Incompatibility between stripe_event >= 1.8.0, < 2.0.0 and stripe < 2.8.0

[nfm]

Just ran into this, it looks like stripe_event 1.8.0 through 1.9.1 assumes Stripe::SignatureVerificationError is defined in app/controllers/stripe_event/webhook_controller.rb. However, for older versions of the stripe gem (< 2.8.0), this class is undefined.

This looks like it's been fixed in stripe_event 2.0.0 by https://github.com/integrallis/stripe_event/commit/7ba4aac84bce3cac8254d7a80aabfa4cedd361f5#diff-e9a787c387d464835a5c543f3a5d9dc8 where the minimum stripe version is set to >= 2.8.0.

I'm not sure if it's worth cutting a 1.9.2 release with a bumped stripe minimum dependency version. We were stuck on a quite old version of stripe for a while because stripe-ruby-mock fell behind and are only updating now, but stripe 2.8.0 has been out for almost a year now. If this is wontfix feel free to close, but I figured I'd open it anyway so that if anyone else runs into this, there'll be a search result in the issue list.

Thanks for your work on this gem :heart:

[nfm]

Actually, it looks like you can only hit this exception if you've configured StripeEvent.signing_secret.

Curiously, Ruby only raises NameError: uninitialized constant Stripe::SignatureVerificationError if the rescue block is hit at runtime. So the root problem is actually that Stripe::Webhook is undefined.

ie.

# This method is safe to call and returns `true`, even though Totally::Not::Defined::Error isn't defined
def some_method
  true
rescue Totally::Not::Defined::Error
end

# This method will raise `NameError: uninitialized constant Totally`
def another_method
  raise
rescue Totally::Not::Defined::Error
end

Weird!

[rmm5t]

Just ran into this, it looks like stripe_event 1.8.0 through 1.9.1 assumes Stripe::SignatureVerificationError is defined...However, for older versions of the stripe gem (< 2.8.0), this class is undefined.

True.

This looks like it's been fixed in stripe_event 2.0.0

True. I only realized this discrepancy when making the changes to move towards the v2.0.0 release. I ignored any further v1.9 changes because no one had run into this issue before.

Actually, it looks like you can only hit this exception if you've configured StripeEvent.signing_secret.

Also true.

Curiously, Ruby only raises NameError: uninitialized constant Stripe::SignatureVerificationError if the rescue block is hit at runtime.

Likely true. I believe this is because that constant isn't necessary until that rescue block is hit.

I'm not sure if it's worth cutting a 1.9.2 release with a bumped stripe minimum dependency version.

I'm willing to cut a new 1.9.2 release (and create a new 1-9-stable branch). Would this help you specifically, or are you just noting a potential issue for others?

[nfm]

Thanks @rmm5t.

Would this help you specifically, or are you just noting a potential issue for others?

We're stuck on stripe_event 1.9.1 for now due to another gem being incompatible with 2.x, but we were able to update stripe to > 2.8.0, so this isn't affecting us directly any more.

I'm mostly just documenting my finding in the hope that it'll save someone else some time!

[rmm5t]

I concede that this a bug with older versions of the gem, but I'm going to close this out with no action. If someone has a specific perfect storm environment that cannot get their dependencies in an optimal state, I'd be happy to revisit. Please chime in here again to request that this issue be re-opened.

@nfm Thanks for reporting and documenting this.

[Konstrukteur]

Hi, I am maintaining an app which is stuck with older versions of both gems and ran into this problem. Is there a way to get it working?