Programmatically (dis)allow signing secret verification about laravel-stripe-webhooks HOT 8 CLOSED

in fact you already have what you need.
in spatie/laravel-stripe-webhooks/src/StripeSignatureValidator.php you have

class StripeSignatureValidator implements SignatureValidator
{
    public function isValid(Request $request, WebhookConfig $config): bool
    {
        if (! config('stripe-webhooks.verify_signature')) {
            return true;
        }
        ...
    }
}

seems to me all you need to do is set config(['stripe-webhooks.verify_signature' => false]); before running your test.

from laravel-stripe-webhooks.

Can you give an concrete example of a situation where you want to skip the signing secret verification?

from laravel-stripe-webhooks.

In testing environment you may want to skip this verification?

Just apply the middleware in staging and production.

In a local env you also have to deal with valet share and ngrok with unsupported SSL. So sending test webhooks from Stripe may be a little pain. In my case I use Postman to reach my webhook endpoint, but the signature verification stops me.

An option to apply the middleware based on a boolean (default true) would do the job.

Best

from laravel-stripe-webhooks.

You can set a non-https url in the Stripe dashboard.

from laravel-stripe-webhooks.

@sylouuu

Have you figured it out how to pass signature verification in your tests?

from laravel-stripe-webhooks.

@adriandmitroca Finally I didn't use this package. I've added myself a signature verification in production only.

from laravel-stripe-webhooks.

That's good to know, thanks. Anyway, if someone else will struggle with this in the future, my idea is to execute jobs separately in the tests to verify expected results.

There's no real need to test it any level higher, as those stuff is covered by package tests.

from laravel-stripe-webhooks.

I found a dirty solution for this...

Instead of using Route::stripeWebhooks('stripe/webhook');
Use your own controller : Route::post('stripe/webhook', 'WebhookController');

Then override the __construct method to use the VerifySignature middleware when you want :

use Spatie\StripeWebhooks\Middlewares\VerifySignature;
use Spatie\StripeWebhooks\StripeWebhooksController;

class WebhookController extends StripeWebhooksController
{
    public function __construct()
    {
        if (!in_array(app()->environment(), ['testing', 'local'])) {
            $this->middleware(VerifySignature::class);
        }
    }
}

from laravel-stripe-webhooks.