Implemented the ability to bypass signature verification as a way to help with upgrading to 2.x. I would suggest this be removed once we get to 3.x.
In our particular case, we do not control the configuration - our users can set up an integration with stripe by providing credentials. It so happens that users on older versions of the API were not required to provide a signing secret. Upgrading to 2.x therefore breaks these implementations.
By default, signature verification is enforced. Set the skip_signature_verification attribute to true to bypass verification.
StripeEvent.skip_signature_verification = true
The implementation relies on using Stripe::Event.construct_from directly.
Coverage decreased (-0.8%) to 99.174% when pulling 6ef8344fc07c8fc1f7d951868c6873ea9f126378 on fullfabric:ability_to_bypass_signature_verification into 5ef85780acf3a6a474b3914920b5f6416c24d188 on integrallis:master.
Implemented the ability to bypass signature verification as a way to help with upgrading to 2.x. I would suggest this be removed once we get to 3.x.
In our particular case, we do not control the configuration - our users can set up an integration with stripe by providing credentials. It so happens that users on older versions of the API were not required to provide a signing secret. Upgrading to 2.x therefore breaks these implementations.
By default, signature verification is enforced. Set the skip_signature_verification attribute to true to bypass verification.
The implementation relies on using
Stripe::Event.construct_from
directly.