nil class error for test and live events

[barancw]

I noticed from your implementation that test webhooks sent from the "test webhooks" button in the account settings panel on stripe will fail. They send an id of "evt_00000000000000" which will throw a 404 error when tried to retrieve as you are doing in your application_controller.rb on line 7: @event = Stripe::Event.retrieve(params[:id])

Now, I figured that I'd be fine for live transactions. I still end up in the same boat here:

Started POST "/stripe-comm-hook" for 50.18.189.119 at 2012-08-13 00:22:05 -0400
Processing by StripeEvent::WebhookController#event as XML
Parameters: {"object"=>"event", "type"=>"customer.updated", "created"=>1344828074, "pending_webhooks"=>1, "data"=>"object"=>{"id"=>"cus_08bwsfKEsvPJBm", "discount"=>nil, "description"=>"Baran, Christopherr", account_balance"=>0, "livemode"=>false, "active_card"=>nil, "object"=>"customer", "email"=>"cb@chrisbaran.net", created"=>1344375666, "subscription"=>{"customer"=>"cus_08bwsfKEsvPJBm", "start"=>1344789456, "ended_at"=>nil, trial_end"=>1347381456, "current_period_start"=>1344789456, "object"=>"subscription", "canceled_at"=>nil, current_period_end"=>1347381456, "status"=>"trialing", "trial_start"=>1344789456, "cancel_at_period_end"=>false, "plan"=>"id"=>"10", "currency"=>"usd", "trial_period_days"=>30, "livemode"=>false, "object"=>"plan", "amount"=>2000, name"=>"Pipe Fitters - Full Phone List", "interval"=>"month"}}, "delinquent"=>false}, "previous_attributes"=>"description"=>"Baran, Christopher"}}, "livemode"=>false, "id"=>"evt_0AZYkJQPKaMmhR", webhook"=>{"object"=>"event", "type"=>"customer.updated", "created"=>1344828074, "pending_webhooks"=>1, "data"=>"object"=>{"id"=>"cus_08bwsfKEsvPJBm", "discount"=>nil, "description"=>"Baran, Christopherr", account_balance"=>0, "livemode"=>false, "active_card"=>nil, "object"=>"customer", "email"=>"cb@chrisbaran.net", created"=>1344375666, "subscription"=>{"customer"=>"cus_08bwsfKEsvPJBm", "start"=>1344789456, "ended_at"=>nil, trial_end"=>1347381456, "current_period_start"=>1344789456, "object"=>"subscription", "canceled_at"=>nil, current_period_end"=>1347381456, "status"=>"trialing", "trial_start"=>1344789456, "cancel_at_period_end"=>false, "plan"=>"id"=>"10", "currency"=>"usd", "trial_period_days"=>30, "livemode"=>false, "object"=>"plan", "amount"=>2000, name"=>"Pipe Fitters - Full Phone List", "interval"=>"month"}}, "delinquent"=>false}, "previous_attributes"=>"description"=>"Baran, Christopher"}}, "livemode"=>false, "id"=>"evt_0AZYkJQPKaMmhR", controller"=>"stripe_event/webhook", "action"=>"event"}}
WARNING: Can't verify CSRF token authenticity
Completed 500 Internal Server Error in 31ms

