From e486dbd4f888982ddd67e45745f902aff738efe5 Mon Sep 17 00:00:00 2001
From: Rob Harrington <oeoeaio@gmail.com>
Date: Fri, 22 Sep 2017 17:32:31 +1000
Subject: [PATCH] Respond to Stripe webhook with status of 204 if specified
 account is not found

---
 app/controllers/admin/stripe_accounts_controller.rb       | 4 ++--
 spec/controllers/admin/stripe_accounts_controller_spec.rb | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/controllers/admin/stripe_accounts_controller.rb b/app/controllers/admin/stripe_accounts_controller.rb
index 98f3386472..d862664b02 100644
--- a/app/controllers/admin/stripe_accounts_controller.rb
+++ b/app/controllers/admin/stripe_accounts_controller.rb
@@ -45,13 +45,13 @@ module Admin
     def deauthorize
       # TODO is there a sensible way to confirm this webhook call is actually from Stripe?
       event = Stripe::Event.construct_from(params)
-      return render nothing: true, status: 400 unless event.type == "account.application.deauthorized"
+      return render nothing: true, status: 204 unless event.type == "account.application.deauthorized"
 
       destroyed = StripeAccount.where(stripe_user_id: event.account).destroy_all
       if destroyed.any?
         render text: "Account #{event.account} deauthorized", status: 200
       else
-        render nothing: true, status: 400
+        render nothing: true, status: 204
       end
     end
 
diff --git a/spec/controllers/admin/stripe_accounts_controller_spec.rb b/spec/controllers/admin/stripe_accounts_controller_spec.rb
index 87b33605fc..13ea627499 100644
--- a/spec/controllers/admin/stripe_accounts_controller_spec.rb
+++ b/spec/controllers/admin/stripe_accounts_controller_spec.rb
@@ -117,7 +117,7 @@ describe Admin::StripeAccountsController, type: :controller do
 
       it "does nothing" do
         post 'deauthorize', params
-        expect(response.status).to eq 400
+        expect(response.status).to eq 204
         expect(StripeAccount.all).to include stripe_account
       end
     end
@@ -129,7 +129,7 @@ describe Admin::StripeAccountsController, type: :controller do
 
       it "does nothing" do
         post 'deauthorize', params
-        expect(response.status).to eq 400
+        expect(response.status).to eq 204
         expect(StripeAccount.all).to include stripe_account
       end
     end