stripe_event 2.1.1 → 2.3.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a52368767b30c28e92ebf64e7ff30612ac619290ad20e68bbfe722df08d4692b
-  data.tar.gz: c59ec530c237cee41067a6f66cdd10d5f3be759e4f661b48656aeb8d0cb508e3
+  metadata.gz: 9e8bf3dc8abec723bb2c3278c725f754bbe7cd991f868a8854ff04bac7bc778f
+  data.tar.gz: 46b48dae96008e8e9f27c8d7e39aa5a022614d322f2a60845b249dd862cec82b
 SHA512:
-  metadata.gz: 0cef390de99616809fc7da580e9447420a6b78048618339a0352e2df485a98239d7bac00b19d2a9fcb2ec68312b2dbc7c5a7fb724b7ecdef53008aed5f857c1d
-  data.tar.gz: 6878b61c5766dd21346cb633e7ad85797bf6b0aae9fbf63f612cfe279f3aaf34b784e0e940dc5014cd8224c2925f4a7081a7bce1458a491a91567dad100c2490
+  metadata.gz: 56defdead871efd3c089a19db8382ded54786d7c899a39b6245e4b6c69e3a0a8379e792794aeb7bdbc9615f82ce107a528ea8953ac6c9a8d86c8ccd27a0e80a4
+  data.tar.gz: a91a63ef969c4e7cebac2ce7c083923a6d74cd3cfc166ea914c0956a3108edfc7591be179b44aa8fd10ce43dd8a4ec57119545f745f6a910f492b7c9ffcc98eb

data/.github/workflows/ci.yml

@@ -0,0 +1,37 @@
+name: CI
+on: [push, pull_request]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby: ["2.5", "2.6", "2.7"]
+        bundler: [default]
+        gemfile:
+          - rails5.1
+          - rails5.2
+          - rails6.0
+          - rails6.1
+          - stripe3
+          - stripe4
+          - stripe5
+        include:
+          - { ruby: "2.3", gemfile: "rails3.2", bundler: "1" }
+          - { ruby: "2.3", gemfile: "rails4.2", bundler: "1" }
+          - { ruby: "2.4", gemfile: "rails4.2", bundler: "1" }
+
+    env:
+      BUNDLE_GEMFILE: gemfiles/${{ matrix.gemfile }}.gemfile
+    steps:
+      # https://github.com/marketplace/actions/checkout
+      - uses: actions/checkout@v2
+      # https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler: ${{ matrix.bundler }}
+          bundler-cache: true # runs `bundle install` and caches gems automatically
+      - name: Run tests
+        run: bundle exec rake

data/Appraisals

@@ -12,7 +12,27 @@ appraise "rails5.1" do
 end
 
 appraise "rails5.2" do
-  gem "rails", ">= 5.2.0.rc1", "< 5.3"
+  gem "rails", "~> 5.2.0"
+end
+
+appraise "rails6.0" do
+  gem "rails", "~> 6.0.0"
+end
+
+appraise "rails6.1" do
+  gem "rails", "~> 6.1.0"
+end
+
+appraise "stripe3" do
+  gem "stripe", "~> 3.0"
+end
+
+appraise "stripe4" do
+  gem "stripe", "~> 4.0"
+end
+
+appraise "stripe5" do
+  gem "stripe", "~> 5.0"
 end
 
 appraise "rails_master" do

data/CHANGELOG.md

@@ -1,3 +1,31 @@
+### 2.3.2 (February 21, 2022)
+
+- Fix signature validation error if the first signing secret is nil (#146)
+- Update README (#143)
+- Setup github actions for CI (#147)
+
+### 2.3.1 (May 12, 2020)
+
+- Fix deprecation warning in Ruby 2.7 (#130)
+- Fixes tests for Stripe 5.19.0 (#133)
+
+### 2.3.0 (August 23, 2019)
+
+- Add support for Stripe v5.x (#119)
+- Add support for Rails v6.x to the build matrix (#119)
+
+### 2.2.0 (December 6, 2018)
+
+- Add support for Stripe v4.x (#119)
+- Documentation Updates and Fixes (#113 and #117)
+
+### 2.1.1 (January 31, 2018)
+
+- Adds better support for Rails 5.2 (#105, #106, #107)
+- `StripeEvent::WebhookController` now calls `skip_before_action :verify_authenticity_token` if `Rails.application.config.action_controller.default_protect_from_forgery` is set (as it is by default in Rails 5.2)
+
+### 2.1.0 (yanked)
+
 ### 2.0.0 (December 14, 2017)
 
