woocommerce/woocommerce-gateway-stripe

Improve the UX when webhook processing fails when the webhook secret is invalid

Opened this issue · 0 comments

Describe the bug

If a store has multiple webhooks set up, and the store receives multiple webhook payloads for the same event, only one of the webhooks will be processed because we only process the webhook whose secret validates.

This scenario can lead to a confusing Webhook error because the WC_Stripe_Webhook_Handler::check_for_webhook() function will log that the webhook failed because the secret was invalid.

There are 3 cases we need to consider:

  1. There is a valid webhook secret set, there are duplicate webhook endpoints set up in Stripe. ei 1 webhook will succeed, the duplicates won't.
  2. There's no webhook secret set at all.
  3. There's a webhook secret set, however, it doesn't validate or we cannot validate.

Ideally the outcome would look something like this:

  • If we receive a webhook which fails webhook validation we respond to Stripe with an error. This will cause Stripe to eventually disable the webhook endpoint. Given merchants can no longer find the webhook in their dashboard and enter the correct secret in the UI, this endpoint is destined to continue failing. There's no need to respond with a success message in which case Stripe will continue sending it.
  • If we receive a webhook which fails secret validation, if there is a webhook secret set and we can validate it (ie we have configured it, we have the webhook ID and we can check that it still exists and the URL is correct), then we don't display warning in this case or we display a different warning that says something more akin to "We received a webhook payload for a different webhook. You have a correctly configured webhook, and so this additional webhook may be set up out of error. It will eventually be disabled by Stripe".
  • If we receive a webhook which fails secret validation, if there is a webhook secret set and we cannot validate it (ie we didn't configure it, don't have an ID and therefore cannot check it), the we display a warning that saying "... please reconfigure your webhooks.".

To Reproduce
Steps to reproduce the behavior:

  1. You will to test on a site that can receive webhooks so Jurassic ninja or ngrok or similar.
  2. Connect your site to your Stripe Account.
  3. In your Stripe dashboard go to Developers → Webhooks
  4. Create a new webhook that is a duplicate of the one we automatically set up.
    • You should have 2 webhooks like this:

Screenshot 2024-08-08 at 2 17 01 PM

  1. Do an action that would trigger a webhook. eg make a purchase.
  2. View the Stripe settings page and you should see a similar notice:

Screenshot 2024-08-08 at 3 16 46
Recent webhook error. Notice the received date and the last success are milliseconds apart. Indicating a duplicate.

Expected behavior
In cases where there is a duplicate webhook endpoint set up, the notice should try to indicate that.
When webhook is received that we cannot process (invalid secret), we should respond with an error so Stripe will eventually disable the failing webhook.