Stripe Webhooks not working

@Snapey I have a publicly accessible stripe web hook however I’m testing first locally so I installed the stripe CLI and followed this documentation here https://stripe.com/docs/webhooks

After stripe checkout, I get a successful 200 response code in the stripe CLI but it doesn’t seem to hit the endpoint. The endpoint I’ve forwarded to is localhost:8000/stripe/webhook

@knached99 You do realise that if you return, that ends processing in that method, right? No code after that is going to be executed.

You also don’t want webhook handling logic in a controller because the user could close their browser, lost network connectivity, have a power cut, etc after paying but before the controller finishes processing, meaning you’ll have taken their money but not fulfilled their order, and leave you with a—rightfully so—very angry customer.

@martinbean You're right, rookie mistake -_- So how would you advise I handle this? I need a way to find out what the event returned was.

@knached99 Read the Cashier docs: https://laravel.com/docs/10.x/billing#handling-stripe-webhooks

You should be handling webhooks asynchronously because of the reasons listed above. Stripe will redirect the customer to the success_url you specified when creating the checkout session, once you have handled the checkout.session.complete webhook if the customer is still on your website.

@martinbean Thank you for that suggestion, would it work even if I'm not using the Laravel Cashier package to handle payments? I am handling one time payments and did everything using the Stripe API

@knached99 With or without Cashier, the process is still the same: you gave Stripe a URL to send webhooks to, and you handle the webhook event in there.

@knached99 Well that doesn’t make sense given you have Laravel 10 in your composer.json file, but then the output is complaining about needing illuminate 9, so you seem to be trying to install an old version of Cashier for some reason.

@martinbean I literally clicked on the link you sent me and ran the composer command to install it. I didn’t specify any version, I simply ran composer require laravel/stripe

@knached99 So what PHP version do you have?

php -v

@martinbean

PHP 8.2.4 (cli) (built: Mar 14 2023 17:54:25) (ZTS Visual C++ 2019 x64)

@Snapey Thank you, how can I do that? I need an example please.

@knached99 you have to bear in mind that the webhook is asynchronous. It has no existing session, and you cannot send anything back to stripe, or to the user.

When the user starts a transaction, keep a record of it along with the payment intent.

When you get the webhook you can simply update the database state for the transaction with the same payment intent.

Later, you can show the user the state of the transaction.

If the payment is successful you could fire an event to cause other things to happen as a consequence, eg sending emails.

Spatie has a package to validate the payment signature which may help you

@knached99 yes use a controller.

Its a http request and expects a 200 response to say it was received ok

@Snapey As mentioned before, this is my Stripe webhook handler:

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use Stripe\Stripe;
use Stripe\Webhook;
use Stripe\StripeClient;
use Stripe\Event;

class StripeWebhookHandler extends Controller
{
    protected $stripe; 
    public function __construct(){
        Stripe::setApiKey(env('STRIPE_SECRET_KEY'));
        $this->stripe = new StripeClient(env('STRIPE_SECRET_KEY'));
    }

    public function handleWebhook(Request $request){
        $payload = $request->getContent();
        $event = null;
        try{
            $event = Event::constructFrom(
                json_decode($payload, true)
            );
        }
        catch(\UnexpectedValueException $e){
            return redirect('reservation')->with('EXCEPTION_CAUGHT', 'Unexpected error occurred while checking out');
        }

        // Handle events 

        switch($event->type){
            case 'payment_intent.succeeded':
                return 'PAYMENT_INTENT_SUCCESS';
                break;

            case 'payment_intent.failed':
                return 'PAYMENT_INTENT_FAILED';
                break;
            case 'payment_intent.created':
                return 'PAYMENT_INTENT_CREATED';
                break;
            
            case 'checkout.session.completed':
                return 'CHECKOUT_SESSION_COMPLETED';
                break;
            case 'charge.succeeded':
               return 'CHARGE_SUCCEEDED';
                break;
            case 'charge.failed':
                return 'CHARGE_FAILED';
                break;
 
        }
    }
}
?>

In the BooingController, the stripe webhook handler is being imported at the top like so: use App\Http\Controllers\StripeWebhookHandler;

This is the bookRide function:

  public function bookRide(Request $request)
{

    /*
    These prices are for if the user selects point-to-point 
    the prices are:
    sedan  add that to the price of the sedan per mile + 20% 
    mini suv: , 
    suv: 0,  
    For the van, no matter what service, the customer needs to call you email notification 

