Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[9.0] Encourage usage of VerifyWebhookSignature middleware #591

Merged
merged 1 commit into from Dec 12, 2018
Merged

[9.0] Encourage usage of VerifyWebhookSignature middleware #591

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
45 changes: 13 additions & 32 deletions src/Http/Controllers/WebhookController.php
View file
Open in desktop
Expand Up @@ -2,17 +2,28 @@

namespace Laravel\Cashier\Http\Controllers;

use Exception;
use Illuminate\Http\Request;
use Laravel\Cashier\Cashier;
use Illuminate\Support\Carbon;
use Stripe\Event as StripeEvent;
use Laravel\Cashier\Subscription;
use Illuminate\Routing\Controller;
use Symfony\Component\HttpFoundation\Response;
use Laravel\Cashier\Http\Middleware\VerifyWebhookSignature;

class WebhookController extends Controller
{
/**
* Create a new webhook controller instance.
*
* @return void
*/
public function __construct()
{
if (config('services.stripe.webhook.secret')) {
$this->middleware(VerifyWebhookSignature::class);
}
}

/**
* Handle a Stripe webhook call.
*
Expand All @@ -22,11 +33,6 @@ class WebhookController extends Controller
public function handleWebhook(Request $request)
{
$payload = json_decode($request->getContent(), true);

if (! $this->isInTestingEnvironment() && ! $this->eventExistsOnStripe($payload['id'])) {
return;
}

$method = 'handle'.studly_case(str_replace('.', '_', $payload['type']));

if (method_exists($this, $method)) {
Expand Down Expand Up @@ -175,31 +181,6 @@ protected function getUserByStripeId($stripeId)
return (new $model)->where('stripe_id', $stripeId)->first();
}

/**
* Verify with Stripe that the event is genuine.
*
* @param string $id
* @return bool
*/
protected function eventExistsOnStripe($id)
{
try {
return ! is_null(StripeEvent::retrieve($id, config('services.stripe.secret')));
} catch (Exception $e) {
return false;
}
}

/**
* Verify if cashier is in the testing environment.
*
* @return bool
*/
protected function isInTestingEnvironment()
{
return getenv('CASHIER_ENV') === 'testing';
}

/**
* Handle calls to missing methods on the controller.
*
Expand Down
4 changes: 2 additions & 2 deletions tests/CashierTest.php
View file
Open in desktop
Expand Up @@ -410,8 +410,8 @@ class User extends Eloquent

class CashierTestControllerStub extends WebhookController
{
protected function eventExistsOnStripe($id)
public function __construct()
{
return true;
// Prevent setting middleware...
}
}
8 changes: 4 additions & 4 deletions tests/WebhookControllerTest.php
View file
Open in desktop
Expand Up @@ -29,13 +29,13 @@ public function testNormalResponseIsReturnedIfMethodIsMissing()

class WebhookControllerTestStub extends WebhookController
{
public function handleChargeSucceeded()
public function __construct()
{
$_SERVER['__received'] = true;
// Prevent setting middleware...
}

protected function eventExistsOnStripe($id)
public function handleChargeSucceeded()
{
return true;
$_SERVER['__received'] = true;
}
}