NoMethodError (undefined method type' for nil:NilClass): stripe_event (0.3.0) lib/stripe_event.rb:12:inpublish'
stripe_event (0.3.0) app/controllers/stripe_event/webhook_controller.rb:4:in event' actionpack (3.2.5) lib/action_controller/metal/implicit_render.rb:4:insend_action'
actionpack (3.2.5) lib/abstract_controller/base.rb:167:in process_action' actionpack (3.2.5) lib/action_controller/metal/rendering.rb:10:inprocess_action'
actionpack (3.2.5) lib/abstract_controller/callbacks.rb:18:in block in process_action' activesupport (3.2.5) lib/active_support/callbacks.rb:414:in_run__377245576__process_action__943494040__callbacks'
activesupport (3.2.5) lib/active_support/callbacks.rb:405:in __run_callback' activesupport (3.2.5) lib/active_support/callbacks.rb:385:in_run_process_action_callbacks'
activesupport (3.2.5) lib/active_support/callbacks.rb:81:in run_callbacks' actionpack (3.2.5) lib/abstract_controller/callbacks.rb:17:inprocess_action'
actionpack (3.2.5) lib/action_controller/metal/rescue.rb:29:in process_action' actionpack (3.2.5) lib/action_controller/metal/instrumentation.rb:30:inblock in process_action'
activesupport (3.2.5) lib/active_support/notifications.rb:123:in block in instrument' activesupport (3.2.5) lib/active_support/notifications/instrumenter.rb:20:ininstrument'
activesupport (3.2.5) lib/active_support/notifications.rb:123:in instrument' actionpack (3.2.5) lib/action_controller/metal/instrumentation.rb:29:inprocess_action'
actionpack (3.2.5) lib/action_controller/metal/params_wrapper.rb:206:in process_action' activerecord (3.2.5) lib/active_record/railties/controller_runtime.rb:18:inprocess_action'
actionpack (3.2.5) lib/abstract_controller/base.rb:121:in process' actionpack (3.2.5) lib/abstract_controller/rendering.rb:45:inprocess'
rack-mini-profiler (0.1.7) lib/mini_profiler/profiling_methods.rb:62:in block in profile_method' actionpack (3.2.5) lib/action_controller/metal.rb:203:indispatch'
actionpack (3.2.5) lib/action_controller/metal/rack_delegation.rb:14:in dispatch' actionpack (3.2.5) lib/action_controller/metal.rb:246:inblock in action'
actionpack (3.2.5) lib/action_dispatch/routing/route_set.rb:73:in call' actionpack (3.2.5) lib/action_dispatch/routing/route_set.rb:73:indispatch'
actionpack (3.2.5) lib/action_dispatch/routing/route_set.rb:36:in call' journey (1.0.4) lib/journey/router.rb:68:inblock in call'
journey (1.0.4) lib/journey/router.rb:56:in each' journey (1.0.4) lib/journey/router.rb:56:incall'
actionpack (3.2.5) lib/action_dispatch/routing/route_set.rb:600:in call' railties (3.2.5) lib/rails/engine.rb:479:incall'
railties (3.2.5) lib/rails/railtie/configurable.rb:30:in method_missing' journey (1.0.4) lib/journey/router.rb:68:inblock in call'
journey (1.0.4) lib/journey/router.rb:56:in each' journey (1.0.4) lib/journey/router.rb:56:incall'
actionpack (3.2.5) lib/action_dispatch/routing/route_set.rb:600:in call' omniauth (1.1.0) lib/omniauth/strategy.rb:177:incall!'
omniauth (1.1.0) lib/omniauth/strategy.rb:157:in call' omniauth (1.1.0) lib/omniauth/strategy.rb:177:incall!'
omniauth (1.1.0) lib/omniauth/strategy.rb:157:in call' omniauth (1.1.0) lib/omniauth/strategy.rb:177:incall!'
