stripe 4.24.0 → 5.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b2abaedad94afb640e2ee4b39c6a825a2aa8f234d8ce5d64542d73cae0c46c92
-  data.tar.gz: c5c0f7c81270700f7abbf8adcf329268daaff092c8c4892c500ff06c6a1e2dc4
+  metadata.gz: fa015ad0ee6a063db43580f0234ec2738fe5670c82cfa4843ed3bc91d8eb4670
+  data.tar.gz: f987cba3323dbac56c0121fd0d89d5c282a2b3cab9d46f9284cae99b0093d534
 SHA512:
-  metadata.gz: 4f3955ca4759861c3f5d2bd6c78d661239886e44d3cf25939185dc0cc1846ded39c19c71f15c1c71295d686d2cab2d3b5937c11cf0dc9364dbca9289718f02b7
-  data.tar.gz: 9d3d78053ccb35930ebf2cb7da3b4fe986e357599d53fe685b63f79799e26707354eac68b8ce70b0958ddce0375865f67158c1c843c7bd74d28f4b8f8fd3a56c
+  metadata.gz: 9b5d25d67c8ade84275d3187988de8660df98d1b2323fa231bc4e1a5ef6dfc9edb2ffcbe71bff404f7a473f4cdde0c5644ec379c625f9a45ea62606792f29871
+  data.tar.gz: ede395b847a59fba4fc3200f174d212c79fa0781222def2323d27cfdec626f3ff869147c2dfc3639206ce9b4d5ff0a282ec92059d04b8ff6b26d619d81655acd

data/.rubocop.yml

@@ -2,21 +2,31 @@ inherit_from: .rubocop_todo.yml
 
 AllCops:
   DisplayCopNames: true
-  TargetRubyVersion: 2.1
+  TargetRubyVersion: 2.3
 
 Layout/CaseIndentation:
   EnforcedStyle: end
 
-Layout/IndentArray:
+Layout/IndentFirstArrayElement:
   EnforcedStyle: consistent
 
-Layout/IndentHash:
+Layout/IndentFirstHashElement:
   EnforcedStyle: consistent
 
-Metrics/LineLength:
+# This can be re-enabled once we're 2.3+ only and can use the squiggly heredoc
+# operator. Prior to that, Rubocop recommended bringing in a library like
+# ActiveSupport to get heredoc indentation, which is just terrible.
+Layout/IndentHeredoc:
+  Enabled: false
+
+Metrics/ClassLength:
   Exclude:
     - "test/**/*.rb"
+
+Metrics/LineLength:
+  Exclude:
     - "lib/stripe/resources/**/*.rb"
+    - "test/**/*.rb"
 
 Metrics/MethodLength:
   # There's ~2 long methods in `StripeClient`. If we want to truncate those a
@@ -33,6 +43,9 @@ Style/AccessModifierDeclarations:
 Style/FrozenStringLiteralComment:
   EnforcedStyle: always
 
+Style/NumericPredicate:
+  Enabled: false
+
 Style/StringLiterals:
   EnforcedStyle: double_quotes
 

data/.rubocop_todo.yml

@@ -1,24 +1,25 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2019-05-24 10:18:48 -0700 using RuboCop version 0.57.2.
+# on 2019-07-30 09:56:31 +0800 using RuboCop version 0.73.0.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
-# Offense count: 20
+# Offense count: 23
 Metrics/AbcSize:
-  Max: 53
+  Max: 51
 
-# Offense count: 31
+# Offense count: 33
 # Configuration parameters: CountComments, ExcludedMethods.
+# ExcludedMethods: refine
 Metrics/BlockLength:
-  Max: 498
+  Max: 509
 
-# Offense count: 11
+# Offense count: 12
 # Configuration parameters: CountComments.
 Metrics/ClassLength:
-  Max: 673
+  Max: 694
 
 # Offense count: 12
 Metrics/CyclomaticComplexity:
@@ -29,10 +30,10 @@ Metrics/CyclomaticComplexity:
 Metrics/ParameterLists:
   Max: 7
 
