stripe 1.20.4 → 1.21.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/History.txt +5 -0
- data/VERSION +1 -1
- data/lib/stripe.rb +43 -33
- data/lib/stripe/stripe_object.rb +5 -2
- data/lib/stripe/version.rb +1 -1
- data/stripe.gemspec +0 -1
- metadata +3 -28
- data/lib/stripe/certificate_blacklist.rb +0 -55
- data/test/stripe/certificate_blacklist_test.rb +0 -18
data/History.txt
CHANGED
@@ -1,3 +1,8 @@
|
|
1
|
+
=== 1.21.0 2015-04-14
|
2
|
+
|
3
|
+
* Remove TLS cert revocation check. (All pre-heartbleed certs have expired.)
|
4
|
+
* Bugfix: don't unset keys when they don't exist on StripeObject.
|
5
|
+
|
1
6
|
=== 1.20.4 2015-03-26
|
2
7
|
|
3
8
|
* Raise an error when explicitly passing nil as the API key on resource methods
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.21.0
|
data/lib/stripe.rb
CHANGED
@@ -1,9 +1,12 @@
|
|
1
1
|
# Stripe Ruby bindings
|
2
2
|
# API spec at https://stripe.com/docs/api
|
3
3
|
require 'cgi'
|
4
|
-
require 'set'
|
5
4
|
require 'openssl'
|
6
|
-
require '
|
5
|
+
require 'rbconfig'
|
6
|
+
require 'set'
|
7
|
+
require 'socket'
|
8
|
+
|
9
|
+
require 'rest-client'
|
7
10
|
require 'json'
|
8
11
|
|
9
12
|
# Version
|
@@ -26,7 +29,6 @@ require 'stripe/account'
|
|
26
29
|
require 'stripe/balance'
|
27
30
|
require 'stripe/balance_transaction'
|
28
31
|
require 'stripe/customer'
|
29
|
-
require 'stripe/certificate_blacklist'
|
30
32
|
require 'stripe/invoice'
|
31
33
|
require 'stripe/invoice_item'
|
32
34
|
require 'stripe/charge'
|
@@ -62,7 +64,6 @@ module Stripe
|
|
62
64
|
|
63
65
|
@ssl_bundle_path = DEFAULT_CA_BUNDLE_PATH
|
64
66
|
@verify_ssl_certs = true
|
65
|
-
@CERTIFICATE_VERIFIED = false
|
66
67
|
|
67
68
|
|
68
69
|
class << self
|
@@ -91,15 +92,17 @@ module Stripe
|
|
91
92
|
'email support@stripe.com if you have any questions.)')
|
92
93
|
end
|
93
94
|
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
95
|
+
if verify_ssl_certs
|
96
|
+
request_opts = {:verify_ssl => OpenSSL::SSL::VERIFY_PEER,
|
97
|
+
:ssl_ca_file => @ssl_bundle_path}
|
98
|
+
else
|
99
|
+
unless @verify_ssl_warned
|
100
|
+
@verify_ssl_warned = true
|
101
|
+
$stderr.puts("WARNING: Running without SSL cert verification. " \
|
102
|
+
"You should never do this in production. " \
|
103
|
+
"Execute 'Stripe.verify_ssl_certs = true' to enable verification.")
|
104
|
+
request_opts = {:verify_ssl => false}
|
105
|
+
end
|
103
106
|
end
|
104
107
|
|
105
108
|
params = Util.objects_to_ids(params)
|
@@ -149,23 +152,6 @@ module Stripe
|
|
149
152
|
|
150
153
|
private
|
151
154
|
|
152
|
-
def self.ssl_preflight_passed?
|
153
|
-
if !verify_ssl_certs && !@no_verify
|
154
|
-
$stderr.puts "WARNING: Running without SSL cert verification. " \
|
155
|
-
"Execute 'Stripe.verify_ssl_certs = true' to enable verification."