omniauth (1.1.0) lib/omniauth/strategy.rb:157:in call' omniauth (1.1.0) lib/omniauth/strategy.rb:177:incall!'
omniauth (1.1.0) lib/omniauth/strategy.rb:157:in call' omniauth (1.1.0) lib/omniauth/strategy.rb:177:incall!'
omniauth (1.1.0) lib/omniauth/strategy.rb:157:in call' omniauth (1.1.0) lib/omniauth/strategy.rb:177:incall!'
omniauth (1.1.0) lib/omniauth/strategy.rb:157:in call' sass (3.1.19) lib/sass/plugin/rack.rb:54:incall'
warden (1.1.1) lib/warden/manager.rb:35:in block in call' warden (1.1.1) lib/warden/manager.rb:34:incatch'
warden (1.1.1) lib/warden/manager.rb:34:in call' actionpack (3.2.5) lib/action_dispatch/middleware/best_standards_support.rb:17:incall'
rack (1.4.1) lib/rack/etag.rb:23:in call' rack (1.4.1) lib/rack/conditionalget.rb:35:incall'
actionpack (3.2.5) lib/action_dispatch/middleware/head.rb:14:in call' actionpack (3.2.5) lib/action_dispatch/middleware/params_parser.rb:21:incall'
actionpack (3.2.5) lib/action_dispatch/middleware/flash.rb:238:in call' rack (1.4.1) lib/rack/session/abstract/id.rb:205:incontext'
rack (1.4.1) lib/rack/session/abstract/id.rb:200:in call' actionpack (3.2.5) lib/action_dispatch/middleware/cookies.rb:338:incall'
activerecord (3.2.5) lib/active_record/query_cache.rb:64:in call' activerecord (3.2.5) lib/active_record/connection_adapters/abstract/connection_pool.rb:473:incall'
actionpack (3.2.5) lib/action_dispatch/middleware/callbacks.rb:28:in block in call' activesupport (3.2.5) lib/active_support/callbacks.rb:405:in_run__599555566__call__907623258__callbacks'
activesupport (3.2.5) lib/active_support/callbacks.rb:405:in __run_callback' activesupport (3.2.5) lib/active_support/callbacks.rb:385:in_run_call_callbacks'
activesupport (3.2.5) lib/active_support/callbacks.rb:81:in run_callbacks' actionpack (3.2.5) lib/action_dispatch/middleware/callbacks.rb:27:incall'
actionpack (3.2.5) lib/action_dispatch/middleware/reloader.rb:65:in call' actionpack (3.2.5) lib/action_dispatch/middleware/remote_ip.rb:31:incall'
actionpack (3.2.5) lib/action_dispatch/middleware/debug_exceptions.rb:16:in call' actionpack (3.2.5) lib/action_dispatch/middleware/show_exceptions.rb:56:incall'
railties (3.2.5) lib/rails/rack/logger.rb:26:in call_app' railties (3.2.5) lib/rails/rack/logger.rb:16:incall'
actionpack (3.2.5) lib/action_dispatch/middleware/request_id.rb:22:in call' rack (1.4.1) lib/rack/methodoverride.rb:21:incall'
rack (1.4.1) lib/rack/runtime.rb:17:in call' activesupport (3.2.5) lib/active_support/cache/strategy/local_cache.rb:72:incall'
rack (1.4.1) lib/rack/lock.rb:15:in call' actionpack (3.2.5) lib/action_dispatch/middleware/static.rb:62:incall'
rack-mini-profiler (0.1.7) lib/mini_profiler/profiler.rb:233:in call' railties (3.2.5) lib/rails/engine.rb:479:incall'
railties (3.2.5) lib/rails/application.rb:220:in call' rack (1.4.1) lib/rack/content_length.rb:14:incall'
railties (3.2.5) lib/rails/rack/log_tailer.rb:17:in call' rack (1.4.1) lib/rack/handler/webrick.rb:59:inservice'
c:/codeshopruby/lib/ruby/1.9.1/webrick/httpserver.rb:138:in service' c:/codeshopruby/lib/ruby/1.9.1/webrick/httpserver.rb:94:inrun'
c:/codeshopruby/lib/ruby/1.9.1/webrick/server.rb:191:in `block in start_thread'

