Level 61
Your stripe form is not protected by auth?
1 like
Jun 7, 2020
7
Level 10
Should I prevent spam on my stripe forms?
I am using stripe as a payment system for my app is it necessary to handle spam for my stripe forms? I looked at the laracasts forms but there is no recaptcha or something in place. Maybe someone could give me advice? Thanks
Level 122
Your stripe form should be generated by Stripe, based on a payment intent you previously created.
1 like
Level 10
@bugsysha Sure it is protected by auth but that does not really matter? What is if a user updates the subscription very often could that be a problem?
@snapey stripe handles the spam protection for me?
In another forum post I asked about https://laracasts.com/discuss/channels/laravel/how-should-i-validate-user-stripe-input
Should there be no validation in place to prevent spam on plans maybe? Because if I manipulate the html and submit a wrong plan I get an exception is this not an security risk?
Level 122
You validate the user form submission same as all other forms.
Check the plan they want, create payment intent, create the stripeform. Let stripe take over from there.
1 like
Level 61
Sure it is protected by auth but that does not really matter?
I wanted to make sure. You can never be sure what has someone done.
What is if a user updates the subscription very often could that be a problem?
No.
stripe handles the spam protection for me?
Yes regarding credit card and suspicious behavior.
Should there be no validation in place to prevent spam on plans maybe?
There should be. I never trust input from users.
1 like
Level 10
Ok thanks guys for the answers but dont really get it.
You validate the user form submission same as all other forms.
So a validation should be in place?
public function store(Request $request)
{
$this->authorize('create', auth()->user());
$this->validate($request, [
'plan' => 'required|in:price_1Gr4FJJAUy1fGeT4djKb1iHX,price_1Gr4FJJAUy1fGeT4ynylHGhL',
]);
try {
$subscription = auth()->user()->newSubscription('default', $request->plan)
->create(auth()->user()->defaultPaymentMethod()->paymentMethod);
} catch (IncompletePayment $exception) {
return redirect()->route(
'cashier.payment',
[$exception->payment->id, 'redirect' => route('home')]
);
}
flash('Abonnement wurde erfolgreich abgeschlossen, danke!')->success();
return redirect('/settings/account');
}
Level 122
yes of course validate user input.
First time you have mentioned Cashier
1 like
Please or to participate in this conversation.