read stripe_api_key from db

app/controllers/api/payments_controller.rb

@@ -24,15 +24,17 @@ class API::PaymentsController < API::ApiController
 
         # Create the PaymentIntent
         intent = Stripe::PaymentIntent.create(
-          payment_method: params[:payment_method_id],
-          amount: amount[:amount],
-          currency: Rails.application.secrets.stripe_currency,
-          confirmation_method: 'manual',
-          confirm: true,
-          customer: current_user.stp_customer_id
+          {
+            payment_method: params[:payment_method_id],
+            amount: amount[:amount],
+            currency: Rails.application.secrets.stripe_currency,
+            confirmation_method: 'manual',
+            confirm: true,
+            customer: current_user.stp_customer_id
+          }, { api_key: Setting.get('stripe_secret_key') }
         )
       elsif params[:payment_intent_id].present?
-        intent = Stripe::PaymentIntent.confirm(params[:payment_intent_id])
+        intent = Stripe::PaymentIntent.confirm(params[:payment_intent_id], api_key: Setting.get('stripe_secret_key'))
       end
     rescue Stripe::CardError => e
       # Display error on client
@@ -62,7 +64,8 @@ class API::PaymentsController < API::ApiController
                                       .pay_and_save(@reservation, payment_details: details, payment_intent_id: intent.id)
     Stripe::PaymentIntent.update(
       intent.id,
-      description: "Invoice reference: #{@reservation.invoice.reference}"
+      { description: "Invoice reference: #{@reservation.invoice.reference}" },
+      { api_key: Setting.get('stripe_secret_key') }
     )
 
     if is_reserve
@@ -81,7 +84,8 @@ class API::PaymentsController < API::ApiController
 
     Stripe::PaymentIntent.update(
       intent.id,
-      description: "Invoice reference: #{@subscription.invoices.first.reference}"
+      { description: "Invoice reference: #{@subscription.invoices.first.reference}" },
+      { api_key: Setting.get('stripe_secret_key') }
     )
 
     if is_subscribe

app/models/reservation.rb

@@ -112,7 +112,10 @@ class Reservation < ApplicationRecord
   end
 
   def clean_pending_strip_invoice_items
-    pending_invoice_items = Stripe::InvoiceItem.list(customer: user.stp_customer_id, limit: 100).data.select { |ii| ii.invoice.nil? }
+    pending_invoice_items = Stripe::InvoiceItem.list(
+      { customer: user.stp_customer_id, limit: 100 },
+      { api_key: Setting.get('stripe_secret_key') }
+    ).data.select { |ii| ii.invoice.nil? }
     pending_invoice_items.each(&:delete)
   end
 

app/models/user.rb

@@ -178,7 +178,7 @@ class User < ApplicationRecord
   end
 
   def stripe_customer
-    Stripe::Customer.retrieve stp_customer_id
+    Stripe::Customer.retrieve(stp_customer_id, api_key: Setting.get('stripe_secret_key'))
   end
 
   def active_for_authentication?

app/validators/stripe_card_token_validator.rb

@@ -1,15 +1,15 @@
+# frozen_string_literal: true
 
+# validates the given card token through the Stripe API
 class StripeCardTokenValidator
   def validate(record)
-    if options[:token]
-      begin
-        res = Stripe::Token.retrieve(options[:token])
-        if res[:id] != options[:token]
-          record.errors[:card_token] << "A problem occurred while retrieving the card with the specified token: #{res.id}"
-        end
-      rescue Stripe::InvalidRequestError => e
-        record.errors[:card_token] << e
-      end
+    return unless options[:token]
+
+    res = Stripe::Token.retrieve(options[:token], api_key: Setting.get('stripe_secret_key'))
+    if res[:id] != options[:token]
+      record.errors[:card_token] << "A problem occurred while retrieving the card with the specified token: #{res.id}"
     end
+  rescue Stripe::InvalidRequestError => e
+    record.errors[:card_token] << e
   end
-end
+end

app/workers/stripe_worker.rb

@@ -12,8 +12,11 @@ class StripeWorker
   def create_stripe_customer(user_id)
     user = User.find(user_id)
     customer = Stripe::Customer.create(
-      description: user.profile.full_name,
-      email: user.email
+      {
+        description: user.profile.full_name,
+        email: user.email
+      },
+      { api_key: Setting.get('stripe_secret_key') }
     )
     user.update_columns(stp_customer_id: customer.id)
   end
@@ -34,11 +37,11 @@ class StripeWorker
     stp_coupon[:redeem_by] = coupon.valid_until.to_i unless coupon.valid_until.nil?
     stp_coupon[:max_redemptions] = coupon.max_usages unless coupon.max_usages.nil?
 
-    Stripe::Coupon.create(stp_coupon)
+    Stripe::Coupon.create(stp_coupon, api_key: Setting.get('stripe_secret_key'))
   end
 
   def delete_stripe_coupon(coupon_code)
-    cpn = Stripe::Coupon.retrieve(coupon_code)
+    cpn = Stripe::Coupon.retrieve(coupon_code, api_key: Setting.get('stripe_secret_key'))
     cpn.delete
   end
 end

app/workers/sync_members_on_stripe_worker.rb

@@ -11,7 +11,7 @@ class SyncMembersOnStripeWorker
     User.online_payers.each_with_index do |member, index|
       logger.debug "#{index} / #{total}"
       begin
-        stp_customer = Stripe::Customer.retrieve member.stp_customer_id
+        stp_customer = Stripe::Customer.retrieve(member.stp_customer_id, api_key: Setting.get('stripe_secret_key'))
         StripeWorker.perform(:create_stripe_customer, member.id) if stp_customer.nil? || stp_customer[:deleted]
       rescue Stripe::InvalidRequestError
         StripeWorker.perform(:create_stripe_customer, member.id)

config/initializers/stripe.rb

@@ -2,5 +2,4 @@
 
 require 'stripe'
 
-Stripe.api_key = Rails.application.secrets.stripe_api_key
-Stripe.api_version = '2019-08-14'
+Stripe.api_version = '2019-08-14'

config/secrets.yml

@@ -12,7 +12,6 @@
 
 development:
   secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
-  stripe_api_key: <%= ENV["STRIPE_API_KEY"] %>
   stripe_currency: <%= ENV["STRIPE_CURRENCY"] %>
   fablab_without_wallet: <%= ENV["FABLAB_WITHOUT_WALLET"] %>
   user_confirmation_needed_to_sign_in: <%= ENV["USER_CONFIRMATION_NEEDED_TO_SIGN_IN"] %>
@@ -43,7 +42,6 @@ development:
 
 test:
   secret_key_base: 83daf5e7b80d990f037407bab78dff9904aaf3c195a50f84fa8695a22287e707dfbd9524b403b1dcf116ae1d8c06844c3d7ed942564e5b46be6ae3ead93a9d30
-  stripe_api_key: <%= ENV["STRIPE_API_KEY"] %>
   stripe_currency: usd
   fablab_without_wallet: false
   user_confirmation_needed_to_sign_in: <%= ENV["USER_CONFIRMATION_NEEDED_TO_SIGN_IN"] %>
@@ -74,7 +72,6 @@ test:
 
 staging:
   secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
-  stripe_api_key: <%= ENV["STRIPE_API_KEY"] %>
   stripe_currency: <%= ENV["STRIPE_CURRENCY"] %>
   fablab_without_wallet: <%= ENV["FABLAB_WITHOUT_WALLET"] %>
   user_confirmation_needed_to_sign_in: <%= ENV["USER_CONFIRMATION_NEEDED_TO_SIGN_IN"] %>
@@ -116,7 +113,6 @@ staging:
 # instead read values from the environment.
 production:
   secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
-  stripe_api_key: <%= ENV["STRIPE_API_KEY"] %>
   stripe_currency: <%= ENV["STRIPE_CURRENCY"] %>
   fablab_without_wallet: <%= ENV["FABLAB_WITHOUT_WALLET"] %>
   user_confirmation_needed_to_sign_in: <%= ENV["USER_CONFIRMATION_NEEDED_TO_SIGN_IN"] %>

doc/environment.md

@@ -51,19 +51,6 @@ When using docker-compose, you should provide the name of the service in your [d
 Used by the authentication system to generate random tokens, eg. for resetting passwords.
 Used by Rails to verify the integrity of signed cookies.
 You can generate such a random key by running `rails secret`.
-<a name="STRIPE_API_KEY"></a>
-
-    STRIPE_API_KEY
-
-Key and secret used to identify you Stripe account through the API.
-Retrieve them from https://dashboard.stripe.com/account/apikeys.
-
-**MANDATORY**: Even if you don't want to charge your customers, you must fill this settings.
-For this purpose, you can use a stripe account in test mode, which will provide you test keys.
-If you change these keys during the application lifecycle, you must run `rails fablab:stripe:sync_members`, otherwise your users won't be able to do card payments.
-
-Please note that Stripe have changed the naming of their keys. Here's the matching:
-`STRIPE_API_KEY` = secret key
 <a name="STRIPE_CURRENCY"></a>
 
     STRIPE_CURRENCY

env.example

@@ -8,7 +8,6 @@ ELASTICSEARCH_HOST=fabmanager-elastic
 
 # Stripe
 SECRET_KEY_BASE=83daf5e7b80d990f037407bab78dff9904aaf3c195a50f84fa8695a22287e707dfbd9524b403b1dcf116ae1d8c06844c3d7ed942564e5b46be6ae3ead93a9d30
-STRIPE_API_KEY==
 STRIPE_CURRENCY=eur
 
 # Invoices

lib/tasks/fablab/stripe.rake

@@ -39,7 +39,7 @@ namespace :fablab do
     task clean_cassettes_secrets: :environment do
       Dir['test/vcr_cassettes/*.yml'].each do |cassette_file|
         cassette = File.read(cassette_file)
-        cassette = cassette.gsub(Rails.application.secrets.stripe_api_key, 'sk_test_testfaketestfaketestfake')
+        cassette = cassette.gsub(Setting.get('stripe_secret_key'), 'sk_test_testfaketestfaketestfake')
         cassette = cassette.gsub(Setting.get('stripe_public_key'), 'pk_test_faketestfaketestfaketest')
         puts cassette
         File.write(cassette_file, cassette)

setup/env.example

@@ -4,7 +4,6 @@ ELASTICSEARCH_HOST=elasticsearch
 
 SECRET_KEY_BASE=
 
-STRIPE_API_KEY=
 STRIPE_CURRENCY=eur
 
 INVOICE_PREFIX=Demo-FabLab_facture

setup/setup.sh

@@ -234,7 +234,7 @@ configure_env_file()
 
   local doc variables secret
   doc=$(\curl -sSL https://raw.githubusercontent.com/sleede/fab-manager/master/doc/environment.md)
-  variables=(STRIPE_API_KEY STRIPE_CURRENCY INVOICE_PREFIX FABLAB_WITHOUT_ONLINE_PAYMENT FABLAB_WITHOUT_WALLET \
+  variables=(STRIPE_CURRENCY INVOICE_PREFIX FABLAB_WITHOUT_ONLINE_PAYMENT FABLAB_WITHOUT_WALLET \
    USER_CONFIRMATION_NEEDED_TO_SIGN_IN DEFAULT_HOST DEFAULT_PROTOCOL DELIVERY_METHOD SMTP_ADDRESS SMTP_PORT SMTP_USER_NAME SMTP_PASSWORD SMTP_AUTHENTICATION \
    SMTP_ENABLE_STARTTLS_AUTO SMTP_OPENSSL_VERIFY_MODE SMTP_TLS \
    LOG_LEVEL MAX_IMAGE_SIZE MAX_CAO_SIZE MAX_IMPORT_SIZE DISK_SPACE_MB_ALERT \

test/integration/events/as_user_test.rb

@@ -94,7 +94,7 @@ module Events
       assert_invoice_pdf invoice
 
       VCR.use_cassette('reserve_event_with_many_prices_and_payment_means_retrieve_invoice_from_stripe') do
-        stp_intent = Stripe::PaymentIntent.retrieve(invoice.stp_payment_intent_id)
+        stp_intent = Stripe::PaymentIntent.retrieve(invoice.stp_payment_intent_id, api_key: Setting.get('stripe_secret_key'))
         assert_equal stp_intent.amount, (invoice.total - invoice.wallet_amount) # total minus coupon minus wallet = amount really payed by the user
       end
 

test/integration/reservations/create_test.rb

@@ -596,7 +596,7 @@ module Reservations
       assert_invoice_pdf invoice
 
       VCR.use_cassette('reservations_machine_and_plan_using_coupon_retrieve_invoice_from_stripe') do
-        stp_intent = Stripe::PaymentIntent.retrieve(invoice.stp_payment_intent_id)
+        stp_intent = Stripe::PaymentIntent.retrieve(invoice.stp_payment_intent_id, api_key: Setting.get('stripe_secret_key'))
         assert_equal stp_intent.amount, invoice.total
       end
 

test/test_helper.rb

@@ -54,13 +54,16 @@ class ActiveSupport::TestCase
     end
 
     Stripe::PaymentMethod.create(
-      type: 'card',
-      card: {
-        number: number,
-        exp_month: exp_month,
-        exp_year: exp_year,
-        cvc: cvc
-      }
+      {
+        type: 'card',
+        card: {
+          number: number,
+          exp_month: exp_month,
+          exp_year: exp_year,
+          cvc: cvc
+        }
+      },
+      { api_key: Setting.get('stripe_secret_key') }
     ).id
   end