-# Offense count: 7
+# Offense count: 8
 Metrics/PerceivedComplexity:
   Max: 17
 
-# Offense count: 84
+# Offense count: 86
 Style/Documentation:
   Enabled: false

data/.travis.yml

@@ -1,13 +1,11 @@
 language: ruby
 
 rvm:
-  - 2.1
-  - 2.2
   - 2.3
   - 2.4
   - 2.5
   - 2.6
-  - jruby-9.0.5.0
+  - jruby-9.2.7.0
 
 notifications:
   email:
@@ -25,8 +23,6 @@ cache:
     - stripe-mock
 
 before_install:
-  # Install bundler 1.x, because we need to support Ruby 2.1 for now
-  - gem install bundler -v "~> 1.0"
   # Unpack and start stripe-mock so that the test suite can talk to it
   - |
     if [ ! -d "stripe-mock/stripe-mock_${STRIPE_MOCK_VERSION}" ]; then

data/CHANGELOG.md

@@ -1,5 +1,27 @@
 # Changelog
 
+## 5.0.0 - 2019-08-20
+Major version release. The [migration guide](https://github.com/stripe/stripe-ruby/wiki/Migration-guide-for-v5) contains a detailed list of backwards-incompatible changes with upgrade instructions.
+
+Pull requests included in this release (cf. [#815](https://github.com/stripe/stripe-ruby/pull/815)) (⚠️ = breaking changes):
+* [x] ⚠️ #813: Convert library to use built-in `Net::HTTP`
+* [x] ⚠️ #816: Make `code` argument in `CardError` named instead of positional.
+* [x] ⚠️ #817: Drop support for very old Ruby versions.
+* [x] #818: Bump Rubocop to latest version
+* [x] #819: Ruby minimum version increase followup
+* [x] ⚠️ #820: Remove old deprecated methods
+* [x] ⚠️ #823: Remove all alias for list methods
+* [x] ⚠️ #826: Remove `UsageRecord.create` method
+* [x] ⚠️ #827: Remove `IssuerFraudRecord`
+* [x] #811: Add `ErrorObject` to `StripeError` exceptions
+* [x] #828: Tweak retry logic to be a little more like stripe-node
+* [x] #829: Reset connections when connection-changing configuration changes (optional)
+* [x] #830: Fix inverted sign for 500 retries
+* [x] ⚠️#831: Remove a few more very old deprecated methods
+* [x] #832: Minor cleanup in `StripeClient`
+* [x] #833: Do better bookkeeping when tracking state in `Thread.current`
+* [x] #834: Add `Invoice.list_upcoming_line_items` method
+
 ## 4.24.0 - 2019-08-12
 * [#825](https://github.com/stripe/stripe-ruby/pull/825) Add `SubscriptionItem.create_usage_record` method
   - This release also removed the `SubscriptionSchedule.revisions` method. This should have been included in the previous release (4.23.0)

data/Gemfile

@@ -7,6 +7,7 @@ gemspec
 group :development do
   gem "coveralls", require: false
   gem "mocha", "~> 0.13.2"
+  gem "rack", ">= 2.0.6"
   gem "rake"
   gem "shoulda-context"
   gem "test-unit"
@@ -18,18 +19,7 @@ group :development do
   # `Gemfile.lock` checked in, so to prevent good builds from suddenly going
   # bad, pin to a specific version number here. Try to keep this relatively
   # up-to-date, but it's not the end of the world if it's not.
-  # Note that 0.57.2 is the most recent version we can use until we drop
-  # support for Ruby 2.1.
-  gem "rubocop", "0.57.2"
-
-  # Rack 2.0+ requires Ruby >= 2.2.2 which is problematic for the test suite on
-  # older Ruby versions. Check Ruby the version here and put a maximum
-  # constraint on Rack if necessary.
-  if RUBY_VERSION >= "2.2.2"
-    gem "rack", ">= 2.0.6"
-  else
-    gem "rack", ">= 1.6.11", "< 2.0" # rubocop:disable Bundler/DuplicatedGem
-  end
+  gem "rubocop", "0.73"
 
   platforms :mri do
     gem "byebug"

data/README.md

@@ -39,7 +39,7 @@ gem build stripe.gemspec
 
 ### Requirements
 
-- Ruby 2.1+.
+- Ruby 2.3+.
 
