stripe 1.20.4 → 1.21.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,3 +1,8 @@
1
+ === 1.21.0 2015-04-14
2
+
3
+ * Remove TLS cert revocation check. (All pre-heartbleed certs have expired.)
4
+ * Bugfix: don't unset keys when they don't exist on StripeObject.
5
+
1
6
  === 1.20.4 2015-03-26
2
7
 
3
8
  * Raise an error when explicitly passing nil as the API key on resource methods
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.20.4
1
+ 1.21.0
@@ -1,9 +1,12 @@
1
1
  # Stripe Ruby bindings
2
2
  # API spec at https://stripe.com/docs/api
3
3
  require 'cgi'
4
- require 'set'
5
4
  require 'openssl'
6
- require 'rest_client'
5
+ require 'rbconfig'
6
+ require 'set'
7
+ require 'socket'
8
+
9
+ require 'rest-client'
7
10
  require 'json'
8
11
 
9
12
  # Version
@@ -26,7 +29,6 @@ require 'stripe/account'
26
29
  require 'stripe/balance'
27
30
  require 'stripe/balance_transaction'
28
31
  require 'stripe/customer'
29
- require 'stripe/certificate_blacklist'
30
32
  require 'stripe/invoice'
31
33
  require 'stripe/invoice_item'
32
34
  require 'stripe/charge'
@@ -62,7 +64,6 @@ module Stripe
62
64
 
63
65
  @ssl_bundle_path = DEFAULT_CA_BUNDLE_PATH
64
66
  @verify_ssl_certs = true
65
- @CERTIFICATE_VERIFIED = false
66
67
 
67
68
 
68
69
  class << self
@@ -91,15 +92,17 @@ module Stripe
91
92
  'email support@stripe.com if you have any questions.)')
92
93
  end
93
94
 
94
- request_opts = { :verify_ssl => false }
95
-
96
- if ssl_preflight_passed?
97
- request_opts.update(:verify_ssl => OpenSSL::SSL::VERIFY_PEER,
98
- :ssl_ca_file => @ssl_bundle_path)
99
- end
100
-
101
- if @verify_ssl_certs and !@CERTIFICATE_VERIFIED
102
- @CERTIFICATE_VERIFIED = CertificateBlacklist.check_ssl_cert(api_base_url, @ssl_bundle_path)
95
+ if verify_ssl_certs
96
+ request_opts = {:verify_ssl => OpenSSL::SSL::VERIFY_PEER,
97
+ :ssl_ca_file => @ssl_bundle_path}
98
+ else
99
+ unless @verify_ssl_warned
100
+ @verify_ssl_warned = true
101
+ $stderr.puts("WARNING: Running without SSL cert verification. " \
102
+ "You should never do this in production. " \
103
+ "Execute 'Stripe.verify_ssl_certs = true' to enable verification.")
104
+ request_opts = {:verify_ssl => false}
105
+ end
103
106
  end
104
107
 
105
108
  params = Util.objects_to_ids(params)
@@ -149,23 +152,6 @@ module Stripe
149
152
 
150
153
  private
151
154
 
152
- def self.ssl_preflight_passed?
153
- if !verify_ssl_certs && !@no_verify
154
- $stderr.puts "WARNING: Running without SSL cert verification. " \
155
- "Execute 'Stripe.verify_ssl_certs = true' to enable verification."
156
-
157
- @no_verify = true
158
-
159
- elsif !Util.file_readable(@ssl_bundle_path) && !@no_bundle
160
- $stderr.puts "WARNING: Running without SSL cert verification " \
161
- "because #{@ssl_bundle_path} isn't readable"
162
-
163
- @no_bundle = true
164
- end
165
-
166
- !(@no_verify || @no_bundle)
167
- end
168
-
169
155
  def self.user_agent
170
156
  @uname ||= get_uname
171
157
  lang_version = "#{RUBY_VERSION} p#{RUBY_PATCHLEVEL} (#{RUBY_RELEASE_DATE})"
@@ -175,18 +161,42 @@ module Stripe
175
161
  :lang => 'ruby',
176
162
  :lang_version => lang_version,
177
163
  :platform => RUBY_PLATFORM,
164
+ :engine => defined?(RUBY_ENGINE) ? RUBY_ENGINE : '',
178
165
  :publisher => 'stripe',
179
- :uname => @uname
166
+ :uname => @uname,
167
+ :hostname => Socket.gethostname,
180
168
  }
181
169
 
