stripe 3.2.0 → 5.16.0

data/lib/stripe/list_object.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Stripe
   class ListObject < StripeObject
     include Enumerable
@@ -5,7 +7,7 @@ module Stripe
     include Stripe::APIOperations::Request
     include Stripe::APIOperations::Create
 
-    OBJECT_NAME = 'list'
+    OBJECT_NAME = "list"
 
     # This accessor allows a `ListObject` to inherit various filters that were
     # given to a predecessor. This allows for things like consistent limits,
@@ -15,8 +17,8 @@ module Stripe
     # An empty list object. This is returned from +next+ when we know that
     # there isn't a next page in order to replicate the behavior of the API
     # when it attempts to return a page beyond the last.
-    def self.empty_list(opts={})
-      ListObject.construct_from({ :data => [] }, opts)
+    def self.empty_list(opts = {})
+      ListObject.construct_from({ data: [] }, opts)
     end
 
     def initialize(*args)
@@ -24,12 +26,16 @@ module Stripe
       self.filters = {}
     end
 
-    def [](k)
-      case k
+    def [](key)
+      case key
       when String, Symbol
         super
       else
-        raise ArgumentError.new("You tried to access the #{k.inspect} index, but ListObject types only support String keys. (HINT: List calls return an object with a 'data' (which is the data array). You likely want to call #data[#{k.inspect}])")
+        raise ArgumentError,
+              "You tried to access the #{key.inspect} index, but ListObject " \
+              "types only support String keys. (HINT: List calls return an " \
+              "object with a 'data' (which is the data array). You likely " \
+              "want to call #data[#{key.inspect}])"
       end
     end
 
@@ -39,12 +45,22 @@ module Stripe
     # Note that this method makes no effort to fetch a new page when it gets to
     # the end of the current page's resources. See also +auto_paging_each+.
     def each(&blk)
-      self.data.each(&blk)
+      data.each(&blk)
     end
 
     # Iterates through each resource in all pages, making additional fetches to
     # the API as necessary.
     #
+    # The default iteration direction is forwards according to Stripe's API
+    # "natural" ordering direction -- newer objects first, and moving towards
+    # older objects.
+    #
+    # However, if the initial list object was fetched using an `ending_before`
+    # cursor (and only `ending_before`, `starting_after` cannot also be
+    # included), the method assumes that the user is trying to iterate
+    # backwards compared to natural ordering and returns results that way --
+    # older objects first, and moving towards newer objects.
+    #
     # Note that this method will make as many API calls as necessary to fetch
     # all resources. For more granular control, please see +each+ and
     # +next_page+.
@@ -53,20 +69,31 @@ module Stripe
 
       page = self
       loop do
-        page.each(&blk)
-        page = page.next_page
+        # Backward iterating activates if we have an `ending_before` constraint
+        # and _just_ an `ending_before` constraint. If `starting_after` was
+        # also used, we iterate forwards normally.
+        if filters.include?(:ending_before) &&
+           !filters.include?(:starting_after)
+          page.reverse_each(&blk)
+          page = page.previous_page
+        else
+          page.each(&blk)
+          page = page.next_page
+        end
+
         break if page.empty?
       end
     end
 
     # Returns true if the page object contains no elements.
     def empty?
-      self.data.empty?
+      data.empty?
     end
 
-    def retrieve(id, opts={})
+    def retrieve(id, opts = {})
       id, retrieve_params = Util.normalize_id(id)
-      resp, opts = request(:get,"#{resource_url}/#{CGI.escape(id)}", retrieve_params, opts)
+      resp, opts = request(:get, "#{resource_url}/#{CGI.escape(id)}",
+                           retrieve_params, opts)
       Util.convert_to_stripe_object(resp.data, opts)
     end
 
@@ -74,13 +101,12 @@ module Stripe
     #
     # This method will try to respect the limit of the current page. If none
     # was given, the default limit will be fetched again.
-    def next_page(params={}, opts={})
-      return self.class.empty_list(opts) if !has_more
+    def next_page(params = {}, opts = {})
+      return self.class.empty_list(opts) unless has_more
+
       last_id = data.last.id
 
