fix broken webhook signature verification and stale billing tests

Webhook handler called Verifier().verify() with raw bytes instead of a request object, so signature verification always failed. Replaced with manual HMAC check matching Paddle's ts=...;h1=... format. Updated tests to produce correct signature format, mock the SDK instead of httpx for manage/cancel routes, and expect JSON for overlay checkout. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-18 16:49:23 +01:00
parent 61bf855103
commit 4e61e9b1ab
6 changed files with 85 additions and 68 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -78,6 +78,16 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
  README for testing email flows without a verified domain

 ### Fixed
+- **Webhook signature verification broken** — `Verifier().verify()` was called
+  with raw bytes instead of a request object, causing all signed webhooks to
+  fail with 400; replaced with manual HMAC verification matching Paddle's
+  `ts=<unix>;h1=<hmac>` format; also added JSON parse error guard (400 instead
+  of 500 on malformed payloads)
+- **Billing tests stale after SDK migration** — webhook tests used plain
+  HMAC instead of Paddle's `ts=...;h1=...` signature format; checkout tests
+  expected redirect instead of JSON overlay response; manage/cancel tests
+  mocked httpx instead of Paddle SDK; removed stale `PADDLE_PRICES` config
+  test (prices now in DB)
 - **Quote wizard state loss** — `_accumulated` hidden input used `"` attribute
  delimiters which broke on `tojson` output containing literal `"` characters;
  switched all 8 step templates to single-quote delimiters (`value='...'`)