1
0
mirror of https://github.com/LaCasemate/fab-manager.git synced 2025-01-17 06:52:27 +01:00

read stripe_api_key from db

This commit is contained in:
Sylvain 2020-06-10 11:33:03 +02:00
parent 88208627c9
commit 82d6677cff
16 changed files with 51 additions and 58 deletions

View File

@ -24,15 +24,17 @@ class API::PaymentsController < API::ApiController
# Create the PaymentIntent # Create the PaymentIntent
intent = Stripe::PaymentIntent.create( intent = Stripe::PaymentIntent.create(
payment_method: params[:payment_method_id], {
amount: amount[:amount], payment_method: params[:payment_method_id],
currency: Rails.application.secrets.stripe_currency, amount: amount[:amount],
confirmation_method: 'manual', currency: Rails.application.secrets.stripe_currency,
confirm: true, confirmation_method: 'manual',
customer: current_user.stp_customer_id confirm: true,
customer: current_user.stp_customer_id
}, { api_key: Setting.get('stripe_secret_key') }
) )
elsif params[:payment_intent_id].present? elsif params[:payment_intent_id].present?
intent = Stripe::PaymentIntent.confirm(params[:payment_intent_id]) intent = Stripe::PaymentIntent.confirm(params[:payment_intent_id], api_key: Setting.get('stripe_secret_key'))
end end
rescue Stripe::CardError => e rescue Stripe::CardError => e
# Display error on client # Display error on client
@ -62,7 +64,8 @@ class API::PaymentsController < API::ApiController
.pay_and_save(@reservation, payment_details: details, payment_intent_id: intent.id) .pay_and_save(@reservation, payment_details: details, payment_intent_id: intent.id)
Stripe::PaymentIntent.update( Stripe::PaymentIntent.update(
intent.id, intent.id,
description: "Invoice reference: #{@reservation.invoice.reference}" { description: "Invoice reference: #{@reservation.invoice.reference}" },
{ api_key: Setting.get('stripe_secret_key') }
) )
if is_reserve if is_reserve
@ -81,7 +84,8 @@ class API::PaymentsController < API::ApiController
Stripe::PaymentIntent.update( Stripe::PaymentIntent.update(
intent.id, intent.id,
description: "Invoice reference: #{@subscription.invoices.first.reference}" { description: "Invoice reference: #{@subscription.invoices.first.reference}" },
{ api_key: Setting.get('stripe_secret_key') }
) )
if is_subscribe if is_subscribe

View File

@ -112,7 +112,10 @@ class Reservation < ApplicationRecord
end end
def clean_pending_strip_invoice_items def clean_pending_strip_invoice_items
pending_invoice_items = Stripe::InvoiceItem.list(customer: user.stp_customer_id, limit: 100).data.select { |ii| ii.invoice.nil? } pending_invoice_items = Stripe::InvoiceItem.list(
{ customer: user.stp_customer_id, limit: 100 },
{ api_key: Setting.get('stripe_secret_key') }
).data.select { |ii| ii.invoice.nil? }
pending_invoice_items.each(&:delete) pending_invoice_items.each(&:delete)
end end

View File

@ -178,7 +178,7 @@ class User < ApplicationRecord
end end
def stripe_customer def stripe_customer
Stripe::Customer.retrieve stp_customer_id Stripe::Customer.retrieve(stp_customer_id, api_key: Setting.get('stripe_secret_key'))
end end
def active_for_authentication? def active_for_authentication?

View File

@ -1,15 +1,15 @@
# frozen_string_literal: true
# validates the given card token through the Stripe API
class StripeCardTokenValidator class StripeCardTokenValidator
def validate(record) def validate(record)
if options[:token] return unless options[:token]
begin
res = Stripe::Token.retrieve(options[:token]) res = Stripe::Token.retrieve(options[:token], api_key: Setting.get('stripe_secret_key'))
if res[:id] != options[:token] if res[:id] != options[:token]
record.errors[:card_token] << "A problem occurred while retrieving the card with the specified token: #{res.id}" record.errors[:card_token] << "A problem occurred while retrieving the card with the specified token: #{res.id}"
end
rescue Stripe::InvalidRequestError => e
record.errors[:card_token] << e
end
end end
rescue Stripe::InvalidRequestError => e
record.errors[:card_token] << e
end end
end end

