diff --git a/app/controllers/stripe_controller.rb b/app/controllers/stripe_controller.rb index dd5b8e5639..e81e951fb9 100644 --- a/app/controllers/stripe_controller.rb +++ b/app/controllers/stripe_controller.rb @@ -1,5 +1,5 @@ class StripeController < BaseController - def deauthorize + def webhook # TODO is there a sensible way to confirm this webhook call is actually from Stripe? event = Stripe::Event.construct_from(params) return render nothing: true, status: 204 unless event.type == "account.application.deauthorized" diff --git a/config/routes.rb b/config/routes.rb index 64243e39a3..1fcb2b6f7a 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -54,7 +54,7 @@ Openfoodnetwork::Application.routes.draw do end resource :stripe, only: [] do - post :deauthorize + post :webhook end namespace :admin do diff --git a/spec/controllers/stripe_controller_spec.rb b/spec/controllers/stripe_controller_spec.rb index dc9f32f5c7..ac10d08432 100644 --- a/spec/controllers/stripe_controller_spec.rb +++ b/spec/controllers/stripe_controller_spec.rb @@ -1,7 +1,7 @@ require 'spec_helper' describe StripeController do - describe "#deauthorize" do + describe "#webhook" do let!(:stripe_account) { create(:stripe_account, stripe_user_id: "webhook_id") } let(:params) do { @@ -15,7 +15,7 @@ describe StripeController do end it "deletes Stripe accounts in response to a webhook" do - post 'deauthorize', params + post 'webhook', params expect(response.status).to eq 200 expect(response.body).to eq "Account webhook_id deauthorized" expect(StripeAccount.all).not_to include stripe_account @@ -27,7 +27,7 @@ describe StripeController do end it "does nothing" do - post 'deauthorize', params + post 'webhook', params expect(response.status).to eq 204 expect(StripeAccount.all).to include stripe_account end @@ -39,7 +39,7 @@ describe StripeController do end it "does nothing" do - post 'deauthorize', params + post 'webhook', params expect(response.status).to eq 204 expect(StripeAccount.all).to include stripe_account end