stripe 1.10.1 → 1.11.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (14) hide show
  1. data/History.txt +89 -42
  2. data/README.rdoc +1 -1
  3. data/VERSION +1 -1
  4. data/lib/data/ca-certificates.crt +4786 -3539
  5. data/lib/stripe.rb +9 -1
  6. data/lib/stripe/certificate_blacklist.rb +47 -0
  7. data/lib/stripe/customer.rb +10 -0
  8. data/lib/stripe/version.rb +1 -1
  9. data/test/stripe/certificate_blacklist_test.rb +18 -0
  10. data/test/stripe/customer_test.rb +14 -2
  11. data/test/stripe/invoice_test.rb +1 -1
  12. data/test/stripe/stripe_object_test.rb +3 -3
  13. data/test/stripe/subscription_test.rb +4 -4
  14. metadata +5 -3
data/lib/stripe.rb CHANGED
@@ -25,6 +25,7 @@ require 'stripe/account'
25
25
  require 'stripe/balance'
26
26
  require 'stripe/balance_transaction'
27
27
  require 'stripe/customer'
28
+ require 'stripe/certificate_blacklist'
28
29
  require 'stripe/invoice'
29
30
  require 'stripe/invoice_item'
30
31
  require 'stripe/charge'
@@ -47,10 +48,13 @@ require 'stripe/errors/invalid_request_error'
47
48
  require 'stripe/errors/authentication_error'
48
49
 
49
50
  module Stripe
51
+ DEFAULT_CA_BUNDLE_PATH = File.dirname(__FILE__) + '/data/ca-certificates.crt'
50
52
  @api_base = 'https://api.stripe.com'
51
53
 
52
- @ssl_bundle_path = File.dirname(__FILE__) + '/data/ca-certificates.crt'
54
+ @ssl_bundle_path = DEFAULT_CA_BUNDLE_PATH
53
55
  @verify_ssl_certs = true
56
+ @CERTIFICATE_VERIFIED = false
57
+
54
58
 
55
59
  class << self
56
60
  attr_accessor :api_key, :api_base, :verify_ssl_certs, :api_version
@@ -83,6 +87,10 @@ module Stripe
83
87
  :ssl_ca_file => @ssl_bundle_path)
84
88
  end
85
89
 
90
+ unless @CERTIFICATE_VERIFIED
91
+ @CERTIFICATE_VERIFIED = CertificateBlacklist.check_ssl_cert(@api_base, @ssl_bundle_path)
92
+ end
93
+
86
94
  params = Util.objects_to_ids(params)
87
95
  url = api_url(url)
88
96
 
data/lib/stripe/certificate_blacklist.rb ADDED
@@ -0,0 +1,47 @@
1
+ require 'uri'
2
+ require 'digest/sha1'
3
+
4
+ module Stripe
5
+ module CertificateBlacklist
6
+
7
+ BLACKLIST = {
8
+ "api.stripe.com" => [
9
+ '05c0b3643694470a888c6e7feb5c9e24e823dc53',
10
+ ],
11
+ "revoked.stripe.com" => [
12
+ '5b7dc7fbc98d78bf76d4d4fa6f597a0c901fad5c',
13
+ ]
14
+ }
15
+
16
+
17
+ def self.check_ssl_cert(uri, ca_file)
18
+ uri = URI.parse(uri)
19
+
20
+ sock = TCPSocket.new(uri.host, uri.port)
21
+ ctx = OpenSSL::SSL::SSLContext.new
22
+ ctx.set_params(:verify_mode => OpenSSL::SSL::VERIFY_PEER,
23
+ :ca_file => ca_file)
24
+
25
+ socket = OpenSSL::SSL::SSLSocket.new(sock, ctx)
26
+ socket.connect
27
+
28
+ certificate = socket.peer_cert.to_der
29
+ fingerprint = Digest::SHA1.hexdigest(certificate)
30
+
31
+ if blacklisted_certs = BLACKLIST[uri.host]
32
+ if blacklisted_certs.include?(fingerprint)
33
+ raise APIConnectionError.new(
34
+ "Invalid server certificate. You tried to connect to a server that" +
35
+ "has a revoked SSL certificate, which means we cannot securely send" +
36
+ "data to that server. Please email support@stripe.com if you need" +
37
+ "help connecting to the correct API server."
38
+ )
39
+ end
40
+ end
41
+
42
+ socket.close
43
+
44
+ return true
45
+ end
46
+ end
47
+ end
data/lib/stripe/customer.rb CHANGED
@@ -41,6 +41,12 @@ module Stripe
41
41
  subscription
42
42
  end
43
43
 
