stripe 4.20.0 → 5.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 410f62f787eb7bf6284fdc2b3b2e722b5d804b58ac24594d4001f89a5e8f915c
-  data.tar.gz: ae1f9e13178bb81ada414ef131e57fc6a34e3592d6163d70175d5b7c655f8d6e
+  metadata.gz: fa015ad0ee6a063db43580f0234ec2738fe5670c82cfa4843ed3bc91d8eb4670
+  data.tar.gz: f987cba3323dbac56c0121fd0d89d5c282a2b3cab9d46f9284cae99b0093d534
 SHA512:
-  metadata.gz: fd074e764a3dc6ca94873982b25c3427319ad1d58842d846dc8888383e2bad2eb22b31f6bbce370ecb6c20d643091cd79b355aff83e0c25affb46c00dbf2e8a3
-  data.tar.gz: c16a7d1aeb72497f1abc2a89b70509fc94b2d8581b3a7cad3ce317ff6021c4b80514342a395f711a527cc45ccc2ed65f309de45e69dad32ce1feae4c2dad11d7
+  metadata.gz: 9b5d25d67c8ade84275d3187988de8660df98d1b2323fa231bc4e1a5ef6dfc9edb2ffcbe71bff404f7a473f4cdde0c5644ec379c625f9a45ea62606792f29871
+  data.tar.gz: ede395b847a59fba4fc3200f174d212c79fa0781222def2323d27cfdec626f3ff869147c2dfc3639206ce9b4d5ff0a282ec92059d04b8ff6b26d619d81655acd

data/.rubocop.yml

@@ -2,21 +2,31 @@ inherit_from: .rubocop_todo.yml
 
 AllCops:
   DisplayCopNames: true
-  TargetRubyVersion: 2.1
+  TargetRubyVersion: 2.3
 
 Layout/CaseIndentation:
   EnforcedStyle: end
 
-Layout/IndentArray:
+Layout/IndentFirstArrayElement:
   EnforcedStyle: consistent
 
-Layout/IndentHash:
+Layout/IndentFirstHashElement:
   EnforcedStyle: consistent
 
-Metrics/LineLength:
+# This can be re-enabled once we're 2.3+ only and can use the squiggly heredoc
+# operator. Prior to that, Rubocop recommended bringing in a library like
+# ActiveSupport to get heredoc indentation, which is just terrible.
+Layout/IndentHeredoc:
+  Enabled: false
+
+Metrics/ClassLength:
   Exclude:
     - "test/**/*.rb"
+
+Metrics/LineLength:
+  Exclude:
     - "lib/stripe/resources/**/*.rb"
+    - "test/**/*.rb"
 
 Metrics/MethodLength:
   # There's ~2 long methods in `StripeClient`. If we want to truncate those a
@@ -33,6 +43,9 @@ Style/AccessModifierDeclarations:
 Style/FrozenStringLiteralComment:
   EnforcedStyle: always
 
+Style/NumericPredicate:
+  Enabled: false
+
 Style/StringLiterals:
   EnforcedStyle: double_quotes
 

data/.rubocop_todo.yml

@@ -1,24 +1,25 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2019-05-24 10:18:48 -0700 using RuboCop version 0.57.2.
+# on 2019-07-30 09:56:31 +0800 using RuboCop version 0.73.0.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
-# Offense count: 20
+# Offense count: 23
 Metrics/AbcSize:
-  Max: 53
+  Max: 51
 
-# Offense count: 31
+# Offense count: 33
 # Configuration parameters: CountComments, ExcludedMethods.
+# ExcludedMethods: refine
 Metrics/BlockLength:
-  Max: 498
+  Max: 509
 
-# Offense count: 11
+# Offense count: 12
 # Configuration parameters: CountComments.
 Metrics/ClassLength:
-  Max: 673
+  Max: 694
 
 # Offense count: 12
 Metrics/CyclomaticComplexity:
@@ -29,10 +30,10 @@ Metrics/CyclomaticComplexity:
 Metrics/ParameterLists:
   Max: 7
 
