In PayumBundle/Security/HttpRequestVerifier.php:39
if (! $hash = $httpRequest->attributes->get('payum_token', $httpRequest->get('payum_token', false))) {
throw new NotFoundHttpException('Token parameter not set in request');
}
This line checks if the payum_token parameter is valid. However Stripe doesn't append this parameter to the url nor to the attributes. It is only set if you access
$content = $request->getContent();
$data = json_decode($content, true);
$data['data']['object']['metadata']['token_hash']
one workaround would be to write the token_hash to the url with
$request->attributes->set('payum_token', $tokenHash);
$request->request->set('payum_token', $tokenHash);
however this will fail the following check
if (! RequestTokenVerifier::isValid($httpRequest->getUri(), $token->getTargetUrl())) {
throw new HttpException(400, sprintf('The current url %s not match target url %s set in the token.', $httpRequest->getUri(), $token->getTargetUrl()));
}
In PayumBundle/Security/HttpRequestVerifier.php:39
This line checks if the payum_token parameter is valid. However Stripe doesn't append this parameter to the url nor to the attributes. It is only set if you access
one workaround would be to write the token_hash to the url with
however this will fail the following check