44
+ def create_subscription(params)
45
+ response, api_key = Stripe.request(:post, subscriptions_url, @api_key, params)
46
+ refresh_from({ :subscription => response }, api_key, true)
47
+ subscription
48
+ end
49
+
44
50
  def delete_discount
45
51
  Stripe.request(:delete, discount_url, @api_key)
46
52
  refresh_from({ :discount => nil }, api_key, true)
@@ -55,5 +61,9 @@ module Stripe
55
61
  def subscription_url
56
62
  url + '/subscription'
57
63
  end
64
+
65
+ def subscriptions_url
66
+ url + '/subscriptions'
67
+ end
58
68
  end
59
69
  end
data/lib/stripe/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Stripe
2
- VERSION = '1.10.1'
2
+ VERSION = '1.11.0'
3
3
  end
data/test/stripe/certificate_blacklist_test.rb ADDED
@@ -0,0 +1,18 @@
1
+ require File.expand_path('../../test_helper', __FILE__)
2
+
3
+ module Stripe
4
+
5
+ class CertificateBlacklistTest < Test::Unit::TestCase
6
+ should "not trust revoked certificates" do
7
+ assert_raises(Stripe::APIConnectionError) {
8
+ Stripe::CertificateBlacklist.check_ssl_cert("https://revoked.stripe.com:444",
9
+ Stripe::DEFAULT_CA_BUNDLE_PATH)
10
+ }
11
+ end
12
+
13
+ should "trust api.stripe.com" do
14
+ assert_true Stripe::CertificateBlacklist.check_ssl_cert("https://api.stripe.com",
15
+ Stripe::DEFAULT_CA_BUNDLE_PATH)
16
+ end
17
+ end
18
+ end
data/test/stripe/customer_test.rb CHANGED
@@ -20,10 +20,10 @@ module Stripe
20
20
  @mock.expects(:get).once.returns(test_response(test_customer({:mnemonic => "foo"})))
21
21
  @mock.expects(:post).once.returns(test_response(test_customer({:mnemonic => "bar"})))
22
22
  c = Stripe::Customer.new("test_customer").refresh
23
- assert_equal c.mnemonic, "foo"
23
+ assert_equal "foo", c.mnemonic
24
24
  c.mnemonic = "bar"
25
25
  c.save
26
- assert_equal c.mnemonic, "bar"
26
+ assert_equal "bar", c.mnemonic
27
27
  end
28
28
 
29
29
  should "create should return a new customer" do
@@ -64,6 +64,18 @@ module Stripe
64
64
  c.cancel_subscription
65
65
  end
66
66
 
67
+ should "be able to create a subscription for a customer" do
68
+ c = Stripe::Customer.new("test_customer")
69
+
70
+ @mock.expects(:post).once.with do |url, api_key, params|
71
+ url == "#{Stripe.api_base}/v1/customers/test_customer/subscriptions" && api_key.nil? && CGI.parse(params) == {'plan' => ['silver']}
72
+ end.returns(test_response(test_subscription(:plan => 'silver')))
73
+ s = c.create_subscription({:plan => 'silver'})
74
+
75
+ assert_equal 'subscription', s.object
76
+ assert_equal 'silver', s.plan.identifier
77
+ end
78
+
67
79
  should "be able to delete a customer's discount" do
68
80
  @mock.expects(:get).once.returns(test_response(test_customer))
69
81
  c = Stripe::Customer.retrieve("test_customer")
data/test/stripe/invoice_test.rb CHANGED
@@ -20,7 +20,7 @@ module Stripe
20
20
 