|
156
|
-
|
157
|
-
@no_verify = true
|
158
|
-
|
159
|
-
elsif !Util.file_readable(@ssl_bundle_path) && !@no_bundle
|
160
|
-
$stderr.puts "WARNING: Running without SSL cert verification " \
|
161
|
-
"because #{@ssl_bundle_path} isn't readable"
|
162
|
-
|
163
|
-
@no_bundle = true
|
164
|
-
end
|
165
|
-
|
166
|
-
!(@no_verify || @no_bundle)
|
167
|
-
end
|
168
|
-
|
169
155
|
def self.user_agent
|
170
156
|
@uname ||= get_uname
|
171
157
|
lang_version = "#{RUBY_VERSION} p#{RUBY_PATCHLEVEL} (#{RUBY_RELEASE_DATE})"
|
@@ -175,18 +161,42 @@ module Stripe
|
|
175
161
|
:lang => 'ruby',
|
176
162
|
:lang_version => lang_version,
|
177
163
|
:platform => RUBY_PLATFORM,
|
164
|
+
:engine => defined?(RUBY_ENGINE) ? RUBY_ENGINE : '',
|
178
165
|
:publisher => 'stripe',
|
179
|
-
:uname => @uname
|
166
|
+
:uname => @uname,
|
167
|
+
:hostname => Socket.gethostname,
|
180
168
|
}
|
181
169
|
|
182
170
|
end
|
183
171
|
|
184
172
|
def self.get_uname
|
185
|
-
|
186
|
-
|
173
|
+
if File.exist?('/proc/version')
|
174
|
+
File.read('/proc/version').strip
|
175
|
+
else
|
176
|
+
case RbConfig::CONFIG['host_os']
|
177
|
+
when /linux|darwin|bsd|sunos|solaris|cygwin/i
|
178
|
+
_uname_uname
|
179
|
+
when /mswin|mingw/i
|
180
|
+
_uname_ver
|
181
|
+
else
|
182
|
+
"unknown platform"
|
183
|
+
end
|
184
|
+
end
|
185
|
+
end
|
186
|
+
|
187
|
+
def self._uname_uname
|
188
|
+
(`uname -a 2>/dev/null` || '').strip
|
189
|
+
rescue Errno::ENOMEM # couldn't create subprocess
|
190
|
+
"uname lookup failed"
|
191
|
+
end
|
192
|
+
|
193
|
+
def self._uname_ver
|
194
|
+
(`ver` || '').strip
|
195
|
+
rescue Errno::ENOMEM # couldn't create subprocess
|
187
196
|
"uname lookup failed"
|
188
197
|
end
|
189
198
|
|
199
|
+
|
190
200
|
def self.uri_encode(params)
|
191
201
|
Util.flatten_params(params).
|
192
202
|
map { |k,v| "#{k}=#{Util.url_encode(v)}" }.join('&')
|
data/lib/stripe/stripe_object.rb
CHANGED
@@ -129,9 +129,12 @@ module Stripe
|
|
129
129
|
# e.g. as object.key = {foo => bar}
|
130
130
|
update = new_value
|
131
131
|
new_keys = update.keys.map(&:to_sym)
|
132
|
+
|
132
133
|
# remove keys at the server, but not known locally
|
133
|
-
|
134
|
-
|
134
|
+
if @original_values.include?(key)
|
135
|
+
keys_to_unset = @original_values[key].keys - new_keys
|
136
|
+
keys_to_unset.each {|key| update[key] = ''}
|
137
|
+
end
|
135
138
|
|
136
139
|
update
|
137
140
|
else
|
data/lib/stripe/version.rb
CHANGED
data/stripe.gemspec
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: stripe
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.21.0
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2015-
|
13
|
+
date: 2015-04-14 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: rest-client
|
@@ -28,28 +28,6 @@ dependencies:
|
|
28
28
|
- - ~>
|
29
29
|
- !ruby/object:Gem::Version
|
30
30
|
version: '1.4'
|
31
|
-
- !ruby/object:Gem::Dependency
|
32
|
-
name: mime-types
|
33
|
-
requirement: !ruby/object:Gem::Requirement
|
34
|
-
none: false
|
35
|
-
requirements:
|
36
|
-
- - ! '>='
|
37
|
-
- !ruby/object:Gem::Version
|
38
|
-
version: '1.25'
|
39
|
-
- - <
|
40
|
-
- !ruby/object:Gem::Version
|
41
|
-
version: '3.0'
|
42
|
-
type: :runtime
|
43
|
-
prerelease: false
|
44
|
-
version_requirements: !ruby/object:Gem::Requirement
|
45
|
-
none: false
|
46
|
-
requirements:
|
47
|
-
- - ! '>='
|
48
|
-
- !ruby/object:Gem::Version
|
49
|
-
version: '1.25'
|
50
|
-
- - <
|
51
|
-
- !ruby/object:Gem::Version
|
52
|
-
version: '3.0'
|
53
31
|
- !ruby/object:Gem::Dependency
|
54
32
|
name: json
|
55
33
|
requirement: !ruby/object:Gem::Requirement
|
@@ -169,7 +147,6 @@ files:
|
|
169
147
|
- lib/stripe/bitcoin_receiver.rb
|
170
148
|
- lib/stripe/bitcoin_transaction.rb
|
171
149
|
- lib/stripe/card.rb
|
172
|
-
- lib/stripe/certificate_blacklist.rb
|
173
