本地进行测试,则需要将您的网站公开以访问外部世界,请检查ngrok https://ngrok.com/
处理在线付款需要使用SSL,HTTPS进行处理.
您可以在提交后强制重定向,例如:
在付款表单中放置以下存根
by the way if you are testing locally then you need to expose your website to be reachable to the outer world, check ngrok https://ngrok.com/
Handling online payments requires to be handled with SSL, HTTPS.
you can force redirection after submission like:
place the following stub inside the payment form
<input type="hidden" name="next" value="{% url 'payment_status' %}" />
然后从您的提交视图中查看
And then from you submission view
# force the redirect to
return redirect(request.POST.get('next') or 'where_ever_you_send_your_user')
这篇关于在Django中调用回调URL时出现禁止(403)错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!