Respond to Stripe webhook with status of 204 if specified account is not found

2026-01-27 21:06:49 +00:00 · 2017-09-22 17:32:31 +10:00
parent db5503dd80
commit e486dbd4f8
2 changed files with 4 additions and 4 deletions
--- a/app/controllers/admin/stripe_accounts_controller.rb
+++ b/app/controllers/admin/stripe_accounts_controller.rb
@@ -45,13 +45,13 @@ module Admin
    def deauthorize
      # TODO is there a sensible way to confirm this webhook call is actually from Stripe?
      event = Stripe::Event.construct_from(params)
-      return render nothing: true, status: 400 unless event.type == "account.application.deauthorized"
+      return render nothing: true, status: 204 unless event.type == "account.application.deauthorized"

      destroyed = StripeAccount.where(stripe_user_id: event.account).destroy_all
      if destroyed.any?
        render text: "Account #{event.account} deauthorized", status: 200
      else
-        render nothing: true, status: 400
+        render nothing: true, status: 204
      end
    end

--- a/spec/controllers/admin/stripe_accounts_controller_spec.rb
+++ b/spec/controllers/admin/stripe_accounts_controller_spec.rb
@@ -117,7 +117,7 @@ describe Admin::StripeAccountsController, type: :controller do

      it "does nothing" do
        post 'deauthorize', params
-        expect(response.status).to eq 400
+        expect(response.status).to eq 204
        expect(StripeAccount.all).to include stripe_account
      end
    end
@@ -129,7 +129,7 @@ describe Admin::StripeAccountsController, type: :controller do

      it "does nothing" do
        post 'deauthorize', params
-        expect(response.status).to eq 400
+        expect(response.status).to eq 204
        expect(StripeAccount.all).to include stripe_account
      end
    end