 ### Bundler
 
@@ -112,15 +112,13 @@ Stripe::Charge.retrieve(
 )
 ```
 
-### Configuring a Client
+### Accessing a response object
 
-While a default HTTP client is used by default, it's also possible to have the
-library use any client supported by [Faraday][faraday] by initializing a
-`Stripe::StripeClient` object and giving it a connection:
+Get access to response objects by initializing a client and using its `request`
+method:
 
 ```ruby
-conn = Faraday.new
-client = Stripe::StripeClient.new(conn)
+client = Stripe::StripeClient.new
 charge, resp = client.request do
   Stripe::Charge.retrieve(
     "ch_18atAXCdGbJFKhCuBAa4532Z",
@@ -159,13 +157,16 @@ Stripe.ca_bundle_path = "path/to/ca/bundle"
 
 ### Configuring Automatic Retries
 
-The library can be configured to automatically retry requests that fail due to
-an intermittent network problem:
+You can enable automatic retries on requests that fail due to a transient
+problem by configuring the maximum number of retries:
 
 ```ruby
 Stripe.max_network_retries = 2
 ```
 
+Various errors can trigger a retry, like a connection error or a timeout, and
+also certain API responses like HTTP status `409 Conflict`.
+
 [Idempotency keys][idempotency-keys] are added to requests to guarantee that
 retries are safe.
 
@@ -272,7 +273,6 @@ Update the bundled [stripe-mock] by editing the version number found in
 [api-keys]: https://dashboard.stripe.com/account/apikeys
 [connect]: https://stripe.com/connect
 [curl]: http://curl.haxx.se/docs/caextract.html
-[faraday]: https://github.com/lostisland/faraday
 [idempotency-keys]: https://stripe.com/docs/api/ruby#idempotent_requests
 [stripe-mock]: https://github.com/stripe/stripe-mock
 [versioning]: https://stripe.com/docs/api/ruby#versioning

data/Rakefile

@@ -13,7 +13,8 @@ RuboCop::RakeTask.new
 
 desc "Update bundled certs"
 task :update_certs do
-  require "faraday"
+  require "net/http"
+  require "uri"
 
   fetch_file "https://curl.haxx.se/ca/cacert.pem",
              ::File.expand_path("../lib/data/ca-certificates.crt", __FILE__)
@@ -23,14 +24,14 @@ end
 # helpers
 #
 
-def fetch_file(url, dest)
+def fetch_file(uri, dest)
   ::File.open(dest, "w") do |file|
-    resp = Faraday.get(url)
-    unless resp.status == 200
-      abort("bad response when fetching: #{url}\n" \
-        "Status #{resp.status}: #{resp.body}")
+    resp = Net::HTTP.get_response(URI.parse(uri))
+    unless resp.code.to_i == 200
+      abort("bad response when fetching: #{uri}\n" \
+        "Status #{resp.code}: #{resp.body}")
     end
     file.write(resp.body)
-    puts "Successfully fetched: #{url}"
+    puts "Successfully fetched: #{uri}"
   end
 end

data/VERSION

@@ -1 +1 @@
-4.24.0
+5.0.0

data/lib/stripe.rb

@@ -3,9 +3,9 @@
 # Stripe Ruby bindings
 # API spec at https://stripe.com/docs/api
 require "cgi"
-require "faraday"
 require "json"
 require "logger"
+require "net/http"
 require "openssl"
 require "rbconfig"
 require "securerandom"
@@ -28,10 +28,13 @@ require "stripe/api_operations/save"
 require "stripe/errors"
 require "stripe/object_types"
 require "stripe/util"
+require "stripe/connection_manager"
+require "stripe/multipart_encoder"
 require "stripe/stripe_client"
 require "stripe/stripe_object"
 require "stripe/stripe_response"
 require "stripe/list_object"
+require "stripe/error_object"
 require "stripe/api_resource"
 require "stripe/singleton_api_resource"
 require "stripe/webhook"
@@ -70,9 +73,20 @@ module Stripe
   @enable_telemetry = true
 