 **Backwards incompatible release. [Signed webhooks are now required.](https://stripe.com/docs/webhooks#signatures).**

data/README.md

@@ -1,13 +1,12 @@
 # StripeEvent
 
-[![Build Status](https://secure.travis-ci.org/integrallis/stripe_event.svg)](http://travis-ci.org/integrallis/stripe_event)
-[![Dependency Status](https://gemnasium.com/integrallis/stripe_event.svg)](https://gemnasium.com/integrallis/stripe_event)
+[![Build Status](https://github.com/integrallis/stripe_event/workflows/CI/badge.svg)](https://github.com/integrallis/stripe_event/actions?query=workflow%3ACI)
 [![Gem Version](https://badge.fury.io/rb/stripe_event.svg)](http://badge.fury.io/rb/stripe_event)
 [![Code Climate](https://codeclimate.com/github/integrallis/stripe_event.svg)](https://codeclimate.com/github/integrallis/stripe_event)
 [![Coverage Status](https://coveralls.io/repos/integrallis/stripe_event/badge.svg)](https://coveralls.io/r/integrallis/stripe_event)
 [![Gem Downloads](https://img.shields.io/gem/dt/stripe_event.svg)](https://rubygems.org/gems/stripe_event)
 
-StripeEvent is built on the [ActiveSupport::Notifications API](http://api.rubyonrails.org/classes/ActiveSupport/Notifications.html). Incoming webhook requests are authenticated by [retrieving the event object](https://stripe.com/docs/api?lang=ruby#retrieve_event) from Stripe. Define subscribers to handle specific event types. Subscribers can be a block or an object that responds to `#call`.
+StripeEvent is built on the [ActiveSupport::Notifications API](http://api.rubyonrails.org/classes/ActiveSupport/Notifications.html). Incoming webhook requests are [authenticated with the webhook signature](#authenticating-webhooks-with-signatures). Define subscribers to handle specific event types. Subscribers can be a block or an object that responds to `#call`.
 
 ## Install
 
@@ -81,7 +80,7 @@ end
 
 ### Authenticating webhooks with signatures
 
-Stripe will cryptographically sign webhook payloads with a signature that is included in a special header sent with the request. Verifying this signature lets your application properly authenticate the request originated from Stripe. To leverage this feature, please set the `signing_secret` configuration value:
+Stripe will cryptographically sign webhook payloads with a signature that is included in a special header sent with the request. Verifying this signature lets your application properly authenticate the request originated from Stripe. **As of [v2.0.0](https://github.com/integrallis/stripe_event/releases/tag/v2.0.0), StripeEvent now mandates that this feature be used**. Please set the `signing_secret` configuration value:
 
 ```ruby
 StripeEvent.signing_secret = Rails.application.secrets.stripe_signing_secret
@@ -106,13 +105,6 @@ StripeEvent.signing_secrets = [
 
 If you have built an application that has multiple Stripe accounts--say, each of your customers has their own--you may want to define your own way of retrieving events from Stripe (e.g. perhaps you want to use the [account parameter](https://stripe.com/docs/connect/webhooks) from the top level to detect the customer for the event, then grab their specific API key). You can do this:
 
-```ruby
-StripeEvent.event_filter = lambda do |event|
-  api_key = Account.find_by!(stripe_account_id: event.account).api_key
-  Stripe::Event.retrieve(event.id, api_key)
-end
-```
-
 ```ruby
 class EventFilter
   def call(event)
@@ -173,11 +165,11 @@ end
 
