Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Proxy Operator/Client Developer Rejects Unsigned Incoming Stripe Webhooks Events #66

Open
1 of 13 tasks
jalcine opened this issue May 10, 2020 · 2 comments
Open
1 of 13 tasks

Proxy Operator/Client Developer Rejects Unsigned Incoming Stripe Webhooks Events #66

jalcine opened this issue May 10, 2020 · 2 comments
Labels
code Work that will require some amount of programming enhancement New feature or request epic Work that will will likely cover a number of use cases. security Hone your security skills!

Comments

@jalcine
Copy link

jalcine commented May 10, 2020
edited by zspencer
Loading

Stripe, by design, has a method for signing and verifying messages sent to its API. This kind of security should be applied to the proxy when receiving messages and (perhaps also sending messages to the forwarded event listener endpoint).

Feature Definition

There are two scenarios in play here, one is for the Operator of the Compensated Proxy, and the other is for a Client Developer.

Here's the one for the Proxy

Scenario:  Proxy Rejects Unsigned Incoming Stripe Webhooks Events
  Given the Compensated Proxy is configured to validate Stripe events
  And the Compensated Proxy is forwarding events to a Downstream Listener
  When the proxy receives an Unsigned Stripe Event shaped like Stripe's payment events
  Then the proxy responds with an Unauthorized status code
  And the proxy does not forward the response to the Downstream Listener

And here's one for the Core library:

Scenario: Event Handler rejects Unsigned Stripe Webhook Events
  Given the Compensated Gem is configured to validate Stripe Events
  When an Unsigned Stripe Event is passed to the Request Handler
  Then the Request Handler raises an UnsignedEventError

We may want to split this into two issues; so that it's easier to close; or we can leave it as one big issue with as many patches as it takes to get this across the finish line.

This Issue May Be Closed When

  • The compensated-ruby library can verify incoming Stripe Event's Signature
    • There is a feature test with reasonable scenarios in place
      • The feature file exists
      • The steps are wired in
      • The feature passes in CI
    • And the compensated-ruby/CHANGELOG.md indicates that this feature exists
    • And it has been tested by a maintainer in a production-like capacity
    • And there has been a release of the compensated-ruby library.
  • The compensated-proxy application can verify incoming Stripe Event's signature
    • There is a feature test with reasonable scenarios in place
    • And the compensated-proxy/CHANGELOG.md indicates that this feature exists
    • And it has been tested by a maintainer in a production-like capacity
    • And there has been a release of the compensated-proxy application
@zspencer zspencer added code Work that will require some amount of programming enhancement New feature or request epic Work that will will likely cover a number of use cases. security Hone your security skills! labels May 11, 2020
@zspencer zspencer changed the title Compensated Proxy Verifies Signatures for Incoming Stripe Webhooks Events Operator Rejects Unsigned Incoming Stripe Webhooks Events May 11, 2020
@zspencer
Copy link
Member

Thanks @jalcine! This is a great issue!

I've taken some time to flesh out the acceptance criteria; feel free to edit it as you see fit!

I've also transferred you 20 patronage points as a way to say thank you for your contribution.

Feel free to pass them on to other folks who are doing work you appreciate, or hold on to them! Once Zinc starts generating revenue in excess of our operating costs, Contributors will be able to redeem them for cash.

@zspencer zspencer changed the title Operator Rejects Unsigned Incoming Stripe Webhooks Events Proxy Operator/Client Developer Rejects Unsigned Incoming Stripe Webhooks Events May 11, 2020
zspencer added a commit that referenced this issue May 30, 2020
@zspencer
Write feature tests for handling unsigned stripe events
82e18d7 
See: #66

This is just a small step, and doesn't include the actual implementation
but it gives us a seam to move forward with and generate user-facing
feature documentation from.
@zspencer zspencer mentioned this issue May 30, 2020
Merged
zspencer added a commit that referenced this issue May 30, 2020
@zspencer
Write feature tests for handling unsigned stripe events
b626180 
See: #66

This is just a small step, and doesn't include the actual implementation
but it gives us a seam to move forward with and generate user-facing
feature documentation from.
@zspencer
Copy link
Member

OK, feature tests are starting to be framed in. Would appreciate any feedback or commits from other people.

user512 pushed a commit that referenced this issue Jun 1, 2020
@zspencer
Write feature tests for handling unsigned stripe events (#74)
18049ea 
See: #66

This is just a small step, and doesn't include the actual implementation
but it gives us a seam to move forward with and generate user-facing
feature documentation from.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
code Work that will require some amount of programming enhancement New feature or request epic Work that will will likely cover a number of use cases. security Hone your security skills!
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zspencer @jalcine