stripe 4.20.0 → 5.0.0

data/lib/stripe/multipart_encoder.rb

@@ -0,0 +1,131 @@
+# frozen_string_literal: true
+
+require "securerandom"
+require "tempfile"
+
+module Stripe
+  # Encodes parameters into a `multipart/form-data` payload as described by RFC
+  # 2388:
+  #
+  #     https://tools.ietf.org/html/rfc2388
+  #
+  # This is most useful for transferring file-like objects.
+  #
+  # Parameters should be added with `#encode`. When ready, use `#body` to get
+  # the encoded result and `#content_type` to get the value that should be
+  # placed in the `Content-Type` header of a subsequent request (which includes
+  # a boundary value).
+  class MultipartEncoder
+    MULTIPART_FORM_DATA = "multipart/form-data"
+
+    # A shortcut for encoding a single set of parameters and finalizing a
+    # result.
+    #
+    # Returns an encoded body and the value that should be set in the content
+    # type header of a subsequent request.
+    def self.encode(params)
+      encoder = MultipartEncoder.new
+      encoder.encode(params)
+      encoder.close
+      [encoder.body, encoder.content_type]
+    end
+
+    # Gets the object's randomly generated boundary string.
+    attr_reader :boundary
+
+    # Initializes a new multipart encoder.
+    def initialize
+      # Kind of weird, but required by Rubocop because the unary plus operator
+      # is considered faster than `Stripe.new`.
+      @body = +""
+
+      # Chose the same number of random bytes that Go uses in its standard
+      # library implementation. Easily enough entropy to ensure that it won't
+      # be present in a file we're sending.
+      @boundary = SecureRandom.hex(30)
+
+      @closed = false
+      @first_field = true
+    end
+
+    # Gets the encoded body. `#close` must be called first.
+    def body
+      raise "object must be closed before getting body" unless @closed
+
+      @body
+    end
+
+    # Finalizes the object by writing the final boundary.
+    def close
+      raise "object already closed" if @closed
+
+      @body << "\r\n"
+      @body << "--#{@boundary}--"
+
+      @closed = true
+
+      nil
+    end
+
+    # Gets the value including boundary that should be put into a multipart
+    # request's `Content-Type`.
+    def content_type
+      "#{MULTIPART_FORM_DATA}; boundary=#{@boundary}"
+    end
+
+    # Encodes a set of parameters to the body.
+    #
+    # Note that parameters are expected to be a hash, but a "flat" hash such
+    # that complex substructures like hashes and arrays have already been
+    # appropriately Stripe-encoded. Pass a complex structure through
+    # `Util.flatten_params` first before handing it off to this method.
+    def encode(params)
+      raise "no more parameters can be written to closed object" if @closed
+
+      params.each do |name, val|
+        if val.is_a?(::File) || val.is_a?(::Tempfile)
+          write_field(name, val.read, filename: ::File.basename(val.path))
+        elsif val.respond_to?(:read)
+          write_field(name, val.read, filename: "blob")
+        else
+          write_field(name, val, filename: nil)
+        end
+      end
+
+      nil
+    end
+
+    #
+    # private
+    #
+
+    # Escapes double quotes so that the given value can be used in a
+    # double-quoted string and replaces any linebreak characters with spaces.
+    private def escape(str)
+      str.gsub('"', "%22").tr("\n", " ").tr("\r", " ")
+    end
+
+    private def write_field(name, data, filename:)
+      if !@first_field
+        @body << "\r\n"
+      else
+        @first_field = false
+      end
+
+      @body << "--#{@boundary}\r\n"
+
+      if filename
+        @body << %(Content-Disposition: form-data) +
+                 %(; name="#{escape(name.to_s)}") +
+                 %(; filename="#{escape(filename)}"\r\n)
+        @body << %(Content-Type: application/octet-stream\r\n)
+      else
+        @body << %(Content-Disposition: form-data) +
+                 %(; name="#{escape(name.to_s)}"\r\n)
+      end
+
+      @body << "\r\n"
+      @body << data.to_s
+    end
+  end
+end

data/lib/stripe/object_types.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-# rubocop:disable Metrics/LineLength
 # rubocop:disable Metrics/MethodLength
 
