- Add Stripe 13 support (#169)
- Added Ruby 3.3 and Rails 7.2 to CI matrix (#170)
- Add Stripe 12 support (#167)
- Add Stripe 11 support (#165)
- Add Stripe 9 support (#162)
- Add Stripe 10 support (#163)
- Add Stripe 8 support (#159)
- Introduce StripeEvent::ProcessError and possible HTTP 422 responses (#155, #132)
- Add Stripe 7 support (#154)
- Add Stripe 6 support (#151)
- Add Rails 7 support (#151)
- Add Ruby 3.1 support (#152)
- Improved build matrix
- Fix signature validation error if the first signing secret is nil (#146)
- Update README (#143)
- Setup github actions for CI (#147)
- Fix deprecation warning in Ruby 2.7 (#130)
- Fixes tests for Stripe 5.19.0 (#133)
- Add support for Stripe v5.x (#119)
- Add support for Rails v6.x to the build matrix (#119)
- Add support for Stripe v4.x (#119)
- Documentation Updates and Fixes (#113 and #117)
- Adds better support for Rails 5.2 (#105, #106, #107)
StripeEvent::WebhookController
now callsskip_before_action :verify_authenticity_token
ifRails.application.config.action_controller.default_protect_from_forgery
is set (as it is by default in Rails 5.2)
Backwards incompatible release. Signed webhooks are now required..
- Requires
StripeEvent.signing_secret
configuration (#95, #97) - Adds support for multiple signing secrets using
StripeEvent.signing_secrets
(#98, #99) - Removes
StripeEvent.authentication_secret
and associated basic auth support (#97) - Adds
StripeEvent.event_filter
(replaces use-cases for the now removedevent_retriever
config) (#97)
This release is in preparation for some backward incompatible changes due to
arrive in v2.0.0. It is highly recommended that everyone secure their webhook
endpoints by using StripeEvent.signing_secret
. See the README and Stripe's
documentation for more
information.
- Deprecate
StripeEvent.authentication_secret
(#96) - Deprecate unverified use of Stripe's webhooks (#96)
- Support for Rails 5.1 (#94, Thanks @krasnoukhov and @simplepractice!)
- Support for Stripe's Webhook Signature Verification (#83, #90, Thanks @mikeycgto!)
- Secure compare during basic authentication check (#91, Thanks @mikeycgto!)
- Support stripe v3 gem as a dependency (#87)
- Support stripe v2 gem as a dependency (#82, b3cee03)
- Better Rails 5 support. Prefer
before_action
overbefore_filter
. (#69, Thanks @mcolyer)
- Added replay attack protection on webhooks. See
StripeEvent.authentication_secret
. Thanks @brentdax for both the initial discussion and the implementation! #53, #55 - Dropped official support for Rails 3.1 and Rails 4.0
- Add
StripeEvent.listening?
method to easily determine if an event type has any registered handlers. Thank you to Vladimir Andrijevik for the idea and implementation.
- Allow for ignoring particular events. Thank you to anark for suggesting the change, and Ryan McGeary and Pete Keen for working on the implementation.
- Gracefully authenticate
account.application.deauthorized
events. Thank you to Ryan McGeary for the pull request and for taking the time to test the change in a live environment.
- Deprecate
StripeEvent.setup
in favor ofStripeEvent.configure
. Removesetup
at next major release. StripeEvent.configure
yields the module to the block for configuration.StripeEvent.configure
will raiseArgumentError
unless a block is given.- Track test coverage
- Internally namespace dispatched events to avoid maintaining a list of all possible event types.
- Subscribe to all event types with
StripeEvent.all
instead ofStripeEvent.subscribe
. - Remove ability to subscribe to many event types with once call to
StripeEvent.subscribe
. - Subscribers can be an object that responds to #call.
- Allow subscriber-generated
Stripe::StripeError
's to bubble up. Thank you to adamonduty for the patch. - Only depend on
stripe
andactivesupport
gems. - Add
rails
as a development dependency. - Only
require 'stripe_event/engine'
ifRails
constant exists to allow StripeEvent to be used outside of a Rails application.
- Update event type list
- Update test gemfiles
- Rails 4 compatibility. Thank you to Ben Ubois for reporting the issue and to Matt Goldman for the pull request.
- Run specs against different Rails versions
- Refactor internal usage of AS::Notifications
- Remove jruby-openssl as platform conditional dependency
- Remove
Gemfile.lock
from version control - Internal event type list is now a set
- Update event type list
- Various internal refactorings
- More readable tests
- Add configuration for custom event retrieval. Thanks to Dan Hodos for the pull request.
- Move module methods only used in tests into a test helper.
- Various internal refactorings and additional tests.
- Error classes will inherit from a base error class now.
- Fix controller inheritance issue. Thanks to Christopher Baran for reporting the bug, and to Robert Bousquet for fixing it.
- Deprecate registration method. Use 'setup' instead.
- Add registration method for conveniently adding many subscribers
- Depend on jruby-openssl when running on jruby
- Remove unneeded rake dependency
- Remove configure method
- Register a subscriber to one/many/all events
- Remove sqlite3 development dependency
- Setup travis-ci for repo
- Hard code a placeholder api key in dummy app. Fixes failing tests when env var not defined.
- Improve README
- Specify development dependency versions
- Fix controller test which was passing incorrectly
- Initial release