Rendered c:/codeshopruby/lib/ruby/gems/1.9.1/gems/actionpack-3.2.5/lib/action_dispatch/middleware/templates/rescues/_trace.erb (3.0ms)
Rendered c:/codeshopruby/lib/ruby/gems/1.9.1/gems/actionpack-3.2.5/lib/action_dispatch/middleware/templates/rescues/_request_and_response.erb (2.0ms)
Rendered c:/codeshopruby/lib/ruby/gems/1.9.1/gems/actionpack-3.2.5/lib/action_dispatch/middleware/templates/rescues/diagnostics.erb within rescues/layout (26.0ms)

I can retrieve the event from my console just fine:
irb(main):007:0> Stripe::Event.retrieve("evt_0AZYkJQPKaMmhR").type
=> "customer.updated"

Do you have any ideas what I'm doing wrong?

Also, I understand that manually retrieving the event from the webhook increases security, but it the process this breaks the test webhooks and it also requires another request. Why didn't you just use the data payload in the hook itself?

[invisiblefunnel]

@barancw, thanks for posting. I think making the authentication step optional would be useful. I'll try add that to the next release. This forum post was the reason I decided to retrieve the event by default. Accommodating HTTP basic auth is also a feature I'd like to add.

It's unfortunate that retrieving the request breaks the "test webhooks" button. For manual testing, creating payments/customers/etc. in test mode through the dashboard will trigger webhooks. Those will have valid event information included.

I can't determine the cause of your issue from the details supplied. Can you post the subscriber block?

[barancw]

@invisiblefunnel, thanks for the reply -

Here's my subscribe block:

StripeEvent.registration do
  subscribe do |event|
    Rails.logger.info event
  end
end

At first I tried just an empty block, like this:

StripeEvent.registration do
  subscribe do |event|    
  end
end

I should be able to use a blank block and see in my logs that I send stripe a 200 status code when it sends the hook. Instead I'm sending a 500 because of the "nil" class error that I'm getting from the @event instance variable. I thought maybe my keys could be set wrong but I can make the call correctly from the console so my keys have to be set correctly.

Also - it's strange that I don't get the stripe error (Status 404) in my log output. Just the reference to the nil class.

Hopefully, I'm just making a dumb n00b error in the subscriber block :)

Thanks for your help,
Chris

[invisiblefunnel]

@barancw Your setup looks correct. I'll try to recreate the error and post back with my findings.

[barancw]

Here's a dump of my Gemfile.lock so you can see what versions I'm running:

GIT
  remote: https://github.com/barancw/active_sql_view.git
  revision: 613f2ee581b4d6fb8bea72713c9f4f56c97bb0fc
  branch: expand_dsl
  specs:
    active_illusion (0.0.2)
      activerecord (>= 3.2.5)
      squeel (>= 0.8.5)

