[1.x] Ignore manual paylinks (#89)

driesvints · web-flow · commit 0f42518bd5f2 · 2020-10-20T08:51:57.000-05:00
* Ignore manual paylinks

* Add message
diff --git a/src/Exceptions/InvalidPassthroughPayload.php b/src/Exceptions/InvalidPassthroughPayload.php
@@ -0,0 +1,10 @@
+<?php
+
+namespace Laravel\Paddle\Exceptions;
+
+use Exception;
+
+class InvalidPassthroughPayload extends Exception
+{
+    //
+}
diff --git a/src/Http/Controllers/WebhookController.php b/src/Http/Controllers/WebhookController.php
@@ -15,6 +15,7 @@
 use Laravel\Paddle\Events\SubscriptionUpdated;
 use Laravel\Paddle\Events\WebhookHandled;
 use Laravel\Paddle\Events\WebhookReceived;
+use Laravel\Paddle\Exceptions\InvalidPassthroughPayload;
 use Laravel\Paddle\Http\Middleware\VerifyWebhookSignature;
 use Laravel\Paddle\Receipt;
 use Laravel\Paddle\Subscription;
@@ -53,7 +54,11 @@ public function __invoke(Request $request)
         WebhookReceived::dispatch($payload);
 
         if (method_exists($this, $method)) {
-            $this->{$method}($payload);
+            try {
+                $this->{$method}($payload);
+            } catch (InvalidPassthroughPayload $e) {
+                return new Response('Webhook Skipped');
+            }
 
             WebhookHandled::dispatch($payload);
 
@@ -142,17 +147,23 @@ protected function handleSubscriptionPaymentFailed(array $payload)
      *
      * @param  array  $payload
      * @return void
+     *
+     * @throws \Laravel\Paddle\Exceptions\InvalidPassthroughPayload
      */
     protected function handleSubscriptionCreated(array $payload)
     {
         $passthrough = json_decode($payload['passthrough'], true);
 
+        if (! is_array($passthrough) || ! isset($passthrough['subscription_name'])) {
+            throw new InvalidPassthroughPayload;
+        }
+
+        $customer = $this->findOrCreateCustomer($payload['passthrough']);
+
         $trialEndsAt = $payload['status'] === Subscription::STATUS_TRIALING
             ? Carbon::createFromFormat('Y-m-d', $payload['next_bill_date'], 'UTC')->startOfDay()
             : null;
 
-        $customer = $this->findOrCreateCustomer($payload['passthrough']);
-
         $subscription = $customer->subscriptions()->create([
             'name' => $passthrough['subscription_name'],
             'paddle_id' => $payload['subscription_id'],
@@ -238,11 +249,17 @@ protected function handleSubscriptionCancelled(array $payload)
      *
      * @param  string  $passthrough
      * @return \Laravel\Paddle\Billable
+     *
+     * @throws \Laravel\Paddle\Exceptions\InvalidPassthroughPayload
      */
     protected function findOrCreateCustomer(string $passthrough)
     {
         $passthrough = json_decode($passthrough, true);
 
+        if (! is_array($passthrough) || ! isset($passthrough['billable_id'], $passthrough['billable_type'])) {
+            throw new InvalidPassthroughPayload;
+        }
+
         return Customer::firstOrCreate([
             'billable_id' => $passthrough['billable_id'],
             'billable_type' => $passthrough['billable_type'],
diff --git a/tests/Feature/WebhooksTest.php b/tests/Feature/WebhooksTest.php
@@ -66,7 +66,6 @@ public function test_it_can_handle_a_payment_succeeded_event()
         });
     }
 
-    /** @test */
     public function test_it_can_handle_a_payment_succeeded_event_when_billable_already_exists()
     {
         Event::fake();
@@ -214,7 +213,6 @@ public function test_it_can_handle_a_subscription_created_event()
         });
     }
 
-    /** @test */
     public function test_it_can_handle_a_subscription_created_event_if_billable_already_exists()
     {
         Event::fake();
@@ -336,4 +334,41 @@ public function test_it_can_handle_a_subscription_cancelled_event()
             return $event->subscription->paddle_plan === 2323;
         });
     }
+
+    /** @group Foo */
+    public function test_manual_created_paylinks_without_passthrough_values_are_ignored()
+    {
+        Event::fake();
+
+        $user = $this->createUser();
+
+        $this->postJson('paddle/webhook', [
+            'alert_name' => 'subscription_created',
+            'user_id' => 'foo',
+            'email' => $user->paddleEmail(),
+            'passthrough' => '',
+            'quantity' => 1,
+            'status' => Subscription::STATUS_ACTIVE,
+            'subscription_id' => 'bar',
+            'subscription_plan_id' => 1234,
+        ])->assertOk();
+
+        $this->assertDatabaseMissing('customers', [
+            'billable_id' => $user->id,
+            'billable_type' => $user->getMorphClass(),
+        ]);
+
+        $this->assertDatabaseMissing('subscriptions', [
+            'billable_id' => $user->id,
+            'billable_type' => $user->getMorphClass(),
+            'name' => 'main',
+            'paddle_id' => 'bar',
+            'paddle_plan' => 1234,
+            'paddle_status' => Subscription::STATUS_ACTIVE,
+            'quantity' => 1,
+            'trial_ends_at' => null,
+        ]);
+
+        Event::assertNotDispatched(SubscriptionCreated::class);
+    }
 }