150
|
- lib/stripe/charge.rb
|
174
151
|
- lib/stripe/coupon.rb
|
175
152
|
- lib/stripe/customer.rb
|
@@ -202,7 +179,6 @@ files:
|
|
202
179
|
- test/stripe/application_fee_test.rb
|
203
180
|
- test/stripe/balance_test.rb
|
204
181
|
- test/stripe/bitcoin_receiver_test.rb
|
205
|
-
- test/stripe/certificate_blacklist_test.rb
|
206
182
|
- test/stripe/charge_test.rb
|
207
183
|
- test/stripe/coupon_test.rb
|
208
184
|
- test/stripe/customer_card_test.rb
|
@@ -241,7 +217,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
241
217
|
version: '0'
|
242
218
|
requirements: []
|
243
219
|
rubyforge_project:
|
244
|
-
rubygems_version: 1.8.23
|
220
|
+
rubygems_version: 1.8.23.2
|
245
221
|
signing_key:
|
246
222
|
specification_version: 3
|
247
223
|
summary: Ruby bindings for the Stripe API
|
@@ -252,7 +228,6 @@ test_files:
|
|
252
228
|
- test/stripe/application_fee_test.rb
|
253
229
|
- test/stripe/balance_test.rb
|
254
230
|
- test/stripe/bitcoin_receiver_test.rb
|
255
|
-
- test/stripe/certificate_blacklist_test.rb
|
256
231
|
- test/stripe/charge_test.rb
|
257
232
|
- test/stripe/coupon_test.rb
|
258
233
|
- test/stripe/customer_card_test.rb
|
@@ -1,55 +0,0 @@
|
|
1
|
-
require 'uri'
|
2
|
-
require 'digest/sha1'
|
3
|
-
|
4
|
-
module Stripe
|
5
|
-
module CertificateBlacklist
|
6
|
-
|
7
|
-
BLACKLIST = {
|
8
|
-
"api.stripe.com" => [
|
9
|
-
'05c0b3643694470a888c6e7feb5c9e24e823dc53',
|
10
|
-
],
|
11
|
-
"revoked.stripe.com" => [
|
12
|
-
'5b7dc7fbc98d78bf76d4d4fa6f597a0c901fad5c',
|
13
|
-
]
|
14
|
-
}
|
15
|
-
|
16
|
-
# Preflight the SSL certificate presented by the backend. This isn't 100%
|
17
|
-
# bulletproof, in that we're not actually validating the transport used to
|
18
|
-
# communicate with Stripe, merely that the first attempt to does not use a
|
19
|
-
# revoked certificate.
|
20
|
-
|
21
|
-
# Unfortunately the interface to OpenSSL doesn't make it easy to check the
|
22
|
-
# certificate before sending potentially sensitive data on the wire. This
|
23
|
-
# approach raises the bar for an attacker significantly.
|
24
|
-
|
25
|
-
def self.check_ssl_cert(uri, ca_file)
|
26
|
-
uri = URI.parse(uri)
|
27
|
-
|
28
|
-
sock = TCPSocket.new(uri.host, uri.port)
|
29
|
-
ctx = OpenSSL::SSL::SSLContext.new
|
30
|
-
ctx.set_params(:verify_mode => OpenSSL::SSL::VERIFY_PEER,
|
31
|
-
:ca_file => ca_file)
|
32
|
-
|
33
|
-
socket = OpenSSL::SSL::SSLSocket.new(sock, ctx)
|
34
|
-
socket.connect
|
35
|
-
|
36
|
-
certificate = socket.peer_cert.to_der
|
37
|
-
fingerprint = Digest::SHA1.hexdigest(certificate)
|
38
|
-
|
39
|
-
if blacklisted_certs = BLACKLIST[uri.host]
|
40
|
-
if blacklisted_certs.include?(fingerprint)
|
41
|
-
raise APIConnectionError.new(
|
42
|
-
"Invalid server certificate. You tried to connect to a server that" \
|
43
|
-
"has a revoked SSL certificate, which means we cannot securely send" \
|
44
|
-
"data to that server. Please email support@stripe.com if you need" \
|
45
|
-
"help connecting to the correct API server."
|
46
|
-
)
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
socket.close
|
51
|
-
|
52
|
-
return true
|
53
|
-
end
|
54
|
-
end
|
55
|
-
end
|
@@ -1,18 +0,0 @@
|
|
1
|
-
require File.expand_path('../../test_helper', __FILE__)
|
2
|
-
|
3
|
-
module Stripe
|
4
|
-
|
5
|
-
class CertificateBlacklistTest < Test::Unit::TestCase
|
6
|
-
should "not trust revoked certificates" do
|
7
|
-
assert_raises(Stripe::APIConnectionError) {
|
8
|
-
Stripe::CertificateBlacklist.check_ssl_cert("https://revoked.stripe.com:444",
|
9
|
-
Stripe::DEFAULT_CA_BUNDLE_PATH)
|
10
|
-
}
|
11
|
-
end
|
12
|
-
|
13
|
-
should "trust api.stripe.com" do
|
14
|
-
assert_true Stripe::CertificateBlacklist.check_ssl_cert("https://api.stripe.com",
|
15
|
-
Stripe::DEFAULT_CA_BUNDLE_PATH)
|
16
|
-
end
|
17
|
-
end
|
18
|
-
end
|