Anti-pattern when instantiating Webhooks

[alexstewartja]

PROBLEM STATEMENT

I'm creating an app that makes it seamless for Django REST Framework users to integrate pinax-stripe into their workflow.

While implementing the Webhook View, I find it impossible to create a new Webhook instance, as I'm being greeted with AttributeError: 'Webhook' object has no attribute 'name'.

This is clearly due to the fact that the name attribute is being referenced from the Webhook's __init__ method, yet the only initial parameter available is event.

Even after removing the first two lines (64-65) of discrepant code (shown below), line 81 sustains the AttributeError.

DISCREPANT CODE:

• https://github.com/pinax/pinax-stripe/blob/aaeef4660d2c944e385504a0b0269d7915b52db8/pinax/stripe/webhooks.py#L64-L65
• https://github.com/pinax/pinax-stripe/blob/aaeef4660d2c944e385504a0b0269d7915b52db8/pinax/stripe/webhooks.py#L81

PROPOSED SOLUTION

Expunge the inconsonant lines of code and utilize the type attribute, which is sent on every webhook request from Stripe's servers. Use of the type attribute is an unerring way to map incoming webhooks to their respective Django signal.

So in point form:

• Remove lines 64-65
• Change line 81 to conform with the event's type attribute, i.e. signal = registry.get_signal(self.event.get('type'))

And here's a snippet of code (redacted for brevity) that I feel should be the optimal approach to broadcasting a signal, from within a Webhook View, as a result of a successful incoming webhook event:

... event = stripe.Webhook.construct_event(payload=self.request.body, sig_header=self.request.META['HTTP_STRIPE_SIGNATURE'], secret='REDACTED_WEBHOOK_SECRET') ... Webhook(event=event).send_signal() return HttpResponse(status=200)

JUSTIFICATION

As is apparent from the code snippet above, constructing a signed event using the core stripe library means we can subsequently trust all attributes of that event, including type.

[blueyed]

Sounds good to me.

[paltman]

I’m not following you.

Events are created by populating the kind attribute with the type parameter sent in the webhook.

[paltman]

Ok, having come back to this (I know it's a long time overdue) and giving this more thought, what you propose @alexstewartja makes a lot of sense. I think the origination of this pattern stems from the early days fo stripe webhooks when they were NOT signed and I don't believe had the type attribute. A LOT has changed since this was django-stripe-payments and the webhook endpoint was just a public URL that accepted blind JSON posts.