dimanche 15 mars 2015

Braintree webhooks with csrf not working

I made reccuring payments with braintree, everything is working well. My code looks like:



app.post("/create_customer", function (req, res) {
  var customerRequest = {
    firstName: req.body.first_name,
    lastName: req.body.last_name,
    creditCard: {
      number: req.body.number,
      cvv: req.body.cvv,
      expirationMonth: req.body.month,
      expirationYear: req.body.year,
      billingAddress: {
        postalCode: req.body.postal_code
      }
    }
  };

  gateway.customer.create(customerRequest, function (err, result) {
      console.log(result);
    if (result.success) {
      res.send(
        "<h1>Customer created with name: " + result.customer.firstName + " " + result.customer.lastName + "</h1>" +
         "<a href=\"/subscriptions?id=" + result.customer.id + "\">Click here to sign this Customer up for a recurring payment</a>"
      );
    } else {
      res.send("<h1>Error: " + result.message + "</h1>");
    }
  });
});

app.get("/subscriptions", function (req, res) {
  var customerId = req.query.id;

  gateway.customer.find(customerId, function (err, customer) {
    if (err) {
        res.send("<h1>No customer found for id: " + req.query.id + "</h1>");
    } else {
      var subscriptionRequest = {
        paymentMethodToken: customer.creditCards[0].token,
        planId: "reccuringtest"
      };

      gateway.subscription.create(subscriptionRequest, function (err, result) {
        res.send("<h1>Subscription Status " + result.subscription.status + "</h1>");
      });
    }
  });
});



app.post("/create_transaction", function (req, res) {
  var saleRequest = {
    amount: "1000.00",
    creditCard: {
      number: req.body.number,
      cvv: req.body.cvv,
      expirationMonth: req.body.month,
      expirationYear: req.body.year
    },
    options: {
      submitForSettlement: true
    }
  };

  gateway.transaction.sale(saleRequest, function (err, result) {
      console.log(err, result);
    if (result.success) {
      res.send("<h1>Success! Transaction ID: " + result.transaction.id + "</h1>");
    } else {
      res.send("<h1>Error:  " + result.message + "</h1>");
    }
  });
});


I'm able to make customer and payments then I add webhooks: 



app.get("/webhooks", function (req, res) {
  res.send(gateway.webhookNotification.verify(req.query.bt_challenge));
});

app.post("/webhooks", function (req, res) {
  gateway.webhookNotification.parse(
    req.body.bt_signature,
    req.body.bt_payload,
    function (err, webhookNotification) {
      console.log("[Webhook Received " + webhookNotification.timestamp + "] | Kind: " + webhookNotification.kind + " | Subscription: " + webhookNotification.subscription.id);
    }
  );
  res.send(200);
});


Now when I make payment post function is called but I have csrf error:


POST /webhooks 403 194.783 ms - - Error: CSRF token mismatch at csrf (/root/waitero/node_modules/lusca/lib/csrf.js:48:18)


thanks for any help!


Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)