-      params = filters.merge({
-        :starting_after => last_id,
-      }).merge(params)
+      params = filters.merge(starting_after: last_id).merge(params)
 
       list(params, opts)
     end
@@ -89,19 +115,25 @@ module Stripe
     #
     # This method will try to respect the limit of the current page. If none
     # was given, the default limit will be fetched again.
-    def previous_page(params={}, opts={})
+    def previous_page(params = {}, opts = {})
+      return self.class.empty_list(opts) unless has_more
+
       first_id = data.first.id
 
-      params = filters.merge({
-        :ending_before => first_id,
-      }).merge(params)
+      params = filters.merge(ending_before: first_id).merge(params)
 
       list(params, opts)
     end
 
     def resource_url
-      self.url ||
+      url ||
         raise(ArgumentError, "List object does not contain a 'url' field.")
     end
+
+    # Iterates through each resource in the page represented by the current
+    # `ListObject` in reverse.
+    def reverse_each(&blk)
+      data.reverse_each(&blk)
+    end
   end
 end

data/lib/stripe/multipart_encoder.rb

@@ -0,0 +1,131 @@
+# frozen_string_literal: true
+
+require "securerandom"
+require "tempfile"
+
+module Stripe
+  # Encodes parameters into a `multipart/form-data` payload as described by RFC
+  # 2388:
+  #
+  #     https://tools.ietf.org/html/rfc2388
+  #
+  # This is most useful for transferring file-like objects.
+  #
+  # Parameters should be added with `#encode`. When ready, use `#body` to get
+  # the encoded result and `#content_type` to get the value that should be
+  # placed in the `Content-Type` header of a subsequent request (which includes
+  # a boundary value).
+  class MultipartEncoder
+    MULTIPART_FORM_DATA = "multipart/form-data"
+
+    # A shortcut for encoding a single set of parameters and finalizing a
+    # result.
+    #
+    # Returns an encoded body and the value that should be set in the content
+    # type header of a subsequent request.
+    def self.encode(params)
+      encoder = MultipartEncoder.new
+      encoder.encode(params)
+      encoder.close
+      [encoder.body, encoder.content_type]
+    end
+
+    # Gets the object's randomly generated boundary string.
+    attr_reader :boundary
+
+    # Initializes a new multipart encoder.
+    def initialize
+      # Kind of weird, but required by Rubocop because the unary plus operator
+      # is considered faster than `Stripe.new`.
+      @body = +""
+
+      # Chose the same number of random bytes that Go uses in its standard
+      # library implementation. Easily enough entropy to ensure that it won't
+      # be present in a file we're sending.
+      @boundary = SecureRandom.hex(30)
+
+      @closed = false
+      @first_field = true
+    end
+
+    # Gets the encoded body. `#close` must be called first.
+    def body
+      raise "object must be closed before getting body" unless @closed
+
+      @body
+    end
+
+    # Finalizes the object by writing the final boundary.
+    def close
+      raise "object already closed" if @closed
+
+      @body << "\r\n"
+      @body << "--#{@boundary}--"
+
+      @closed = true
+
+      nil
+    end
+
+    # Gets the value including boundary that should be put into a multipart
+    # request's `Content-Type`.
+    def content_type
+      "#{MULTIPART_FORM_DATA}; boundary=#{@boundary}"
+    end
+
+    # Encodes a set of parameters to the body.
+    #
+    # Note that parameters are expected to be a hash, but a "flat" hash such
+    # that complex substructures like hashes and arrays have already been
+    # appropriately Stripe-encoded. Pass a complex structure through
+    # `Util.flatten_params` first before handing it off to this method.
+    def encode(params)
+      raise "no more parameters can be written to closed object" if @closed
+
+      params.each do |name, val|
+        if val.is_a?(::File) || val.is_a?(::Tempfile)
+          write_field(name, val.read, filename: ::File.basename(val.path))
+        elsif val.respond_to?(:read)
+          write_field(name, val.read, filename: "blob")
+        else
+          write_field(name, val, filename: nil)
+        end
+      end
+
+      nil
+    end
+
+    #
+    # private
+    #
+
+    # Escapes double quotes so that the given value can be used in a
+    # double-quoted string and replaces any linebreak characters with spaces.
+    private def escape(str)
+      str.gsub('"', "%22").tr("\n", " ").tr("\r", " ")
+    end
+
+    private def write_field(name, data, filename:)
+      if !@first_field
+        @body << "\r\n"
+      else
+        @first_field = false
+      end
+
+      @body << "--#{@boundary}\r\n"
+
+      if filename
+        @body << %(Content-Disposition: form-data) +
+                 %(; name="#{escape(name.to_s)}") +
+                 %(; filename="#{escape(filename)}"\r\n)
+        @body << %(Content-Type: application/octet-stream\r\n)
+      else
+        @body << %(Content-Disposition: form-data) +
+                 %(; name="#{escape(name.to_s)}"\r\n)
+      end
+
+      @body << "\r\n"
+      @body << data.to_s
+    end
+  end
+end