View File

@ -12,8 +12,11 @@ class StripeWorker
def create_stripe_customer(user_id) def create_stripe_customer(user_id)
user = User.find(user_id) user = User.find(user_id)
customer = Stripe::Customer.create( customer = Stripe::Customer.create(
description: user.profile.full_name, {
email: user.email description: user.profile.full_name,
email: user.email
},
{ api_key: Setting.get('stripe_secret_key') }
) )
user.update_columns(stp_customer_id: customer.id) user.update_columns(stp_customer_id: customer.id)
end end
@ -34,11 +37,11 @@ class StripeWorker
stp_coupon[:redeem_by] = coupon.valid_until.to_i unless coupon.valid_until.nil? stp_coupon[:redeem_by] = coupon.valid_until.to_i unless coupon.valid_until.nil?
stp_coupon[:max_redemptions] = coupon.max_usages unless coupon.max_usages.nil? stp_coupon[:max_redemptions] = coupon.max_usages unless coupon.max_usages.nil?
Stripe::Coupon.create(stp_coupon) Stripe::Coupon.create(stp_coupon, api_key: Setting.get('stripe_secret_key'))
end end
def delete_stripe_coupon(coupon_code) def delete_stripe_coupon(coupon_code)
cpn = Stripe::Coupon.retrieve(coupon_code) cpn = Stripe::Coupon.retrieve(coupon_code, api_key: Setting.get('stripe_secret_key'))
cpn.delete cpn.delete
end end
end end

View File

@ -11,7 +11,7 @@ class SyncMembersOnStripeWorker
User.online_payers.each_with_index do |member, index| User.online_payers.each_with_index do |member, index|
logger.debug "#{index} / #{total}" logger.debug "#{index} / #{total}"
begin begin
stp_customer = Stripe::Customer.retrieve member.stp_customer_id stp_customer = Stripe::Customer.retrieve(member.stp_customer_id, api_key: Setting.get('stripe_secret_key'))
StripeWorker.perform(:create_stripe_customer, member.id) if stp_customer.nil? || stp_customer[:deleted] StripeWorker.perform(:create_stripe_customer, member.id) if stp_customer.nil? || stp_customer[:deleted]
rescue Stripe::InvalidRequestError rescue Stripe::InvalidRequestError
StripeWorker.perform(:create_stripe_customer, member.id) StripeWorker.perform(:create_stripe_customer, member.id)

View File

@ -2,5 +2,4 @@
require 'stripe' require 'stripe'
Stripe.api_key = Rails.application.secrets.stripe_api_key Stripe.api_version = '2019-08-14'
Stripe.api_version = '2019-08-14'

View File

@ -12,7 +12,6 @@
development: development:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %> secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
stripe_api_key: <%= ENV["STRIPE_API_KEY"] %>
stripe_currency: <%= ENV["STRIPE_CURRENCY"] %> stripe_currency: <%= ENV["STRIPE_CURRENCY"] %>
fablab_without_wallet: <%= ENV["FABLAB_WITHOUT_WALLET"] %> fablab_without_wallet: <%= ENV["FABLAB_WITHOUT_WALLET"] %>
user_confirmation_needed_to_sign_in: <%= ENV["USER_CONFIRMATION_NEEDED_TO_SIGN_IN"] %> user_confirmation_needed_to_sign_in: <%= ENV["USER_CONFIRMATION_NEEDED_TO_SIGN_IN"] %>
@ -43,7 +42,6 @@ development:
test: test:
secret_key_base: 83daf5e7b80d990f037407bab78dff9904aaf3c195a50f84fa8695a22287e707dfbd9524b403b1dcf116ae1d8c06844c3d7ed942564e5b46be6ae3ead93a9d30 secret_key_base: 83daf5e7b80d990f037407bab78dff9904aaf3c195a50f84fa8695a22287e707dfbd9524b403b1dcf116ae1d8c06844c3d7ed942564e5b46be6ae3ead93a9d30
stripe_api_key: <%= ENV["STRIPE_API_KEY"] %>
stripe_currency: usd stripe_currency: usd
fablab_without_wallet: false fablab_without_wallet: false
user_confirmation_needed_to_sign_in: <%= ENV["USER_CONFIRMATION_NEEDED_TO_SIGN_IN"] %> user_confirmation_needed_to_sign_in: <%= ENV["USER_CONFIRMATION_NEEDED_TO_SIGN_IN"] %>
@ -74,7 +72,6 @@ test:
staging: staging:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %> secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
stripe_api_key: <%= ENV["STRIPE_API_KEY"] %>
stripe_currency: <%= ENV["STRIPE_CURRENCY"] %> stripe_currency: <%= ENV["STRIPE_CURRENCY"] %>
fablab_without_wallet: <%= ENV["FABLAB_WITHOUT_WALLET"] %> fablab_without_wallet: <%= ENV["FABLAB_WITHOUT_WALLET"] %>
user_confirmation_needed_to_sign_in: <%= ENV["USER_CONFIRMATION_NEEDED_TO_SIGN_IN"] %> user_confirmation_needed_to_sign_in: <%= ENV["USER_CONFIRMATION_NEEDED_TO_SIGN_IN"] %>
@ -116,7 +113,6 @@ staging:
# instead read values from the environment. # instead read values from the environment.
production: production:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %> secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
stripe_api_key: <%= ENV["STRIPE_API_KEY"] %>
stripe_currency: <%= ENV["STRIPE_CURRENCY"] %> stripe_currency: <%= ENV["STRIPE_CURRENCY"] %>
fablab_without_wallet: <%= ENV["FABLAB_WITHOUT_WALLET"] %> fablab_without_wallet: <%= ENV["FABLAB_WITHOUT_WALLET"] %>
user_confirmation_needed_to_sign_in: <%= ENV["USER_CONFIRMATION_NEEDED_TO_SIGN_IN"] %> user_confirmation_needed_to_sign_in: <%= ENV["USER_CONFIRMATION_NEEDED_TO_SIGN_IN"] %>

View File

@ -51,19 +51,6 @@ When using docker-compose, you should provide the name of the service in your [d
Used by the authentication system to generate random tokens, eg. for resetting passwords. Used by the authentication system to generate random tokens, eg. for resetting passwords.
Used by Rails to verify the integrity of signed cookies. Used by Rails to verify the integrity of signed cookies.
You can generate such a random key by running `rails secret`. You can generate such a random key by running `rails secret`.
<a name="STRIPE_API_KEY"></a>
STRIPE_API_KEY
Key and secret used to identify you Stripe account through the API.
Retrieve them from https://dashboard.stripe.com/account/apikeys.
**MANDATORY**: Even if you don't want to charge your customers, you must fill this settings.
For this purpose, you can use a stripe account in test mode, which will provide you test keys.
If you change these keys during the application lifecycle, you must run `rails fablab:stripe:sync_members`, otherwise your users won't be able to do card payments.
Please note that Stripe have changed the naming of their keys. Here's the matching:
`STRIPE_API_KEY` = secret key
<a name="STRIPE_CURRENCY"></a> <a name="STRIPE_CURRENCY"></a>
STRIPE_CURRENCY STRIPE_CURRENCY

View File

@ -8,7 +8,6 @@ ELASTICSEARCH_HOST=fabmanager-elastic
# Stripe # Stripe
SECRET_KEY_BASE=83daf5e7b80d990f037407bab78dff9904aaf3c195a50f84fa8695a22287e707dfbd9524b403b1dcf116ae1d8c06844c3d7ed942564e5b46be6ae3ead93a9d30 SECRET_KEY_BASE=83daf5e7b80d990f037407bab78dff9904aaf3c195a50f84fa8695a22287e707dfbd9524b403b1dcf116ae1d8c06844c3d7ed942564e5b46be6ae3ead93a9d30
STRIPE_API_KEY==
STRIPE_CURRENCY=eur STRIPE_CURRENCY=eur
# Invoices # Invoices

View File

@ -39,7 +39,7 @@ namespace :fablab do
task clean_cassettes_secrets: :environment do task clean_cassettes_secrets: :environment do
Dir['test/vcr_cassettes/*.yml'].each do |cassette_file| Dir['test/vcr_cassettes/*.yml'].each do |cassette_file|
cassette = File.read(cassette_file) cassette = File.read(cassette_file)
cassette = cassette.gsub(Rails.application.secrets.stripe_api_key, 'sk_test_testfaketestfaketestfake') cassette = cassette.gsub(Setting.get('stripe_secret_key'), 'sk_test_testfaketestfaketestfake')
cassette = cassette.gsub(Setting.get('stripe_public_key'), 'pk_test_faketestfaketestfaketest') cassette = cassette.gsub(Setting.get('stripe_public_key'), 'pk_test_faketestfaketestfaketest')
puts cassette puts cassette
File.write(cassette_file, cassette) File.write(cassette_file, cassette)

View File

@ -4,7 +4,6 @@ ELASTICSEARCH_HOST=elasticsearch
SECRET_KEY_BASE= SECRET_KEY_BASE=
STRIPE_API_KEY=
STRIPE_CURRENCY=eur STRIPE_CURRENCY=eur
INVOICE_PREFIX=Demo-FabLab_facture INVOICE_PREFIX=Demo-FabLab_facture

View File

@ -234,7 +234,7 @@ configure_env_file()
local doc variables secret local doc variables secret
doc=$(\curl -sSL https://raw.githubusercontent.com/sleede/fab-manager/master/doc/environment.md) doc=$(\curl -sSL https://raw.githubusercontent.com/sleede/fab-manager/master/doc/environment.md)
variables=(STRIPE_API_KEY STRIPE_CURRENCY INVOICE_PREFIX FABLAB_WITHOUT_ONLINE_PAYMENT FABLAB_WITHOUT_WALLET \ variables=(STRIPE_CURRENCY INVOICE_PREFIX FABLAB_WITHOUT_ONLINE_PAYMENT FABLAB_WITHOUT_WALLET \
USER_CONFIRMATION_NEEDED_TO_SIGN_IN DEFAULT_HOST DEFAULT_PROTOCOL DELIVERY_METHOD SMTP_ADDRESS SMTP_PORT SMTP_USER_NAME SMTP_PASSWORD SMTP_AUTHENTICATION \ USER_CONFIRMATION_NEEDED_TO_SIGN_IN DEFAULT_HOST DEFAULT_PROTOCOL DELIVERY_METHOD SMTP_ADDRESS SMTP_PORT SMTP_USER_NAME SMTP_PASSWORD SMTP_AUTHENTICATION \
SMTP_ENABLE_STARTTLS_AUTO SMTP_OPENSSL_VERIFY_MODE SMTP_TLS \ SMTP_ENABLE_STARTTLS_AUTO SMTP_OPENSSL_VERIFY_MODE SMTP_TLS \
LOG_LEVEL MAX_IMAGE_SIZE MAX_CAO_SIZE MAX_IMPORT_SIZE DISK_SPACE_MB_ALERT \ LOG_LEVEL MAX_IMAGE_SIZE MAX_CAO_SIZE MAX_IMPORT_SIZE DISK_SPACE_MB_ALERT \

View File

@ -94,7 +94,7 @@ module Events
assert_invoice_pdf invoice assert_invoice_pdf invoice
VCR.use_cassette('reserve_event_with_many_prices_and_payment_means_retrieve_invoice_from_stripe') do VCR.use_cassette('reserve_event_with_many_prices_and_payment_means_retrieve_invoice_from_stripe') do
stp_intent = Stripe::PaymentIntent.retrieve(invoice.stp_payment_intent_id) stp_intent = Stripe::PaymentIntent.retrieve(invoice.stp_payment_intent_id, api_key: Setting.get('stripe_secret_key'))
assert_equal stp_intent.amount, (invoice.total - invoice.wallet_amount) # total minus coupon minus wallet = amount really payed by the user assert_equal stp_intent.amount, (invoice.total - invoice.wallet_amount) # total minus coupon minus wallet = amount really payed by the user
end end

View File

@ -596,7 +596,7 @@ module Reservations
assert_invoice_pdf invoice assert_invoice_pdf invoice
VCR.use_cassette('reservations_machine_and_plan_using_coupon_retrieve_invoice_from_stripe') do VCR.use_cassette('reservations_machine_and_plan_using_coupon_retrieve_invoice_from_stripe') do
stp_intent = Stripe::PaymentIntent.retrieve(invoice.stp_payment_intent_id) stp_intent = Stripe::PaymentIntent.retrieve(invoice.stp_payment_intent_id, api_key: Setting.get('stripe_secret_key'))
assert_equal stp_intent.amount, invoice.total assert_equal stp_intent.amount, invoice.total
end end

View File

@ -54,13 +54,16 @@ class ActiveSupport::TestCase
end end
Stripe::PaymentMethod.create( Stripe::PaymentMethod.create(
type: 'card', {
card: { type: 'card',
number: number, card: {
exp_month: exp_month, number: number,
exp_year: exp_year, exp_month: exp_month,
cvc: cvc exp_year: exp_year,
} cvc: cvc
}
},
{ api_key: Setting.get('stripe_secret_key') }
).id ).id
end end