stripe 1.20.4 → 1.21.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -1,3 +1,8 @@
1
+ === 1.21.0 2015-04-14
2
+
3
+ * Remove TLS cert revocation check. (All pre-heartbleed certs have expired.)
4
+ * Bugfix: don't unset keys when they don't exist on StripeObject.
5
+
1
6
  === 1.20.4 2015-03-26
2
7
 
3
8
  * Raise an error when explicitly passing nil as the API key on resource methods
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.20.4
1
+ 1.21.0
@@ -1,9 +1,12 @@
1
1
  # Stripe Ruby bindings
2
2
  # API spec at https://stripe.com/docs/api
3
3
  require 'cgi'
4
- require 'set'
5
4
  require 'openssl'
6
- require 'rest_client'
5
+ require 'rbconfig'
6
+ require 'set'
7
+ require 'socket'
8
+
9
+ require 'rest-client'
7
10
  require 'json'
8
11
 
9
12
  # Version
@@ -26,7 +29,6 @@ require 'stripe/account'
26
29
  require 'stripe/balance'
27
30
  require 'stripe/balance_transaction'
28
31
  require 'stripe/customer'
29
- require 'stripe/certificate_blacklist'
30
32
  require 'stripe/invoice'
31
33
  require 'stripe/invoice_item'
32
34
  require 'stripe/charge'
@@ -62,7 +64,6 @@ module Stripe
62
64
 
63
65
  @ssl_bundle_path = DEFAULT_CA_BUNDLE_PATH
64
66
  @verify_ssl_certs = true
65
- @CERTIFICATE_VERIFIED = false
66
67
 
67
68
 
68
69
  class << self
@@ -91,15 +92,17 @@ module Stripe
91
92
  'email support@stripe.com if you have any questions.)')
92
93
  end
93
94
 
94
- request_opts = { :verify_ssl => false }
95
-
96
- if ssl_preflight_passed?
97
- request_opts.update(:verify_ssl => OpenSSL::SSL::VERIFY_PEER,
98
- :ssl_ca_file => @ssl_bundle_path)
99
- end
100
-
101
- if @verify_ssl_certs and !@CERTIFICATE_VERIFIED
102
- @CERTIFICATE_VERIFIED = CertificateBlacklist.check_ssl_cert(api_base_url, @ssl_bundle_path)
95
+ if verify_ssl_certs
96
+ request_opts = {:verify_ssl => OpenSSL::SSL::VERIFY_PEER,
97
+ :ssl_ca_file => @ssl_bundle_path}
98
+ else
99
+ unless @verify_ssl_warned
100
+ @verify_ssl_warned = true
101
+ $stderr.puts("WARNING: Running without SSL cert verification. " \
102
+ "You should never do this in production. " \
103
+ "Execute 'Stripe.verify_ssl_certs = true' to enable verification.")
104
+ request_opts = {:verify_ssl => false}
105
+ end
103
106
  end
104
107
 
105
108
  params = Util.objects_to_ids(params)
@@ -149,23 +152,6 @@ module Stripe
149
152
 
150
153
  private
151
154
 
152
- def self.ssl_preflight_passed?
153
- if !verify_ssl_certs && !@no_verify
154
- $stderr.puts "WARNING: Running without SSL cert verification. " \
155
- "Execute 'Stripe.verify_ssl_certs = true' to enable verification."
156
-
157
- @no_verify = true
158
-
159
- elsif !Util.file_readable(@ssl_bundle_path) && !@no_bundle
160
- $stderr.puts "WARNING: Running without SSL cert verification " \
161
- "because #{@ssl_bundle_path} isn't readable"
162
-
163
- @no_bundle = true
164
- end
165
-
166
- !(@no_verify || @no_bundle)
167
- end
168
-
169
155
  def self.user_agent
170
156
  @uname ||= get_uname
171
157
  lang_version = "#{RUBY_VERSION} p#{RUBY_PATCHLEVEL} (#{RUBY_RELEASE_DATE})"
@@ -175,18 +161,42 @@ module Stripe
175
161
  :lang => 'ruby',
176
162
  :lang_version => lang_version,
177
163
  :platform => RUBY_PLATFORM,
164
+ :engine => defined?(RUBY_ENGINE) ? RUBY_ENGINE : '',
178
165
  :publisher => 'stripe',
179
- :uname => @uname
166
+ :uname => @uname,
167
+ :hostname => Socket.gethostname,
180
168
  }
181
169
 
