diff --git a/app/controllers/api/payments_controller.rb b/app/controllers/api/payments_controller.rb
index 589f5e223..04f565a8c 100644
--- a/app/controllers/api/payments_controller.rb
+++ b/app/controllers/api/payments_controller.rb
@@ -24,15 +24,17 @@ class API::PaymentsController < API::ApiController
# Create the PaymentIntent
intent = Stripe::PaymentIntent.create(
- payment_method: params[:payment_method_id],
- amount: amount[:amount],
- currency: Rails.application.secrets.stripe_currency,
- confirmation_method: 'manual',
- confirm: true,
- customer: current_user.stp_customer_id
+ {
+ payment_method: params[:payment_method_id],
+ amount: amount[:amount],
+ currency: Rails.application.secrets.stripe_currency,
+ confirmation_method: 'manual',
+ confirm: true,
+ customer: current_user.stp_customer_id
+ }, { api_key: Setting.get('stripe_secret_key') }
)
elsif params[:payment_intent_id].present?
- intent = Stripe::PaymentIntent.confirm(params[:payment_intent_id])
+ intent = Stripe::PaymentIntent.confirm(params[:payment_intent_id], api_key: Setting.get('stripe_secret_key'))
end
rescue Stripe::CardError => e
# Display error on client
@@ -62,7 +64,8 @@ class API::PaymentsController < API::ApiController
.pay_and_save(@reservation, payment_details: details, payment_intent_id: intent.id)
Stripe::PaymentIntent.update(
intent.id,
- description: "Invoice reference: #{@reservation.invoice.reference}"
+ { description: "Invoice reference: #{@reservation.invoice.reference}" },
+ { api_key: Setting.get('stripe_secret_key') }
)
if is_reserve
@@ -81,7 +84,8 @@ class API::PaymentsController < API::ApiController
Stripe::PaymentIntent.update(
intent.id,
- description: "Invoice reference: #{@subscription.invoices.first.reference}"
+ { description: "Invoice reference: #{@subscription.invoices.first.reference}" },
+ { api_key: Setting.get('stripe_secret_key') }
)
if is_subscribe
diff --git a/app/models/reservation.rb b/app/models/reservation.rb
index bbf9c7bcf..eec8cf95a 100644
--- a/app/models/reservation.rb
+++ b/app/models/reservation.rb
@@ -112,7 +112,10 @@ class Reservation < ApplicationRecord
end
def clean_pending_strip_invoice_items
- pending_invoice_items = Stripe::InvoiceItem.list(customer: user.stp_customer_id, limit: 100).data.select { |ii| ii.invoice.nil? }
+ pending_invoice_items = Stripe::InvoiceItem.list(
+ { customer: user.stp_customer_id, limit: 100 },
+ { api_key: Setting.get('stripe_secret_key') }
+ ).data.select { |ii| ii.invoice.nil? }
pending_invoice_items.each(&:delete)
end
diff --git a/app/models/user.rb b/app/models/user.rb
index 9b328a59a..4d611d109 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -178,7 +178,7 @@ class User < ApplicationRecord
end
def stripe_customer
- Stripe::Customer.retrieve stp_customer_id
+ Stripe::Customer.retrieve(stp_customer_id, api_key: Setting.get('stripe_secret_key'))
end
def active_for_authentication?
diff --git a/app/validators/stripe_card_token_validator.rb b/app/validators/stripe_card_token_validator.rb
index 1d7a78165..89f160e89 100644
--- a/app/validators/stripe_card_token_validator.rb
+++ b/app/validators/stripe_card_token_validator.rb
@@ -1,15 +1,15 @@
+# frozen_string_literal: true
+# validates the given card token through the Stripe API
class StripeCardTokenValidator
def validate(record)
- if options[:token]
- begin
- res = Stripe::Token.retrieve(options[:token])
- if res[:id] != options[:token]
- record.errors[:card_token] << "A problem occurred while retrieving the card with the specified token: #{res.id}"
- end
- rescue Stripe::InvalidRequestError => e
- record.errors[:card_token] << e
- end
+ return unless options[:token]
+
+ res = Stripe::Token.retrieve(options[:token], api_key: Setting.get('stripe_secret_key'))
+ if res[:id] != options[:token]
+ record.errors[:card_token] << "A problem occurred while retrieving the card with the specified token: #{res.id}"
end
+ rescue Stripe::InvalidRequestError => e
+ record.errors[:card_token] << e
end
-end
\ No newline at end of file
+end
diff --git a/app/workers/stripe_worker.rb b/app/workers/stripe_worker.rb
index b45f50ce2..184b805d9 100644
--- a/app/workers/stripe_worker.rb
+++ b/app/workers/stripe_worker.rb
@@ -12,8 +12,11 @@ class StripeWorker
def create_stripe_customer(user_id)
user = User.find(user_id)
customer = Stripe::Customer.create(
- description: user.profile.full_name,
- email: user.email
+ {
+ description: user.profile.full_name,
+ email: user.email
+ },
+ { api_key: Setting.get('stripe_secret_key') }
)
user.update_columns(stp_customer_id: customer.id)
end
@@ -34,11 +37,11 @@ class StripeWorker
stp_coupon[:redeem_by] = coupon.valid_until.to_i unless coupon.valid_until.nil?
stp_coupon[:max_redemptions] = coupon.max_usages unless coupon.max_usages.nil?
- Stripe::Coupon.create(stp_coupon)
+ Stripe::Coupon.create(stp_coupon, api_key: Setting.get('stripe_secret_key'))
end
def delete_stripe_coupon(coupon_code)
- cpn = Stripe::Coupon.retrieve(coupon_code)
+ cpn = Stripe::Coupon.retrieve(coupon_code, api_key: Setting.get('stripe_secret_key'))
cpn.delete
end
end
diff --git a/app/workers/sync_members_on_stripe_worker.rb b/app/workers/sync_members_on_stripe_worker.rb
index b140939c5..f2254437d 100644
--- a/app/workers/sync_members_on_stripe_worker.rb
+++ b/app/workers/sync_members_on_stripe_worker.rb
@@ -11,7 +11,7 @@ class SyncMembersOnStripeWorker
User.online_payers.each_with_index do |member, index|
logger.debug "#{index} / #{total}"
begin
- stp_customer = Stripe::Customer.retrieve member.stp_customer_id
+ stp_customer = Stripe::Customer.retrieve(member.stp_customer_id, api_key: Setting.get('stripe_secret_key'))
StripeWorker.perform(:create_stripe_customer, member.id) if stp_customer.nil? || stp_customer[:deleted]
rescue Stripe::InvalidRequestError
StripeWorker.perform(:create_stripe_customer, member.id)
diff --git a/config/initializers/stripe.rb b/config/initializers/stripe.rb
index 0f4622277..12398ec1a 100644
--- a/config/initializers/stripe.rb
+++ b/config/initializers/stripe.rb
@@ -2,5 +2,4 @@
require 'stripe'
-Stripe.api_key = Rails.application.secrets.stripe_api_key
-Stripe.api_version = '2019-08-14'
\ No newline at end of file
+Stripe.api_version = '2019-08-14'
diff --git a/config/secrets.yml b/config/secrets.yml
index 603775086..f97719c71 100644
--- a/config/secrets.yml
+++ b/config/secrets.yml
@@ -12,7 +12,6 @@
development:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
- stripe_api_key: <%= ENV["STRIPE_API_KEY"] %>
stripe_currency: <%= ENV["STRIPE_CURRENCY"] %>
fablab_without_wallet: <%= ENV["FABLAB_WITHOUT_WALLET"] %>
user_confirmation_needed_to_sign_in: <%= ENV["USER_CONFIRMATION_NEEDED_TO_SIGN_IN"] %>
@@ -43,7 +42,6 @@ development:
test:
secret_key_base: 83daf5e7b80d990f037407bab78dff9904aaf3c195a50f84fa8695a22287e707dfbd9524b403b1dcf116ae1d8c06844c3d7ed942564e5b46be6ae3ead93a9d30
- stripe_api_key: <%= ENV["STRIPE_API_KEY"] %>
stripe_currency: usd
fablab_without_wallet: false
user_confirmation_needed_to_sign_in: <%= ENV["USER_CONFIRMATION_NEEDED_TO_SIGN_IN"] %>
@@ -74,7 +72,6 @@ test:
staging:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
- stripe_api_key: <%= ENV["STRIPE_API_KEY"] %>
stripe_currency: <%= ENV["STRIPE_CURRENCY"] %>
fablab_without_wallet: <%= ENV["FABLAB_WITHOUT_WALLET"] %>
user_confirmation_needed_to_sign_in: <%= ENV["USER_CONFIRMATION_NEEDED_TO_SIGN_IN"] %>
@@ -116,7 +113,6 @@ staging:
# instead read values from the environment.
production:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
- stripe_api_key: <%= ENV["STRIPE_API_KEY"] %>
stripe_currency: <%= ENV["STRIPE_CURRENCY"] %>
fablab_without_wallet: <%= ENV["FABLAB_WITHOUT_WALLET"] %>
user_confirmation_needed_to_sign_in: <%= ENV["USER_CONFIRMATION_NEEDED_TO_SIGN_IN"] %>
diff --git a/doc/environment.md b/doc/environment.md
index de2a8ad06..4fe46d30d 100644
--- a/doc/environment.md
+++ b/doc/environment.md
@@ -51,19 +51,6 @@ When using docker-compose, you should provide the name of the service in your [d
Used by the authentication system to generate random tokens, eg. for resetting passwords.
Used by Rails to verify the integrity of signed cookies.
You can generate such a random key by running `rails secret`.
-
-
- STRIPE_API_KEY
-
-Key and secret used to identify you Stripe account through the API.
-Retrieve them from https://dashboard.stripe.com/account/apikeys.
-
-**MANDATORY**: Even if you don't want to charge your customers, you must fill this settings.
-For this purpose, you can use a stripe account in test mode, which will provide you test keys.
-If you change these keys during the application lifecycle, you must run `rails fablab:stripe:sync_members`, otherwise your users won't be able to do card payments.
-
-Please note that Stripe have changed the naming of their keys. Here's the matching:
-`STRIPE_API_KEY` = secret key
STRIPE_CURRENCY
diff --git a/env.example b/env.example
index 49cadffe3..01a486ce6 100644
--- a/env.example
+++ b/env.example
@@ -8,7 +8,6 @@ ELASTICSEARCH_HOST=fabmanager-elastic
# Stripe
SECRET_KEY_BASE=83daf5e7b80d990f037407bab78dff9904aaf3c195a50f84fa8695a22287e707dfbd9524b403b1dcf116ae1d8c06844c3d7ed942564e5b46be6ae3ead93a9d30
-STRIPE_API_KEY==
STRIPE_CURRENCY=eur
# Invoices
diff --git a/lib/tasks/fablab/stripe.rake b/lib/tasks/fablab/stripe.rake
index fdcbffd3d..83b903590 100644
--- a/lib/tasks/fablab/stripe.rake
+++ b/lib/tasks/fablab/stripe.rake
@@ -39,7 +39,7 @@ namespace :fablab do
task clean_cassettes_secrets: :environment do
Dir['test/vcr_cassettes/*.yml'].each do |cassette_file|
cassette = File.read(cassette_file)
- cassette = cassette.gsub(Rails.application.secrets.stripe_api_key, 'sk_test_testfaketestfaketestfake')
+ cassette = cassette.gsub(Setting.get('stripe_secret_key'), 'sk_test_testfaketestfaketestfake')
cassette = cassette.gsub(Setting.get('stripe_public_key'), 'pk_test_faketestfaketestfaketest')
puts cassette
File.write(cassette_file, cassette)
diff --git a/setup/env.example b/setup/env.example
index ae4049a37..a28c68530 100644
--- a/setup/env.example
+++ b/setup/env.example
@@ -4,7 +4,6 @@ ELASTICSEARCH_HOST=elasticsearch
SECRET_KEY_BASE=
-STRIPE_API_KEY=
STRIPE_CURRENCY=eur
INVOICE_PREFIX=Demo-FabLab_facture
diff --git a/setup/setup.sh b/setup/setup.sh
index e338c1aae..3bba3e331 100755
--- a/setup/setup.sh
+++ b/setup/setup.sh
@@ -234,7 +234,7 @@ configure_env_file()
local doc variables secret
doc=$(\curl -sSL https://raw.githubusercontent.com/sleede/fab-manager/master/doc/environment.md)
- variables=(STRIPE_API_KEY STRIPE_CURRENCY INVOICE_PREFIX FABLAB_WITHOUT_ONLINE_PAYMENT FABLAB_WITHOUT_WALLET \
+ variables=(STRIPE_CURRENCY INVOICE_PREFIX FABLAB_WITHOUT_ONLINE_PAYMENT FABLAB_WITHOUT_WALLET \
USER_CONFIRMATION_NEEDED_TO_SIGN_IN DEFAULT_HOST DEFAULT_PROTOCOL DELIVERY_METHOD SMTP_ADDRESS SMTP_PORT SMTP_USER_NAME SMTP_PASSWORD SMTP_AUTHENTICATION \
SMTP_ENABLE_STARTTLS_AUTO SMTP_OPENSSL_VERIFY_MODE SMTP_TLS \
LOG_LEVEL MAX_IMAGE_SIZE MAX_CAO_SIZE MAX_IMPORT_SIZE DISK_SPACE_MB_ALERT \
diff --git a/test/integration/events/as_user_test.rb b/test/integration/events/as_user_test.rb
index abb37d146..a89a026a2 100644
--- a/test/integration/events/as_user_test.rb
+++ b/test/integration/events/as_user_test.rb
@@ -94,7 +94,7 @@ module Events
assert_invoice_pdf invoice
VCR.use_cassette('reserve_event_with_many_prices_and_payment_means_retrieve_invoice_from_stripe') do
- stp_intent = Stripe::PaymentIntent.retrieve(invoice.stp_payment_intent_id)
+ stp_intent = Stripe::PaymentIntent.retrieve(invoice.stp_payment_intent_id, api_key: Setting.get('stripe_secret_key'))
assert_equal stp_intent.amount, (invoice.total - invoice.wallet_amount) # total minus coupon minus wallet = amount really payed by the user
end
diff --git a/test/integration/reservations/create_test.rb b/test/integration/reservations/create_test.rb
index cc1aaf26d..88898b01a 100644
--- a/test/integration/reservations/create_test.rb
+++ b/test/integration/reservations/create_test.rb
@@ -596,7 +596,7 @@ module Reservations
assert_invoice_pdf invoice
VCR.use_cassette('reservations_machine_and_plan_using_coupon_retrieve_invoice_from_stripe') do
- stp_intent = Stripe::PaymentIntent.retrieve(invoice.stp_payment_intent_id)
+ stp_intent = Stripe::PaymentIntent.retrieve(invoice.stp_payment_intent_id, api_key: Setting.get('stripe_secret_key'))
assert_equal stp_intent.amount, invoice.total
end
diff --git a/test/test_helper.rb b/test/test_helper.rb
index 1258a3558..019001e6b 100644
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -54,13 +54,16 @@ class ActiveSupport::TestCase
end
Stripe::PaymentMethod.create(
- type: 'card',
- card: {
- number: number,
- exp_month: exp_month,
- exp_year: exp_year,
- cvc: cvc
- }
+ {
+ type: 'card',
+ card: {
+ number: number,
+ exp_month: exp_month,
+ exp_year: exp_year,
+ cvc: cvc
+ }
+ },
+ { api_key: Setting.get('stripe_secret_key') }
).id
end