data/lib/stripe/oauth.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Stripe
   module OAuth
     module OAuthOperations
@@ -12,43 +14,49 @@ module Stripe
       end
     end
 
-    def self.get_client_id(params={})
+    def self.get_client_id(params = {})
       client_id = params[:client_id] || Stripe.client_id
       unless client_id
-        raise AuthenticationError.new('No client_id provided. ' \
+        raise AuthenticationError, "No client_id provided. " \
           'Set your client_id using "Stripe.client_id = <CLIENT-ID>". ' \
-          'You can find your client_ids in your Stripe dashboard at ' \
-          'https://dashboard.stripe.com/account/applications/settings, ' \
-          'after registering your account as a platform. See ' \
-          'https://stripe.com/docs/connect/standalone-accounts for details, ' \
-          'or email support@stripe.com if you have any questions.')
+          "You can find your client_ids in your Stripe dashboard at " \
+          "https://dashboard.stripe.com/account/applications/settings, " \
+          "after registering your account as a platform. See " \
+          "https://stripe.com/docs/connect/standalone-accounts for details, " \
+          "or email support@stripe.com if you have any questions."
       end
       client_id
     end
 
-    def self.authorize_url(params={}, opts={})
+    def self.authorize_url(params = {}, opts = {})
       base = opts[:connect_base] || Stripe.connect_base
 
+      path = "/oauth/authorize"
+      path = "/express" + path if opts[:express]
+
       params[:client_id] = get_client_id(params)
-      params[:response_type] ||= 'code'
+      params[:response_type] ||= "code"
       query = Util.encode_parameters(params)
 
-      "#{base}/oauth/authorize?#{query}"
+      "#{base}#{path}?#{query}"
     end
 
-    def self.token(params={}, opts={})
+    def self.token(params = {}, opts = {})
       opts = Util.normalize_opts(opts)
+      opts[:api_key] = params[:client_secret] if params[:client_secret]
       resp, opts = OAuthOperations.request(
-        :post, '/oauth/token', params, opts)
+        :post, "/oauth/token", params, opts
+      )
       # This is just going to return a generic StripeObject, but that's okay
       Util.convert_to_stripe_object(resp.data, opts)
     end
 
-    def self.deauthorize(params={}, opts={})
+    def self.deauthorize(params = {}, opts = {})
       opts = Util.normalize_opts(opts)
       params[:client_id] = get_client_id(params)
       resp, opts = OAuthOperations.request(
-        :post, '/oauth/deauthorize', params, opts)
+        :post, "/oauth/deauthorize", params, opts
+      )
       # This is just going to return a generic StripeObject, but that's okay
       Util.convert_to_stripe_object(resp.data, opts)
     end

