#cipater-webhook

1 messages · Page 1 of 1 (latest)

proud ridge
#

Hi cipater, did you pass in the secret from the CLI to the construct_event method?

ionic mortar
#

I did

proud ridge
#

can you show me the code snippet?

ionic mortar
# 
def verified_event
  payload = request.body.read
  signature = request.headers['Stripe-Signature']

  Stripe::Webhook.construct_event(
    payload,
    signature,
    StripeIntegration.signing_secret.to_s
  )
end
#

where StripeIntegration.signing_secret contains the whsec_ token from the CLI

#

fwiw, this is an integration that has been working for a little over year. with lots of CLI testing during that time, and as recently as a month ago or so.

#

the only notable thing today was when starting the CLI, i received a message about the access key expiring, so i had to run stripe login again. but otherwise...

proud ridge
#

Can you parse the payload by calling JSON.parse(payload, symbolize_names: true) before passing it to the construct_event method?

ionic mortar
#

one moment...

#

same outcome.

#

payment_intent.created and payment_intent.amount_capturable_updated events are being constructed/verified without issue. charge.succeeded fails every time.

proud ridge
#

That is strange, do you handle charge.succeeded differently?

ionic mortar
#

nope. here's the full controller:

# 
module StripeIntegration
  class WebhookController < ActionController::API
    def event
      StripeIntegration::WebhookEventHandler.call(verified_event)
      head :ok
    rescue JSON::ParserError
      head :bad_request
    rescue Stripe::SignatureVerificationError
      head :bad_request
    rescue StripeIntegration::WebhookEventHandler::LockAquisitionError
      head :bad_request
    end

    private

    def verified_event
      payload = request.body.read
      payload = JSON.parse(payload, symbolize_names: true)
      signature = request.headers['Stripe-Signature'] 

      Stripe::Webhook.construct_event(
        payload,
        signature,
        StripeIntegration.signing_secret.to_s
      )
    end
  end
end
#

WebhookEventHandler branches on event type, but that's only after verification of the signature

proud ridge
#

signature = request.env['HTTP_STRIPE_SIGNATURE'];
can you change this line?

#

I mean change signature = request.headers['Stripe-Signature']
to signature = request.env['HTTP_STRIPE_SIGNATURE'];

ionic mortar
#

same outcome

#

the header contains the expected values: t=<timestamp>,v1=<signature>

proud ridge
#

OK, sorry please the line of code payload = JSON.parse(payload, symbolize_names: true), it is not required to parse the payload

ionic mortar
#

not sure if it's noteworthy or expected, but charge.succeeded only contains the v1 scheme while the other events contain both v1 and v0 schemes

proud ridge
#

I see,

ionic mortar
#

i did actually already remove that before making the request.env change

proud ridge
#

we use v0 to verify during development, and v1 is for produciton

ionic mortar
#

ahh, interesting

proud ridge
ionic mortar
#

it seems then i'm receiving an event without the v0 scheme in the HTTP_STRIPE_SIGNATURE header

proud ridge
#

Yup that is why it fails in charge.succeeded events only

ionic mortar
#

given that that omission is on the stripe side of things, i'm not quite sure how to proceed. thoughts?

proud ridge
#

can I have the event ID of the charge.succeded event so I can take allok?

ionic mortar
#

evt_3K1QImItk6ybx3Jp2prNz1hP

proud ridge
#

Hi cipater, I might need more time to investigate further, do you mind to write in so that we can follow up? https://support.stripe.com/contact

Stripe: Help & Support

Find help and support for Stripe. Our support center provides answers on all types of situations, including account information, charges and refunds, and subscriptions information. Get your questions answered and find international support for Stripe.

ionic mortar
#

should i pick Send us an email and reference this thread?

#

done