Monimolimnion | Stripe Developers | Page 1

vital flintBOT Feb 6, 2023, 4:16 PM

#

silver bramble Feb 6, 2023, 4:17 PM

#

Hi there

rich forge Feb 6, 2023, 4:17 PM

#

hi

silver bramble Feb 6, 2023, 4:17 PM

#

Hmm so this was working previously in terms of verifying signatures?

rich forge Feb 6, 2023, 4:17 PM

#

yes

silver bramble Feb 6, 2023, 4:18 PM

#

Are you using Cashier

#

?

rich forge Feb 6, 2023, 4:18 PM

#

No

silver bramble Feb 6, 2023, 4:18 PM

#

Can you share your webhook endpoint code?

rich forge Feb 6, 2023, 4:18 PM

#

sure

#

<?php

namespace App\Listeners;

use Illuminate\Contracts\Queue\ShouldQueue;
use Spatie\WebhookClient\Models\WebhookCall;

use App\Mail\CshopConfirmation;
use App\Mail\CustomerConfirmation;
use Illuminate\Support\Facades\Mail;
use Illuminate\Support\Facades\Log;

use App\Models\Booking;

class CheckoutSessionCompleted implements ShouldQueue
{
    public function handle(WebhookCall $webhookCall)
    {
        function print_log($val) {
            return file_put_contents('php://stderr', print_r($val, TRUE));
          }
        
        //extract reference from webhook payload (put there by the CheckoutController)
        $reference = $webhookCall->payload['data']['object']['metadata']['reference'];
        
        //get booking from database
        $booking = Booking::where('reference','=',$reference)->first();
        
        //set complete flag to 1
        $booking->complete = 1;

        //extract items to variable and decode back to an array (it's stored as a string in the DB)
        $items = $booking->items;

        $booking->items = json_decode($items, true);

        //save the booking
        $booking->save();


         // send e-mails
    }
}

#

The listener listens for successful payment so it can update the order stored in the database and send e-mails

#

Another weird thing is, there's no Stripe event for the error in question

silver bramble Feb 6, 2023, 4:19 PM

#

Oh

#

Well that likely explains it

#

Someone is trying to hit your endpoint

#

Would be my guess

rich forge Feb 6, 2023, 4:20 PM

#

[2023-02-06 11:05:26] production.ERROR: The signature is invalid. {"exception":"[object] (Spatie\\WebhookClient\\Exceptions

#

but there are no events at that time

silver bramble Feb 6, 2023, 4:21 PM

#

Right that likely means that either someone attempted to POST to your endpoint maliciously or by accident but your endpoint is doing the right thing and verifying the signature so that person can't access your endpoint.

#

Have you double checked that you can trigger an Event in testmode and it processes it successfully

#

?

rich forge Feb 6, 2023, 4:21 PM

#

Yes, and I have had successful payments through the live mode this morning too

silver bramble Feb 6, 2023, 4:22 PM

#

Okay then yeah all sounds like it is working fine.

#

What you could do is you could add logs to track the IP address that is hitting your endpoint

#

We have a list of our IPs here: https://stripe.com/docs/ips#webhook-notifications

#

So you'll know that it is someone other than Stripe if you see this again and you know it is safe to ignore.

rich forge Feb 6, 2023, 4:24 PM

#

hmm ok, I will look at the Laravel docs to see how to go about that

#

thanks

#Monimolimnion