Open fabswt opened 4 years ago
Hey @fabswt! Let me look into 1 and 2, I don't remember offhand how resend
hooks into our normal pipeline.
For 3: it should be safe for the CLI key to have write access to webhook endpoints.
Hey @fabswt, sorry for the late reply.
I spent some time trying to reproduce this issue and came up empty. stripe events resend
will resend the event with a new signature, because the signed payload includes a timestamp and the timestamp would of course not be the same. But the signing secret is the same and there's no reason the signature verification would fail on your end, especially if it succeeded when the original event was received.
Can you share the exception message when a SignatureVerificationException
is raised?
Hi!
I'm playing with Stripe CLI to try and make testing easier. e.g.: yesterday, I upgraded from an old version of the API and later realized I'd missed a bug due to the API change. In such a situation, the ability to replay events from the live server on the local development codebase proves super handy.
I created a gist to sum up what I learned:
https://gist.github.com/fabswt/415e4f05fb1015b72105627e86de5280
However, I have a couple of questions:
If I got this right, the webhook signature is meant to check the notification did come from Stripe. However, \Stripe\Webhook::constructEvent keeps failing when used with
events resend --live
(saying the signature is invalid)… so I actually had to disable the signature check (see gist.) How come?Yesterday, before I figured how to replay live events locally, I fixed the bug by testing the fix on our production server directly (it worked.) My question is: what would have happened if my local development codebase had handled the notification instead?
resend --live
) is the first to successfully response to the event, what happens next? Will Stripe resend the event to the production webhook or not? Or will I have to resend it?How safe (or not) is it to give a Restricted Key (generated by Stripe CLI) write rights on Webhook Endpoints?
Thanks for the clarifications!