182
170
  end
183
171
 
184
172
  def self.get_uname
185
- `uname -a 2>/dev/null`.strip if RUBY_PLATFORM =~ /linux|darwin/i
186
- rescue Errno::ENOMEM => ex # couldn't create subprocess
173
+ if File.exist?('/proc/version')
174
+ File.read('/proc/version').strip
175
+ else
176
+ case RbConfig::CONFIG['host_os']
177
+ when /linux|darwin|bsd|sunos|solaris|cygwin/i
178
+ _uname_uname
179
+ when /mswin|mingw/i
180
+ _uname_ver
181
+ else
182
+ "unknown platform"
183
+ end
184
+ end
185
+ end
186
+
187
+ def self._uname_uname
188
+ (`uname -a 2>/dev/null` || '').strip
189
+ rescue Errno::ENOMEM # couldn't create subprocess
190
+ "uname lookup failed"
191
+ end
192
+
193
+ def self._uname_ver
194
+ (`ver` || '').strip
195
+ rescue Errno::ENOMEM # couldn't create subprocess
187
196
  "uname lookup failed"
188
197
  end
189
198
 
199
+
190
200
  def self.uri_encode(params)
191
201
  Util.flatten_params(params).
192
202
  map { |k,v| "#{k}=#{Util.url_encode(v)}" }.join('&')
@@ -129,9 +129,12 @@ module Stripe
129
129
  # e.g. as object.key = {foo => bar}
130
130
  update = new_value
131
131
  new_keys = update.keys.map(&:to_sym)
132
+
132
133
  # remove keys at the server, but not known locally
133
- keys_to_unset = @original_values[key].keys - new_keys
134
- keys_to_unset.each {|key| update[key] = ''}
134
+ if @original_values.include?(key)
135
+ keys_to_unset = @original_values[key].keys - new_keys
136
+ keys_to_unset.each {|key| update[key] = ''}
137
+ end
135
138
 
136
139
  update
137
140
  else
@@ -1,3 +1,3 @@
1
1
  module Stripe
2
- VERSION = '1.20.4'
2
+ VERSION = '1.21.0'
3
3
  end
@@ -13,7 +13,6 @@ spec = Gem::Specification.new do |s|
13
13
  s.license = 'MIT'
14
14
 
15
15
  s.add_dependency('rest-client', '~> 1.4')
16
- s.add_dependency('mime-types', '>= 1.25', '< 3.0')
17
16
  s.add_dependency('json', '~> 1.8.1')
18
17
 
