From 5bde98e34901c62df9756f2918e781e7ae4e2752 Mon Sep 17 00:00:00 2001
From: Augustin Cavalier <13209080+augustin@users.noreply.github.com>
Date: Thu, 17 Mar 2022 11:50:58 -0400
Subject: [PATCH] PayPal: Fail early on invalid webhook payload (#2528)

Co-authored-by: Raphael Michel <michel@rami.io>
---
 src/pretix/plugins/paypal/views.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/pretix/plugins/paypal/views.py b/src/pretix/plugins/paypal/views.py
index 0088b54dac..8077bfc60d 100644
--- a/src/pretix/plugins/paypal/views.py
+++ b/src/pretix/plugins/paypal/views.py
@@ -176,6 +176,8 @@ def webhook(request, *args, **kwargs):
     event_json = json.loads(event_body)
 
     # We do not check the signature, we just use it as a trigger to look the charge up.
+    if 'resource_type' not in event_json:
+        return HttpResponse("Invalid body, no resource_type given", status=400)
     if event_json['resource_type'] not in ('sale', 'refund'):
         return HttpResponse("Not interested in this resource type", status=200)