GEM
  remote: http://rubygems.org/
  specs:
    actionmailer (3.2.5)
      actionpack (= 3.2.5)
      mail (~> 2.4.4)
    actionpack (3.2.5)
      activemodel (= 3.2.5)
      activesupport (= 3.2.5)
      builder (~> 3.0.0)
      erubis (~> 2.7.0)
      journey (~> 1.0.1)
      rack (~> 1.4.0)
      rack-cache (~> 1.2)
      rack-test (~> 0.6.1)
      sprockets (~> 2.1.3)
    activeadmin (0.4.4)
      bourbon (>= 1.0.0)
      devise (>= 1.1.2)
      fastercsv
      formtastic (~> 2.1.1)
      inherited_resources (>= 1.3.1)
      jquery-rails (>= 1.0.0)
      kaminari (>= 0.13.0)
      meta_search (>= 0.9.2)
      rails (>= 3.0.0)
      sass (>= 3.1.0)
    activemodel (3.2.5)
      activesupport (= 3.2.5)
      builder (~> 3.0.0)
    activerecord (3.2.5)
      activemodel (= 3.2.5)
      activesupport (= 3.2.5)
      arel (~> 3.0.2)
      tzinfo (~> 0.3.29)
    activeresource (3.2.5)
      activemodel (= 3.2.5)
      activesupport (= 3.2.5)
    activesupport (3.2.5)
      i18n (~> 0.6)
      multi_json (~> 1.0)
    addressable (2.2.8)
    arel (3.0.2)
    awesome_print (1.0.2)
    bcrypt-ruby (3.0.1)
    bcrypt-ruby (3.0.1-x86-mingw32)
    bourbon (2.1.0)
      sass (>= 3.1)
    builder (3.0.0)
    capistrano (2.12.0)
      highline
      net-scp (>= 1.0.0)
      net-sftp (>= 2.0.0)
      net-ssh (>= 2.0.14)
      net-ssh-gateway (>= 1.1.0)
    capybara (1.1.2)
      mime-types (>= 1.16)
      nokogiri (>= 1.3.3)
      rack (>= 1.0.0)
      rack-test (>= 0.5.4)
      selenium-webdriver (~> 2.0)
      xpath (~> 0.1.4)
    childprocess (0.3.3)
      ffi (~> 1.0.6)
    choice (0.1.6)
    chronic (0.6.7)
    coffee-rails (3.2.2)
      coffee-script (>= 2.2.0)
      railties (~> 3.2.0)
    coffee-script (2.2.0)
      coffee-script-source
      execjs
    coffee-script-source (1.3.3)
    country-select (1.1.1)
    devise (2.1.0)
      bcrypt-ruby (~> 3.0)
      orm_adapter (~> 0.0.7)
      railties (~> 3.1)
      warden (~> 1.1.1)
    diff-lcs (1.1.3)
    erubis (2.7.0)
    execjs (1.4.0)
      multi_json (~> 1.0)
    factory_girl (3.5.0)
      activesupport (>= 3.0.0)
    factory_girl_rails (3.5.0)
      factory_girl (~> 3.5.0)
      railties (>= 3.0.0)
    faraday (0.8.1)
      multipart-post (~> 1.1)
    fastercsv (1.5.5)
    ffi (1.0.11)
    formtastic (2.1.1)
      actionpack (~> 3.0)
    has_scope (0.5.1)
    hashie (1.2.0)
    highline (1.6.13)
    hike (1.2.1)
    httpauth (0.1)
    i18n (0.6.0)
    inherited_resources (1.3.1)
      has_scope (~> 0.5.0)
      responders (~> 0.6)
    journey (1.0.4)
    jquery-rails (2.0.2)
      railties (>= 3.2.0, < 5.0)
      thor (~> 0.14)
    json (1.7.3)
    kaminari (0.13.0)
      actionpack (>= 3.0.0)
      activesupport (>= 3.0.0)
      railties (>= 3.0.0)
    kgio (2.7.4)
    libwebsocket (0.1.3)
      addressable
    mail (2.4.4)
      i18n (>= 0.4.0)
      mime-types (~> 1.16)
      treetop (~> 1.4.8)
    meta_search (1.1.3)
      actionpack (~> 3.1)
      activerecord (~> 3.1)
      activesupport (~> 3.1)
      polyamorous (~> 0.5.0)
    mime-types (1.18)
    multi_json (1.3.6)
    multipart-post (1.1.5)
    mysql2 (0.3.11)
    mysql2 (0.3.11-x86-mingw32)
    net-scp (1.0.4)
      net-ssh (>= 1.99.1)
    net-sftp (2.0.5)
      net-ssh (>= 2.0.9)
    net-ssh (2.5.2)
    net-ssh-gateway (1.1.0)
      net-ssh (>= 1.99.1)
    nifty-generators (0.4.6)
    nokogiri (1.5.5)
    nokogiri (1.5.5-x86-mingw32)
    oauth (0.4.6)
    oauth2 (0.6.1)
      faraday (~> 0.7)
      httpauth (~> 0.1)