   class << self
-    attr_accessor :stripe_account, :api_key, :api_base, :verify_ssl_certs,
-                  :api_version, :client_id, :connect_base, :uploads_base,
-                  :open_timeout, :read_timeout, :proxy
+    attr_accessor :api_key
+    attr_accessor :api_version
+    attr_accessor :client_id
+    attr_accessor :stripe_account
+
+    # These all get manual attribute writers so that we can reset connections
+    # if they change.
+    attr_reader :api_base
+    attr_reader :connect_base
+    attr_reader :open_timeout
+    attr_reader :proxy
+    attr_reader :read_timeout
+    attr_reader :uploads_base
+    attr_reader :verify_ssl_certs
 
     attr_reader :max_network_retry_delay, :initial_network_retry_delay
   end
@@ -87,6 +101,11 @@ module Stripe
     @app_info = info
   end
 
+  def self.api_base=(api_base)
+    @api_base = api_base
+    StripeClient.clear_all_connection_managers
+  end
+
   # The location of a file containing a bundle of CA certificates. By default
   # the library will use an included bundle that can successfully validate
   # Stripe certificates.
@@ -99,6 +118,8 @@ module Stripe
 
     # empty this field so a new store is initialized
     @ca_store = nil
+
+    StripeClient.clear_all_connection_managers
   end
 
   # A certificate store initialized from the the bundle in #ca_bundle_path and
@@ -118,6 +139,19 @@ module Stripe
     end
   end
 
+  def self.connection_base=(connection_base)
+    @connection_base = connection_base
+    StripeClient.clear_all_connection_managers
+  end
+
+  def self.enable_telemetry?
+    @enable_telemetry
+  end
+
+  def self.enable_telemetry=(val)
+    @enable_telemetry = val
+  end
+
   # map to the same values as the standard library's logger
   LEVEL_DEBUG = Logger::DEBUG
   LEVEL_ERROR = Logger::ERROR
@@ -172,12 +206,19 @@ module Stripe
     @max_network_retries = val.to_i
   end
 
-  def self.enable_telemetry?
-    @enable_telemetry
+  def self.open_timeout=(open_timeout)
+    @open_timeout = open_timeout
+    StripeClient.clear_all_connection_managers
   end
 
-  def self.enable_telemetry=(val)
-    @enable_telemetry = val
+  def self.proxy=(proxy)
+    @proxy = proxy
+    StripeClient.clear_all_connection_managers
+  end
+
+  def self.read_timeout=(read_timeout)
+    @read_timeout = read_timeout
+    StripeClient.clear_all_connection_managers
   end
 
   # Sets some basic information about the running application that's sent along
@@ -194,14 +235,14 @@ module Stripe
     }
   end
 
-  # DEPRECATED. Use `Util#encode_parameters` instead.
-  def self.uri_encode(params)
-    Util.encode_parameters(params)
+  def self.uploads_base=(uploads_base)
+    @uploads_base = uploads_base
+    StripeClient.clear_all_connection_managers
   end
-  private_class_method :uri_encode
-  class << self
-    extend Gem::Deprecate
-    deprecate :uri_encode, "Stripe::Util#encode_parameters", 2016, 1
+
+  def self.verify_ssl_certs=(verify_ssl_certs)
+    @verify_ssl_certs = verify_ssl_certs
+    StripeClient.clear_all_connection_managers
   end
 end
 

data/lib/stripe/api_operations/list.rb

@@ -19,12 +19,6 @@ module Stripe
 
         obj
       end
-
-      # The original version of #list was given the somewhat unfortunate name of
-      # #all, and this alias allows us to maintain backward compatibility (the
-      # choice was somewhat misleading in the way that it only returned a single
-      # page rather than all objects).
-      alias all list
     end
   end
 end