-# Offense count: 7
+# Offense count: 8
 Metrics/PerceivedComplexity:
   Max: 17
 
-# Offense count: 84
+# Offense count: 86
 Style/Documentation:
   Enabled: false

data/.travis.yml

@@ -1,13 +1,11 @@
 language: ruby
 
 rvm:
-  - 2.1
-  - 2.2
   - 2.3
   - 2.4
   - 2.5
   - 2.6
-  - jruby-9.0.5.0
+  - jruby-9.2.7.0
 
 notifications:
   email:
@@ -18,15 +16,13 @@ sudo: false
 env:
   global:
     # If changing this number, please also change it in `test/test_helper.rb`.
-    - STRIPE_MOCK_VERSION=0.58.0
+    - STRIPE_MOCK_VERSION=0.63.0
 
 cache:
   directories:
     - stripe-mock
 
 before_install:
-  # Install bundler 1.x, because we need to support Ruby 2.1 for now
-  - gem install bundler -v "~> 1.0"
   # Unpack and start stripe-mock so that the test suite can talk to it
   - |
     if [ ! -d "stripe-mock/stripe-mock_${STRIPE_MOCK_VERSION}" ]; then

data/CHANGELOG.md

@@ -1,5 +1,56 @@
 # Changelog
 
+## 5.0.0 - 2019-08-20
+Major version release. The [migration guide](https://github.com/stripe/stripe-ruby/wiki/Migration-guide-for-v5) contains a detailed list of backwards-incompatible changes with upgrade instructions.
+
+Pull requests included in this release (cf. [#815](https://github.com/stripe/stripe-ruby/pull/815)) (⚠️ = breaking changes):
+* [x] ⚠️ #813: Convert library to use built-in `Net::HTTP`
+* [x] ⚠️ #816: Make `code` argument in `CardError` named instead of positional.
+* [x] ⚠️ #817: Drop support for very old Ruby versions.
+* [x] #818: Bump Rubocop to latest version
+* [x] #819: Ruby minimum version increase followup
+* [x] ⚠️ #820: Remove old deprecated methods
+* [x] ⚠️ #823: Remove all alias for list methods
+* [x] ⚠️ #826: Remove `UsageRecord.create` method
+* [x] ⚠️ #827: Remove `IssuerFraudRecord`
+* [x] #811: Add `ErrorObject` to `StripeError` exceptions
+* [x] #828: Tweak retry logic to be a little more like stripe-node
+* [x] #829: Reset connections when connection-changing configuration changes (optional)
+* [x] #830: Fix inverted sign for 500 retries
+* [x] ⚠️#831: Remove a few more very old deprecated methods
+* [x] #832: Minor cleanup in `StripeClient`
+* [x] #833: Do better bookkeeping when tracking state in `Thread.current`
+* [x] #834: Add `Invoice.list_upcoming_line_items` method
+
+## 4.24.0 - 2019-08-12
+* [#825](https://github.com/stripe/stripe-ruby/pull/825) Add `SubscriptionItem.create_usage_record` method
+  - This release also removed the `SubscriptionSchedule.revisions` method. This should have been included in the previous release (4.23.0)
+
+## 4.23.0 - 2019-08-09
+* [#824](https://github.com/stripe/stripe-ruby/pull/824) Remove SubscriptionScheduleRevision
+  - This is technically a breaking change. We've chosen to release it as a minor vesion bump because the associated API is unused.
+
+## 4.22.1 - 2019-08-09
+* [#808](https://github.com/stripe/stripe-ruby/pull/808) Unify request/response handling
+
+## 4.22.0 - 2019-07-30
+* [#821](https://github.com/stripe/stripe-ruby/pull/821) Listing `BalanceTransaction` objects now uses `/v1/balance_transactions` instead of `/v1/balance/history`
+
+## 4.21.3 - 2019-07-15
+* [#810](https://github.com/stripe/stripe-ruby/pull/810) Better error message when passing non-string to custom method
+
+## 4.21.2 - 2019-07-05
+* [#806](https://github.com/stripe/stripe-ruby/pull/806) Revert back to `initialize_from` from `Util.convert_to_stripe_object`
+
+## 4.21.1 - 2019-07-04
+* [#807](https://github.com/stripe/stripe-ruby/pull/807) Add gem metadata
+
+## 4.21.0 - 2019-06-28
+* [#803](https://github.com/stripe/stripe-ruby/pull/803) Add support for the `SetupIntent` resource and APIs
+
+## 4.20.1 - 2019-06-28
+* [#805](https://github.com/stripe/stripe-ruby/pull/805) Fix formatting in `ConnectionFailed` error message
+
 ## 4.20.0 - 2019-06-24
 * [#800](https://github.com/stripe/stripe-ruby/pull/800) Enable request latency telemetry by default
 
@@ -67,7 +118,7 @@
 * [#718](https://github.com/stripe/stripe-ruby/pull/718) Fix an error message typo
 
 ## 4.4.0 - 2018-12-21
-* [#716](https://github.com/stripe/stripe-ruby/pull/716) Add support for the `CheckoutSession` resource 
+* [#716](https://github.com/stripe/stripe-ruby/pull/716) Add support for the `CheckoutSession` resource
 
 ## 4.3.0 - 2018-12-10
 * [#711](https://github.com/stripe/stripe-ruby/pull/711) Add support for account links

data/Gemfile

@@ -7,6 +7,7 @@ gemspec
 group :development do
   gem "coveralls", require: false
   gem "mocha", "~> 0.13.2"
+  gem "rack", ">= 2.0.6"
   gem "rake"
   gem "shoulda-context"
   gem "test-unit"
@@ -18,18 +19,7 @@ group :development do
   # `Gemfile.lock` checked in, so to prevent good builds from suddenly going
   # bad, pin to a specific version number here. Try to keep this relatively
   # up-to-date, but it's not the end of the world if it's not.
-  # Note that 0.57.2 is the most recent version we can use until we drop
-  # support for Ruby 2.1.
-  gem "rubocop", "0.57.2"
-
-  # Rack 2.0+ requires Ruby >= 2.2.2 which is problematic for the test suite on
-  # older Ruby versions. Check Ruby the version here and put a maximum
-  # constraint on Rack if necessary.
-  if RUBY_VERSION >= "2.2.2"
-    gem "rack", ">= 2.0.6"
-  else
-    gem "rack", ">= 1.6.11", "< 2.0" # rubocop:disable Bundler/DuplicatedGem
-  end
+  gem "rubocop", "0.73"
 
   platforms :mri do
     gem "byebug"

data/README.md

@@ -39,7 +39,7 @@ gem build stripe.gemspec
 
 ### Requirements
 
-- Ruby 2.1+.
+- Ruby 2.3+.
 
 ### Bundler
 
@@ -112,15 +112,13 @@ Stripe::Charge.retrieve(
 )
 ```
 
-### Configuring a Client
+### Accessing a response object
 
-While a default HTTP client is used by default, it's also possible to have the
-library use any client supported by [Faraday][faraday] by initializing a
-`Stripe::StripeClient` object and giving it a connection:
+Get access to response objects by initializing a client and using its `request`
+method:
 
 ```ruby
-conn = Faraday.new
-client = Stripe::StripeClient.new(conn)
+client = Stripe::StripeClient.new
 charge, resp = client.request do
   Stripe::Charge.retrieve(
     "ch_18atAXCdGbJFKhCuBAa4532Z",
@@ -159,13 +157,16 @@ Stripe.ca_bundle_path = "path/to/ca/bundle"
 
 ### Configuring Automatic Retries
 
-The library can be configured to automatically retry requests that fail due to
-an intermittent network problem:
+You can enable automatic retries on requests that fail due to a transient
+problem by configuring the maximum number of retries:
 
 ```ruby
 Stripe.max_network_retries = 2
 ```
 
+Various errors can trigger a retry, like a connection error or a timeout, and
+also certain API responses like HTTP status `409 Conflict`.
+
 [Idempotency keys][idempotency-keys] are added to requests to guarantee that
 retries are safe.
 
@@ -272,7 +273,6 @@ Update the bundled [stripe-mock] by editing the version number found in
 [api-keys]: https://dashboard.stripe.com/account/apikeys
 [connect]: https://stripe.com/connect
 [curl]: http://curl.haxx.se/docs/caextract.html
-[faraday]: https://github.com/lostisland/faraday
 [idempotency-keys]: https://stripe.com/docs/api/ruby#idempotent_requests
 [stripe-mock]: https://github.com/stripe/stripe-mock
 [versioning]: https://stripe.com/docs/api/ruby#versioning

data/Rakefile

@@ -13,7 +13,8 @@ RuboCop::RakeTask.new
 
 desc "Update bundled certs"
 task :update_certs do
-  require "faraday"
+  require "net/http"
+  require "uri"
 
   fetch_file "https://curl.haxx.se/ca/cacert.pem",
              ::File.expand_path("../lib/data/ca-certificates.crt", __FILE__)
@@ -23,14 +24,14 @@ end
 # helpers
 #
 
-def fetch_file(url, dest)
+def fetch_file(uri, dest)
   ::File.open(dest, "w") do |file|
-    resp = Faraday.get(url)
-    unless resp.status == 200
-      abort("bad response when fetching: #{url}\n" \
-        "Status #{resp.status}: #{resp.body}")
+    resp = Net::HTTP.get_response(URI.parse(uri))
+    unless resp.code.to_i == 200
+      abort("bad response when fetching: #{uri}\n" \
+        "Status #{resp.code}: #{resp.body}")
     end
     file.write(resp.body)
-    puts "Successfully fetched: #{url}"
+    puts "Successfully fetched: #{uri}"
   end
 end

data/VERSION

@@ -1 +1 @@
-4.20.0
+5.0.0

data/lib/stripe/api_operations/list.rb

@@ -19,12 +19,6 @@ module Stripe
 
         obj
       end
-
-      # The original version of #list was given the somewhat unfortunate name of
-      # #all, and this alias allows us to maintain backward compatibility (the
-      # choice was somewhat misleading in the way that it only returned a single
-      # page rather than all objects).
-      alias all list
     end
   end
 end

data/lib/stripe/api_resource.rb

@@ -70,6 +70,11 @@ module Stripe
       end
       http_path ||= name.to_s
       define_singleton_method(name) do |id, params = {}, opts = {}|
+        unless id.is_a?(String)
+          raise ArgumentError,
+                "id should be a string representing the ID of an API resource"
+        end
+
         url = "#{resource_url}/#{CGI.escape(id)}/#{CGI.escape(http_path)}"
         resp, opts = request(http_verb, url, params, opts)
         Util.convert_to_stripe_object(resp.data, opts)
@@ -98,5 +103,16 @@ module Stripe
       instance.refresh
       instance
     end
+
+    protected def request_stripe_object(method:, path:, params:, opts: {})
+      resp, opts = request(method, path, params, opts)
+
+      # If we're getting back this thing, update; otherwise, instantiate.
+      if Util.object_name_matches_class?(resp.data[:object], self.class)
+        initialize_from(resp.data, opts)
+      else
+        Util.convert_to_stripe_object(resp.data, opts)
+      end
+    end
   end
 end