 module Stripe
@@ -42,7 +41,6 @@ module Stripe
         Invoice::OBJECT_NAME => Invoice,
         InvoiceItem::OBJECT_NAME => InvoiceItem,
         InvoiceLineItem::OBJECT_NAME => InvoiceLineItem,
-        IssuerFraudRecord::OBJECT_NAME => IssuerFraudRecord,
         Issuing::Authorization::OBJECT_NAME => Issuing::Authorization,
         Issuing::Card::OBJECT_NAME => Issuing::Card,
         Issuing::CardDetails::OBJECT_NAME => Issuing::CardDetails,
@@ -69,13 +67,13 @@ module Stripe
         Reversal::OBJECT_NAME => Reversal,
         Review::OBJECT_NAME => Review,
         SKU::OBJECT_NAME => SKU,
+        SetupIntent::OBJECT_NAME => SetupIntent,
         Sigma::ScheduledQueryRun::OBJECT_NAME => Sigma::ScheduledQueryRun,
         Source::OBJECT_NAME => Source,
         SourceTransaction::OBJECT_NAME => SourceTransaction,
         Subscription::OBJECT_NAME => Subscription,
         SubscriptionItem::OBJECT_NAME => SubscriptionItem,
         SubscriptionSchedule::OBJECT_NAME => SubscriptionSchedule,
-        SubscriptionScheduleRevision::OBJECT_NAME => SubscriptionScheduleRevision,
         TaxId::OBJECT_NAME => TaxId,
         TaxRate::OBJECT_NAME => TaxRate,
         Terminal::ConnectionToken::OBJECT_NAME => Terminal::ConnectionToken,
@@ -93,5 +91,4 @@ module Stripe
   end
 end
 
-# rubocop:enable Metrics/LineLength
 # rubocop:enable Metrics/MethodLength

data/lib/stripe/resources/account.rb

@@ -9,7 +9,7 @@ module Stripe
     include Stripe::APIOperations::Save
     extend Stripe::APIOperations::NestedResource
 
-    OBJECT_NAME = "account".freeze
+    OBJECT_NAME = "account"
 
     custom_method :reject, http_verb: :post
 
@@ -20,8 +20,12 @@ module Stripe
                                   operations: %i[create retrieve update delete list]
 
     def reject(params = {}, opts = {})
-      resp, opts = request(:post, resource_url + "/reject", params, opts)
-      Util.convert_to_stripe_object(resp.data, opts)
+      request_stripe_object(
+        method: :post,
+        path: resource_url + "/reject",
+        params: params,
+        opts: opts
+      )
     end
 
     save_nested_resource :external_account
@@ -31,10 +35,6 @@ module Stripe
 
     nested_resource_class_methods :login_link, operations: %i[create]
 
-    # This method is deprecated. Please use `#external_account=` instead.
-    save_nested_resource :bank_account
-    deprecate :bank_account=, "#external_account=", 2017, 8
-
     def resource_url
       if self["id"]
         super

data/lib/stripe/resources/account_link.rb

@@ -4,6 +4,6 @@ module Stripe
   class AccountLink < APIResource
     extend Stripe::APIOperations::Create
 
-    OBJECT_NAME = "account_link".freeze
+    OBJECT_NAME = "account_link"
   end
 end

data/lib/stripe/resources/alipay_account.rb

@@ -5,7 +5,7 @@ module Stripe
     include Stripe::APIOperations::Save
     include Stripe::APIOperations::Delete
 
-    OBJECT_NAME = "alipay_account".freeze
+    OBJECT_NAME = "alipay_account"
 
     def resource_url
       if !respond_to?(:customer) || customer.nil?

data/lib/stripe/resources/apple_pay_domain.rb

@@ -7,7 +7,7 @@ module Stripe
     include Stripe::APIOperations::Delete
     extend Stripe::APIOperations::List
 
-    OBJECT_NAME = "apple_pay_domain".freeze
+    OBJECT_NAME = "apple_pay_domain"
 
     def self.resource_url
       "/v1/apple_pay/domains"

data/lib/stripe/resources/application_fee.rb

@@ -5,20 +5,9 @@ module Stripe
     extend Stripe::APIOperations::List
     extend Stripe::APIOperations::NestedResource
 