data/lib/stripe/connection_manager.rb

@@ -0,0 +1,131 @@
+# frozen_string_literal: true
+
+module Stripe
+  # Manages connections across multiple hosts which is useful because the
+  # library may connect to multiple hosts during a typical session (main API,
+  # Connect, Uploads). Ruby doesn't provide an easy way to make this happen
+  # easily, so this class is designed to track what we're connected to and
+  # manage the lifecycle of those connections.
+  #
+  # Note that this class in itself is *not* thread safe. We expect it to be
+  # instantiated once per thread.
+  #
+  # Note also that this class doesn't currently clean up after itself because
+  # it expects to only ever have a few connections. It'd be possible to tank
+  # memory by constantly changing the value of `Stripe.api_base` or the like. A
+  # possible improvement might be to detect and prune old connections whenever
+  # a request is executed.
+  class ConnectionManager
+    def initialize
+      @active_connections = {}
+    end
+
+    # Finishes any active connections by closing their TCP connection and
+    # clears them from internal tracking.
+    def clear
+      @active_connections.each do |_, connection|
+        connection.finish
+      end
+      @active_connections = {}
+    end
+
+    # Gets a connection for a given URI. This is for internal use only as it's
+    # subject to change (we've moved between HTTP client schemes in the past
+    # and may do it again).
+    #
+    # `uri` is expected to be a string.
+    def connection_for(uri)
+      u = URI.parse(uri)
+      connection = @active_connections[[u.host, u.port]]
+
+      if connection.nil?
+        connection = create_connection(u)
+
+        # TODO: what happens after TTL?
+        connection.start
+
+        @active_connections[[u.host, u.port]] = connection
+      end
+
+      connection
+    end
+
+    # Executes an HTTP request to the given URI with the given method. Also
+    # allows a request body, headers, and query string to be specified.
+    def execute_request(method, uri, body: nil, headers: nil, query: nil)
+      # Perform some basic argument validation because it's easy to get
+      # confused between strings and hashes for things like body and query
+      # parameters.
+      raise ArgumentError, "method should be a symbol" \
+        unless method.is_a?(Symbol)
+      raise ArgumentError, "uri should be a string" \
+        unless uri.is_a?(String)
+      raise ArgumentError, "body should be a string" \
+        if body && !body.is_a?(String)
+      raise ArgumentError, "headers should be a hash" \
+        if headers && !headers.is_a?(Hash)
+      raise ArgumentError, "query should be a string" \
+        if query && !query.is_a?(String)
+
+      connection = connection_for(uri)
+
+      u = URI.parse(uri)
+      path = if query
+               u.path + "?" + query
+             else
+               u.path
+             end
+
+      connection.send_request(method.to_s.upcase, path, body, headers)
+    end
+
+    #
+    # private
+    #
+
+    # `uri` should be a parsed `URI` object.
+    private def create_connection(uri)
+      # These all come back as `nil` if no proxy is configured.
+      proxy_host, proxy_port, proxy_user, proxy_pass = proxy_parts
+
+      connection = Net::HTTP.new(uri.host, uri.port,
+                                 proxy_host, proxy_port,
+                                 proxy_user, proxy_pass)
+
+      connection.open_timeout = Stripe.open_timeout
+      connection.read_timeout = Stripe.read_timeout
+
+      connection.use_ssl = uri.scheme == "https"
+
+      if Stripe.verify_ssl_certs
+        connection.verify_mode = OpenSSL::SSL::VERIFY_PEER
+        connection.cert_store = Stripe.ca_store
+      else
+        connection.verify_mode = OpenSSL::SSL::VERIFY_NONE
+
+        unless @verify_ssl_warned
+          @verify_ssl_warned = true
+          warn("WARNING: Running without SSL cert verification. " \
+            "You should never do this in production. " \
+            "Execute `Stripe.verify_ssl_certs = true` to enable " \
+            "verification.")
+        end
+      end
+
+      connection
+    end
+
+    # `Net::HTTP` somewhat awkwardly requires each component of a proxy URI
+    # (host, port, etc.) rather than the URI itself. This method simply parses
+    # out those pieces to make passing them into a new connection a little less
+    # ugly.
+    private def proxy_parts
+      if Stripe.proxy.nil?
+        [nil, nil, nil, nil]
+      else
+        u = URI.parse(Stripe.proxy)
+        [u.host, u.port, u.user, u.password]
+      end
+    end
+  end
+end