data/lib/stripe/connection_manager.rb

@@ -0,0 +1,131 @@
+# frozen_string_literal: true
+
+module Stripe
+  # Manages connections across multiple hosts which is useful because the
+  # library may connect to multiple hosts during a typical session (main API,
+  # Connect, Uploads). Ruby doesn't provide an easy way to make this happen
+  # easily, so this class is designed to track what we're connected to and
+  # manage the lifecycle of those connections.
+  #
+  # Note that this class in itself is *not* thread safe. We expect it to be
+  # instantiated once per thread.
+  #
+  # Note also that this class doesn't currently clean up after itself because
+  # it expects to only ever have a few connections. It'd be possible to tank
+  # memory by constantly changing the value of `Stripe.api_base` or the like. A
+  # possible improvement might be to detect and prune old connections whenever
+  # a request is executed.
+  class ConnectionManager
+    def initialize
+      @active_connections = {}
+    end
+
+    # Finishes any active connections by closing their TCP connection and
+    # clears them from internal tracking.
+    def clear
+      @active_connections.each do |_, connection|
+        connection.finish
+      end
+      @active_connections = {}
+    end
+
+    # Gets a connection for a given URI. This is for internal use only as it's
+    # subject to change (we've moved between HTTP client schemes in the past
+    # and may do it again).
+    #
+    # `uri` is expected to be a string.
+    def connection_for(uri)
+      u = URI.parse(uri)
+      connection = @active_connections[[u.host, u.port]]
+
+      if connection.nil?
+        connection = create_connection(u)
+
+        # TODO: what happens after TTL?
+        connection.start
+
+        @active_connections[[u.host, u.port]] = connection
+      end
+
+      connection
+    end
+
+    # Executes an HTTP request to the given URI with the given method. Also
+    # allows a request body, headers, and query string to be specified.
+    def execute_request(method, uri, body: nil, headers: nil, query: nil)
+      # Perform some basic argument validation because it's easy to get
+      # confused between strings and hashes for things like body and query
+      # parameters.
+      raise ArgumentError, "method should be a symbol" \
+        unless method.is_a?(Symbol)
+      raise ArgumentError, "uri should be a string" \
+        unless uri.is_a?(String)
+      raise ArgumentError, "body should be a string" \
+        if body && !body.is_a?(String)
+      raise ArgumentError, "headers should be a hash" \
+        if headers && !headers.is_a?(Hash)
+      raise ArgumentError, "query should be a string" \
+        if query && !query.is_a?(String)
+
+      connection = connection_for(uri)
+
+      u = URI.parse(uri)
+      path = if query
+               u.path + "?" + query
+             else
+               u.path
+             end
+
+      connection.send_request(method.to_s.upcase, path, body, headers)
+    end
+
+    #
+    # private
+    #
+
+    # `uri` should be a parsed `URI` object.
+    private def create_connection(uri)
+      # These all come back as `nil` if no proxy is configured.
+      proxy_host, proxy_port, proxy_user, proxy_pass = proxy_parts
+
+      connection = Net::HTTP.new(uri.host, uri.port,
+                                 proxy_host, proxy_port,
+                                 proxy_user, proxy_pass)
+
+      connection.open_timeout = Stripe.open_timeout
+      connection.read_timeout = Stripe.read_timeout
+
+      connection.use_ssl = uri.scheme == "https"
+
+      if Stripe.verify_ssl_certs
+        connection.verify_mode = OpenSSL::SSL::VERIFY_PEER
+        connection.cert_store = Stripe.ca_store
+      else
+        connection.verify_mode = OpenSSL::SSL::VERIFY_NONE
+
+        unless @verify_ssl_warned
+          @verify_ssl_warned = true
+          warn("WARNING: Running without SSL cert verification. " \
+            "You should never do this in production. " \
+            "Execute `Stripe.verify_ssl_certs = true` to enable " \
+            "verification.")
+        end
+      end
+
+      connection
+    end
+
+    # `Net::HTTP` somewhat awkwardly requires each component of a proxy URI
+    # (host, port, etc.) rather than the URI itself. This method simply parses
+    # out those pieces to make passing them into a new connection a little less
+    # ugly.
+    private def proxy_parts
+      if Stripe.proxy.nil?
+        [nil, nil, nil, nil]
+      else
+        u = URI.parse(Stripe.proxy)
+        [u.host, u.port, u.user, u.password]
+      end
+    end
+  end
+end

