first commit

Author: clarkeash

.gitignore

@@ -0,0 +1,5 @@
+/vendor
+/.idea
+.DS_Store
+coverage.xml
+composer.lock

composer.json

@@ -0,0 +1,29 @@
+{
+    "name": "laravel-shield/stripe",
+    "description": "A stripe service for shield",
+    "type": "library",
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "Ashley Clarke",
+            "email": "[email protected]"
+        }
+    ],
+    "require": {
+        "laravel-shield/shield": "^1.0",
+        "stripe/stripe-php": "^5.3"
+    },
+    "require-dev": {
+        "laravel-shield/testing": "^1.0"
+    },
+    "autoload": {
+        "psr-4": {
+            "Shield\\Stripe\\": "src/"
+        }
+    },
+    "autoload-dev": {
+        "psr-4": {
+            "Shield\\Stripe\\Test\\": "tests/"
+        }
+    }
+}

phpunit.xml

@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit backupGlobals="false"
+         backupStaticAttributes="false"
+         bootstrap="vendor/autoload.php"
+         colors="true"
+         convertErrorsToExceptions="true"
+         convertNoticesToExceptions="true"
+         convertWarningsToExceptions="true"
+         processIsolation="false"
+         stopOnFailure="false">
+    <testsuites>
+
+        <testsuite name="Unit Tests">
+            <directory suffix="Test.php">./tests/Unit</directory>
+        </testsuite>
+
+    </testsuites>
+    <filter>
+        <whitelist processUncoveredFilesFromWhitelist="true">
+            <directory suffix=".php">./src</directory>
+        </whitelist>
+    </filter>
+    <php>
+        <env name="APP_ENV" value="testing"/>
+        <env name="CACHE_DRIVER" value="array"/>
+        <env name="SESSION_DRIVER" value="array"/>
+        <env name="QUEUE_DRIVER" value="sync"/>
+    </php>
+    <logging>
+        <log type="coverage-clover" target="coverage.xml" showUncoveredFiles="true"/>
+    </logging>
+</phpunit>

src/Stripe.php

@@ -0,0 +1,39 @@
+<?php
+
+namespace Shield\Stripe;
+
+use Illuminate\Http\Request;
+use Illuminate\Support\Collection;
+use Shield\Shield\Contracts\Service;
+use Stripe\Error\SignatureVerification;
+use Stripe\Webhook;
+use UnexpectedValueException;
+
+/**
+ * Class Service
+ *
+ * @package \Shield\Stripe
+ */
+class Stripe implements Service
+{
+    public function verify(Request $request, Collection $config): bool
+    {
+        try {
+            Webhook::constructEvent(
+                $request->getContent(),
+                $request->header('Stripe-Signature'),
+                $config->get('secret'),
+                $config->get('tolerance', Webhook::DEFAULT_TOLERANCE)
+            );
+        } catch (UnexpectedValueException | SignatureVerification $exception) {
+            return false;
+        }
+
+        return true;
+    }
+
+    public function headers(): array
+    {
+        return ['Stripe-Signature'];
+    }
+}

tests/Unit/ServiceTest.php

@@ -0,0 +1,111 @@
+<?php
+
+namespace Shield\Stripe\Test\Unit;
+
+use PHPUnit\Framework\Assert;
+use Shield\Shield\Contracts\Service;
+use Shield\Stripe\Stripe;
+use Shield\Testing\TestCase;
+
+/**
+ * Class ServiceTest
+ *
+ * @package \Shield\Stripe\Test
+ */
+class ServiceTest extends TestCase
+{
+    /**
+     * @var Stripe
+     */
+    private $service;
+
+    public function setUp()
+    {
+        parent::setUp();
+
+        $this->service = new Stripe;
+    }
+
+    /** @test */
+    public function it_is_a_service()
+    {
+        Assert::assertInstanceOf(Service::class, new Stripe);
+    }
+
+    /** @test */
+    public function it_can_verify_a_valid_request()
+    {
+        $token = 'raNd0mk3y';
+
+        $this->app['config']['shield.services.stripe.options.secret'] = $token;
+
+        $content = json_encode(['data' => 'sample content']);
+
+        $request = $this->request($content);
+
+        $time = time();
+
+        $signature = $time . '.' . $content;
+
+        $headers = [
+            'Stripe-Signature' => 't=' . $time . ',v1=' . hash_hmac('sha256', $signature, $token)
+        ];
+
+        $request->headers->add($headers);
+
+        Assert::assertTrue($this->service->verify($request, collect($this->app['config']['shield.services.stripe.options'])));
+    }
+
+    /** @test */
+    public function it_will_not_verify_a_bad_request()
+    {
+        $this->app['config']['shield.services.stripe.options.secret'] = 'good';
+
+        $content = json_encode(['data' => 'sample content']);
+
+        $request = $this->request($content);
+
+        $time = time();
+
+        $signature = $time . '.' . $content;
+
+        $headers = [
+            'Stripe-Signature' => 't=' . $time . ',v1=' . hash_hmac('sha256', $signature, 'bad')
+        ];
+
+        $request->headers->add($headers);
+
+        Assert::assertFalse($this->service->verify($request, collect($this->app['config']['shield.services.stripe.options'])));
+    }
+
+    /** @test */
+    public function it_will_fail_if_timestamp_is_over_tolerance()
+    {
+        $token = 'raNd0mk3y';
+
+        $this->app['config']['shield.services.stripe.options.secret'] = $token;
+        $this->app['config']['shield.services.stripe.options.tolerance'] = 60 * 5;
+
+        $content = 'sample content';
+
+        $request = $this->request($content);
+
+        $time = time() - 61 * 5; // 5 seconds over
+
+        $signature = $time . '.' . $content;
+
+        $headers = [
+            'Stripe-Signature' => 't=' . $time . ',v1=' . hash_hmac('sha256', $signature, $token)
+        ];
+
+        $request->headers->add($headers);
+
+        Assert::assertFalse($this->service->verify($request, collect($this->app['config']['shield.services.stripe.options'])));
+    }
+
+    /** @test */
+    public function it_has_correct_headers_required()
+    {
+        Assert::assertArraySubset(['Stripe-Signature'], $this->service->headers());
+    }
+}