From eb7cb02f33a7d66cf06aed891e06c00b0f7f6acd Mon Sep 17 00:00:00 2001
From: Rob Harrington <oeoeaio@gmail.com>
Date: Thu, 12 Oct 2017 13:58:53 +1100
Subject: [PATCH] Namespace stripe webhook controller in Stripe module

---
 app/controllers/stripe/webhooks_controller.rb    | 16 ++++++++++++++++
 app/controllers/stripe_controller.rb             | 11 -----------
 config/application.yml.example                   |  2 +-
 config/routes.rb                                 |  4 ++--
 .../webhooks_controller_spec.rb}                 | 10 +++++-----
 5 files changed, 24 insertions(+), 19 deletions(-)
 create mode 100644 app/controllers/stripe/webhooks_controller.rb
 delete mode 100644 app/controllers/stripe_controller.rb
 rename spec/controllers/{stripe_controller_spec.rb => stripe/webhooks_controller_spec.rb} (88%)

diff --git a/app/controllers/stripe/webhooks_controller.rb b/app/controllers/stripe/webhooks_controller.rb
new file mode 100644
index 0000000000..8f778eee43
--- /dev/null
+++ b/app/controllers/stripe/webhooks_controller.rb
@@ -0,0 +1,16 @@
+require 'stripe/webhook_handler'
+
+module Stripe
+  class WebhooksController < BaseController
+    protect_from_forgery except: :create
+
+    # POST /stripe/webhook
+    def create
+      # TODO is there a sensible way to confirm this webhook call is actually from Stripe?
+      handler = WebhookHandler.new(params)
+      status = handler.handle ? 200 : 204
+
+      render nothing: true, status: status
+    end
+  end
+end
diff --git a/app/controllers/stripe_controller.rb b/app/controllers/stripe_controller.rb
deleted file mode 100644
index 374f116cef..0000000000
--- a/app/controllers/stripe_controller.rb
+++ /dev/null
@@ -1,11 +0,0 @@
-require 'stripe/webhook_handler'
-
-class StripeController < BaseController
-  def webhook
-    # TODO is there a sensible way to confirm this webhook call is actually from Stripe?
-    handler = Stripe::WebhookHandler.new(params)
-    status = handler.handle ? 200 : 204
-
-    render nothing: true, status: status
-  end
-end
diff --git a/config/application.yml.example b/config/application.yml.example
index c3882edf4a..e10402fd79 100644
--- a/config/application.yml.example
+++ b/config/application.yml.example
@@ -30,7 +30,7 @@ CURRENCY: AUD
 # Stripe Connect details for instance account
 # Find these under 'API keys' and 'Connect' in your Stripe account dashboard -> Account Settings
 # Under 'Connect', the Redirect URI should be set to https://YOUR_SERVER_URL/stripe/callback (e.g. https://openfoodnetwork.org.uk/stripe/connect)
-# Under 'Webhooks', you should set up a Connect endpoint pointing to https://YOUR_SERVER_URL/stripe/webhook e.g. (https://openfoodnetwork.org.uk/stripe/webhook)
+# Under 'Webhooks', you should set up a Connect endpoint pointing to https://YOUR_SERVER_URL/stripe/webhooks e.g. (https://openfoodnetwork.org.uk/stripe/webhooks)
 # STRIPE_INSTANCE_SECRET_KEY: "sk_test_xxxxxx" # This can be a test key or a live key
 # STRIPE_INSTANCE_PUBLISHABLE_KEY: "pk_test_xxxx" # This can be a test key or a live key
 # STRIPE_CLIENT_ID: "ca_xxxx" # This can be a development ID or a production ID
diff --git a/config/routes.rb b/config/routes.rb
index 1fcb2b6f7a..1f0a611fb9 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -53,8 +53,8 @@ Openfoodnetwork::Application.routes.draw do
     end
   end
 
-  resource :stripe, only: [] do
-    post :webhook
+  namespace :stripe do
+    resources :webhooks, only: [:create]
   end
 
   namespace :admin do
diff --git a/spec/controllers/stripe_controller_spec.rb b/spec/controllers/stripe/webhooks_controller_spec.rb
similarity index 88%
rename from spec/controllers/stripe_controller_spec.rb
rename to spec/controllers/stripe/webhooks_controller_spec.rb
index 7896cf1230..3d62585372 100644
--- a/spec/controllers/stripe_controller_spec.rb
+++ b/spec/controllers/stripe/webhooks_controller_spec.rb
@@ -1,7 +1,7 @@
 require 'spec_helper'
 
-describe StripeController do
-  describe "#webhook" do
+describe Stripe::WebhooksController do
+  describe "#create" do
     let!(:stripe_account) { create(:stripe_account, stripe_user_id: "webhook_id") }
     let(:params) do
       {
@@ -15,7 +15,7 @@ describe StripeController do
     end
 
     it "deletes Stripe accounts in response to a webhook" do
-      post 'webhook', params
+      post 'create', params
       expect(response.status).to eq 200
       expect(StripeAccount.all).not_to include stripe_account
     end
@@ -26,7 +26,7 @@ describe StripeController do
       end
 
       it "does nothing" do
-        post 'webhook', params
+        post 'create', params
         expect(response.status).to eq 204
         expect(StripeAccount.all).to include stripe_account
       end
@@ -38,7 +38,7 @@ describe StripeController do
       end
 
       it "does nothing" do
-        post 'webhook', params
+        post 'create', params
         expect(response.status).to eq 204
         expect(StripeAccount.all).to include stripe_account
       end