Merge e2d78da into 5ef8578

integrallis · Sep 1, 2020 · c4ff03e · c4ff03e
2 parents 5ef8578 + e2d78da
commit c4ff03e
Show file tree

Hide file tree

Showing 6 changed files with 33 additions and 3 deletions.
diff --git a/.gitignore b/.gitignore
@@ -10,3 +10,4 @@ gemfiles/*.lock
 coverage/*
 .ruby-version
 .ruby-gemset
+vendor/bundle
diff --git a/app/controllers/stripe_event/webhook_controller.rb b/app/controllers/stripe_event/webhook_controller.rb
@@ -5,7 +5,8 @@ class WebhookController < ActionController::Base
     end
 
     def event
-      StripeEvent.instrument(verified_event)
+      event = StripeEvent.skip_signature_verification ? unverified_event : verified_event
+      StripeEvent.instrument(event)
       head :ok
     rescue Stripe::SignatureVerificationError => e
       log_error(e)
@@ -14,6 +15,13 @@ def event
 
     private
 
+    def unverified_event
+      payload = request.body.read
+      data    = JSON.parse(payload, symbolize_names: true)
+
+      Stripe::Event.construct_from(data)
+    end
+
     def verified_event
       payload          = request.body.read
       signature        = request.headers['Stripe-Signature']

diff --git a/lib/stripe_event.rb b/lib/stripe_event.rb
@@ -4,7 +4,7 @@
 
 module StripeEvent
   class << self
-    attr_accessor :adapter, :backend, :namespace, :event_filter
+    attr_accessor :adapter, :backend, :namespace, :event_filter, :skip_signature_verification
     attr_reader :signing_secrets
 
     def configure(&block)

diff --git a/lib/stripe_event/version.rb b/lib/stripe_event/version.rb
@@ -1,3 +1,3 @@
 module StripeEvent
-  VERSION = "2.3.1"
+  VERSION = "2.4.0"
 end
diff --git a/spec/controllers/webhook_controller_spec.rb b/spec/controllers/webhook_controller_spec.rb
@@ -39,6 +39,18 @@ def webhook_with_signature(params, secret = secret1)
 
   routes { StripeEvent::Engine.routes }
 
+  context "bypass signature verification" do
+
+    before { StripeEvent.skip_signature_verification = true }
+    after  { StripeEvent.skip_signature_verification = false }
+
+    it "succeeds" do
+      webhook "invalid signature", charge_succeeded
+      expect(response.code).to eq '200'
+    end
+
+  end
+
   context "without a signing secret" do
     before(:each) { StripeEvent.signing_secret = nil }
 

diff --git a/spec/lib/stripe_event_spec.rb b/spec/lib/stripe_event_spec.rb
@@ -28,6 +28,15 @@
     end
   end
 
+  describe "bypass signature verification" do
+
+    it "sets and gets skip_signature_verification" do
+      StripeEvent.skip_signature_verification = true
+      expect(StripeEvent.skip_signature_verification).to be true
+    end
+
+  end
+
   describe "subscribing to a specific event type" do
     context "with a block subscriber" do
       it "calls the subscriber with the retrieved event" do