21
21
  @mock.expects(:post).once.with('https://api.stripe.com/v1/invoices/in_test_invoice/pay', nil, '').returns(test_response(test_paid_invoice))
22
22
  i.pay
23
- assert_equal i.next_payment_attempt, nil
23
+ assert_equal nil, i.next_payment_attempt
24
24
  end
25
25
  end
26
26
  end
data/test/stripe/stripe_object_test.rb CHANGED
@@ -12,9 +12,9 @@ module Stripe
12
12
  should "marshal a stripe object correctly" do
13
13
  obj = Stripe::StripeObject.construct_from({ :id => 1, :name => 'Stripe' }, 'apikey')
14
14
  m = Marshal.load(Marshal.dump(obj))
15
- assert_equal m.id, 1
16
- assert_equal m.name, 'Stripe'
17
- assert_equal m.api_key, 'apikey'
15
+ assert_equal 1, m.id
16
+ assert_equal 'Stripe', m.name
17
+ assert_equal 'apikey', m.api_key
18
18
  end
19
19
  end
20
20
  end
data/test/stripe/subscription_test.rb CHANGED
@@ -17,7 +17,7 @@ module Stripe
17
17
  subscription = customer.subscriptions.first
18
18
  subscription.refresh
19
19
 
20
- assert_equal subscription.id, 'refreshed_subscription'
20
+ assert_equal 'refreshed_subscription', subscription.id
21
21
  end
22
22
 
23
23
  should "subscriptions should be deletable" do
@@ -38,12 +38,12 @@ module Stripe
38
38
 
39
39
  customer = Stripe::Customer.retrieve('test_customer')
40
40
  subscription = customer.subscriptions.first
41
- assert_equal subscription.status, 'trialing'
41
+ assert_equal 'trialing', subscription.status
42
42
 
43
43
  subscription.status = 'active'
44
44
  subscription.save
45
45
 
46
- assert_equal subscription.status, 'active'
46
+ assert_equal 'active', subscription.status
47
47
  end
48
48
 
49
49
  should "create should return a new subscription" do
@@ -52,7 +52,7 @@ module Stripe
52
52
 
53
53
  customer = Stripe::Customer.retrieve('test_customer')
54
54
  subscription = customer.subscriptions.create(:plan => 'silver')
55
- assert_equal subscription.id, 'test_new_subscription'
55
+ assert_equal 'test_new_subscription', subscription.id
56
56
  end
57
57
 
58
58
  should "be able to delete a subscriptions's discount" do
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: stripe
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.10.1
4
+ version: 1.11.0
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2014-02-04 00:00:00.000000000 Z
13
+ date: 2014-04-10 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: rest-client
@@ -159,6 +159,7 @@ files:
159
159
  - lib/stripe/balance.rb
160
160
  - lib/stripe/balance_transaction.rb
161
161
  - lib/stripe/card.rb
162
+ - lib/stripe/certificate_blacklist.rb
162
163
  - lib/stripe/charge.rb
163
164
  - lib/stripe/coupon.rb
164
165
  - lib/stripe/customer.rb
@@ -185,6 +186,7 @@ files:
185
186
  - test/stripe/account_test.rb
186
187
  - test/stripe/api_resource_test.rb
187
188
  - test/stripe/application_fee_test.rb
189
+ - test/stripe/certificate_blacklist_test.rb
188
190
  - test/stripe/charge_test.rb
189
191
  - test/stripe/coupon_test.rb
190
192
  - test/stripe/customer_test.rb
@@ -224,6 +226,7 @@ test_files:
224
226
  - test/stripe/account_test.rb
225
227
  - test/stripe/api_resource_test.rb
226
228
  - test/stripe/application_fee_test.rb
229
+ - test/stripe/certificate_blacklist_test.rb
227
230
  - test/stripe/charge_test.rb
228
231
  - test/stripe/coupon_test.rb
229
232
  - test/stripe/customer_test.rb
@@ -234,4 +237,3 @@ test_files:
234
237
  - test/stripe/subscription_test.rb
235
238
  - test/stripe/util_test.rb
236
239
  - test/test_helper.rb
237
- has_rdoc: