search

integrallis / stripe_event

Stripe webhook integration for Rails applications.
https://rubygems.org/gems/stripe_event
MIT License
840 stars 107 forks source link

Ability to bypass signature verification #137

Open luis-ca opened 3 years ago

luis-ca commented 3 years ago

Implemented the ability to bypass signature verification as a way to help with upgrading to 2.x. I would suggest this be removed once we get to 3.x.

In our particular case, we do not control the configuration - our users can set up an integration with stripe by providing credentials. It so happens that users on older versions of the API were not required to provide a signing secret. Upgrading to 2.x therefore breaks these implementations.

By default, signature verification is enforced. Set the skip_signature_verification attribute to true to bypass verification.

StripeEvent.skip_signature_verification = true

The implementation relies on using Stripe::Event.construct_from directly.

coveralls commented 3 years ago

Coverage Status

Coverage decreased (-0.8%) to 99.174% when pulling 6ef8344fc07c8fc1f7d951868c6873ea9f126378 on fullfabric:ability_to_bypass_signature_verification into 5ef85780acf3a6a474b3914920b5f6416c24d188 on integrallis:master.