      multi_json (~> 1.3)
    omniauth (1.1.0)
      hashie (~> 1.2)
      rack
    omniauth-facebook (1.3.0)
      omniauth-oauth2 (~> 1.0.2)
    omniauth-google-apps (0.0.2)
      omniauth (~> 1.0)
      omniauth-openid (~> 1.0)
      ruby-openid-apps-discovery (~> 1.2.0)
    omniauth-oauth (1.0.1)
      oauth
      omniauth (~> 1.0)
    omniauth-oauth2 (1.0.2)
      oauth2 (~> 0.6.0)
      omniauth (~> 1.0)
    omniauth-openid (1.0.1)
      omniauth (~> 1.0)
      rack-openid (~> 1.3.1)
    omniauth-twitter (0.0.11)
      multi_json (~> 1.3)
      omniauth-oauth (~> 1.0)
    omniauth-windowslive (0.0.8.1)
      multi_json (>= 1.0.3)
      omniauth-oauth2 (~> 1.0)
    orm_adapter (0.0.7)
    polyamorous (0.5.0)
      activerecord (~> 3.0)
    polyglot (0.3.3)
    rack (1.4.1)
    rack-cache (1.2)
      rack (>= 0.4)
    rack-mini-profiler (0.1.7)
      rack (>= 1.1.3)
    rack-openid (1.3.1)
      rack (>= 1.1.0)
      ruby-openid (>= 2.1.8)
    rack-ssl (1.3.2)
      rack
    rack-test (0.6.1)
      rack (>= 1.0)
    rails (3.2.5)
      actionmailer (= 3.2.5)
      actionpack (= 3.2.5)
      activerecord (= 3.2.5)
      activeresource (= 3.2.5)
      activesupport (= 3.2.5)
      bundler (~> 1.0)
      railties (= 3.2.5)
    rails-erd (1.0.0)
      activerecord (>= 3.0)
      activesupport (>= 3.0)
      choice (~> 0.1.6)
      ruby-graphviz (~> 1.0.4)
    rails3_acts_as_paranoid (0.2.4)
      activerecord (~> 3.2)
    railties (3.2.5)
      actionpack (= 3.2.5)
      activesupport (= 3.2.5)
      rack-ssl (~> 1.3.2)
      rake (>= 0.8.7)
      rdoc (~> 3.4)
      thor (>= 0.14.6, < 2.0)
    raindrops (0.10.0)
    rake (0.9.2.2)
    rdoc (3.12)
      json (~> 1.4)
    responders (0.9.1)
      railties (~> 3.1)
    rest-client (1.6.7)
      mime-types (>= 1.16)
    rspec (2.10.0)
      rspec-core (~> 2.10.0)
      rspec-expectations (~> 2.10.0)
      rspec-mocks (~> 2.10.0)
    rspec-core (2.10.1)
    rspec-expectations (2.10.0)
      diff-lcs (~> 1.1.3)
    rspec-mocks (2.10.1)
    rspec-rails (2.10.1)
      actionpack (>= 3.0)
      activesupport (>= 3.0)
      railties (>= 3.0)
      rspec (~> 2.10.0)
    ruby-graphviz (1.0.8)
    ruby-openid (2.1.8)
    ruby-openid-apps-discovery (1.2.0)
      ruby-openid (>= 2.1.7)
    rubyzip (0.9.9)
    sass (3.1.19)
    sass-rails (3.2.5)
      railties (~> 3.2.0)
      sass (>= 3.1.10)
      tilt (~> 1.3)
    selenium-webdriver (2.24.0)
      childprocess (>= 0.2.5)
      libwebsocket (~> 0.1.3)
      multi_json (~> 1.0)
      rubyzip
    spork (1.0.0rc3)
    spork-rails (3.2.0)
      rails (>= 3.0.0, < 3.3.0)
      spork (>= 1.0rc0)
    sprockets (2.1.3)
      hike (~> 1.2)
      rack (~> 1.0)
      tilt (~> 1.1, != 1.3.0)
    sqlite3 (1.3.6)
    sqlite3 (1.3.6-x86-mingw32)
    squeel (1.0.7)
      activerecord (~> 3.0)
      activesupport (~> 3.0)
      polyamorous (~> 0.5.0)
    stripe (1.7.0)
      multi_json (~> 1.1)
      rest-client (~> 1.4)
    stripe_event (0.3.0)
      rails (~> 3.1)
      stripe (~> 1.6)
    thor (0.15.2)
    tilt (1.3.3)
    treetop (1.4.10)
      polyglot
      polyglot (>= 0.3.1)
    tzinfo (0.3.33)
    uglifier (1.2.4)
      execjs (>= 0.3.0)
      multi_json (>= 1.0.2)
    unicorn (4.3.1)
      kgio (~> 2.6)
      rack
      raindrops (~> 0.7)
    warden (1.1.1)
      rack (>= 1.0)
    whenever (0.7.3)
      activesupport (>= 2.3.4)
      chronic (~> 0.6.3)
    win32console (1.3.2)
    win32console (1.3.2-x86-mingw32)
    xpath (0.1.4)
      nokogiri (~> 1.3)