data/lib/stripe/error_object.rb

@@ -0,0 +1,94 @@
+# frozen_string_literal: true
+
+module Stripe
+  # Represents an error object as returned by the API.
+  #
+  # @see https://stripe.com/docs/api/errors
+  class ErrorObject < StripeObject
+    # Unlike other objects, we explicitly declare getter methods here. This
+    # is because the API doesn't return `null` values for fields on this
+    # object, rather the fields are omitted entirely. Not declaring the getter
+    # methods would cause users to run into `NoMethodError` exceptions and
+    # get in the way of generic error handling.
+
+    # For card errors, the ID of the failed charge.
+    def charge
+      @values[:charge]
+    end
+
+    # For some errors that could be handled programmatically, a short string
+    # indicating the error code reported.
+    def code
+      @values[:code]
+    end
+
+    # For card errors resulting from a card issuer decline, a short string
+    # indicating the card issuer's reason for the decline if they provide one.
+    def decline_code
+      @values[:decline_code]
+    end
+
+    # A URL to more information about the error code reported.
+    def doc_url
+      @values[:doc_url]
+    end
+
+    # A human-readable message providing more details about the error. For card
+    # errors, these messages can be shown to your users.
+    def message
+      @values[:message]
+    end
+
+    # If the error is parameter-specific, the parameter related to the error.
+    # For example, you can use this to display a message near the correct form
+    # field.
+    def param
+      @values[:param]
+    end
+
+    # The PaymentIntent object for errors returned on a request involving a
+    # PaymentIntent.
+    def payment_intent
+      @values[:payment_intent]
+    end
+
+    # The PaymentMethod object for errors returned on a request involving a
+    # PaymentMethod.
+    def payment_method
+      @values[:payment_method]
+    end
+
+    # The SetupIntent object for errors returned on a request involving a
+    # SetupIntent.
+    def setup_intent
+      @values[:setup_intent]
+    end
+
+    # The source object for errors returned on a request involving a source.
+    def source
+      @values[:source]
+    end
+
+    # The type of error returned. One of `api_connection_error`, `api_error`,
+    # `authentication_error`, `card_error`, `idempotency_error`,
+    # `invalid_request_error`, or `rate_limit_error`.
+    def type
+      @values[:type]
+    end
+  end
+
+  # Represents on OAuth error returned by the OAuth API.
+  #
+  # @see https://stripe.com/docs/connect/oauth-reference#post-token-errors
+  class OAuthErrorObject < StripeObject
+    # A unique error code per error type.
+    def error
+      @values[:error]
+    end
+
+    # A human readable description of the error.
+    def error_description
+      @values[:error_description]
+    end
+  end
+end

data/lib/stripe/errors.rb

@@ -11,6 +11,7 @@ module Stripe
     attr_accessor :response
 
     attr_reader :code
+    attr_reader :error
     attr_reader :http_body
     attr_reader :http_headers
     attr_reader :http_status
@@ -27,6 +28,13 @@ module Stripe
       @json_body = json_body
       @code = code
       @request_id = @http_headers[:request_id]
+      @error = construct_error_object
+    end
+
+    def construct_error_object
+      return nil if @json_body.nil? || !@json_body.key?(:error)
+
+      ErrorObject.construct_from(@json_body[:error])
     end
 
     def to_s
@@ -59,8 +67,7 @@ module Stripe
   class CardError < StripeError
     attr_reader :param
 
-    # TODO: make code a keyword arg in next major release
-    def initialize(message, param, code, http_status: nil, http_body: nil,
+    def initialize(message, param, code: nil, http_status: nil, http_body: nil,
                    json_body: nil, http_headers: nil)
       super(message, http_status: http_status, http_body: http_body,
                      json_body: json_body, http_headers: http_headers,
@@ -119,6 +126,12 @@ module Stripe
                            json_body: json_body, http_headers: http_headers,
                            code: code)
       end
+
+      def construct_error_object
+        return nil if @json_body.nil?
+
+        OAuthErrorObject.construct_from(@json_body)
+      end
     end
 
     # InvalidClientError is raised when the client doesn't belong to you, or

data/lib/stripe/list_object.rb

@@ -7,7 +7,7 @@ module Stripe
     include Stripe::APIOperations::Request
     include Stripe::APIOperations::Create
 
-    OBJECT_NAME = "list".freeze
+    OBJECT_NAME = "list"
 
     # This accessor allows a `ListObject` to inherit various filters that were
     # given to a predecessor. This allows for things like consistent limits,
@@ -83,6 +83,7 @@ module Stripe
     # was given, the default limit will be fetched again.
     def next_page(params = {}, opts = {})
       return self.class.empty_list(opts) unless has_more
+
       last_id = data.last.id
 
       params = filters.merge(starting_after: last_id).merge(params)