data/lib/stripe/object_types.rb

@@ -0,0 +1,96 @@
+# frozen_string_literal: true
+
+# rubocop:disable Metrics/MethodLength
+
+module Stripe
+  module ObjectTypes
+    def self.object_names_to_classes
+      {
+        # data structures
+        ListObject::OBJECT_NAME => ListObject,
+
+        # business objects
+        Account::OBJECT_NAME => Account,
+        AccountLink::OBJECT_NAME => AccountLink,
+        AlipayAccount::OBJECT_NAME => AlipayAccount,
+        ApplePayDomain::OBJECT_NAME => ApplePayDomain,
+        ApplicationFee::OBJECT_NAME => ApplicationFee,
+        ApplicationFeeRefund::OBJECT_NAME => ApplicationFeeRefund,
+        Balance::OBJECT_NAME => Balance,
+        BalanceTransaction::OBJECT_NAME => BalanceTransaction,
+        BankAccount::OBJECT_NAME => BankAccount,
+        BitcoinReceiver::OBJECT_NAME => BitcoinReceiver,
+        BitcoinTransaction::OBJECT_NAME => BitcoinTransaction,
+        Capability::OBJECT_NAME => Capability,
+        Card::OBJECT_NAME => Card,
+        Charge::OBJECT_NAME => Charge,
+        Checkout::Session::OBJECT_NAME => Checkout::Session,
+        CountrySpec::OBJECT_NAME => CountrySpec,
+        Coupon::OBJECT_NAME => Coupon,
+        CreditNote::OBJECT_NAME => CreditNote,
+        CreditNoteLineItem::OBJECT_NAME => CreditNoteLineItem,
+        Customer::OBJECT_NAME => Customer,
+        CustomerBalanceTransaction::OBJECT_NAME => CustomerBalanceTransaction,
+        Discount::OBJECT_NAME => Discount,
+        Dispute::OBJECT_NAME => Dispute,
+        EphemeralKey::OBJECT_NAME => EphemeralKey,
+        Event::OBJECT_NAME => Event,
+        ExchangeRate::OBJECT_NAME => ExchangeRate,
+        File::OBJECT_NAME => File,
+        File::OBJECT_NAME_ALT => File,
+        FileLink::OBJECT_NAME => FileLink,
+        Invoice::OBJECT_NAME => Invoice,
+        InvoiceItem::OBJECT_NAME => InvoiceItem,
+        InvoiceLineItem::OBJECT_NAME => InvoiceLineItem,
+        Issuing::Authorization::OBJECT_NAME => Issuing::Authorization,
+        Issuing::Card::OBJECT_NAME => Issuing::Card,
+        Issuing::CardDetails::OBJECT_NAME => Issuing::CardDetails,
+        Issuing::Cardholder::OBJECT_NAME => Issuing::Cardholder,
+        Issuing::Dispute::OBJECT_NAME => Issuing::Dispute,
+        Issuing::Transaction::OBJECT_NAME => Issuing::Transaction,
+        LoginLink::OBJECT_NAME => LoginLink,
+        Mandate::OBJECT_NAME => Mandate,
+        Order::OBJECT_NAME => Order,
+        OrderReturn::OBJECT_NAME => OrderReturn,
+        PaymentIntent::OBJECT_NAME => PaymentIntent,
+        PaymentMethod::OBJECT_NAME => PaymentMethod,
+        Payout::OBJECT_NAME => Payout,
+        Person::OBJECT_NAME => Person,
+        Plan::OBJECT_NAME => Plan,
+        Product::OBJECT_NAME => Product,
+        Radar::EarlyFraudWarning::OBJECT_NAME => Radar::EarlyFraudWarning,
+        Radar::ValueList::OBJECT_NAME => Radar::ValueList,
+        Radar::ValueListItem::OBJECT_NAME => Radar::ValueListItem,
+        Recipient::OBJECT_NAME => Recipient,
+        RecipientTransfer::OBJECT_NAME => RecipientTransfer,
+        Refund::OBJECT_NAME => Refund,
+        Reporting::ReportRun::OBJECT_NAME => Reporting::ReportRun,
+        Reporting::ReportType::OBJECT_NAME => Reporting::ReportType,
+        Reversal::OBJECT_NAME => Reversal,
+        Review::OBJECT_NAME => Review,
+        SKU::OBJECT_NAME => SKU,
+        SetupIntent::OBJECT_NAME => SetupIntent,
+        Sigma::ScheduledQueryRun::OBJECT_NAME => Sigma::ScheduledQueryRun,
+        Source::OBJECT_NAME => Source,
+        SourceTransaction::OBJECT_NAME => SourceTransaction,
+        Subscription::OBJECT_NAME => Subscription,
+        SubscriptionItem::OBJECT_NAME => SubscriptionItem,
+        SubscriptionSchedule::OBJECT_NAME => SubscriptionSchedule,
+        TaxId::OBJECT_NAME => TaxId,
+        TaxRate::OBJECT_NAME => TaxRate,
+        Terminal::ConnectionToken::OBJECT_NAME => Terminal::ConnectionToken,
+        Terminal::Location::OBJECT_NAME => Terminal::Location,
+        Terminal::Reader::OBJECT_NAME => Terminal::Reader,
+        ThreeDSecure::OBJECT_NAME => ThreeDSecure,
+        Token::OBJECT_NAME => Token,
+        Topup::OBJECT_NAME => Topup,
+        Transfer::OBJECT_NAME => Transfer,
+        UsageRecord::OBJECT_NAME => UsageRecord,
+        UsageRecordSummary::OBJECT_NAME => UsageRecordSummary,
+        WebhookEndpoint::OBJECT_NAME => WebhookEndpoint,
+      }
+    end
+  end
+end
+
+# rubocop:enable Metrics/MethodLength

