#RafaCitec-checkout

👋 happy to help

Hello tarzan

My question is more about the product than the technique. Can the request for the credit card be disabled if the user enters a coupon that gives them access to my product for 6 months?

and when those 6 months have passed, request the credit card for payment if the user wants to continue using the application

we want them to use the app before requesting the card, but only for some users

if you're using Checkout this is not possible

you'd have to build this functionality yourself in a Custom Flow

in my app

with Stripe ? can't

right?

Stripe always need a credit card, is right?

if you're using Stripe Checkout then the answer is no. but you can use something else such as Stripe Elements

but this means you'd have to build and integrate with Stripe differently with more code to write

https://stripe.com/docs/payments/quickstart?platform=web

ok thanks, I have another question, this one is more technical

I have this code in Python

i am doing unit testing

and stripe.Webhook.construct_event never returns me a valid object

always return None

and payload and signature is catch of event in real time

this morning

but testing say "Webhook signature verification failed, No signatures found matching the expected signature for payload"

how you can see payload and signature are of same webhook event

unless the event was sent from Stripe it would be really difficult to test this out

but with this payload and signarture hardcoded

stripe.Webhook.construct_event(
payload=payload,
sig_header=signature,
secret=webhook_secret,
). must not works?

your fixture is wrong really

you return an object/dict from that stripe_payload function, which is wrong. The payload must be a String. It must be the exact raw string of a HTTP body. Not a Python dict, not the parsed Event object. A string from the HTTP body.

Ok, I'm going to try that, how long does it take to close this chat?

we close it when you haven't said anything in a while. Why do you ask?

not now, but sure that yes in a minutes

to be clear if you want to test this you'll have to set up something so that you can log/obtain/capture the exact raw incoming HTTP body at a low level in your server

probably you already have that if your signature verification works in general, so you would just capture an example of the strings you're passing into the construct_event functions in the production code

same error

this is payload and signature

as you can see the payload is wrapped in single quotes so python will have defined it as a string

what's the error exactly?

also bear in mind there is a timing component — when we verify the signature we also check that the signature was generated in the last 5 minutes(https://stripe.com/docs/webhooks/signatures#replay-attacks)

so it might be that

No signatures found matching the expected signature for payload

although I think if it's timing then you get a specific error message about it

Of course, if they have a verification that the signature was made in the last 5 minutes, I am not doing anything, mocking the signature, it will never work for me

yep!

really I just wouldn't unit test this, I don't understand why you're doing it since all you're testing is Stripe's own library

wouldn't the correct test be to just mock the Stripe part, have a fixture for what the event object is, and test what your own code does when it's handling the event?

well, I'm testing a component that has the Stripe library inside, I don't want to test the library, it's collateral damage

yeah I'd still just set up the tests to mock the Stripe parts as much as you can

Ok, thanks