19
18
  s.add_development_dependency('mocha', '~> 0.13.2')
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: stripe
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.20.4
4
+ version: 1.21.0
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2015-03-27 00:00:00.000000000 Z
13
+ date: 2015-04-14 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: rest-client
@@ -28,28 +28,6 @@ dependencies:
28
28
  - - ~>
29
29
  - !ruby/object:Gem::Version
30
30
  version: '1.4'
31
- - !ruby/object:Gem::Dependency
32
- name: mime-types
33
- requirement: !ruby/object:Gem::Requirement
34
- none: false
35
- requirements:
36
- - - ! '>='
37
- - !ruby/object:Gem::Version
38
- version: '1.25'
39
- - - <
40
- - !ruby/object:Gem::Version
41
- version: '3.0'
42
- type: :runtime
43
- prerelease: false
44
- version_requirements: !ruby/object:Gem::Requirement
45
- none: false
46
- requirements:
47
- - - ! '>='
48
- - !ruby/object:Gem::Version
49
- version: '1.25'
50
- - - <
51
- - !ruby/object:Gem::Version
52
- version: '3.0'
53
31
  - !ruby/object:Gem::Dependency
54
32
  name: json
55
33
  requirement: !ruby/object:Gem::Requirement
@@ -169,7 +147,6 @@ files:
169
147
  - lib/stripe/bitcoin_receiver.rb
170
148
  - lib/stripe/bitcoin_transaction.rb
171
149
  - lib/stripe/card.rb
172
- - lib/stripe/certificate_blacklist.rb
173
150
  - lib/stripe/charge.rb
174
151
  - lib/stripe/coupon.rb
175
152
  - lib/stripe/customer.rb
@@ -202,7 +179,6 @@ files:
202
179
  - test/stripe/application_fee_test.rb
203
180
  - test/stripe/balance_test.rb
204
181
  - test/stripe/bitcoin_receiver_test.rb
205
- - test/stripe/certificate_blacklist_test.rb
206
182
  - test/stripe/charge_test.rb
207
183
  - test/stripe/coupon_test.rb
208
184
  - test/stripe/customer_card_test.rb
@@ -241,7 +217,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
241
217
  version: '0'
242
218
  requirements: []
243
219
  rubyforge_project:
244
- rubygems_version: 1.8.23
220
+ rubygems_version: 1.8.23.2
245
221
  signing_key:
246
222
  specification_version: 3
247
223
  summary: Ruby bindings for the Stripe API
@@ -252,7 +228,6 @@ test_files:
252
228
  - test/stripe/application_fee_test.rb
253
229
  - test/stripe/balance_test.rb
254
230
  - test/stripe/bitcoin_receiver_test.rb
255
- - test/stripe/certificate_blacklist_test.rb
256
231
  - test/stripe/charge_test.rb
257
232
  - test/stripe/coupon_test.rb
258
233
  - test/stripe/customer_card_test.rb
@@ -1,55 +0,0 @@
1
- require 'uri'
2
- require 'digest/sha1'
3
-
4
- module Stripe
5
- module CertificateBlacklist
6
-
7
- BLACKLIST = {
8
- "api.stripe.com" => [
9
- '05c0b3643694470a888c6e7feb5c9e24e823dc53',
10
- ],
11
- "revoked.stripe.com" => [
12
- '5b7dc7fbc98d78bf76d4d4fa6f597a0c901fad5c',
13
- ]
14
- }
15
-
16
- # Preflight the SSL certificate presented by the backend. This isn't 100%
17
- # bulletproof, in that we're not actually validating the transport used to
18
- # communicate with Stripe, merely that the first attempt to does not use a
19
- # revoked certificate.
20
-
21
- # Unfortunately the interface to OpenSSL doesn't make it easy to check the
22
- # certificate before sending potentially sensitive data on the wire. This
23
- # approach raises the bar for an attacker significantly.
24
-
25
- def self.check_ssl_cert(uri, ca_file)
26
- uri = URI.parse(uri)
27
-
28
- sock = TCPSocket.new(uri.host, uri.port)
29
- ctx = OpenSSL::SSL::SSLContext.new
30
- ctx.set_params(:verify_mode => OpenSSL::SSL::VERIFY_PEER,
31
- :ca_file => ca_file)
32
-
33
- socket = OpenSSL::SSL::SSLSocket.new(sock, ctx)
34
- socket.connect
35
-
36
- certificate = socket.peer_cert.to_der
37
- fingerprint = Digest::SHA1.hexdigest(certificate)
38
-
39
- if blacklisted_certs = BLACKLIST[uri.host]
40
- if blacklisted_certs.include?(fingerprint)
41
- raise APIConnectionError.new(
42
- "Invalid server certificate. You tried to connect to a server that" \
43
- "has a revoked SSL certificate, which means we cannot securely send" \
44
- "data to that server. Please email support@stripe.com if you need" \
45
- "help connecting to the correct API server."
46
- )
47
- end
48
- end
49
-
50
- socket.close
51
-
52
- return true
53
- end
54
- end
55
- end
@@ -1,18 +0,0 @@
1
- require File.expand_path('../../test_helper', __FILE__)
2
-
3
- module Stripe
4
-
5
- class CertificateBlacklistTest < Test::Unit::TestCase
6
- should "not trust revoked certificates" do
7
- assert_raises(Stripe::APIConnectionError) {
8
- Stripe::CertificateBlacklist.check_ssl_cert("https://revoked.stripe.com:444",
9
- Stripe::DEFAULT_CA_BUNDLE_PATH)
10
- }
11
- end
12
-
13
- should "trust api.stripe.com" do
14
- assert_true Stripe::CertificateBlacklist.check_ssl_cert("https://api.stripe.com",
15
- Stripe::DEFAULT_CA_BUNDLE_PATH)
16
- end
17
- end
18
- end