Merge pull request #591 from laravel/remove-event-checks

[9.0] Encourage usage of VerifyWebhookSignature middleware
laravel · Dec 12, 2018 · a292fdc · a292fdc
2 parents 2089f97 + 9a58614
commit a292fdc
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 38 deletions.
diff --git a/src/Http/Controllers/WebhookController.php b/src/Http/Controllers/WebhookController.php
@@ -2,17 +2,28 @@
 
 namespace Laravel\Cashier\Http\Controllers;
 
-use Exception;
 use Illuminate\Http\Request;
 use Laravel\Cashier\Cashier;
 use Illuminate\Support\Carbon;
-use Stripe\Event as StripeEvent;
 use Laravel\Cashier\Subscription;
 use Illuminate\Routing\Controller;
 use Symfony\Component\HttpFoundation\Response;
+use Laravel\Cashier\Http\Middleware\VerifyWebhookSignature;
 
 class WebhookController extends Controller
 {
+    /**
+     * Create a new webhook controller instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        if (config('services.stripe.webhook.secret')) {
+            $this->middleware(VerifyWebhookSignature::class);
+        }
+    }
+
     /**
      * Handle a Stripe webhook call.
      *
@@ -22,11 +33,6 @@ class WebhookController extends Controller
     public function handleWebhook(Request $request)
     {
         $payload = json_decode($request->getContent(), true);
-
-        if (! $this->isInTestingEnvironment() && ! $this->eventExistsOnStripe($payload['id'])) {
-            return;
-        }
-
         $method = 'handle'.studly_case(str_replace('.', '_', $payload['type']));
 
         if (method_exists($this, $method)) {
@@ -175,31 +181,6 @@ protected function getUserByStripeId($stripeId)
         return (new $model)->where('stripe_id', $stripeId)->first();
     }
 
-    /**
-     * Verify with Stripe that the event is genuine.
-     *
-     * @param  string  $id
-     * @return bool
-     */
-    protected function eventExistsOnStripe($id)
-    {
-        try {
-            return ! is_null(StripeEvent::retrieve($id, config('services.stripe.secret')));
-        } catch (Exception $e) {
-            return false;
-        }
-    }
-
-    /**
-     * Verify if cashier is in the testing environment.
-     *
-     * @return bool
-     */
-    protected function isInTestingEnvironment()
-    {
-        return getenv('CASHIER_ENV') === 'testing';
-    }
-
     /**
      * Handle calls to missing methods on the controller.
      *

diff --git a/tests/CashierTest.php b/tests/CashierTest.php
@@ -412,8 +412,8 @@ class User extends Eloquent
 
 class CashierTestControllerStub extends WebhookController
 {
-    protected function eventExistsOnStripe($id)
+    public function __construct()
     {
-        return true;
+        // Prevent setting middleware...
     }
 }
diff --git a/tests/WebhookControllerTest.php b/tests/WebhookControllerTest.php
@@ -29,13 +29,13 @@ public function testNormalResponseIsReturnedIfMethodIsMissing()
 
 class WebhookControllerTestStub extends WebhookController
 {
-    public function handleChargeSucceeded()
+    public function __construct()
     {
-        $_SERVER['__received'] = true;
+        // Prevent setting middleware...
     }
 
-    protected function eventExistsOnStripe($id)
+    public function handleChargeSucceeded()
     {
-        return true;
+        $_SERVER['__received'] = true;
     }
 }