-    OBJECT_NAME = "application_fee".freeze
+    OBJECT_NAME = "application_fee"
 
     nested_resource_class_methods :refund,
                                   operations: %i[create retrieve update list]
-
-    # If you don't need access to an updated fee object after the refund, it's
-    # more performant to just call `fee.refunds.create` directly.
-    def refund(params = {}, opts = {})
-      refunds.create(params, opts)
-
-      # now that a refund has been created, we expect the state of this object
-      # to change as well (i.e. `refunded` will now be `true`) so refresh it
-      # from the server
-      refresh
-    end
   end
 end

data/lib/stripe/resources/application_fee_refund.rb

@@ -5,7 +5,7 @@ module Stripe
     include Stripe::APIOperations::Save
     extend Stripe::APIOperations::List
 
-    OBJECT_NAME = "fee_refund".freeze
+    OBJECT_NAME = "fee_refund"
 
     def resource_url
       "#{ApplicationFee.resource_url}/#{CGI.escape(fee)}/refunds" \

data/lib/stripe/resources/balance.rb

@@ -2,6 +2,6 @@
 
 module Stripe
   class Balance < SingletonAPIResource
-    OBJECT_NAME = "balance".freeze
+    OBJECT_NAME = "balance"
   end
 end

data/lib/stripe/resources/balance_transaction.rb

@@ -4,10 +4,6 @@ module Stripe
   class BalanceTransaction < APIResource
     extend Stripe::APIOperations::List
 
-    OBJECT_NAME = "balance_transaction".freeze
-
-    def self.resource_url
-      "/v1/balance/history"
-    end
+    OBJECT_NAME = "balance_transaction"
   end
 end

data/lib/stripe/resources/bank_account.rb

@@ -6,7 +6,7 @@ module Stripe
     extend Stripe::APIOperations::List
     include Stripe::APIOperations::Save
 
-    OBJECT_NAME = "bank_account".freeze
+    OBJECT_NAME = "bank_account"
 
     def verify(params = {}, opts = {})
       resp, opts = request(:post, resource_url + "/verify", params, opts)

data/lib/stripe/resources/bitcoin_receiver.rb

@@ -6,7 +6,7 @@ module Stripe
   class BitcoinReceiver < APIResource
     extend Stripe::APIOperations::List
 
-    OBJECT_NAME = "bitcoin_receiver".freeze
+    OBJECT_NAME = "bitcoin_receiver"
 
     def self.resource_url
       "/v1/bitcoin/receivers"

data/lib/stripe/resources/bitcoin_transaction.rb

@@ -6,7 +6,7 @@ module Stripe
     # Sources API instead: https://stripe.com/docs/sources/bitcoin
     extend Stripe::APIOperations::List
 
-    OBJECT_NAME = "bitcoin_transaction".freeze
+    OBJECT_NAME = "bitcoin_transaction"
 
     def self.resource_url
       "/v1/bitcoin/transactions"

data/lib/stripe/resources/capability.rb

@@ -5,7 +5,7 @@ module Stripe
     extend Stripe::APIOperations::List
     include Stripe::APIOperations::Save
 
-    OBJECT_NAME = "capability".freeze
+    OBJECT_NAME = "capability"
 
     def resource_url
       if !respond_to?(:account) || account.nil?

data/lib/stripe/resources/card.rb

@@ -6,7 +6,7 @@ module Stripe
     extend Stripe::APIOperations::List
     include Stripe::APIOperations::Save
 
-    OBJECT_NAME = "card".freeze
+    OBJECT_NAME = "card"
 
     def resource_url
       if respond_to?(:recipient) && !recipient.nil? && !recipient.empty?

data/lib/stripe/resources/charge.rb

@@ -6,79 +6,17 @@ module Stripe
     extend Stripe::APIOperations::List
     include Stripe::APIOperations::Save
 
-    OBJECT_NAME = "charge".freeze
+    OBJECT_NAME = "charge"
 