data/lib/stripe/{account.rb → resources/account.rb}

@@ -1,21 +1,42 @@
+# frozen_string_literal: true
+
 module Stripe
   class Account < APIResource
     extend Gem::Deprecate
     extend Stripe::APIOperations::Create
-    extend Stripe::APIOperations::List
     include Stripe::APIOperations::Delete
+    extend Stripe::APIOperations::List
     include Stripe::APIOperations::Save
+    extend Stripe::APIOperations::NestedResource
+
+    OBJECT_NAME = "account"
 
-    OBJECT_NAME = 'account'
+    custom_method :reject, http_verb: :post
+
+    nested_resource_class_methods :capability,
+                                  operations: %i[retrieve update list],
+                                  resource_plural: "capabilities"
+    nested_resource_class_methods :person,
+                                  operations: %i[create retrieve update delete list]
+
+    def reject(params = {}, opts = {})
+      request_stripe_object(
+        method: :post,
+        path: resource_url + "/reject",
+        params: params,
+        opts: opts
+      )
+    end
 
     save_nested_resource :external_account
 
-    # This method is deprecated. Please use `#external_account=` instead.
-    save_nested_resource :bank_account
-    deprecate :bank_account=, "#external_account=", 2017, 8
+    nested_resource_class_methods :external_account,
+                                  operations: %i[create retrieve update delete list]
+
+    nested_resource_class_methods :login_link, operations: %i[create]
 
     def resource_url
-      if self['id']
+      if self["id"]
         super
       else
         "/v1/account"
@@ -23,26 +44,34 @@ module Stripe
     end
 
     # @override To make id optional
-    def self.retrieve(id=ARGUMENT_NOT_PROVIDED, opts={})
-      id = id.equal?(ARGUMENT_NOT_PROVIDED) ? nil : Util.check_string_argument!(id)
+    def self.retrieve(id = ARGUMENT_NOT_PROVIDED, opts = {})
+      id = if id.equal?(ARGUMENT_NOT_PROVIDED)
+             nil
+           else
+             Util.check_string_argument!(id)
+           end
 
       # Account used to be a singleton, where this method's signature was
       # `(opts={})`. For the sake of not breaking folks who pass in an OAuth
       # key in opts, let's lurkily string match for it.
-      if opts == {} && id.is_a?(String) && id.start_with?('sk_')
-        # `super` properly assumes a String opts is the apiKey and normalizes as expected.
+      if opts == {} && id.is_a?(String) && id.start_with?("sk_")
+        # `super` properly assumes a String opts is the apiKey and normalizes
+        # as expected.
         opts = id
         id = nil
       end
       super(id, opts)
     end
 
-    def reject(params={}, opts={})
-      opts = Util.normalize_opts(opts)
-      resp, opts = request(:post, resource_url + '/reject', params, opts)
-      initialize_from(resp.data, opts)
+    def persons(params = {}, opts = {})
+      resp, opts = request(:get, resource_url + "/persons", params, opts)
+      Util.convert_to_stripe_object(resp.data, opts)
     end
 
+    # We are not adding a helper for capabilities here as the Account object
+    # already has a capabilities property which is a hash and not the sub-list
+    # of capabilities.
+
     # Somewhat unfortunately, we attempt to do a special encoding trick when
     # serializing `additional_owners` under an account: when updating a value,
     # we actually send the update parameters up as an integer-indexed hash
@@ -67,17 +96,22 @@ module Stripe
     # We're trying to get this overturned on the server side, but for now,
     # patch in a special allowance.
     def serialize_params(options = {})
-      serialize_params_account(self, super)
+      serialize_params_account(self, super, options)
     end
 
