stripe 1.10.1 → 1.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. data/History.txt +89 -42
  2. data/README.rdoc +1 -1
  3. data/VERSION +1 -1
  4. data/lib/data/ca-certificates.crt +4786 -3539
  5. data/lib/stripe.rb +9 -1
  6. data/lib/stripe/certificate_blacklist.rb +47 -0
  7. data/lib/stripe/customer.rb +10 -0
  8. data/lib/stripe/version.rb +1 -1
  9. data/test/stripe/certificate_blacklist_test.rb +18 -0
  10. data/test/stripe/customer_test.rb +14 -2
  11. data/test/stripe/invoice_test.rb +1 -1
  12. data/test/stripe/stripe_object_test.rb +3 -3
  13. data/test/stripe/subscription_test.rb +4 -4
  14. metadata +5 -3
data/lib/stripe.rb CHANGED
@@ -25,6 +25,7 @@ require 'stripe/account'
25
25
  require 'stripe/balance'
26
26
  require 'stripe/balance_transaction'
27
27
  require 'stripe/customer'
28
+ require 'stripe/certificate_blacklist'
28
29
  require 'stripe/invoice'
29
30
  require 'stripe/invoice_item'
30
31
  require 'stripe/charge'
@@ -47,10 +48,13 @@ require 'stripe/errors/invalid_request_error'
47
48
  require 'stripe/errors/authentication_error'
48
49
 
49
50
  module Stripe
51
+ DEFAULT_CA_BUNDLE_PATH = File.dirname(__FILE__) + '/data/ca-certificates.crt'
50
52
  @api_base = 'https://api.stripe.com'
51
53
 
52
- @ssl_bundle_path = File.dirname(__FILE__) + '/data/ca-certificates.crt'
54
+ @ssl_bundle_path = DEFAULT_CA_BUNDLE_PATH
53
55
  @verify_ssl_certs = true
56
+ @CERTIFICATE_VERIFIED = false
57
+
54
58
 
55
59
  class << self
56
60
  attr_accessor :api_key, :api_base, :verify_ssl_certs, :api_version
@@ -83,6 +87,10 @@ module Stripe
83
87
  :ssl_ca_file => @ssl_bundle_path)
84
88
  end
85
89
 
90
+ unless @CERTIFICATE_VERIFIED
91
+ @CERTIFICATE_VERIFIED = CertificateBlacklist.check_ssl_cert(@api_base, @ssl_bundle_path)
92
+ end
93
+
86
94
  params = Util.objects_to_ids(params)
87
95
  url = api_url(url)
88
96
 
data/lib/stripe/certificate_blacklist.rb ADDED
@@ -0,0 +1,47 @@
1
+ require 'uri'
2
+ require 'digest/sha1'
3
+
4
+ module Stripe
5
+ module CertificateBlacklist
6
+
7
+ BLACKLIST = {
8
+ "api.stripe.com" => [
9
+ '05c0b3643694470a888c6e7feb5c9e24e823dc53',
10
+ ],
11
+ "revoked.stripe.com" => [
12
+ '5b7dc7fbc98d78bf76d4d4fa6f597a0c901fad5c',
13
+ ]
14
+ }
15
+
16
+
17
+ def self.check_ssl_cert(uri, ca_file)
18
+ uri = URI.parse(uri)
19
+
20
+ sock = TCPSocket.new(uri.host, uri.port)
21
+ ctx = OpenSSL::SSL::SSLContext.new
22
+ ctx.set_params(:verify_mode => OpenSSL::SSL::VERIFY_PEER,
23
+ :ca_file => ca_file)
24
+
25
+ socket = OpenSSL::SSL::SSLSocket.new(sock, ctx)
26
+ socket.connect
27
+
28
+ certificate = socket.peer_cert.to_der
29
+ fingerprint = Digest::SHA1.hexdigest(certificate)
30
+
31
+ if blacklisted_certs = BLACKLIST[uri.host]
32
+ if blacklisted_certs.include?(fingerprint)
33
+ raise APIConnectionError.new(
34
+ "Invalid server certificate. You tried to connect to a server that" +
35
+ "has a revoked SSL certificate, which means we cannot securely send" +
36
+ "data to that server. Please email support@stripe.com if you need" +
37
+ "help connecting to the correct API server."
38
+ )
39
+ end
40
+ end
41
+
42
+ socket.close
43
+
44
+ return true
45
+ end
46
+ end
47
+ end
data/lib/stripe/customer.rb CHANGED
@@ -41,6 +41,12 @@ module Stripe
41
41
  subscription
42
42
  end
43
43
 