     custom_method :capture, http_verb: :post
 
-    def refund(params = {}, opts = {})
-      # Old versions of charge objects included a `refunds` field that was just
-      # a vanilla array instead of a Stripe list object.
-      #
-      # Where possible, we'd still like to use the new refund endpoint (thus
-      # `self.refunds.create`), but detect the old API version by looking for
-      # an `Array` and fall back to the old refund URL if necessary so as to
-      # maintain internal compatibility.
-      if refunds.is_a?(Array)
-        resp, opts = request(:post, refund_url, params, opts)
-        initialize_from(resp.data, opts)
-      else
-        refunds.create(params, opts)
-
-        # now that a refund has been created, we expect the state of this object
-        # to change as well (i.e. `refunded` will now be `true`) so refresh it
-        # from the server
-        refresh
-      end
-    end
-
     def capture(params = {}, opts = {})
-      resp, opts = request(:post, capture_url, params, opts)
-      initialize_from(resp.data, opts)
-    end
-
-    def update_dispute(params = {}, opts = {})
-      resp, opts = request(:post, dispute_url, params, opts)
-      initialize_from({ dispute: resp.data }, opts, true)
-      dispute
-    end
-
-    def close_dispute(params = {}, opts = {})
-      resp, opts = request(:post, close_dispute_url, params, opts)
-      initialize_from(resp.data, opts)
-    end
-
-    def mark_as_fraudulent
-      params = {
-        fraud_details: { user_report: "fraudulent" },
-      }
-      resp, opts = request(:post, resource_url, params)
-      initialize_from(resp.data, opts)
-    end
-
-    def mark_as_safe
-      params = {
-        fraud_details: { user_report: "safe" },
-      }
-      resp, opts = request(:post, resource_url, params)
-      initialize_from(resp.data, opts)
-    end
-
-    private def capture_url
-      resource_url + "/capture"
-    end
-
-    private def dispute_url
-      resource_url + "/dispute"
-    end
-
-    private def close_dispute_url
-      resource_url + "/dispute/close"
-    end
-
-    # Note that this is actually the *old* refund URL and its use is no longer
-    # preferred.
-    private def refund_url
-      resource_url + "/refund"
+      request_stripe_object(
+        method: :post,
+        path: resource_url + "/capture",
+        params: params,
+        opts: opts
+      )
     end
   end
 end

data/lib/stripe/resources/checkout/session.rb

@@ -5,7 +5,7 @@ module Stripe
     class Session < APIResource
       extend Stripe::APIOperations::Create
 
-      OBJECT_NAME = "checkout.session".freeze
+      OBJECT_NAME = "checkout.session"
     end
   end
 end

data/lib/stripe/resources/country_spec.rb

@@ -4,6 +4,6 @@ module Stripe
   class CountrySpec < APIResource
     extend Stripe::APIOperations::List
 
-    OBJECT_NAME = "country_spec".freeze
+    OBJECT_NAME = "country_spec"
   end
 end

data/lib/stripe/resources/coupon.rb

@@ -7,6 +7,6 @@ module Stripe
     extend Stripe::APIOperations::List
     include Stripe::APIOperations::Save
 
-    OBJECT_NAME = "coupon".freeze
+    OBJECT_NAME = "coupon"
   end
 end

data/lib/stripe/resources/credit_note.rb

@@ -6,13 +6,17 @@ module Stripe
     extend Stripe::APIOperations::List
     include Stripe::APIOperations::Save
 
-    OBJECT_NAME = "credit_note".freeze
+    OBJECT_NAME = "credit_note"
 
     custom_method :void_credit_note, http_verb: :post, http_path: "void"
 
     def void_credit_note(params = {}, opts = {})
-      resp, opts = request(:post, resource_url + "/void", params, opts)
-      Util.convert_to_stripe_object(resp.data, opts)
+      request_stripe_object(
+        method: :post,
+        path: resource_url + "/void",
+        params: params,
+        opts: opts
+      )
     end
   end
 end

data/lib/stripe/resources/customer.rb

@@ -8,8 +8,10 @@ module Stripe
     include Stripe::APIOperations::Save
     extend Stripe::APIOperations::NestedResource
 
-    OBJECT_NAME = "customer".freeze
+    OBJECT_NAME = "customer"
 
+    nested_resource_class_methods :balance_transaction,
+                                  operations: %i[create retrieve update list]
     nested_resource_class_methods :tax_id,
                                   operations: %i[create retrieve delete list]
 
@@ -19,78 +21,15 @@ module Stripe
     nested_resource_class_methods :source,
                                   operations: %i[create retrieve update delete list]
 
-    nested_resource_class_methods :balance_transaction,
-                                  operations: %i[create retrieve update list]
-
     # The API request for deleting a card or bank account and for detaching a
     # source object are the same.
     class << self
       alias detach_source delete_source
     end
 