-    def serialize_params_account(obj, update_hash)
-      if entity = @values[:legal_entity]
-        if owners = entity[:additional_owners]
+    def serialize_params_account(_obj, update_hash, options = {})
+      if (entity = @values[:legal_entity])
+        if (owners = entity[:additional_owners])
           entity_update = update_hash[:legal_entity] ||= {}
           entity_update[:additional_owners] =
             serialize_additional_owners(entity, owners)
         end
       end
+      if (individual = @values[:individual])
+        if individual.is_a?(Person) && !update_hash.key?(:individual)
+          update_hash[:individual] = individual.serialize_params(options)
+        end
+      end
       update_hash
     end
 
@@ -86,34 +120,37 @@ module Stripe
     end
 
     def legal_entity
-      self['legal_entity']
+      self["legal_entity"]
     end
 
-    def legal_entity=(_)
-      raise NoMethodError.new('Overridding legal_entity can cause serious issues. Instead, set the individual fields of legal_entity like blah.legal_entity.first_name = \'Blah\'')
+    def legal_entity=(_legal_entity)
+      raise NoMethodError,
+            "Overriding legal_entity can cause serious issues. Instead, set " \
+            "the individual fields of legal_entity like " \
+            "`account.legal_entity.first_name = 'Blah'`"
     end
 
-    def deauthorize(client_id=nil, opts={})
+    def deauthorize(client_id = nil, opts = {})
       params = {
         client_id: client_id,
-        stripe_user_id: self.id,
+        stripe_user_id: id,
       }
       OAuth.deauthorize(params, opts)
     end
 
     ARGUMENT_NOT_PROVIDED = Object.new
 
-    private
-
-    def serialize_additional_owners(legal_entity, additional_owners)
-      original_value = legal_entity.instance_variable_get(:@original_values)[:additional_owners]
+    private def serialize_additional_owners(legal_entity, additional_owners)
+      original_value =
+        legal_entity
+        .instance_variable_get(:@original_values)[:additional_owners]
       if original_value && original_value.length > additional_owners.length
         # url params provide no mechanism for deleting an item in an array,
         # just overwriting the whole array or adding new items. So let's not
         # allow deleting without a full overwrite until we have a solution.
-        raise ArgumentError.new(
-          "You cannot delete an item from an array, you must instead set a new array"
-        )
+        raise ArgumentError,
+              "You cannot delete an item from an array, you must instead " \
+              "set a new array"
       end
 
       update_hash = {}
@@ -125,10 +162,11 @@ module Stripe
         # StripeObject.
         update = v.is_a?(StripeObject) ? v.serialize_params : v
 
-        if update != {} && (!original_value ||
-          update != legal_entity.serialize_params_value(original_value[i], nil, false, true))
-            update_hash[i.to_s] = update
-        end
+        next unless update != {} && (!original_value ||
+          update != legal_entity.serialize_params_value(original_value[i], nil,
+                                                        false, true))
+
+        update_hash[i.to_s] = update
       end
       update_hash
     end

data/lib/stripe/resources/account_link.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module Stripe
+  class AccountLink < APIResource
+    extend Stripe::APIOperations::Create
+
+    OBJECT_NAME = "account_link"
+  end
+end

data/lib/stripe/resources/alipay_account.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module Stripe
+  class AlipayAccount < APIResource
+    include Stripe::APIOperations::Save
+    include Stripe::APIOperations::Delete
+
+    OBJECT_NAME = "alipay_account"
+
+    def resource_url
+      if !respond_to?(:customer) || customer.nil?
+        raise NotImplementedError,
+              "Alipay accounts cannot be accessed without a customer ID."
+      end
+
+      "#{Customer.resource_url}/#{CGI.escape(customer)}/sources" \
+      "/#{CGI.escape(id)}"
+    end
+
+    def self.update(_id, _params = nil, _opts = nil)
+      raise NotImplementedError,
+            "Alipay accounts cannot be updated without a customer ID. " \
+            "Update an Alipay account using `Customer.update_source(" \
+            "'customer_id', 'alipay_account_id', update_params)`"
+    end
+
+    def self.retrieve(_id, _opts = nil)
+      raise NotImplementedError,
+            "Alipay accounts cannot be retrieved without a customer ID. " \
+            "Retrieve an Alipay account using `Customer.retrieve_source(" \
+            "'customer_id', 'alipay_account_id')`"
+    end
+  end
+end