    */
    $admin = User::find(1); 
    $data = $request->only([
        'first_name', 'last_name', 'email', 'phone_number', 'service_type',
        'pickup_date_time', 'pickup_location', 'dropoff_location',
        'num_passengers', 'num_luggage', 'vehicle', 'calculated_distance', 
        'calculated_duration',
        'booster_seat_addon',
    ]);

    $validate = $this->validateBooking($data);

    if ($validate->fails()) {
        return redirect()->route('reservation')->withErrors($validate);
    }

    $product = $this->stripe->products->retrieve($request->vehicle);
    $prices = $this->stripe->prices->all(['product' => $product->id]);
    $price = $prices->data[0]->unit_amount;
    $distance = floatval($request->calculated_distance);
    $totalPrice = 0;
    $surCharge = 0.20; // 20% surcharge 
    // Calculate pricing based on requested pricing model 
    $basePrice = 0; // initialize to LARACASTS_SNIPPET_PLACEHOLDER by default 
    switch($product->name){
        case 'Sedan':
            $basePrice = 8000; // 8000 cents is   
        break;

        case 'Mini Suv':
            $basePrice = 9000; // 9000 cents is 
        break; 
        
        case 'Suv':
            $basePrice = 10000; // 10000 cents is 0
        break;

    }
    

    if ($request->service_type == 'Hourly') {
        if ($request->num_hours < 4 || $product->name !== 'Hourly Service') {
            return redirect()->back()->withInput()->with('INVALID_HOURLY_SELECTION', "Minimum hours for hourly service must be at least 4, or you have chosen a vehicle other than 'Hourly Service' ");
        }

        $totalPrice = $price * $request->num_hours;
    } else {
        $mileageCost = $price * $distance; 
        $totalPrice = $basePrice + $mileageCost;
        $totalPrice +=$totalPrice * $surCharge;
    }

    if ($request->booster_seat_addon == 1) {
        $totalPrice += 2000; // Add  for the booster seat addon
    }

    $encryptedPrice = Crypt::encryptString($totalPrice);
    $basePath = config('app.url');
    $checkoutSessionId = null;
    

    if($product->name === 'Van'){
        $data = [
            'bookingID'=>$this->bookingID,
            'checkout_session_id' => null, 
            'name'=>$data['first_name']. ' '.$data['last_name'],
            'email'=>$data['email'],
            'phone_number'=>$data['phone_number'],
            'service_type'=>$data['service_type'],
            'pickup_date_time'=>date('F jS, Y \a\t g:i A', strtotime($data['pickup_date_time'])),
            'pickup_location'=>$data['pickup_location'],
            'dropoff_location'=>$data['dropoff_location'],
            'num_passengers'=>$data['num_passengers'],
            'num_luggage'=>$data['num_luggage'],
            'calculated_distance'=>$distance,
            'calculated_duration'=>$request->calculated_duration,
            'booster_seat_addon'=>$data['booster_seat_addon'] ? TRUE : FALSE,
            'total_price'=>0.00,
            'vehicle'=>$data['vehicle']
        ];
        Notification::route('mail', env('MAIL_FROM_ADDRESS'))->notify(new VanBooked($this->bookingID, $data));
        Notification::route('mail', $request->email)->notify(new QuoteRequired($this->bookingID, $data));
        Bookings::create($data);
        return redirect('limo-booked?name='.$data['name'].'&email='.$data['email'].'');
    }

   

    $checkout_session = $this->stripe->checkout->sessions->create([
        'payment_method_types' => ['card'],
        'line_items' => [[
            'price_data' => [
                'currency' => 'usd',
                'product_data' => [
                    'name' => $product->name,
                    'images'=>[$product->images[0]],
                    'description' => $product->description,
                ],
                'unit_amount' => intval($totalPrice),
            ],
            'quantity' => 1,
        ]],
        'mode' => 'payment',
        'success_url' => $basePath . ':8000/booking-success?name='.$request->first_name.$request->last_name.'&email=' . $data['email'] . '&price=' . $encryptedPrice.'&reference_id='.uniqid().'',
        'cancel_url' => route('reservation'),
    ]);

