pacnpal/django-anymail
1
0
Fork 0
mirror of https://github.com/pacnpal/django-anymail.git synced 2025-12-20 03:41:05 -05:00
Code Issues Packages Projects Releases Wiki Activity

Docs: Amazon SES webhooks: warn about SNS console bug

Browse Source 
Add a warning about a bug in the AWS SNS console that
converts part of the webhook secret to asterisks.

Closes #194
This commit is contained in:
medmunds
2020-07-29 14:32:22 -07:00
parent bb20ebf0e9
commit b9cba8243d
1 changed files with 13 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
docs/esps/amazon_ses.rst
View File

@@ -518,11 +518,18 @@ Anymail will automatically handle SNS endpoint confirmation for you, for both tr
webhooks, if both: webhooks, if both:
1. You have deployed your Django project with :ref:`Anymail webhooks enabled <webhooks-configuration>` 1. You have deployed your Django project with :ref:`Anymail webhooks enabled <webhooks-configuration>`
and an Anymail :setting:`WEBHOOK_SECRET <ANYMAIL_WEBHOOK_SECRET>` set, before subscribing the SNS Topic and an Anymail :setting:`WEBHOOK_SECRET <ANYMAIL_WEBHOOK_SECRET>` set, **before** subscribing the SNS Topic
to the webhook URL. to the webhook URL.
(If you subscribed the SNS topic too early, you can re-send the confirmation request later .. caution::
from the Subscriptions section of the Amazon SNS dashboard.)
If you create the SNS subscription *before* deploying your Django project with the webhook secret
set, confirmation will fail and you will need to **re-create the subscription** by entering the
full URL and webhook secret into the SNS console again.
You **cannot** use the SNS console's "Request confirmation" button to re-try confirmation.
(That will fail due to an `SNS console bug`_ that sends authentication as asterisks,
rather than the username:password secret you originally entered.)
2. The SNS endpoint URL includes the correct Anymail :setting:`WEBHOOK_SECRET <ANYMAIL_WEBHOOK_SECRET>` 2. The SNS endpoint URL includes the correct Anymail :setting:`WEBHOOK_SECRET <ANYMAIL_WEBHOOK_SECRET>`
as HTTP basic authentication. (Amazon SNS only allows this with https urls, not plain http.) as HTTP basic authentication. (Amazon SNS only allows this with https urls, not plain http.)
@@ -537,11 +544,13 @@ to `False` in your ANYMAIL settings.
When auto-confirmation is disabled (or if Anymail receives an unexpected confirmation request), When auto-confirmation is disabled (or if Anymail receives an unexpected confirmation request),
it will raise an :exc:`AnymailWebhookValidationFailure`, which should show up in your Django error it will raise an :exc:`AnymailWebhookValidationFailure`, which should show up in your Django error
logging. The error message will include the Token you can use to manually confirm the subscription logging. The error message will include the Token you can use to manually confirm the subscription
in the Amazon SNS dashboard or through the SNS API. in the Amazon SNS console or through the SNS API.
.. _Sending SNS messages to HTTPS endpoints: .. _Sending SNS messages to HTTPS endpoints:
https://docs.aws.amazon.com/sns/latest/dg/SendMessageToHttp.html https://docs.aws.amazon.com/sns/latest/dg/SendMessageToHttp.html
.. _SNS console bug:
https://github.com/anymail/django-anymail/issues/194#issuecomment-665350148
.. _amazon-ses-settings: .. _amazon-ses-settings: