stripe_event 1.4.0 → 1.5.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: f6070a2804286e6d3f688f6051d68dddbf6c0aad
+  data.tar.gz: 073f86d95bf6dd878acf263627d2abc2e84cc545
+SHA512:
+  metadata.gz: 55c9eaab6a57aff64563cdb7a6daf7c2352e738f3a067f6cea66aca7d0920fdd766d8d36b15e8c9020db8a1ee9c488387a78c23db954ba2527cb932043900746
+  data.tar.gz: f72b89d80bfd9a092da76988dbe6c038ed00558c72524df8e6740c769f4edf7af6c5921725d271b5dee2142342c9d690ea4958bf52aa8cb2f716f22c6e5b137d

data/.gitignore

@@ -6,4 +6,5 @@ spec/dummy/log/*.log
 spec/dummy/tmp/
 spec/dummy/.sass-cache
 Gemfile.lock
+gemfiles/*.lock
 coverage/*

data/.travis.yml

@@ -1,21 +1,20 @@
 language: ruby
+
 rvm:
-  - 1.9.2
   - 1.9.3
-  - 2.0.0
-  - 2.1.0
+  - 2.1
   - jruby-19mode
+
 gemfile:
-  - gemfiles/rails3.1.gemfile
   - gemfiles/rails3.2.gemfile
-  - gemfiles/rails4.0.gemfile
   - gemfiles/rails4.1.gemfile
+  - gemfiles/rails4.2.gemfile
+
+sudo: false
+
 matrix:
-  exclude:
-    - rvm: 1.9.2
-      gemfile: gemfiles/rails4.0.gemfile
-    - rvm: 1.9.2
-      gemfile: gemfiles/rails4.1.gemfile
+  fast_finish: true
+
 notifications:
   email:
     - daniel.r.whalen+travis-ci@gmail.com

data/Appraisals

@@ -1,15 +1,11 @@
-appraise "rails3.1" do
-  gem "rails", "~> 3.1.0"
-end
-
 appraise "rails3.2" do
   gem "rails", "~> 3.2.0"
 end
 
-appraise "rails4.0" do
-  gem "rails", "~> 4.0.0"
-end
-
 appraise "rails4.1" do
   gem "rails", "~> 4.1.0"
 end
+
+appraise "rails4.2" do
+  gem "rails", "~> 4.2.0"
+end

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+### 1.5.0 (February 25, 2015)
+  * Added [replay attack protection](https://github.com/integrallis/stripe_event#securing-your-webhook-endpoint) on webhooks. See  `StripeEvent.authentication_secret`. Thanks @brentdax for both the initial discussion and the implementation! #53, #55
+  * Dropped official support for Rails 3.1 and Rails 4.0
+
 ### 1.4.0 (November 1, 2014)
   * Add `StripeEvent.listening?` method to easily determine if an event type has any registered handlers. Thank you to [Vladimir Andrijevik](https://github.com/vandrijevik) for the [idea and implementation](https://github.com/integrallis/stripe_event/pull/42).
 

data/LICENSE.md

@@ -1,6 +1,6 @@
 The MIT License
 
-Copyright 2012-2014 Integrallis Software
+Copyright 2012-2015 Integrallis Software
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -1,5 +1,5 @@
 # StripeEvent
-[![Build Status](https://secure.travis-ci.org/integrallis/stripe_event.png?branch=master)](http://travis-ci.org/integrallis/stripe_event) [![Dependency Status](https://gemnasium.com/integrallis/stripe_event.png)](https://gemnasium.com/integrallis/stripe_event) [![Gem Version](https://badge.fury.io/rb/stripe_event.png)](http://badge.fury.io/rb/stripe_event) [![Code Climate](https://codeclimate.com/github/integrallis/stripe_event.png)](https://codeclimate.com/github/integrallis/stripe_event) [![Coverage Status](https://coveralls.io/repos/integrallis/stripe_event/badge.png)](https://coveralls.io/r/integrallis/stripe_event)
+[![Build Status](https://secure.travis-ci.org/integrallis/stripe_event.svg)](http://travis-ci.org/integrallis/stripe_event) [![Dependency Status](https://gemnasium.com/integrallis/stripe_event.svg)](https://gemnasium.com/integrallis/stripe_event) [![Gem Version](https://badge.fury.io/rb/stripe_event.svg)](http://badge.fury.io/rb/stripe_event) [![Code Climate](https://codeclimate.com/github/integrallis/stripe_event.svg)](https://codeclimate.com/github/integrallis/stripe_event) [![Coverage Status](https://coveralls.io/repos/integrallis/stripe_event/badge.svg)](https://coveralls.io/r/integrallis/stripe_event)
 
 StripeEvent is built on the [ActiveSupport::Notifications API](http://api.rubyonrails.org/classes/ActiveSupport/Notifications.html). Incoming webhook requests are authenticated by [retrieving the event object](https://stripe.com/docs/api?lang=ruby#retrieve_event) from Stripe. Define subscribers to handle specific event types. Subscribers can be a block or an object that responds to `#call`.
 
@@ -12,7 +12,7 @@ gem 'stripe_event'
 
 ```ruby
 # config/routes.rb
-mount StripeEvent::Engine => '/my-chosen-path' # provide a custom path
+mount StripeEvent::Engine, at: '/my-chosen-path' # provide a custom path
 ```
 
 ## Usage
@@ -70,6 +70,29 @@ StripeEvent.subscribe 'customer.card.' do |event|
 end
 ```
 
+## Securing your webhook endpoint
+
+StripeEvent automatically fetches events from Stripe to ensure they haven't been forged. However, that doesn't prevent an attacker who knows your endpoint name and an event's ID from forcing your server to process a legitimate event twice. If that event triggers some useful action, like generating a license key or enabling a delinquent account, you could end up giving something the attacker is supposed to pay for away for free.
+
+To prevent this, StripeEvent supports using HTTP Basic authentication on your webhook endpoint. If only Stripe knows the basic authentication password, this ensures that the request really comes from Stripe. Here's what you do:
+
+1. Arrange for a secret key to be available in your application's environment variables or `secrets.yml` file. You can generate a suitable secret with the `rake secret` command. (Remember, the `secrets.yml` file shouldn't contain production secrets directly; it should use ERB to include them.)
+
+2. Configure StripeEvent to require that secret be used as a basic authentication password, using code along the lines of these examples:
+
+    ```ruby
+    # STRIPE_WEBHOOK_SECRET environment variable
+    StripeEvent.authentication_secret = ENV['STRIPE_WEBHOOK_SECRET']
+    # stripe_webhook_secret key in secrets.yml file
+    StripeEvent.authentication_secret = Rails.application.secrets.stripe_webhook_secret
+    ```
+
+3. When you specify your webhook's URL in Stripe's settings, include the secret as a password in the URL, along with any username:
+
+        https://stripe:my-secret-key@myapplication.com/my-webhook-path
+
+This is only truly secure if your webhook endpoint is accessed over SSL, which Stripe strongly recommends anyway.
+
 ## Configuration
 
 If you have built an application that has multiple Stripe accounts--say, each of your customers has their own--you may want to define your own way of retrieving events from Stripe (e.g. perhaps you want to use the [user_id parameter](https://stripe.com/docs/apps/getting-started#webhooks) from the top level to detect the customer for the event, then grab their specific API key). You can do this:
@@ -169,6 +192,14 @@ end
 
 This button sends an example event to your webhook urls, including an `id` of `evt_00000000000000`. To confirm that Stripe sent the webhook, StripeEvent attempts to retrieve the event details from Stripe using the given `id`. In this case the event does not exist and StripeEvent responds with `401 Unauthorized`. Instead of using the 'Test Webhooks' button, trigger webhooks by using the Stripe API or Dashboard to create test payments, customers, etc.
 
+### Maintainers
+
+* [Ryan McGeary](https://github.com/rmm5t)
+* [Pete Keen](https://github.com/peterkeen)
+* [Danny Whalen](https://github.com/invisiblefunnel)
+
+Special thanks to all the [contributors](https://github.com/integrallis/stripe_event/graphs/contributors).
+
 ### License
 
-[MIT License](https://github.com/integrallis/stripe_event/blob/master/LICENSE.md). Copyright 2012-2014 Integrallis Software.
+[MIT License](https://github.com/integrallis/stripe_event/blob/master/LICENSE.md). Copyright 2012-2015 Integrallis Software.

data/app/controllers/stripe_event/webhook_controller.rb

@@ -1,5 +1,13 @@
 module StripeEvent
   class WebhookController < ActionController::Base
+    before_filter do
+      if StripeEvent.authentication_secret
+        authenticate_or_request_with_http_basic do |username, password|
+          password == StripeEvent.authentication_secret
+        end
+      end
+    end
+    
     def event
       StripeEvent.instrument(params)
       head :ok

data/gemfiles/{rails3.1.gemfile → rails4.2.gemfile}

@@ -2,6 +2,6 @@
 
 source "https://rubygems.org"
 
-gem "rails", "~> 3.1.0"
+gem "rails", "~> 4.2.0"
 
 gemspec :path => "../"

data/lib/stripe_event.rb

@@ -4,7 +4,7 @@ require "stripe_event/engine" if defined?(Rails)
 
 module StripeEvent
   class << self
-    attr_accessor :adapter, :backend, :event_retriever, :namespace
+    attr_accessor :adapter, :backend, :event_retriever, :namespace, :authentication_secret
 
     def configure(&block)
       raise ArgumentError, "must provide a block" unless block_given?

data/lib/stripe_event/version.rb

@@ -1,3 +1,3 @@
 module StripeEvent
-  VERSION = "1.4.0"
+  VERSION = "1.5.0"
 end

data/spec/controllers/webhook_controller_spec.rb

@@ -51,4 +51,35 @@ describe StripeEvent::WebhookController do
 
     expect { webhook id: 'evt_charge_succeeded' }.to raise_error(Stripe::StripeError, /testing/)
   end
+  
+  context "with an authentication secret" do
+    def webhook_with_secret(secret, params)
+      request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials('user', secret)
+      webhook params
+    end
+    
+    before(:each) { StripeEvent.authentication_secret = "secret" }
+    after(:each) { StripeEvent.authentication_secret = nil }
+  
+    it "rejects requests with no secret" do
+      stub_event('evt_charge_succeeded')
+    
+      webhook id: 'evt_charge_succeeded'
+      expect(response.code).to eq '401'
+    end
+  
+    it "rejects requests with incorrect secret" do
+      stub_event('evt_charge_succeeded')
+    
+      webhook_with_secret 'incorrect', id: 'evt_charge_succeeded'
+      expect(response.code).to eq '401'
+    end
+  
+    it "accepts requests with correct secret" do
+      stub_event('evt_charge_succeeded')
+    
+      webhook_with_secret 'secret', id: 'evt_charge_succeeded'
+      expect(response.code).to eq '200'
+    end
+  end
 end

metadata

@@ -1,126 +1,111 @@
 --- !ruby/object:Gem::Specification
 name: stripe_event
 version: !ruby/object:Gem::Version
-  version: 1.4.0
-  prerelease: 
+  version: 1.5.0
 platform: ruby
 authors:
 - Danny Whalen
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-11-02 00:00:00.000000000 Z
+date: 2015-02-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '3.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '3.1'
 - !ruby/object:Gem::Dependency
   name: stripe
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.6'
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '3.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '3.1'
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '2.12'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '2.12'
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.9'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.9'
 - !ruby/object:Gem::Dependency
   name: appraisal
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: coveralls
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: Stripe webhook integration for Rails applications.
@@ -129,9 +114,9 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .rspec
-- .travis.yml
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
 - Appraisals
 - CHANGELOG.md
 - Gemfile
@@ -140,14 +125,9 @@ files:
 - Rakefile
 - app/controllers/stripe_event/webhook_controller.rb
 - config/routes.rb
-- gemfiles/rails3.1.gemfile
-- gemfiles/rails3.1.gemfile.lock
 - gemfiles/rails3.2.gemfile
-- gemfiles/rails3.2.gemfile.lock
-- gemfiles/rails4.0.gemfile
-- gemfiles/rails4.0.gemfile.lock
 - gemfiles/rails4.1.gemfile
-- gemfiles/rails4.1.gemfile.lock
+- gemfiles/rails4.2.gemfile
 - lib/stripe_event.rb
 - lib/stripe_event/engine.rb
 - lib/stripe_event/version.rb
@@ -192,38 +172,32 @@ files:
 homepage: https://github.com/integrallis/stripe_event
 licenses:
 - MIT
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.23.2
+rubygems_version: 2.4.5
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Stripe webhook integration for Rails applications.
 test_files:
 - Appraisals
-- gemfiles/rails3.1.gemfile
-- gemfiles/rails3.1.gemfile.lock
 - gemfiles/rails3.2.gemfile
-- gemfiles/rails3.2.gemfile.lock
-- gemfiles/rails4.0.gemfile
-- gemfiles/rails4.0.gemfile.lock
 - gemfiles/rails4.1.gemfile
-- gemfiles/rails4.1.gemfile.lock
+- gemfiles/rails4.2.gemfile
 - spec/controllers/webhook_controller_spec.rb
 - spec/dummy/README.rdoc
 - spec/dummy/Rakefile

data/gemfiles/rails3.1.gemfile.lock

@@ -1,149 +0,0 @@
-PATH
-  remote: ../
-  specs:
-    stripe_event (1.4.0)
-      activesupport (>= 3.1)
-      stripe (~> 1.6)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    actionmailer (3.1.12)
-      actionpack (= 3.1.12)
-      mail (~> 2.4.4)
-    actionpack (3.1.12)
-      activemodel (= 3.1.12)
-      activesupport (= 3.1.12)
-      builder (~> 3.0.0)
-      erubis (~> 2.7.0)
-      i18n (~> 0.6)
-      rack (~> 1.3.6)
-      rack-cache (~> 1.2)
-      rack-mount (~> 0.8.2)
-      rack-test (~> 0.6.1)
-      sprockets (~> 2.0.4)
-    activemodel (3.1.12)
-      activesupport (= 3.1.12)
-      builder (~> 3.0.0)
-      i18n (~> 0.6)
-    activerecord (3.1.12)
-      activemodel (= 3.1.12)
-      activesupport (= 3.1.12)
-      arel (~> 2.2.3)
-      tzinfo (~> 0.3.29)
-    activeresource (3.1.12)
-      activemodel (= 3.1.12)
-      activesupport (= 3.1.12)
-    activesupport (3.1.12)
-      multi_json (~> 1.0)
-    addressable (2.3.6)
-    appraisal (1.0.2)
-      bundler
-      rake
-      thor (>= 0.14.0)
-    arel (2.2.3)
-    builder (3.0.4)
-    coveralls (0.7.1)
-      multi_json (~> 1.3)
-      rest-client
-      simplecov (>= 0.7)
-      term-ansicolor
-      thor
-    crack (0.4.2)
-      safe_yaml (~> 1.0.0)
-    diff-lcs (1.2.5)
-    docile (1.1.5)
-    erubis (2.7.0)
-    hike (1.2.3)
-    i18n (0.6.11)
-    json (1.8.1)
-    mail (2.4.4)
-      i18n (>= 0.4.0)
-      mime-types (~> 1.16)
-      treetop (~> 1.4.8)
-    mime-types (1.25.1)
-    multi_json (1.10.1)
-    netrc (0.8.0)
-    polyglot (0.3.5)
-    rack (1.3.10)
-    rack-cache (1.2)
-      rack (>= 0.4)
-    rack-mount (0.8.3)
-      rack (>= 1.0.0)
-    rack-ssl (1.3.4)
-      rack
-    rack-test (0.6.2)
-      rack (>= 1.0)
-    rails (3.1.12)
-      actionmailer (= 3.1.12)
-      actionpack (= 3.1.12)
-      activerecord (= 3.1.12)
-      activeresource (= 3.1.12)
-      activesupport (= 3.1.12)
-      bundler (~> 1.0)
-      railties (= 3.1.12)
-    railties (3.1.12)
-      actionpack (= 3.1.12)
-      activesupport (= 3.1.12)
-      rack-ssl (~> 1.3.2)
-      rake (>= 0.8.7)
-      rdoc (~> 3.4)
-      thor (~> 0.14.6)
-    rake (10.3.2)
-    rdoc (3.12.2)
-      json (~> 1.4)
-    rest-client (1.7.2)
-      mime-types (>= 1.16, < 3.0)
-      netrc (~> 0.7)
-    rspec-collection_matchers (1.0.0)
-      rspec-expectations (>= 2.99.0.beta1)
-    rspec-core (2.99.2)
-    rspec-expectations (2.99.2)
-      diff-lcs (>= 1.1.3, < 2.0)
-    rspec-mocks (2.99.2)
-    rspec-rails (2.99.0)
-      actionpack (>= 3.0)
-      activemodel (>= 3.0)
-      activesupport (>= 3.0)
-      railties (>= 3.0)
-      rspec-collection_matchers
-      rspec-core (~> 2.99.0)
-      rspec-expectations (~> 2.99.0)
-      rspec-mocks (~> 2.99.0)
-    safe_yaml (1.0.4)
-    simplecov (0.9.1)
-      docile (~> 1.1.0)
-      multi_json (~> 1.0)
-      simplecov-html (~> 0.8.0)
-    simplecov-html (0.8.0)
-    sprockets (2.0.5)
-      hike (~> 1.2)
-      rack (~> 1.0)
-      tilt (~> 1.1, != 1.3.0)
-    stripe (1.16.0)
-      json (~> 1.8.1)
-      mime-types (>= 1.25, < 3.0)
-      rest-client (~> 1.4)
-    term-ansicolor (1.3.0)
-      tins (~> 1.0)
-    thor (0.14.6)
-    tilt (1.4.1)
-    tins (1.3.3)
-    treetop (1.4.15)
-      polyglot
-      polyglot (>= 0.3.1)
-    tzinfo (0.3.42)
-    webmock (1.20.0)
-      addressable (>= 2.3.6)
-      crack (>= 0.3.2)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  appraisal
-  coveralls
-  rails (~> 3.1.0)
-  rspec-rails (~> 2.12)
-  stripe_event!
-  webmock (~> 1.9)

data/gemfiles/rails3.2.gemfile.lock

@@ -1,147 +0,0 @@
-PATH
-  remote: ../
-  specs:
-    stripe_event (1.4.0)
-      activesupport (>= 3.1)
-      stripe (~> 1.6)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    actionmailer (3.2.20)
-      actionpack (= 3.2.20)
-      mail (~> 2.5.4)
-    actionpack (3.2.20)
-      activemodel (= 3.2.20)
-      activesupport (= 3.2.20)
-      builder (~> 3.0.0)
-      erubis (~> 2.7.0)
-      journey (~> 1.0.4)
-      rack (~> 1.4.5)
-      rack-cache (~> 1.2)
-      rack-test (~> 0.6.1)
-      sprockets (~> 2.2.1)
-    activemodel (3.2.20)
-      activesupport (= 3.2.20)
-      builder (~> 3.0.0)
-    activerecord (3.2.20)
-      activemodel (= 3.2.20)
-      activesupport (= 3.2.20)
-      arel (~> 3.0.2)
-      tzinfo (~> 0.3.29)
-    activeresource (3.2.20)
-      activemodel (= 3.2.20)
-      activesupport (= 3.2.20)
-    activesupport (3.2.20)
-      i18n (~> 0.6, >= 0.6.4)
-      multi_json (~> 1.0)
-    addressable (2.3.6)
-    appraisal (1.0.2)
-      bundler
-      rake
-      thor (>= 0.14.0)
-    arel (3.0.3)
-    builder (3.0.4)
-    coveralls (0.7.1)
-      multi_json (~> 1.3)
-      rest-client
-      simplecov (>= 0.7)
-      term-ansicolor
-      thor
-    crack (0.4.2)
-      safe_yaml (~> 1.0.0)
-    diff-lcs (1.2.5)
-    docile (1.1.5)
-    erubis (2.7.0)
-    hike (1.2.3)
-    i18n (0.6.11)
-    journey (1.0.4)
-    json (1.8.1)
-    mail (2.5.4)
-      mime-types (~> 1.16)
-      treetop (~> 1.4.8)
-    mime-types (1.25.1)
-    multi_json (1.10.1)
-    netrc (0.8.0)
-    polyglot (0.3.5)
-    rack (1.4.5)
-    rack-cache (1.2)
-      rack (>= 0.4)
-    rack-ssl (1.3.4)
-      rack
-    rack-test (0.6.2)
-      rack (>= 1.0)
-    rails (3.2.20)
-      actionmailer (= 3.2.20)
-      actionpack (= 3.2.20)
-      activerecord (= 3.2.20)
-      activeresource (= 3.2.20)
-      activesupport (= 3.2.20)
-      bundler (~> 1.0)
-      railties (= 3.2.20)
-    railties (3.2.20)
-      actionpack (= 3.2.20)
-      activesupport (= 3.2.20)
-      rack-ssl (~> 1.3.2)
-      rake (>= 0.8.7)
-      rdoc (~> 3.4)
-      thor (>= 0.14.6, < 2.0)
-    rake (10.3.2)
-    rdoc (3.12.2)
-      json (~> 1.4)
-    rest-client (1.7.2)
-      mime-types (>= 1.16, < 3.0)
-      netrc (~> 0.7)
-    rspec-collection_matchers (1.0.0)
-      rspec-expectations (>= 2.99.0.beta1)
-    rspec-core (2.99.2)
-    rspec-expectations (2.99.2)
-      diff-lcs (>= 1.1.3, < 2.0)
-    rspec-mocks (2.99.2)
-    rspec-rails (2.99.0)
-      actionpack (>= 3.0)
-      activemodel (>= 3.0)
-      activesupport (>= 3.0)
-      railties (>= 3.0)
-      rspec-collection_matchers
-      rspec-core (~> 2.99.0)
-      rspec-expectations (~> 2.99.0)
-      rspec-mocks (~> 2.99.0)
-    safe_yaml (1.0.4)
-    simplecov (0.9.1)
-      docile (~> 1.1.0)
-      multi_json (~> 1.0)
-      simplecov-html (~> 0.8.0)
-    simplecov-html (0.8.0)
-    sprockets (2.2.3)
-      hike (~> 1.2)
-      multi_json (~> 1.0)
-      rack (~> 1.0)
-      tilt (~> 1.1, != 1.3.0)
-    stripe (1.16.0)
-      json (~> 1.8.1)
-      mime-types (>= 1.25, < 3.0)
-      rest-client (~> 1.4)
-    term-ansicolor (1.3.0)
-      tins (~> 1.0)
-    thor (0.19.1)
-    tilt (1.4.1)
-    tins (1.3.3)
-    treetop (1.4.15)
-      polyglot
-      polyglot (>= 0.3.1)
-    tzinfo (0.3.42)
-    webmock (1.20.0)
-      addressable (>= 2.3.6)
-      crack (>= 0.3.2)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  appraisal
-  coveralls
-  rails (~> 3.2.0)
-  rspec-rails (~> 2.12)
-  stripe_event!
-  webmock (~> 1.9)

data/gemfiles/rails4.0.gemfile

@@ -1,7 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "rails", "~> 4.0.0"
-
-gemspec :path => "../"

data/gemfiles/rails4.0.gemfile.lock

@@ -1,136 +0,0 @@
-PATH
-  remote: ../
-  specs:
-    stripe_event (1.4.0)
-      activesupport (>= 3.1)
-      stripe (~> 1.6)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    actionmailer (4.0.11)
-      actionpack (= 4.0.11)
-      mail (~> 2.5, >= 2.5.4)
-    actionpack (4.0.11)
-      activesupport (= 4.0.11)
-      builder (~> 3.1.0)
-      erubis (~> 2.7.0)
-      rack (~> 1.5.2)
-      rack-test (~> 0.6.2)
-    activemodel (4.0.11)
-      activesupport (= 4.0.11)
-      builder (~> 3.1.0)
-    activerecord (4.0.11)
-      activemodel (= 4.0.11)
-      activerecord-deprecated_finders (~> 1.0.2)
-      activesupport (= 4.0.11)
-      arel (~> 4.0.0)
-    activerecord-deprecated_finders (1.0.3)
-    activesupport (4.0.11)
-      i18n (~> 0.6, >= 0.6.9)
-      minitest (~> 4.2)
-      multi_json (~> 1.3)
-      thread_safe (~> 0.1)
-      tzinfo (~> 0.3.37)
-    addressable (2.3.6)
-    appraisal (1.0.2)
-      bundler
-      rake
-      thor (>= 0.14.0)
-    arel (4.0.2)
-    builder (3.1.4)
-    coveralls (0.7.1)
-      multi_json (~> 1.3)
-      rest-client
-      simplecov (>= 0.7)
-      term-ansicolor
-      thor
-    crack (0.4.2)
-      safe_yaml (~> 1.0.0)
-    diff-lcs (1.2.5)
-    docile (1.1.5)
-    erubis (2.7.0)
-    hike (1.2.3)
-    i18n (0.6.11)
-    json (1.8.1)
-    mail (2.6.1)
-      mime-types (>= 1.16, < 3)
-    mime-types (2.4.3)
-    minitest (4.7.5)
-    multi_json (1.10.1)
-    netrc (0.8.0)
-    rack (1.5.2)
-    rack-test (0.6.2)
-      rack (>= 1.0)
-    rails (4.0.11)
-      actionmailer (= 4.0.11)
-      actionpack (= 4.0.11)
-      activerecord (= 4.0.11)
-      activesupport (= 4.0.11)
-      bundler (>= 1.3.0, < 2.0)
-      railties (= 4.0.11)
-      sprockets-rails (~> 2.0)
-    railties (4.0.11)
-      actionpack (= 4.0.11)
-      activesupport (= 4.0.11)
-      rake (>= 0.8.7)
-      thor (>= 0.18.1, < 2.0)
-    rake (10.3.2)
-    rest-client (1.7.2)
-      mime-types (>= 1.16, < 3.0)
-      netrc (~> 0.7)
-    rspec-collection_matchers (1.0.0)
-      rspec-expectations (>= 2.99.0.beta1)
-    rspec-core (2.99.2)
-    rspec-expectations (2.99.2)
-      diff-lcs (>= 1.1.3, < 2.0)
-    rspec-mocks (2.99.2)
-    rspec-rails (2.99.0)
-      actionpack (>= 3.0)
-      activemodel (>= 3.0)
-      activesupport (>= 3.0)
-      railties (>= 3.0)
-      rspec-collection_matchers
-      rspec-core (~> 2.99.0)
-      rspec-expectations (~> 2.99.0)
-      rspec-mocks (~> 2.99.0)
-    safe_yaml (1.0.4)
-    simplecov (0.9.1)
-      docile (~> 1.1.0)
-      multi_json (~> 1.0)
-      simplecov-html (~> 0.8.0)
-    simplecov-html (0.8.0)
-    sprockets (2.12.3)
-      hike (~> 1.2)
-      multi_json (~> 1.0)
-      rack (~> 1.0)
-      tilt (~> 1.1, != 1.3.0)
-    sprockets-rails (2.2.0)
-      actionpack (>= 3.0)
-      activesupport (>= 3.0)
-      sprockets (>= 2.8, < 4.0)
-    stripe (1.16.0)
-      json (~> 1.8.1)
-      mime-types (>= 1.25, < 3.0)
-      rest-client (~> 1.4)
-    term-ansicolor (1.3.0)
-      tins (~> 1.0)
-    thor (0.19.1)
-    thread_safe (0.3.4)
-    tilt (1.4.1)
-    tins (1.3.3)
-    tzinfo (0.3.42)
-    webmock (1.20.0)
-      addressable (>= 2.3.6)
-      crack (>= 0.3.2)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  appraisal
-  coveralls
-  rails (~> 4.0.0)
-  rspec-rails (~> 2.12)
-  stripe_event!
-  webmock (~> 1.9)

data/gemfiles/rails4.1.gemfile.lock

@@ -1,141 +0,0 @@
-PATH
-  remote: ../
-  specs:
-    stripe_event (1.4.0)
-      activesupport (>= 3.1)
-      stripe (~> 1.6)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    actionmailer (4.1.7)
-      actionpack (= 4.1.7)
-      actionview (= 4.1.7)
-      mail (~> 2.5, >= 2.5.4)
-    actionpack (4.1.7)
-      actionview (= 4.1.7)
-      activesupport (= 4.1.7)
-      rack (~> 1.5.2)
-      rack-test (~> 0.6.2)
-    actionview (4.1.7)
-      activesupport (= 4.1.7)
-      builder (~> 3.1)
-      erubis (~> 2.7.0)
-    activemodel (4.1.7)
-      activesupport (= 4.1.7)
-      builder (~> 3.1)
-    activerecord (4.1.7)
-      activemodel (= 4.1.7)
-      activesupport (= 4.1.7)
-      arel (~> 5.0.0)
-    activesupport (4.1.7)
-      i18n (~> 0.6, >= 0.6.9)
-      json (~> 1.7, >= 1.7.7)
-      minitest (~> 5.1)
-      thread_safe (~> 0.1)
-      tzinfo (~> 1.1)
-    addressable (2.3.6)
-    appraisal (1.0.2)
-      bundler
-      rake
-      thor (>= 0.14.0)
-    arel (5.0.1.20140414130214)
-    builder (3.2.2)
-    coveralls (0.7.1)
-      multi_json (~> 1.3)
-      rest-client
-      simplecov (>= 0.7)
-      term-ansicolor
-      thor
-    crack (0.4.2)
-      safe_yaml (~> 1.0.0)
-    diff-lcs (1.2.5)
-    docile (1.1.5)
-    erubis (2.7.0)
-    hike (1.2.3)
-    i18n (0.6.11)
-    json (1.8.1)
-    mail (2.6.1)
-      mime-types (>= 1.16, < 3)
-    mime-types (2.4.3)
-    minitest (5.4.2)
-    multi_json (1.10.1)
-    netrc (0.8.0)
-    rack (1.5.2)
-    rack-test (0.6.2)
-      rack (>= 1.0)
-    rails (4.1.7)
-      actionmailer (= 4.1.7)
-      actionpack (= 4.1.7)
-      actionview (= 4.1.7)
-      activemodel (= 4.1.7)
-      activerecord (= 4.1.7)
-      activesupport (= 4.1.7)
-      bundler (>= 1.3.0, < 2.0)
-      railties (= 4.1.7)
-      sprockets-rails (~> 2.0)
-    railties (4.1.7)
-      actionpack (= 4.1.7)
-      activesupport (= 4.1.7)
-      rake (>= 0.8.7)
-      thor (>= 0.18.1, < 2.0)
-    rake (10.3.2)
-    rest-client (1.7.2)
-      mime-types (>= 1.16, < 3.0)
-      netrc (~> 0.7)
-    rspec-collection_matchers (1.0.0)
-      rspec-expectations (>= 2.99.0.beta1)
-    rspec-core (2.99.2)
-    rspec-expectations (2.99.2)
-      diff-lcs (>= 1.1.3, < 2.0)
-    rspec-mocks (2.99.2)
-    rspec-rails (2.99.0)
-      actionpack (>= 3.0)
-      activemodel (>= 3.0)
-      activesupport (>= 3.0)
-      railties (>= 3.0)
-      rspec-collection_matchers
-      rspec-core (~> 2.99.0)
-      rspec-expectations (~> 2.99.0)
-      rspec-mocks (~> 2.99.0)
-    safe_yaml (1.0.4)
-    simplecov (0.9.1)
-      docile (~> 1.1.0)
-      multi_json (~> 1.0)
-      simplecov-html (~> 0.8.0)
-    simplecov-html (0.8.0)
-    sprockets (2.12.3)
-      hike (~> 1.2)
-      multi_json (~> 1.0)
-      rack (~> 1.0)
-      tilt (~> 1.1, != 1.3.0)
-    sprockets-rails (2.2.0)
-      actionpack (>= 3.0)
-      activesupport (>= 3.0)
-      sprockets (>= 2.8, < 4.0)
-    stripe (1.16.0)
-      json (~> 1.8.1)
-      mime-types (>= 1.25, < 3.0)
-      rest-client (~> 1.4)
-    term-ansicolor (1.3.0)
-      tins (~> 1.0)
-    thor (0.19.1)
-    thread_safe (0.3.4)
-    tilt (1.4.1)
-    tins (1.3.3)
-    tzinfo (1.2.2)
-      thread_safe (~> 0.1)
-    webmock (1.20.0)
-      addressable (>= 2.3.6)
-      crack (>= 0.3.2)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  appraisal
-  coveralls
-  rails (~> 4.1.0)
-  rspec-rails (~> 2.12)
-  stripe_event!
-  webmock (~> 1.9)