From e3f6f8db227b341df70b5546fe75b0b5e4083f76 Mon Sep 17 00:00:00 2001
From: Matthew Wire <mjw@mjwconsult.co.uk>
Date: Wed, 12 Jan 2022 10:13:31 +0000
Subject: [PATCH] Add support for webhook signing

---
 CRM/Core/Payment/Stripe.php | 35 ++++++++++++++++++++++++++++++++++-
 docs/install.md             | 28 +++++++++++++++++++---------
 stripe.mgd.php              |  7 +++----
 3 files changed, 56 insertions(+), 14 deletions(-)

diff --git a/CRM/Core/Payment/Stripe.php b/CRM/Core/Payment/Stripe.php
index b57b01e3..1fd3ea76 100644
--- a/CRM/Core/Payment/Stripe.php
+++ b/CRM/Core/Payment/Stripe.php
@@ -14,6 +14,7 @@ use CRM_Stripe_ExtensionUtil as E;
 use Civi\Payment\PropertyBag;
 use Stripe\Stripe;
 use Civi\Payment\Exception\PaymentProcessorException;
+use Stripe\Webhook;
 
 /**
  * Class CRM_Core_Payment_Stripe
@@ -71,6 +72,13 @@ class CRM_Core_Payment_Stripe extends CRM_Core_Payment {
     return trim($paymentProcessor['user_name'] ?? '');
   }
 
+  /**
+   * @return string
+   */
+  public function getWebhookSecret(): string {
+    return trim($this->_paymentProcessor['signature']);
+  }
+
   /**
    * Given a payment processor id, return the public key
    *
@@ -1185,7 +1193,32 @@ class CRM_Core_Payment_Stripe extends CRM_Core_Payment {
       // We don't handle this event
       return;
     }
-    $ipnClass->setVerifyData(TRUE);
+
+    $webhookSecret = $this->getWebhookSecret();
+    if (!empty($webhookSecret)) {
+      $sigHeader = $_SERVER['HTTP_STRIPE_SIGNATURE'];
+
+      try {
+        Webhook::constructEvent(
+          $rawData, $sigHeader, $webhookSecret
+        );
+        $ipnClass->setVerifyData(FALSE);
+      } catch (\UnexpectedValueException $e) {
+        // Invalid payload
+        \Civi::log()->error('Stripe webhook signature validation error: ' . $e->getMessage());
+        http_response_code(400);
+        exit();
+      } catch (\Stripe\Exception\SignatureVerificationException $e) {
+        // Invalid signature
+        \Civi::log()->error('Stripe webhook signature validation error: ' . $e->getMessage());
+        http_response_code(400);
+        exit();
+      }
+    }
+    else {
+      $ipnClass->setVerifyData(TRUE);
+    }
+
     $ipnClass->onReceiveWebhook();
   }
 
diff --git a/docs/install.md b/docs/install.md
index 320b6c7d..a1a75197 100644
--- a/docs/install.md
+++ b/docs/install.md
@@ -1,22 +1,32 @@
 # Install / Configuration
-Please do help improve this documentation by submitting a PR or contacting me.
+
+## Installation
+**The [mjwshared](https://lab.civicrm.org/extensions/mjwshared) extension is required and MUST be installed.**
+
+**If using drupal webform or other integrations that use Contribution.transact API you should install the [contributiontransactlegacy](https://github.com/mjwconsult/civicrm-contributiontransactlegacy) extension to work around issues with that API.**
+
+The extension will show up in the extensions browser for automated installation.
+Otherwise, download and install as you would for any other CiviCRM extension.
 
 ## Configuration
 
 ### Stripe
-Create an API key by logging in to your Stripe dashboard and selecting [API keys](https://dashboard.stripe.com/account/apikeys) from the left navigation.  You can use the standard key, or you can click "Create restricted key" to have a more limited key.  Example key restrictions are listed below.
+
+Stripe automatically provides both a live and test account for you. Toggle the "test" switch in the Stripe dashboard to switch between the two accounts.
+
+Create API keys and a webhook secret by logging in to your Stripe dashboard and selecting
+[API keys](https://dashboard.stripe.com/account/apikeys) from the menu. You can use the
+standard key, or you can click "Create restricted key" to have a more limited key.
+Example key restrictions are listed below.
 
 ### CiviCRM
-All configuration is in the standard Payment Processors settings area in CiviCRM admin (**Administer menu > System Settings > Payment Processors**).
-Add a payment processor and enter your *Publishable* and *Secret* keys given by stripe.com.
 
-## Installation
-**The [mjwshared](https://lab.civicrm.org/extensions/mjwshared) extension is required and MUST be installed.**
+Configure a Stripe payment processor in the same way as you would for any other payment processor in CiviCRM.
 
-**If using drupal webform or other integrations that use Contribution.transact API you should install the [contributiontransactlegacy](https://github.com/mjwconsult/civicrm-contributiontransactlegacy) extension to work around issues with that API.**
+All configuration is in the standard Payment Processors settings area in CiviCRM admin (**Administer menu > System Settings > Payment Processors**).
 
-The extension will show up in the extensions browser for automated installation.
-Otherwise, download and install as you would for any other CiviCRM extension.
+Add a payment processor, select "Stripe" as the type and enter your
+*Publishable* and *Secret* keys and your *webhook secret* from the Stripe Dashboard.
 
 ## Permissions
 
diff --git a/stripe.mgd.php b/stripe.mgd.php
index 486bf445..179edd28 100644
--- a/stripe.mgd.php
+++ b/stripe.mgd.php
@@ -17,10 +17,9 @@ return [
       'class_name' => 'Payment_Stripe',
       'user_name_label' => 'Publishable key',
       'password_label' => 'Secret Key',
-      'url_site_default' => 'https://api.stripe.com/v2',
-      'url_recur_default' => 'https://api.stripe.com/v2',
-      'url_site_test_default' => 'https://api.stripe.com/v2',
-      'url_recur_test_default' => 'https://api.stripe.com/v2',
+      'signature_label' => 'Webhook Secret',
+      'url_site_default' => 'http://unused.com',
+      'url_site_test_default' => 'http://unused.com',
       'billing_mode' => 1,
       'payment_type' => 1,
       'is_recur' => 1,
-- 
GitLab