44
+ def create_subscription(params)
45
+ response, api_key = Stripe.request(:post, subscriptions_url, @api_key, params)
46
+ refresh_from({ :subscription => response }, api_key, true)
47
+ subscription
48
+ end
49
+
44
50
  def delete_discount
45
51
  Stripe.request(:delete, discount_url, @api_key)
46
52
  refresh_from({ :discount => nil }, api_key, true)
@@ -55,5 +61,9 @@ module Stripe
55
61
  def subscription_url
56
62
  url + '/subscription'
57
63
  end
64
+
65
+ def subscriptions_url
66
+ url + '/subscriptions'
67
+ end
58
68
  end
59
69
  end
data/lib/stripe/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Stripe
2
- VERSION = '1.10.1'
2
+ VERSION = '1.11.0'
3
3
  end
data/test/stripe/certificate_blacklist_test.rb ADDED
@@ -0,0 +1,18 @@
1
+ require File.expand_path('../../test_helper', __FILE__)
2
+
3
+ module Stripe
4
+
5
+ class CertificateBlacklistTest < Test::Unit::TestCase
6
+ should "not trust revoked certificates" do
7
+ assert_raises(Stripe::APIConnectionError) {
8
+ Stripe::CertificateBlacklist.check_ssl_cert("https://revoked.stripe.com:444",
9
+ Stripe::DEFAULT_CA_BUNDLE_PATH)
10
+ }
11
+ end
12
+
13
+ should "trust api.stripe.com" do
14
+ assert_true Stripe::CertificateBlacklist.check_ssl_cert("https://api.stripe.com",
15
+ Stripe::DEFAULT_CA_BUNDLE_PATH)
16
+ end
17
+ end
18
+ end
data/test/stripe/customer_test.rb CHANGED
@@ -20,10 +20,10 @@ module Stripe
20
20
  @mock.expects(:get).once.returns(test_response(test_customer({:mnemonic => "foo"})))
21
21
  @mock.expects(:post).once.returns(test_response(test_customer({:mnemonic => "bar"})))
22
22
  c = Stripe::Customer.new("test_customer").refresh
23
- assert_equal c.mnemonic, "foo"
23
+ assert_equal "foo", c.mnemonic
24
24
  c.mnemonic = "bar"
25
25
  c.save
26
- assert_equal c.mnemonic, "bar"
26
+ assert_equal "bar", c.mnemonic
27
27
  end
28
28
 
29
29
  should "create should return a new customer" do
@@ -64,6 +64,18 @@ module Stripe
64
64
  c.cancel_subscription
65
65
  end
66
66
 
67
+ should "be able to create a subscription for a customer" do
68
+ c = Stripe::Customer.new("test_customer")
69
+
70
+ @mock.expects(:post).once.with do |url, api_key, params|
71
+ url == "#{Stripe.api_base}/v1/customers/test_customer/subscriptions" && api_key.nil? && CGI.parse(params) == {'plan' => ['silver']}
72
+ end.returns(test_response(test_subscription(:plan => 'silver')))
73
+ s = c.create_subscription({:plan => 'silver'})
74
+
75
+ assert_equal 'subscription', s.object
76
+ assert_equal 'silver', s.plan.identifier
77
+ end
78
+
67
79
  should "be able to delete a customer's discount" do
68
80
  @mock.expects(:get).once.returns(test_response(test_customer))
69
81
  c = Stripe::Customer.retrieve("test_customer")
data/test/stripe/invoice_test.rb CHANGED
@@ -20,7 +20,7 @@ module Stripe
20
20
 