    $data = [
        'bookingID'=>$this->bookingID,
        'checkout_session_id' => $checkout_session->id, // Use the ternary operator to set the value
        'name'=>$data['first_name']. ' '.$data['last_name'],
        'email'=>$data['email'],
        'phone_number'=>$data['phone_number'],
        'service_type'=>$data['service_type'],
        'pickup_date_time'=>date('F jS, Y \a\t g:i A', strtotime($data['pickup_date_time'])),
        'pickup_location'=>$data['pickup_location'],
        'dropoff_location'=>$data['dropoff_location'],
        'num_passengers'=>$data['num_passengers'],
        'num_luggage'=>$data['num_luggage'],
        'calculated_distance'=>$distance,
        'calculated_duration'=>$request->calculated_duration,
        'booster_seat_addon'=>$data['booster_seat_addon'] ? TRUE : FALSE,
        'total_price'=>$totalPrice,
        'vehicle'=>$data['vehicle']
    ];
    
    return redirect()->away($checkout_session->url);
   // $webhookEventType = $webhookHandler->handleWebhook($request);
    // switch($webhookEventType){
    //     case 'PAYMENT_INTENT_SUCCESS':
    //     case 'PAYMENT_INTENT_CREATED':
    //     case 'CHECKOUT_SESSION_COMPLETED':
    //     case 'CHARGE_SUCCEEDED':
    //         Bookings::create($data);

    //         Notification::route('mail', $data['email'])->notify(new ServiceBooked($data));
        
    //         $admin->notify(new LimoBooked($data, $admin->name));
    //     break;
    
    //    case 'PAYMENT_INTENT_FAILED':
    //    case 'CHARGE_FAILED':
    //      return redirect('reservation')->with('EXCEPTION_CAUGHT', 'Something went wrong while processing your transaction');
    //    break;

    // }
  
}

How can I use it in my bookRide() function?

How can I use it in my bookRide() function?

@knached99 YOU DON’T.

Stripe will make a POST request to your server in the background. Your server should respond to that webhook in the background. Stripe will then redirect the user to your success_url once the checkout session is complete.

I did explain all this above…

@martinbean I understand that now, thank you, however if I cannot use that function in my bookRide() function, how can I pass the data from the bookRide() function in order to insert the data into the DB and send the notification to the customer?

@knached99 you are still missing the point

when you send

return redirect('reservation')->with('EXCEPTION_CAUGHT', 'Unexpected error occurred while checking out');

Why are you trying to send stripe to another page? They are not the user.

Your webhook handler is in no way connected to what the user is doing, so why would you need it in your booking controller?

Imagine...

The user and their booking are being managed by your right hand.

At somepoint there is a knock at the door, and your left hand goes to answer it. Its stripe. They say some random transaction was successful. Your left hand says thanks stripe, I will leave a message for my right hand. They write a note and put it in the clients file. Some time later, righthand can see the note that was left and know that the booking is fully paid for.

if I cannot use that function in my bookRide() function, how can I pass the data from the bookRide() function in order to insert the data into the DB and send the notification to the customer?

@knached99 Again, you don’t. That’s the entire point of the webhook handler.

The webhook payload Stripe will send you will contain all the information from the checkout session: the customer, what they bought, etc. You then use that information to fulfil the purchase for the customer.

The Stripe API docs weren't clear

@knached99 What I’ve explained above is exactly how Stripe prescribe how you handle things: https://stripe.com/docs/payments/checkout/fulfill-orders#fulfill

I don't want to notify the customer or insert data into the DB unless the transaction was successful. How can I accomplish this?

By creating a webhook handler! And listening on the checkout.session.completed event!

@martinbean I get that but what I'm trying to understand is you said that I don't need to call the handleWebhook() function in my bookRide() function. How can I pass the data from the bookRide() function into the handleWebhook() function?

How can I pass the data from the bookRide() function into the handleWebhook() function

@knached99 OMG. You don’t.

Your bookRide method redirects to Stripe checkout. When the customer submits their details, Stripe will send a webhook to your webhook handler. If your webhook handler returns a successful response (i.e. 200 OK), then Stripe will redirect the customer from the Stripe checkout to your success_url.

Your webhook handler knows nothing about controllers, and your controllers know nothing about the webhook handler. Stop conflating the two.

@knached99 You don’t redirect the user! Stripe does!

@knached99 What are you on about, “notifying the user”? Notifying the user of what?