如何在条带中测试订阅续订流程? [英] How can I test subscription renewal flows in stripe?

问题描述

我想在订阅付款(或失败)时测试我的应用程序对来自条带的 webhook 事件的处理.这是我迄今为止尝试过的:

I want to test my application's handling of webhook events from stripe when a subscription payment has been made (or failed). Here is what I've tried so far:

• 设置新订阅
• 将用户的信用卡更新为可以添加到帐户但无法实际收费的信用卡
• 将试用结束日期更改为一秒后
• 等待几秒钟，等待 Webhook 发送

但是，根据文档:

如果您配置了 webhook，发票将在最后一个 webhook 成功发送(或最后一个 webhook 失败后超时)后等待一小时.

If you have configured webhooks, the invoice will wait until one hour after the last webhook is successfully sent (or the last webhook times out after failing).

一个小时的等待时间很长，因为我正在尝试将其作为自动化集成测试套件的一部分.

One hour is a long time to wait, since I am trying to do this as part of an automated integration test suite.

一个建议(来自 IRC)是伪造 webhook 请求，以便我的集成测试发送事件，而不是 Stripe 发送它.但是，由于 Stripe 在 webhook 中不包含任何类型的 HMAC，我无法信任负载中的数据.因此，我的应用程序仅从 webhook 负载中获取事件 ID，并从 Stripe API 中获取事件:

One suggestion (from IRC) is to fake out the webhook request, so that my integration test sends the event, instead of Stripe sending it. However, since Stripe doesn't include any sort of HMAC in the webhooks, I can't trust the data in the payload. So, my application just takes the event ID from the webhook payload and fetches the event from the Stripe API:

如果担心安全性，或者如果确认 Stripe 发送了网络钩子很重要，您应该只使用网络钩子中发送的 ID，并应直接从 API 请求其余详细信息.

If security is a concern, or if it's important to confirm that Stripe sent the webhook, you should only use the ID sent in your webhook and should request the remaining details from the API directly.

如果我试图为我的测试注入假事件(按设计)，这显然不起作用.

This will obviously not work if I am trying to inject fake events for my test (by design).

测试此类场景的最佳做法是什么?

What are the best practices for testing this sort of scenario?

推荐答案

似乎没有完美的方法可以做到这一点.正如@koopajah 在 评论中所建议的，我在我的应用程序中添加了一个配置值，该值将禁止从 Stripe 获取事件，而只是信任 webhook 中的事件数据.这使我能够以几乎与在生产中工作相同的方式来测试我的流程，因为 webhook 中的事件数据和从 Stripe 获取的事件是相同的(假设它是一个真实的 webhook 请求:)

It seems there isn't a perfect way to do this. As suggested by @koopajah in a comment, I added a configuration value in my application that will disable fetching the event from Stripe, and instead just trust the event data in the webhook. This allows me to test my flow in almost the same way as it would work on production, since the event data in the webhook and the event fetched from Stripe are identical (assuming it is an authentic webhook request :)

除非/直到 Stripe 在 webhook 请求中包含一个 HMAC 签名以验证它来自他们，我认为这是解决问题的最佳方法.

Unless/until Stripe includes an HMAC signature in the webhook request to authenticate that it came from them, I think this is the best way to solve the problem.

这篇关于如何在条带中测试订阅续订流程?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！