-
Notifications
You must be signed in to change notification settings - Fork 546
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Generate Signature #912
Comments
This is what @brandur-stripe responded with in the illustrative PR, for reference:
|
brandur-stripe
pushed a commit
that referenced
this issue
Apr 24, 2020
Exposes the `.compute_signature` method, which may be useful when testing webhook signing in test suites. I change the API slightly so that a caller isn't forced to do as much string mangling, and to match the one that we already have in stripe-go: ``` go func ComputeSignature(t time.Time, payload []byte, secret string) []byte { ``` Add basic documentation and test case. I also change a few things around so that we send `Time` objects around more often where applicable, and don't change then to Unix integers until the last moment that we need to. The one other alternative API I considered is this one, which would default the timestamp to the current time to allow the method to be called with one fewer arg: ``` ruby def self.compute_signature(payload, secret: timestamp: Time.now) ``` I decided against it in the end though because it does remove some explicitness, and it's not a big deal to just pass in `Time.now`, especially given that this is not expected to be a commonly used method. Fixes #912.
brandur-stripe
pushed a commit
that referenced
this issue
Apr 24, 2020
Exposes the `.compute_signature` method, which may be useful when testing webhook signing in test suites. I change the API slightly so that a caller isn't forced to do as much string mangling, and to match the one that we already have in stripe-go: ``` go func ComputeSignature(t time.Time, payload []byte, secret string) []byte { ``` Add basic documentation and test case. I also change a few things around so that we send `Time` objects around more often where applicable, and don't change then to Unix integers until the last moment that we need to. The one other alternative API I considered is this one, which would default the timestamp to the current time to allow the method to be called with one fewer arg: ``` ruby def self.compute_signature(payload, secret: timestamp: Time.now) ``` I decided against it in the end though because it does remove some explicitness, and it's not a big deal to just pass in `Time.now`, especially given that this is not expected to be a commonly used method. Fixes #912.
Released as 5.19.0. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We run a bunch of tests emulating possible stripe event payloads being sent to our webhook.
We'd also like to test the signature verification code. There doesn't seem to be an easy way to generate the signature: https://github.com/stripe/stripe-ruby/blob/master/lib/stripe/webhook.rb
Would you be open to making such a method public?
I've added a spike (non-complete) PR just to illustrate my thinking: #913
The text was updated successfully, but these errors were encountered: