stripe 1.57.0 → 1.57.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/History.txt +4 -0
  3. data/VERSION +1 -1
  4. data/lib/stripe/account.rb +1 -1
  5. data/lib/stripe/api_operations/save.rb +6 -0
  6. data/lib/stripe/stripe_object.rb +15 -8
  7. data/lib/stripe/version.rb +1 -1
  8. data/test/stripe/account_test.rb +4 -15
  9. data/test/stripe/api_operations_test.rb +20 -9
  10. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 9fe4d3fd367bcbfca810fc12cef79b4867c6a55f
4
- data.tar.gz: a04ff21db27f43fe765bedc7cb204dcd82dc7549
3
+ metadata.gz: cc1cb05bfb9a08a00e144b883b27f19adecd393a
4
+ data.tar.gz: ba84a7e8456dc66a137cb149a8dc8ca36962e2d3
5
5
  SHA512:
6
- metadata.gz: 5008004f4e7c44636190e87b9435e80abf7d7bf04c2a581a63c7f89fd6985794c6abd03a90db8166e35908ebf808ae3bbb1016b3a86da1cbc6b9faef7ee932c8
7
- data.tar.gz: 136522a91f1a78340136450a7735d3debc92649d7da8475ae0c26147985e690e6d840c1dc958128a1d0e30310fca607a21742c078a7d13c4adc3b80fb0f60d2f
6
+ metadata.gz: f023b3c00e55b05fc9a7eb84dc2d876c9b518a51ce445f0c78f03e82158a544c2f2a7d825953bd80228f527fd7cd6db14a88f87913d4a6309ff26b423b57ebcb
7
+ data.tar.gz: 125b78e32aebaaaee71f8d22afd33a10f90d899f8a4ff1bf9352ed2fd8dd35549186b2ef96c943670cd17dcbaa95c1d0f7ce3c6808fa0a690529ba42b716f037
data/History.txt CHANGED
@@ -1,3 +1,7 @@
1
+ === 1.57.1 2016-11-28
2
+
3
+ * Disallow sending protected fields along with API resource `.update`
4
+
1
5
  === 1.57.0 2016-11-21
2
6
 
3
7
  * Add retrieve method for 3-D Secure resources
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.57.0
1
+ 1.57.1
data/lib/stripe/account.rb CHANGED
@@ -79,7 +79,7 @@ module Stripe
79
79
  update_hash
80
80
  end
81
81
 
82
- def protected_fields
82
+ def self.protected_fields
83
83
  [:legal_entity]
84
84
  end
85
85
 
data/lib/stripe/api_operations/save.rb CHANGED
@@ -15,6 +15,12 @@ module Stripe
15
15
  # idempotency_key to be passed in the request headers, or for the
16
16
  # api_key to be overwritten. See {APIOperations::Request.request}.
17
17
  def update(id, params={}, opts={})
18
+ params.each do |k, v|
19
+ if self.protected_fields.include?(k)
20
+ raise ArgumentError, "Cannot update protected field: #{k}"
21
+ end
22
+ end
23
+
18
24
  response, opts = request(:post, "#{resource_url}/#{id}", params, opts)
19
25
  Util.convert_to_stripe_object(response, opts)
20
26
  end
data/lib/stripe/stripe_object.rb CHANGED
@@ -194,19 +194,24 @@ module Stripe
194
194
 
195
195
  protected
196
196
 
197
- def metaclass
198
- class << self; self; end
197
+ # A protected field is one that doesn't get an accessor assigned to it
198
+ # (i.e. `obj.public = ...`) and one which is not allowed to be updated via
199
+ # the class level `Model.update(id, { ... })`.
200
+ def self.protected_fields
201
+ []
199
202
  end
200
203
 
201
- def protected_fields
202
- []
204
+ def metaclass
205
+ class << self; self; end
203
206
  end
204
207
 
205
208
  def remove_accessors(keys)
206
- f = protected_fields
209
+ # not available in the #instance_eval below
210
+ protected_fields = self.class.protected_fields
211
+
207
212
  metaclass.instance_eval do
208
213
  keys.each do |k|
209
- next if f.include?(k)
214
+ next if protected_fields.include?(k)
210
215
  next if @@permanent_attributes.include?(k)
211
216
 
212
217
  # Remove methods for the accessor's reader and writer.
@@ -220,10 +225,12 @@ module Stripe
220
225
  end
221
226
 
222
227
  def add_accessors(keys, values)
223
- f = protected_fields
228
+ # not available in the #instance_eval below
229
+ protected_fields = self.class.protected_fields
230
+
224
231
  metaclass.instance_eval do
225
232
  keys.each do |k|
226
- next if f.include?(k)
233
+ next if protected_fields.include?(k)
227
234
  next if @@permanent_attributes.include?(k)
228
235
 
229
236
  define_method(k) { @values[k] }
data/lib/stripe/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Stripe
2
- VERSION = '1.57.0'
2
+ VERSION = '1.57.1'
3
3
  end
data/test/stripe/account_test.rb CHANGED
@@ -96,26 +96,15 @@ module Stripe
96
96
  should "be updatable" do
97
97
  resp = {
98
98
  :id => 'acct_foo',
99
- :legal_entity => {
100
- :first_name => 'Bob',
101
- :address => {
102
- :line1 => '2 Three Four'
103
- }
104
- }
99
+ :business_name => 'ACME Corp',
105
100
  }
106
101
  @mock.expects(:post).
107
102
  once.
108
- with('https://api.stripe.com/v1/accounts/acct_foo', nil, 'legal_entity[first_name]=Bob&legal_entity[address][line1]=2+Three+Four').
103
+ with('https://api.stripe.com/v1/accounts/acct_foo', nil, 'business_name=ACME+Corp').
109
104
  returns(make_response(resp))
110
105
 
111
- a = Stripe::Account.update('acct_foo', :legal_entity => {
112
- :first_name => 'Bob',
113
- :address => {
114
- :line1 => '2 Three Four'
115
- }
116
- })
117
- assert_equal('Bob', a.legal_entity.first_name)
118
- assert_equal('2 Three Four', a.legal_entity.address.line1)
106
+ a = Stripe::Account.update('acct_foo', :business_name => "ACME Corp")
107
+ assert_equal('ACME Corp', a.business_name)
119
108
  end
120
109
 
121
110
  should 'disallow direct overrides of legal_entity' do
data/test/stripe/api_operations_test.rb CHANGED
@@ -3,18 +3,29 @@ require File.expand_path('../../test_helper', __FILE__)
3
3
 
4
4
  module Stripe
5
5
  class ApiOperationsTest < Test::Unit::TestCase
6
- class Updater < APIResource
6
+ class UpdateableResource < APIResource
7
7
  include Stripe::APIOperations::Save
8
+
9
+ def self.protected_fields
10
+ [:protected]
11
+ end
8
12
  end
9
13
 
10
- should "the Update API operation should post the correct parameters to the resource URL" do
11
- @mock.expects(:post).once.
12
- with("#{Stripe.api_base}/v1/updaters/id", nil, 'foo=bar').
13
- returns(make_response({foo: 'bar'}))
14
- resource = Updater::update("id", {foo: "bar"})
15
- assert_equal('bar', resource.foo)
14
+ context ".update" do
15
+ should "post the correct parameters to the resource URL" do
16
+ @mock.expects(:post).once.
17
+ with("#{Stripe.api_base}/v1/updateableresources/id", nil, 'foo=bar').
18
+ returns(make_response({foo: 'bar'}))
19
+ resource = UpdateableResource::update("id", { foo: "bar" })
20
+ assert_equal('bar', resource.foo)
21
+ end
22
+
23
+ should "error on protected fields" do
24
+ e = assert_raises do
25
+ UpdateableResource::update("id", { protected: "bar" })
26
+ end
27
+ assert_equal "Cannot update protected field: protected", e.message
28
+ end
16
29
  end
17
30
  end
18
31
  end
19
-
20
-
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: stripe
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.57.0
4
+ version: 1.57.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Stripe
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-11-22 00:00:00.000000000 Z
11
+ date: 2016-11-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rest-client