0

I am using a single twilio number to trigger an sms being sent through a django function.

If a person accesses my app through my website then the app will parse sendphonenum from a post request from the website.

If a person accesses my app by sending sms to twilio number, it will parse sendphonenum from text message.

The problem occurs after Twilio has sent a message to sendphonenum.

If a message was triggered from the website it should redirect to dashboard page for user who sent message. But don't do this if message was triggered through an initial sms.

@csrf_exempt
def sms_response(request):
    if request.method == "POST":
        # parse sendphonenum from text message sent from mobile phone to twilio number +14545552222
        # or parse sendphonenum from a post request from website
        message_body = request.POST['Body']
        sendnum_ary = re.findall('[0-9]+', message_body)
        sendnum = "".join(sendnum_ary)
        sendphonenum = "+1" + sendnum
        mytwilionum = "+14545552222"


        # put your own credentials here
        ACCOUNT_SID = "123434234234"
        AUTH_TOKEN = "abcsdasda"
        client = Client(ACCOUNT_SID, AUTH_TOKEN)

            client.messages.create(
                to= sendphonenum,
                from_= mytwilionum,
                body='someone told me to message you'
            )

    ## there is no platform variable, just doing some mock code to show you what I'd want to happen
    ## note sms_response function url must be same for both website and mobile phone, as both are using same webhook A MESSAGE COMES IN for +14545552222
    if platform == 'web':
        return HttpResponseRedirect(reverse('dashboard'))

    return HttpResponse('')
stefan judis
  • 3,416
  • 14
  • 22
Padoga
  • 495
  • 3
  • 18
  • Can you describe the actual problem? :) What is happening right now? – stefan judis Aug 29 '19 at 07:14
  • I did not have the platform == 'web' statement. And when I triggered the app by sending an sms to twilio number from my phone I would get Forbidden (CSRF cookie not set.): /dashboard. from return HttpResponseRedirect(reverse('dashboard')) So trying to fix this issue. – Padoga Aug 29 '19 at 07:38

1 Answers1

1

Twilio developer evangelist here.

Twilio will send a bunch of headers along with the request which you could check for. For example, all requests are signed and include an X-Twilio-Signature header. So you can check the request.META dictionary for the existence of that header. To be extra sure it was a request from Twilio, you can verify that the signature is correct.

    if ‘HTTP_X_TWILIO_SIGNATURE’ in request.META:
      # An XML response with an empty `<Response/>` element
      resp = MessagingResponse()
      return HttpResponse(str(resp))
    else: 
      return HttpResponseRedirect(reverse('dashboard'))

Let me know if that helps at all.

philnash
  • 70,667
  • 10
  • 60
  • 88
  • I get the following error, do I need to import something? if request.META.HTTP_X_TWILIO_SIGNATURE: AttributeError: 'dict' object has no attribute 'HTTP_X_TWILIO_SIGNATURE' – Padoga Aug 29 '19 at 08:09
  • 1
    Ah, apologies, that’s my lack of python experience. You need to test somehow for the existence of that attribute. You should use something like `if ‘HTTP_X_TWILIO_SIGNATURE’ in request.META` instead. – philnash Aug 30 '19 at 03:47
  • Thanks Phil. Only other thing I needed to work was replace return EmptyTwimlResponse with resp = MessagingResponse() return HttpResponse(str(resp)) then it worked. I was getting NameError: name 'EmptyTwimlResponse' is not defined. Not sure if there is a better fix then what I did. – Padoga Aug 31 '19 at 02:43