PLATFORMS
  ruby
  x86-mingw32

DEPENDENCIES
  active_illusion!
  activeadmin
  awesome_print
  capistrano
  capybara
  coffee-rails (~> 3.2.1)
  country-select
  devise
  factory_girl_rails
  formtastic
  inherited_resources
  jquery-rails
  kaminari
  meta_search
  mysql2
  nifty-generators
  nokogiri
  omniauth-facebook
  omniauth-google-apps
  omniauth-openid
  omniauth-twitter
  omniauth-windowslive
  rack-mini-profiler
  rails (= 3.2.5)
  rails-erd
  rails3_acts_as_paranoid
  rspec-rails
  ruby-openid
  sass-rails (~> 3.2.3)
  spork-rails
  sqlite3
  squeel
  stripe
  stripe_event
  uglifier (>= 1.0.3)
  unicorn
  whenever
  win32console

[barancw]

Here's a strange turn of events ... after running a database migration, the hooks are coming in now with a 200 status code. I'm going to keep digging into this. Very strange, these events should be unrelated. I didn't modify any of the stripe_event code.

before migration:

Started POST "/stripe-comm-hook" for 50.18.189.115 at 2012-08-13 14:29:11 -0400
Processing by StripeEvent::WebhookController#event as XML
Parameters: {"object"=>"event", "type"=>"coupon.created", "created"=>1344878943, "pending_webhooks"=>1, "data"=>{"object"=>{"redeem_by"=>1354345200, "duration_in_months"=>3, "percent_off"=>12, "max_redemptions"=>25, "object"=>"coupon", "id"=>"redeemby", "times_redeemed"=>0, "duration"=>"repeating", "livemode"=>false}}, "livemode"=>false, "id"=>"evt_0AnEFRdNhFVp2b", "webhook"=>{"object"=>"event", "type"=>"coupon.created", "created"=>1344878943, "pending_webhooks"=>1, "data"=>{"object"=>{"redeem_by"=>1354345200, "duration_in_months"=>3, "percent_off"=>12, "max_redemptions"=>25, "object"=>"coupon", "id"=>"redeemby", "times_redeemed"=>0, "duration"=>"repeating", "livemode"=>false}}, "livemode"=>false, "id"=>"evt_0AnEFRdNhFVp2b", "controller"=>"stripe_event/webhook", "action"=>"event"}}
WARNING: Can't verify CSRF token authenticity
Completed 500 Internal Server Error in 1ms

after migration:

Started POST "/stripe-comm-hook" for 50.18.189.113 at 2012-08-13 14:46:17 -0400
Processing by StripeEvent::WebhookController#event as XML
Parameters: {"object"=>"event", "type"=>"coupon.created", "created"=>1344879969, "pending_webhooks"=>1, "data"=>{"object"=>{"percent_off"=>75, "livemode"=>false, "object"=>"coupon", "times_redeemed"=>0, "duration_in_months"=>nil, "id"=>"redeembyrepeating", "max_redemptions"=>nil, "redeem_by"=>nil, "duration"=>"once"}}, "livemode"=>false, "id"=>"evt_0AnVogJdKZQTgh", "webhook"=>{"object"=>"event", "type"=>"coupon.created", "created"=>1344879969, "pending_webhooks"=>1, "data"=>{"object"=>{"percent_off"=>75, "livemode"=>false, "object"=>"coupon", "times_redeemed"=>0, "duration_in_months"=>nil, "id"=>"redeembyrepeating", "max_redemptions"=>nil, "redeem_by"=>nil, "duration"=>"once"}}, "livemode"=>false, "id"=>"evt_0AnVogJdKZQTgh", "controller"=>"stripe_event/webhook", "action"=>"event"}}
{"id":"evt_0AnVogJdKZQTgh","created":1344879969,"livemode":false,"object":"event","pending_webhooks":1,"type":"coupon.created","data":{"object":{"id":"redeembyrepeating","duration":"once","duration_in_months":null,"livemode":false,"max_redemptions":null,"object":"coupon","percent_off":75,"redeem_by":null,"times_redeemed":0}}}
Completed 200 OK in 903ms (ActiveRecord: 0.0ms)

After writing this, I realized I'm also missing this warning: WARNING: Can't verify CSRF token authenticity.
Isn't this warning supposed to happen?

[barancw]

Fix in pull request: #2

[invisiblefunnel]

There isn't a call to protect_from_forgery in StripeEvent::ApplicationController, so you shouldn't see the CSRF warning. My understanding is that it's not necessary since request authentication does not depend on session/cookies [0].

I'll continue this discussion in #2.

[invisiblefunnel]

Still an issue: #2 (comment).

[bousquet]

I will say that sometimes I do get a 200 and everything works just fine (I'm not sure why it sometimes works) but right now I'm getting the 500 error most of the time. The patch from pull request #2 seems to have solved the issue, but will test further today.