 ## Testing
 
-Handling webhooks is a critical piece of modern billing systems. Verifying the behavior of StripeEvent subscribers can be done fairly easily by stubbing out the HTTP signature header used to authenticate the webhook request. Tools like [Webmock](https://github.com/bblimke/webmock) and [VCR](https://github.com/vcr/vcr) work well. [RequestBin](http://requestb.in/) is great for collecting the payloads. For exploratory phases of development, [UltraHook](http://www.ultrahook.com/) and other tools can forward webhook requests directly to localhost. You can check out [test-hooks](https://github.com/invisiblefunnel/test-hooks), an example Rails application to see how to test StripeEvent subscribers with RSpec request specs and Webmock. A quick look:
+Handling webhooks is a critical piece of modern billing systems. Verifying the behavior of StripeEvent subscribers can be done fairly easily by stubbing out the HTTP signature header used to authenticate the webhook request. Tools like [Webmock](https://github.com/bblimke/webmock) and [VCR](https://github.com/vcr/vcr) work well. [RequestBin](https://requestbin.com/) is great for collecting the payloads. For exploratory phases of development, [UltraHook](http://www.ultrahook.com/) and other tools can forward webhook requests directly to localhost. You can check out [test-hooks](https://github.com/invisiblefunnel/test-hooks), an example Rails application to see how to test StripeEvent subscribers with RSpec request specs and Webmock. A quick look:
 
 ```ruby
 # spec/requests/billing_events_spec.rb
-require 'spec_helper'
+require 'rails_helper'
 
 describe "Billing Events" do
   def bypass_event_signature(payload)
@@ -186,12 +178,12 @@ describe "Billing Events" do
   end
 
   describe "customer.created" do
-    let(:payload) { File.read("spec/support/fixtures/evt_customer_created.json")
-    before(:each) { bypass_event_signature payload }
+    let(:payload) { file_fixture('evt_customer_created.json').read }
+    before(:each) { bypass_event_signature(payload) }
 
     it "is successful" do
-      post '/_billing_events', body: payload
-      expect(response.code).to eq "200"
+      post '/_billing_events', params: payload
+      expect(response).to have_http_status(:success)
       # Additional expectations...
     end
   end

data/gemfiles/rails5.2.gemfile

@@ -2,6 +2,6 @@
 
 source "https://rubygems.org"
 
-gem "rails", ">= 5.2.0.rc1", "< 5.3"
+gem "rails", "~> 5.2.0"
 
 gemspec path: "../"

data/gemfiles/rails6.0.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 6.0.0"
+
+gemspec path: "../"

data/gemfiles/rails6.1.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 6.1.0"
+
+gemspec path: "../"

data/gemfiles/stripe3.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "stripe", "~> 3.0"
+
+gemspec path: "../"

data/gemfiles/stripe4.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "stripe", "~> 4.0"
+
+gemspec path: "../"

data/gemfiles/stripe5.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "stripe", "~> 5.0"
+
+gemspec path: "../"

data/lib/stripe_event/version.rb

@@ -1,3 +1,3 @@
 module StripeEvent
-  VERSION = "2.1.1"
+  VERSION = "2.3.2"
 end

data/lib/stripe_event.rb

@@ -18,11 +18,13 @@ module StripeEvent
       backend.instrument namespace.call(event.type), event if event
     end
 
-    def subscribe(name, callable = Proc.new)
+    def subscribe(name, callable = nil, &block)
+      callable ||= block
       backend.subscribe namespace.to_regexp(name), adapter.call(callable)
     end
 
-    def all(callable = Proc.new)
+    def all(callable = nil, &block)
+      callable ||= block
       subscribe nil, callable
     end
 
@@ -32,7 +34,7 @@ module StripeEvent
     end
 
     def signing_secret=(value)
-      @signing_secrets = Array(value)
+      @signing_secrets = Array(value).compact
     end
     alias signing_secrets= signing_secret=
 

data/spec/controllers/webhook_controller_spec.rb

@@ -12,16 +12,25 @@ describe StripeEvent::WebhookController, type: :controller do
 
   def generate_signature(params, secret)
     payload   = params.to_json
-    timestamp = Time.now.to_i
-    signature = Stripe::Webhook::Signature.send(:compute_signature, "#{timestamp}.#{payload}", secret)
-
-    "t=#{timestamp},v1=#{signature}"
+    timestamp = Time.now
+
+    # compute_signature was private until version 5.19.0 when it was made
+    # public and had it's API changed to split timestamp to a separate field.
+    signer = Stripe::Webhook::Signature.method(:compute_signature)
+    signature =
+      if signer.arity == 3
+        signer.call(timestamp, payload, secret)
+      else
+        signer.call("#{timestamp.to_i}.#{payload}", secret)
+      end
+
+    "t=#{timestamp.to_i},v1=#{signature}"
   end
 
   def webhook(signature, params)
     request.env['HTTP_STRIPE_SIGNATURE'] = signature
     request.env['RAW_POST_DATA'] = params.to_json # works with Rails 3, 4, or 5
-    post :event
+    post :event, body: params.to_json
   end
 
   def webhook_with_signature(params, secret = secret1)