182
170
  end
183
171
 
184
172
  def self.get_uname
185
- `uname -a 2>/dev/null`.strip if RUBY_PLATFORM =~ /linux|darwin/i
186
- rescue Errno::ENOMEM => ex # couldn't create subprocess
173
+ if File.exist?('/proc/version')
174
+ File.read('/proc/version').strip
175
+ else
176
+ case RbConfig::CONFIG['host_os']
177
+ when /linux|darwin|bsd|sunos|solaris|cygwin/i
178
+ _uname_uname
179
+ when /mswin|mingw/i
180
+ _uname_ver
181
+ else
182
+ "unknown platform"
183
+ end
184
+ end
185
+ end
186
+
187
+ def self._uname_uname
188
+ (`uname -a 2>/dev/null` || '').strip
189
+ rescue Errno::ENOMEM # couldn't create subprocess
190
+ "uname lookup failed"
191
+ end
192
+
193
+ def self._uname_ver
194
+ (`ver` || '').strip
195
+ rescue Errno::ENOMEM # couldn't create subprocess
187
196
  "uname lookup failed"
188
197
  end
189
198
 
199
+
190
200
  def self.uri_encode(params)
191
201
  Util.flatten_params(params).
192
202
  map { |k,v| "#{k}=#{Util.url_encode(v)}" }.join('&')
@@ -129,9 +129,12 @@ module Stripe
129
129
  # e.g. as object.key = {foo => bar}
130
130
  update = new_value
131
131
  new_keys = update.keys.map(&:to_sym)
132
+
132
133
  # remove keys at the server, but not known locally
133
- keys_to_unset = @original_values[key].keys - new_keys
134
- keys_to_unset.each {|key| update[key] = ''}
134
+ if @original_values.include?(key)
135
+ keys_to_unset = @original_values[key].keys - new_keys
136
+ keys_to_unset.each {|key| update[key] = ''}
137
+ end
135
138
 
136
139
  update
137
140
  else
@@ -1,3 +1,3 @@
1
1
  module Stripe
2
- VERSION = '1.20.4'
2
+ VERSION = '1.21.0'
3
3
  end
@@ -13,7 +13,6 @@ spec = Gem::Specification.new do |s|
13
13
  s.license = 'MIT'
14
14
 
15
15
  s.add_dependency('rest-client', '~> 1.4')
16
- s.add_dependency('mime-types', '>= 1.25', '< 3.0')
17
16
  s.add_dependency('json', '~> 1.8.1')
18
17
 