-    def add_invoice_item(params, opts = {})
-      opts = @opts.merge(Util.normalize_opts(opts))
-      InvoiceItem.create(params.merge(customer: id), opts)
-    end
-
-    def invoices(params = {}, opts = {})
-      opts = @opts.merge(Util.normalize_opts(opts))
-      Invoice.all(params.merge(customer: id), opts)
-    end
-
-    def invoice_items(params = {}, opts = {})
-      opts = @opts.merge(Util.normalize_opts(opts))
-      InvoiceItem.all(params.merge(customer: id), opts)
-    end
-
-    def upcoming_invoice(params = {}, opts = {})
-      opts = @opts.merge(Util.normalize_opts(opts))
-      Invoice.upcoming(params.merge(customer: id), opts)
-    end
-
-    def charges(params = {}, opts = {})
-      opts = @opts.merge(Util.normalize_opts(opts))
-      Charge.all(params.merge(customer: id), opts)
-    end
-
-    def create_upcoming_invoice(params = {}, opts = {})
-      opts = @opts.merge(Util.normalize_opts(opts))
-      Invoice.create(params.merge(customer: id), opts)
-    end
-
-    def cancel_subscription(params = {}, opts = {})
-      resp, opts = request(:delete, subscription_url, params, opts)
-      initialize_from({ subscription: resp.data }, opts, true)
-      subscription
-    end
-
-    def update_subscription(params = {}, opts = {})
-      resp, opts = request(:post, subscription_url, params, opts)
-      initialize_from({ subscription: resp.data }, opts, true)
-      subscription
-    end
-
-    def create_subscription(params = {}, opts = {})
-      resp, opts = request(:post, subscriptions_url, params, opts)
-      initialize_from({ subscription: resp.data }, opts, true)
-      subscription
-    end
-
     def delete_discount
-      _, opts = request(:delete, discount_url)
-      initialize_from({ discount: nil }, opts, true)
-    end
-
-    private def discount_url
-      resource_url + "/discount"
-    end
-
-    private def subscription_url
-      resource_url + "/subscription"
-    end
-
-    private def subscriptions_url
-      resource_url + "/subscriptions"
+      resp, opts = request(:delete, resource_url + "/discount")
+      initialize_from(resp.data, opts, true)
     end
   end
 end

data/lib/stripe/resources/customer_balance_transaction.rb

@@ -5,7 +5,7 @@ module Stripe
     extend Stripe::APIOperations::List
     include Stripe::APIOperations::Save
 
-    OBJECT_NAME = "customer_balance_transaction".freeze
+    OBJECT_NAME = "customer_balance_transaction"
 
     def resource_url
       if !respond_to?(:customer) || customer.nil?

data/lib/stripe/resources/discount.rb

@@ -2,6 +2,6 @@
 
 module Stripe
   class Discount < StripeObject
-    OBJECT_NAME = "discount".freeze
+    OBJECT_NAME = "discount"
   end
 end

data/lib/stripe/resources/dispute.rb

@@ -5,19 +5,17 @@ module Stripe
     extend Stripe::APIOperations::List
     include Stripe::APIOperations::Save
 
-    OBJECT_NAME = "dispute".freeze
+    OBJECT_NAME = "dispute"
 
     custom_method :close, http_verb: :post
 
     def close(params = {}, opts = {})
-      resp, opts = request(:post, resource_url + "/close", params, opts)
-      Util.convert_to_stripe_object(resp.data, opts)
+      request_stripe_object(
+        method: :post,
+        path: resource_url + "/close",
+        params: params,
+        opts: opts
+      )
     end
-
-    def close_url
-      resource_url + "/close"
-    end
-    extend Gem::Deprecate
-    deprecate :close_url, :none, 2019, 11
   end
 end

data/lib/stripe/resources/ephemeral_key.rb

@@ -5,7 +5,7 @@ module Stripe
     extend Stripe::APIOperations::Create
     include Stripe::APIOperations::Delete
 
-    OBJECT_NAME = "ephemeral_key".freeze
+    OBJECT_NAME = "ephemeral_key"
 
     def self.create(params = {}, opts = {})
       opts = Util.normalize_opts(opts)

data/lib/stripe/resources/event.rb

@@ -4,6 +4,6 @@ module Stripe
   class Event < APIResource
     extend Stripe::APIOperations::List
 
-    OBJECT_NAME = "event".freeze
+    OBJECT_NAME = "event"
   end
 end

data/lib/stripe/resources/exchange_rate.rb

@@ -4,6 +4,6 @@ module Stripe
   class ExchangeRate < APIResource
     extend Stripe::APIOperations::List
 
-    OBJECT_NAME = "exchange_rate".freeze
+    OBJECT_NAME = "exchange_rate"
   end
 end