Removed deprecated DJSTRIPE_WEBHOOK_SECRET setting

tdfrshv · Apr 25, 2024 · c45f0e9 · c45f0e9
1 parent 2db473b
commit c45f0e9
Show file tree

Hide file tree

Showing 7 changed files with 1 addition and 21 deletions.
diff --git a/djstripe/settings.py b/djstripe/settings.py
@@ -78,10 +78,6 @@ def DJSTRIPE_WEBHOOK_URL(self):
     def WEBHOOK_VALIDATION(self):
         return getattr(settings, "DJSTRIPE_WEBHOOK_VALIDATION", "verify_signature")
 
-    @property
-    def WEBHOOK_SECRET(self):
-        return getattr(settings, "DJSTRIPE_WEBHOOK_SECRET", "")
-
     # Webhook event callbacks allow an application to take control of what happens
     # when an event from Stripe is received.  One suggestion is to put the event
     # onto a task queue (such as celery) for asynchronous processing.

diff --git a/docs/history/3_0_0.md b/docs/history/3_0_0.md
@@ -21,6 +21,7 @@
 
 -   Migrations have been reset.
 -   Removed deprecated `DJSTRIPE_WEBHOOK_TOLERANCE` setting.
+-   Removed deprecated `DJSTRIPE_WEBHOOK_SECRET` setting.
 -   Removed legacy `Customer.add_card()` method. Use `Custoner.add_payment_method()` instead.
 -   Most of the models visible in the Django Admin are now read-only. (Note: This does
     not change anything functionally, as editing models was not replicated upstream.)

diff --git a/docs/installation.md b/docs/installation.md
@@ -42,7 +42,6 @@ Add your Stripe keys and set the operating mode:
     STRIPE_LIVE_SECRET_KEY = os.environ.get("STRIPE_LIVE_SECRET_KEY", "<your secret key>")
     STRIPE_TEST_SECRET_KEY = os.environ.get("STRIPE_TEST_SECRET_KEY", "<your secret key>")
     STRIPE_LIVE_MODE = False  # Change to True in production
-    DJSTRIPE_WEBHOOK_SECRET = "whsec_xxx"  # Get it from the section in the Stripe dashboard where you added the webhook endpoint
 ```
 
 !!! note

diff --git a/docs/reference/settings.md b/docs/reference/settings.md
@@ -94,13 +94,6 @@ you want to prevent unnecessary hijinks from unfriendly people.
 
 As this is embedded in the URLConf, this must be a resolvable regular expression.
 
-## DJSTRIPE_WEBHOOK_SECRET (="")
-
-If this is set to a non-empty value, webhook signatures will be verified.
-
-[Learn more about webhook signature
-verification](https://stripe.com/docs/webhooks/signatures).
-
 ## DJSTRIPE_WEBHOOK_VALIDATION= (="verify_signature")
 
 This setting controls which type of validation is done on webhooks. Value can be

diff --git a/docs/usage/using_with_docker.md b/docs/usage/using_with_docker.md
@@ -40,7 +40,6 @@ services:
         # Stripe specific keys
         - STRIPE_PUBLIC_KEY=pk_test_******
         - STRIPE_SECRET_KEY=sk_test_******
-        - DJSTRIPE_TEST_WEBHOOK_SECRET=whsec_******
 
         # Database Specific Settings
         - DJSTRIPE_TEST_DB_VENDOR=postgres

diff --git a/docs/usage/webhooks.md b/docs/usage/webhooks.md
@@ -21,13 +21,6 @@ When saved from the admin, the endpoint will be created in Stripe with a dj-stri
 specific UUID which will be part of the URL, making it impossible to guess externally
 by brute-force.
 
-## Legacy setup
-
-Before dj-stripe 2.7.0, dj-stripe included a global webhook endpoint URL, which uses the
-setting [`DJSTRIPE_WEBHOOK_SECRET`][djstripe.settings.DjstripeSettings.WEBHOOK_SECRET]
-to validate incoming webhooks.
-
-This is not recommended as it makes the URL guessable, and may be removed in the future.
 
 ## Extra configuration
 

diff --git a/tests/settings.py b/tests/settings.py
@@ -112,7 +112,6 @@
 )
 
 DJSTRIPE_WEBHOOK_VALIDATION = "verify_signature"
-DJSTRIPE_WEBHOOK_SECRET = os.environ.get("DJSTRIPE_TEST_WEBHOOK_SECRET", "whsec_XXXXX")
 
 STATIC_URL = "/static/"
-Original file line number
+Diff line change
@@ Expand Up / @@ -112,7 +112,6 @@ @@
     )
     DJSTRIPE_WEBHOOK_VALIDATION = "verify_signature"
-    DJSTRIPE_WEBHOOK_SECRET = os.environ.get("DJSTRIPE_TEST_WEBHOOK_SECRET", "whsec_XXXXX")
     STATIC_URL = "/static/"
@@ Expand Down @@