Bod has asked for the wisdom of the Perl Monks concerning the following question:

I've released a new version of Business::Stripe::Webhook with a modified constructor following the discussion about STDIN typeglob

At the same time I have added some extra, more thorough tests. All the tests pass as expected here locally but now it has reached CPAN Testers, I have a failure. I can usually work out why something is failing from the diagnostic information...but I cannot see the problem in this case. Can you help please?

This is the CPAN Tester Report and this is the test file: 

#!perl
use 5.010;
use strict;
use warnings;
use Test::More;

use Business::Stripe::Webhook;

#plan tests => 3;
my $count = 0; 
print "\n";

my $payload;
read(DATA, $payload, 10000);

my $webhook_fail   = Business::Stripe::Webhook->new(
    signing_secret  => 'whsec_...',
    'payload'       => $payload,
    'invoice-paid'  => \&pay_invoice,
);

$webhook_fail->process();

ok( !$webhook_fail->success, "Signature error" );

my $signing_secret = 'whsec_12345ABCDEFGHIJKLM';
$ENV{'HTTP_STRIPE_SIGNATURE'} = 't=ABCDEFGHIJ,v1=917fd62f6828ceb0509ae
+bd9ee94e4c455887b6c174ef94037e089265c8c575c';

my $webhook_pass   = Business::Stripe::Webhook->new(
    signing_secret  => $signing_secret,
    'payload'       => $payload,
    'invoice-paid'  => \&pay_invoice,
);

$webhook_pass->process();

ok( $webhook_pass->success, "Signature pass" );

sub pay_invoice {
    is( $_[0]->{'object'}, 'event', "pay.invoice handled - " . ++$coun
+t );
}

done_testing($count + 2);

__DATA__
{
  "id": "evt_1NFK32EfkkexSbWLZb6LoEap",
  "object": "event",
  "api_version": "2020-08-27",
  "data": {
     ...  bigger JSON object ...
  }
}

[download]
Any help (or general help with improving tests) would be very welcome...

edited - to correct typo in module link

Replies are listed 'Best First'.
Re: Test failing during CPAN Testing
by bliako (Abbot) on Jun 19, 2023 at 18:28 UTC

    Something weird happened (in linux, perl 5.36.0), I have downloaded the module (v1.11) from CPAN and some tests failed. After a while I re-donwloaded the module, erasing previous dir, and all tests passed. Without setting any ENV in the terminal. I have also noticed that your files are dos-encoded (^M). This shouldn't be a problem while running it in non-windows. But you are setting ENV and __DATA__ and verbatim JSON. Just a very longshot.

    Anyway, I found 2 unrelated points you may want to correct: 1) VERSION in pod is 1.10, while $VERSION is 1.11. 2) perl Makefile.PL complained about not finding the ABSTRACT in your pm file. You can fix this by not enclsoing the module name in link tags (<L>).

    bw, bliako

[reply]
[d/l]
[select]
      Something weird happened (in linux, perl 5.36.0), I have downloaded the module (v1.11) from CPAN and some tests failed

      That is weird because all the CPAN Tester tests for that v1.11 have passed! Are you sure you didn't download v1.10 which was the latest version until a few hours ago? It's v1.10 that is failing on Linux but passing on Windows.

      1) VERSION in pod is 1.10, while $VERSION is 1.11

      Thanks!
      I'll be more careful on the next release...

      2) perl Makefile.PL complained about not finding the ABSTRACT in your pm file. You can fix this by not enclsoing the module name in link tags (<L>)

      Ah...that's how I fix it!
      I had been trying to follow these instructions and thought it had a hyphen and an abstract.

      Thanks - your two points have been corrected in my source code and will make it to CPAN on the next release.

      I would really love to know what's happening with v1.10 to make it fail on Linux...I don't have a Linux machine to test it.

      I should have an i5 4th generation with 8Gb RAM and 256Gb SSD spare soon when I upgrade my partner's desktop. Currently, it runs Windows 10 Pro but it might be a plan to put Linux of some kind on that so I can test things and try to find my way around *nix. That spec should run Linux reasonably well, shouldn't it?

[reply]
[d/l]
[select]
        I don't have a Linux machine to test it.
        1. Download a CD/DVD installer ISO image from https://www.debian.org/ (or use any other x86/x86-64 Linux you like)
        2. Download and install Virtualbox
        3. Create a VM
        4. Set the VM network interface to bridge mode with your real network interface if you use wired network, use NAT if you use Wifi
        5. Insert the ISO image into the virtual optical drive of the VM
        6. Run the Linux installer

        To install debian, the netinstall image should be sufficient. It will download every package beyond the basic installation from the network.

        Alexander

        --
        Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
[reply]
        > I'll be more careful on the next release...

        You can also write a test for it so it doesn't happen again. For example, see xt/version.t in one of my modules.

        map{substr$_->[0],$_->[1]||0,1}[\*||{},3],[[]],[ref qr-1,-,-1],[{}],[sub{}^*ARGV,3]
[reply]
[d/l]

        I don't have a Linux machine to test it.

        Windows has a builtin VM for Linux: WSL 2. For example, I run Ubuntu (from here) using this VM.

[reply]
Re: Test failing during CPAN Testing
by bliako (Abbot) on Jun 20, 2023 at 07:53 UTC

    Hmmm, it seems my longshot was right (for me anyway): I have tried with v1.10 : perl Makefile.PL && make all && make test . It failed as you describe. Then I converted the dos-line-endings to unix: find . -type f -exec dos2unix \{\} \; and all tests pass (in linux). Perhaps you can tell me what you changed, in general terms?

    bw, bliako

[reply]
[d/l]
[select]
      Perhaps you can tell me what you changed, in general terms?

      The change between v1.10 and v1.11 is to not use __DATA__ for the JSON object when testing for a proper signature. To calculate the signature, the JSON object is used so I imagine the different line endings are causing a different SHA 256 result and causing the issue!

[reply]
[d/l]
[select]
Re: Test failing during CPAN Testing
by Bod (Parson) on Jun 18, 2023 at 22:08 UTC

    I've been trying to replicate the error in the reports and the only way I can find so far is to change the my $signing_secret or $ENV{'HTTP_STRIPE_SIGNATURE'}

    The signature check is described here but it is a concatenation of part of the $ENV{'HTTP_STRIPE_SIGNATURE'} and the JSON payload which is encoded using SHA256 with the other part of $ENV{'HTTP_STRIPE_SIGNATURE'} and the secret as the key.

    It works locally and in a web environment so it is not an issue with the way the check is implemented.

    Is it possible that the JSON object in __DATA__ could change when distributed through CPAN as that would cause this fail?

[reply]
[d/l]
[select]
Re: Test failing during CPAN Testing
by Bod (Parson) on Jun 19, 2023 at 15:58 UTC

    In an attempt to solve this mystery testing issue, I've minimised the JSON object and put it in a string within the test code: 

    my $payload_pass = '{ "test": "test payload and signature", "type": "i
+nvoice.paid", "object": "event" }';

    [download]
    So it is no longer read in from __DATA__.

    When CPAN Tester results start to arrive, we'll discover if this solves the sue...

    Update
    It looks like it might not. More test results are in and it appears to be OS dependent. It is passing on Windows and failing on everything else.

[reply]
[d/l]
[select]

Back to Seekers of Perl Wisdom