@@ -123,4 +132,18 @@ describe StripeEvent::WebhookController, type: :controller do
       expect(response.code).to eq '200'
     end
   end
+
+  context "with multiple signing secrets first of which is nil" do
+    before(:each) { StripeEvent.signing_secrets = [nil, secret1, secret2] }
+
+    it "succeeds with valid signature from first secret" do
+      webhook_with_signature charge_succeeded, secret1
+      expect(response.code).to eq '200'
+    end
+
+    it "succeeds with valid signature from second secret" do
+      webhook_with_signature charge_succeeded, secret2
+      expect(response.code).to eq '200'
+    end
+  end
 end

data/stripe_event.gemspec

@@ -1,4 +1,4 @@
-$:.push File.expand_path("../lib", __FILE__)
+$LOAD_PATH.push File.expand_path("lib", __dir__)
 
 # Maintain your gem's version:
 require "stripe_event/version"
@@ -18,12 +18,12 @@ Gem::Specification.new do |s|
   s.test_files  = `git ls-files -- Appraisals {spec,gemfiles}/*`.split("\n")
 
   s.add_dependency "activesupport", ">= 3.1"
-  s.add_dependency "stripe", [">= 2.8", "< 4.0"]
+  s.add_dependency "stripe", [">= 2.8", "< 6"]
 
+  s.add_development_dependency "appraisal"
+  s.add_development_dependency "coveralls"
   s.add_development_dependency "rails", [">= 3.1"]
-  s.add_development_dependency "rake", "< 11.0"
+  s.add_development_dependency "rake"
   s.add_development_dependency "rspec-rails", "~> 3.7"
   s.add_development_dependency "webmock", "~> 1.9"
-  s.add_development_dependency "appraisal"
-  s.add_development_dependency "coveralls"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: stripe_event
 version: !ruby/object:Gem::Version
-  version: 2.1.1
+  version: 2.3.2
 platform: ruby
 authors:
 - Danny Whalen
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-01-31 00:00:00.000000000 Z
+date: 2022-02-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -33,7 +33,7 @@ dependencies:
         version: '2.8'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '4.0'
+        version: '6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -43,100 +43,100 @@ dependencies:
         version: '2.8'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '4.0'
+        version: '6'
 - !ruby/object:Gem::Dependency
-  name: rails
+  name: appraisal
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '3.1'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '3.1'
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: coveralls
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "<"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '11.0'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "<"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '11.0'
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: rspec-rails
+  name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.7'
+        version: '3.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.7'
+        version: '3.1'
 - !ruby/object:Gem::Dependency
-  name: webmock
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.9'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.9'
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: appraisal
+  name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.7'
 - !ruby/object:Gem::Dependency
-  name: coveralls
+  name: webmock
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.9'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.9'
 description: Stripe webhook integration for Rails applications.
 email: daniel.r.whalen@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/ci.yml"
 - ".gitignore"
 - ".rspec"
-- ".travis.yml"
 - Appraisals
 - CHANGELOG.md
 - CONTRIBUTING.md
@@ -150,7 +150,12 @@ files:
 - gemfiles/rails4.2.gemfile
 - gemfiles/rails5.1.gemfile
 - gemfiles/rails5.2.gemfile
+- gemfiles/rails6.0.gemfile
+- gemfiles/rails6.1.gemfile
 - gemfiles/rails_master.gemfile
+- gemfiles/stripe3.gemfile
+- gemfiles/stripe4.gemfile
+- gemfiles/stripe5.gemfile
 - lib/stripe_event.rb
 - lib/stripe_event/engine.rb
 - lib/stripe_event/version.rb
@@ -211,8 +216,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.0
+rubygems_version: 3.3.7
 signing_key: 
 specification_version: 4
 summary: Stripe webhook integration for Rails applications.
@@ -222,7 +226,12 @@ test_files:
 - gemfiles/rails4.2.gemfile
 - gemfiles/rails5.1.gemfile
 - gemfiles/rails5.2.gemfile
+- gemfiles/rails6.0.gemfile
+- gemfiles/rails6.1.gemfile
 - gemfiles/rails_master.gemfile
+- gemfiles/stripe3.gemfile
+- gemfiles/stripe4.gemfile
+- gemfiles/stripe5.gemfile
 - spec/controllers/webhook_controller_spec.rb
 - spec/dummy/README.rdoc
 - spec/dummy/Rakefile

data/.travis.yml

@@ -1,26 +0,0 @@
-language: ruby
-cache: bundler
-sudo: false
-
-rvm:
-  - 2.3.6
-  - 2.4.3
-  - 2.5.0
-
-gemfile:
-  - gemfiles/rails4.2.gemfile
-  - gemfiles/rails5.1.gemfile
-  - gemfiles/rails5.2.gemfile
-  - gemfiles/rails_master.gemfile
-
-matrix:
-  include:
-    - rvm: 2.3.6
-      gemfile: gemfiles/rails3.2.gemfile
-  allow_failures:
-    - gemfile: gemfiles/rails_master.gemfile
-  fast_finish: true
-
-notifications:
-  email:
-    - daniel.r.whalen+travis-ci@gmail.com