19
18
  s.add_development_dependency('mocha', '~> 0.13.2')
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: stripe
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.20.4
4
+ version: 1.21.0
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2015-03-27 00:00:00.000000000 Z
13
+ date: 2015-04-14 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: rest-client
@@ -28,28 +28,6 @@ dependencies:
28
28
  - - ~>
29
29
  - !ruby/object:Gem::Version
30
30
  version: '1.4'
31
- - !ruby/object:Gem::Dependency
32
- name: mime-types
33
- requirement: !ruby/object:Gem::Requirement
34
- none: false
35
- requirements:
36
- - - ! '>='
37
- - !ruby/object:Gem::Version
38
- version: '1.25'
39
- - - <
40
- - !ruby/object:Gem::Version
41
- version: '3.0'
42
- type: :runtime
43
- prerelease: false
44
- version_requirements: !ruby/object:Gem::Requirement
45
- none: false
46
- requirements:
47
- - - ! '>='
48
- - !ruby/object:Gem::Version
49
- version: '1.25'
50
- - - <
51
- - !ruby/object:Gem::Version
52
- version: '3.0'
53
31
  - !ruby/object:Gem::Dependency
54
32
  name: json
55
33
  requirement: !ruby/object:Gem::Requirement
@@ -169,7 +147,6 @@ files:
169
147
  - lib/stripe/bitcoin_receiver.rb
170
148
  - lib/stripe/bitcoin_transaction.rb
171
149
  - lib/stripe/card.rb
172
- - lib/stripe/certificate_blacklist.rb
173
150
  - lib/stripe/charge.rb
174
151
  - lib/stripe/coupon.rb
175
152
  - lib/stripe/customer.rb
@@ -202,7 +179,6 @@ files:
202
179
  - test/stripe/application_fee_test.rb
203
180
  - test/stripe/balance_test.rb
204
181
  - test/stripe/bitcoin_receiver_test.rb
205
- - test/stripe/certificate_blacklist_test.rb
206
182
  - test/stripe/charge_test.rb
207
183
  - test/stripe/coupon_test.rb
208
184
  - test/stripe/customer_card_test.rb
@@ -241,7 +217,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
241
217
  version: '0'
242
218
  requirements: []
243
219
  rubyforge_project:
244
- rubygems_version: 1.8.23
220
+ rubygems_version: 1.8.23.2
245
221
  signing_key:
246
222
  specification_version: 3
247
223
  summary: Ruby bindings for the Stripe API
@@ -252,7 +228,6 @@ test_files:
252
228
  - test/stripe/application_fee_test.rb
253
229
  - test/stripe/balance_test.rb
254
230
  - test/stripe/bitcoin_receiver_test.rb
255
- - test/stripe/certificate_blacklist_test.rb
256
231
  - test/stripe/charge_test.rb
257
232
  - test/stripe/coupon_test.rb
258
233
  - test/stripe/customer_card_test.rb
@@ -1,55 +0,0 @@
1
- require 'uri'
2
- require 'digest/sha1'
3
-
4
- module Stripe
5
- module CertificateBlacklist
6
-
7
- BLACKLIST = {
8
- "api.stripe.com" => [
9
- '05c0b3643694470a888c6e7feb5c9e24e823dc53',
10
- ],
11
- "revoked.stripe.com" => [
12
- '5b7dc7fbc98d78bf76d4d4fa6f597a0c901fad5c',
13
- ]
14
- }
15
-
16
- # Preflight the SSL certificate presented by the backend. This isn't 100%
17
- # bulletproof, in that we're not actually validating the transport used to
18
- # communicate with Stripe, merely that the first attempt to does not use a
19
- # revoked certificate.
20
-
21
- # Unfortunately the interface to OpenSSL doesn't make it easy to check the
22
- # certificate before sending potentially sensitive data on the wire. This
23
- # approach raises the bar for an attacker significantly.
24
-
25
- def self.check_ssl_cert(uri, ca_file)
26
- uri = URI.parse(uri)
27
-
28
- sock = TCPSocket.new(uri.host, uri.port)
29
- ctx = OpenSSL::SSL::SSLContext.new
30
- ctx.set_params(:verify_mode => OpenSSL::SSL::VERIFY_PEER,
31
- :ca_file => ca_file)
32
-
33
- socket = OpenSSL::SSL::SSLSocket.new(sock, ctx)
34
- socket.connect
35
-
36
- certificate = socket.peer_cert.to_der
37
- fingerprint = Digest::SHA1.hexdigest(certificate)
38
-
39
- if blacklisted_certs = BLACKLIST[uri.host]
40
- if blacklisted_certs.include?(fingerprint)
41
- raise APIConnectionError.new(
42
- "Invalid server certificate. You tried to connect to a server that" \
43
- "has a revoked SSL certificate, which means we cannot securely send" \
44
- "data to that server. Please email support@stripe.com if you need" \
45
- "help connecting to the correct API server."
46
- )
47
- end
48
- end
49
-
50
- socket.close
51
-
52
- return true
53
- end
54
- end
55
- end
@@ -1,18 +0,0 @@
1
- require File.expand_path('../../test_helper', __FILE__)
2
-
3
- module Stripe
4
-
5
- class CertificateBlacklistTest < Test::Unit::TestCase
6
- should "not trust revoked certificates" do
7
- assert_raises(Stripe::APIConnectionError) {
8
- Stripe::CertificateBlacklist.check_ssl_cert("https://revoked.stripe.com:444",
9
- Stripe::DEFAULT_CA_BUNDLE_PATH)
10
- }
11
- end
12
-
13
- should "trust api.stripe.com" do
14
- assert_true Stripe::CertificateBlacklist.check_ssl_cert("https://api.stripe.com",
15
- Stripe::DEFAULT_CA_BUNDLE_PATH)
16
- end
17
- end
18
- end