21
21
  @mock.expects(:post).once.with('https://api.stripe.com/v1/invoices/in_test_invoice/pay', nil, '').returns(test_response(test_paid_invoice))
22
22
  i.pay
23
- assert_equal i.next_payment_attempt, nil
23
+ assert_equal nil, i.next_payment_attempt
24
24
  end
25
25
  end
26
26
  end
data/test/stripe/stripe_object_test.rb CHANGED
@@ -12,9 +12,9 @@ module Stripe
12
12
  should "marshal a stripe object correctly" do
13
13
  obj = Stripe::StripeObject.construct_from({ :id => 1, :name => 'Stripe' }, 'apikey')
14
14
  m = Marshal.load(Marshal.dump(obj))
15
- assert_equal m.id, 1
16
- assert_equal m.name, 'Stripe'
17
- assert_equal m.api_key, 'apikey'
15
+ assert_equal 1, m.id
16
+ assert_equal 'Stripe', m.name
17
+ assert_equal 'apikey', m.api_key
18
18
  end
19
19
  end
20
20
  end
data/test/stripe/subscription_test.rb CHANGED
@@ -17,7 +17,7 @@ module Stripe
17
17
  subscription = customer.subscriptions.first
18
18
  subscription.refresh
19
19
 
20
- assert_equal subscription.id, 'refreshed_subscription'
20
+ assert_equal 'refreshed_subscription', subscription.id
21
21
  end
22
22
 
23
23
  should "subscriptions should be deletable" do
@@ -38,12 +38,12 @@ module Stripe
38
38
 
39
39
  customer = Stripe::Customer.retrieve('test_customer')
40
40
  subscription = customer.subscriptions.first
41
- assert_equal subscription.status, 'trialing'
41
+ assert_equal 'trialing', subscription.status
42
42
 
43
43
  subscription.status = 'active'
44
44
  subscription.save
45
45
 
46
- assert_equal subscription.status, 'active'
46
+ assert_equal 'active', subscription.status
47
47
  end
48
48
 
49
49
  should "create should return a new subscription" do
@@ -52,7 +52,7 @@ module Stripe
52
52
 
53
53
  customer = Stripe::Customer.retrieve('test_customer')
54
54
  subscription = customer.subscriptions.create(:plan => 'silver')
55
- assert_equal subscription.id, 'test_new_subscription'
55
+ assert_equal 'test_new_subscription', subscription.id
56
56
  end
57
57
 
58
58
  should "be able to delete a subscriptions's discount" do
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: stripe
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.10.1
4
+ version: 1.11.0
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2014-02-04 00:00:00.000000000 Z
13
+ date: 2014-04-10 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: rest-client
@@ -159,6 +159,7 @@ files:
159
159
  - lib/stripe/balance.rb
160
160
  - lib/stripe/balance_transaction.rb
161
161
  - lib/stripe/card.rb
162
+ - lib/stripe/certificate_blacklist.rb
162
163
  - lib/stripe/charge.rb
163
164
  - lib/stripe/coupon.rb
164
165
  - lib/stripe/customer.rb
@@ -185,6 +186,7 @@ files:
185
186
  - test/stripe/account_test.rb
186
187
  - test/stripe/api_resource_test.rb
187
188
  - test/stripe/application_fee_test.rb
189
+ - test/stripe/certificate_blacklist_test.rb
188
190
  - test/stripe/charge_test.rb
189
191
  - test/stripe/coupon_test.rb
190
192
  - test/stripe/customer_test.rb
@@ -224,6 +226,7 @@ test_files:
224
226
  - test/stripe/account_test.rb
225
227
  - test/stripe/api_resource_test.rb
226
228
  - test/stripe/application_fee_test.rb
229
+ - test/stripe/certificate_blacklist_test.rb
227
230
  - test/stripe/charge_test.rb
228
231
  - test/stripe/coupon_test.rb
229
232
  - test/stripe/customer_test.rb
@@ -234,4 +237,3 @@ test_files:
234
237
  - test/stripe/subscription_test.rb
235
238
  - test/stripe/util_test.rb
236
239
  - test/test_helper.rb
237
- has_rdoc: