read stripe_public_key from the db

app/assets/javascripts/controllers/events.js.erb

@@ -698,10 +698,11 @@ Application.Controllers.controller('ShowEventController', ['$scope', '$state', '
           },
           cartItems () {
             return mkRequestParams(reservation, $scope.coupon.applied);
-          }
+          },
+          stripeKey: ['Setting', function (Setting) { return Setting.get({ name: 'stripe_public_key' }).$promise; }]
         },
-        controller: ['$scope', '$uibModalInstance', '$state', 'reservation', 'price', 'cgv', 'Auth', 'Reservation', 'growl', 'wallet', 'helpers', '$filter', 'coupon', 'cartItems',
+        controller: ['$scope', '$uibModalInstance', '$state', 'reservation', 'price', 'cgv', 'Auth', 'Reservation', 'growl', 'wallet', 'helpers', '$filter', 'coupon', 'cartItems', 'stripeKey',
-          function ($scope, $uibModalInstance, $state, reservation, price, cgv, Auth, Reservation, growl, wallet, helpers, $filter, coupon, cartItems) {
+          function ($scope, $uibModalInstance, $state, reservation, price, cgv, Auth, Reservation, growl, wallet, helpers, $filter, coupon, cartItems, stripeKey) {
             // User's wallet amount
             $scope.walletAmount = wallet.amount;
 
@@ -720,8 +721,11 @@ Application.Controllers.controller('ShowEventController', ['$scope', '$state', '
             // Used in wallet info template to interpolate some translations
             $scope.numberFilter = $filter('number');
 
+            // stripe publishable key
+            $scope.stripeKey = stripeKey.setting.value;
+
             // Callback to handle the post-payment and reservation
-            return $scope.onPaymentSuccess = function (reservation) {
+            $scope.onPaymentSuccess = function (reservation) {
               $uibModalInstance.close(reservation);
             };
           }

app/assets/javascripts/controllers/plans.js.erb

@@ -244,10 +244,11 @@ Application.Controllers.controller('PlansIndexController', ['$scope', '$rootScop
           wallet () {
             return Wallet.getWalletByUser({ user_id: $scope.ctrl.member.id }).$promise;
           },
-          coupon () { return $scope.coupon.applied; }
+          coupon () { return $scope.coupon.applied; },
+          stripeKey: ['Setting', function (Setting) { return Setting.get({ name: 'stripe_public_key' }).$promise; }]
         },
-        controller: ['$scope', '$uibModalInstance', '$state', 'selectedPlan', 'member', 'price', 'Subscription', 'CustomAsset', 'wallet', 'helpers', '$filter', 'coupon',
+        controller: ['$scope', '$uibModalInstance', '$state', 'selectedPlan', 'member', 'price', 'Subscription', 'CustomAsset', 'wallet', 'helpers', '$filter', 'coupon', 'stripeKey',
-          function ($scope, $uibModalInstance, $state, selectedPlan, member, price, Subscription, CustomAsset, wallet, helpers, $filter, coupon) {
+          function ($scope, $uibModalInstance, $state, selectedPlan, member, price, Subscription, CustomAsset, wallet, helpers, $filter, coupon, stripeKey) {
             // User's wallet amount
             $scope.walletAmount = wallet.amount;
 
@@ -268,6 +269,9 @@ Application.Controllers.controller('PlansIndexController', ['$scope', '$rootScop
               }
             };
 
+            // stripe publishable key
+            $scope.stripeKey = stripeKey.setting.value;
+
             // retrieve the CGV
             CustomAsset.get({ name: 'cgv-file' }, function (cgv) { $scope.cgv = cgv.custom_asset; });
 

app/assets/javascripts/directives/cart.js.erb

@@ -632,10 +632,11 @@ Application.Directives.directive('cart', [ '$rootScope', '$uibModal', 'dialogs',
               },
               cartItems () {
                 return mkRequestParams(reservation, $scope.coupon.applied);
-              }
+              },
+              stripeKey: ['Setting', function (Setting) { return Setting.get({ name: 'stripe_public_key' }).$promise; }]
             },
-            controller: ['$scope', '$uibModalInstance', '$state', 'reservation', 'price', 'cgv', 'Auth', 'Reservation', 'wallet', 'helpers', '$filter', 'coupon', 'cartItems',
+            controller: ['$scope', '$uibModalInstance', '$state', 'reservation', 'price', 'cgv', 'Auth', 'Reservation', 'wallet', 'helpers', '$filter', 'coupon', 'cartItems', 'stripeKey',
-              function ($scope, $uibModalInstance, $state, reservation, price, cgv, Auth, Reservation, wallet, helpers, $filter, coupon, cartItems) {
+              function ($scope, $uibModalInstance, $state, reservation, price, cgv, Auth, Reservation, wallet, helpers, $filter, coupon, cartItems, stripeKey) {
                 // user wallet amount
                 $scope.walletAmount = wallet.amount;
 
@@ -654,6 +655,9 @@ Application.Directives.directive('cart', [ '$rootScope', '$uibModal', 'dialogs',
                 // Used in wallet info template to interpolate some translations
                 $scope.numberFilter = $filter('number');
 
+                // stripe publishable key
+                $scope.stripeKey = stripeKey.setting.value;
+
                 /**
                  * Callback to handle the post-payment and reservation
                  */

app/assets/javascripts/directives/stripe-form.js.erb

@@ -12,10 +12,11 @@ Application.Directives.directive('stripeForm', ['Payment', 'growl', '_t',
       restrict: 'A',
       scope: {
         cartItems: '=',
-        onPaymentSuccess: '='
+        onPaymentSuccess: '=',
+        stripeKey: '@'
       },
       link: function($scope, element, attributes) {
-        const stripe = Stripe('<%= Rails.application.secrets.stripe_publishable_key %>');
+        const stripe = Stripe($scope.stripeKey);
         const elements = stripe.elements();
 
         const style = {

app/assets/templates/stripe/payment_modal.html.erb

@@ -7,7 +7,7 @@
     <uib-alert ng-repeat="alert in alerts" type="{{alert.type}}" close="closeAlert($index)">{{alert.msg}}</uib-alert>
 
     <div class="panel panel-default bg-light m-n">
-      <form name="stripeForm" stripe:form cart-items="cartItems" on-payment-success="onPaymentSuccess" class="form-horizontal">
+      <form name="stripeForm" stripe:form cart-items="cartItems" on-payment-success="onPaymentSuccess" stripe-key="stripeKey" class="form-horizontal">
         <div class="panel-body">
 
           <h3 class="m-t-xs" ng-if="walletAmount" ng-bind-html="'app.shared.wallet.you_have_amount_in_wallet' | translate:{ amount: numberFilter(walletAmount, 2), currency: currencySymbol }"></h3>

app/services/setting_service.rb

@@ -13,10 +13,6 @@ class SettingService
     NotifyPrivacyUpdateWorker.perform_async(id) if setting.name == 'privacy_body'
 
     # sync all users on stripe
-    return unless %w[stripe_public_key stripe_secret_key].include? setting.name
+    SyncMembersOnStripeWorker.perform_async(setting.history_values.last&.invoicing_profile&.user&.id) if setting.name == 'stripe_secret_key'
-
-    SyncMembersOnStripeWorker.perform_async(
-      setting.history_values.last&.invoicing_profile&.user&.id
-    )
   end
 end

config/secrets.yml

@@ -13,7 +13,6 @@
 development:
   secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
   stripe_api_key: <%= ENV["STRIPE_API_KEY"] %>
-  stripe_publishable_key: <%= ENV["STRIPE_PUBLISHABLE_KEY"] %>
   stripe_currency: <%= ENV["STRIPE_CURRENCY"] %>
   fablab_without_wallet: <%= ENV["FABLAB_WITHOUT_WALLET"] %>
   user_confirmation_needed_to_sign_in: <%= ENV["USER_CONFIRMATION_NEEDED_TO_SIGN_IN"] %>
@@ -45,7 +44,6 @@ development:
 test:
   secret_key_base: 83daf5e7b80d990f037407bab78dff9904aaf3c195a50f84fa8695a22287e707dfbd9524b403b1dcf116ae1d8c06844c3d7ed942564e5b46be6ae3ead93a9d30
   stripe_api_key: <%= ENV["STRIPE_API_KEY"] %>
-  stripe_publishable_key: <%= ENV["STRIPE_PUBLISHABLE_KEY"] %>
   stripe_currency: usd
   fablab_without_wallet: false
   user_confirmation_needed_to_sign_in: <%= ENV["USER_CONFIRMATION_NEEDED_TO_SIGN_IN"] %>
@@ -77,7 +75,6 @@ test:
 staging:
   secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
   stripe_api_key: <%= ENV["STRIPE_API_KEY"] %>
-  stripe_publishable_key: <%= ENV["STRIPE_PUBLISHABLE_KEY"] %>
   stripe_currency: <%= ENV["STRIPE_CURRENCY"] %>
   fablab_without_wallet: <%= ENV["FABLAB_WITHOUT_WALLET"] %>
   user_confirmation_needed_to_sign_in: <%= ENV["USER_CONFIRMATION_NEEDED_TO_SIGN_IN"] %>
@@ -120,7 +117,6 @@ staging:
 production:
   secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
   stripe_api_key: <%= ENV["STRIPE_API_KEY"] %>
-  stripe_publishable_key: <%= ENV["STRIPE_PUBLISHABLE_KEY"] %>
   stripe_currency: <%= ENV["STRIPE_CURRENCY"] %>
   fablab_without_wallet: <%= ENV["FABLAB_WITHOUT_WALLET"] %>
   user_confirmation_needed_to_sign_in: <%= ENV["USER_CONFIRMATION_NEEDED_TO_SIGN_IN"] %>

doc/environment.md

@@ -51,9 +51,9 @@ When using docker-compose, you should provide the name of the service in your [d
 Used by the authentication system to generate random tokens, eg. for resetting passwords.
 Used by Rails to verify the integrity of signed cookies.
 You can generate such a random key by running `rails secret`.
-<a name="STRIPE_API_KEY"></a><a name="STRIPE_PUBLISHABLE_KEY"></a>
+<a name="STRIPE_API_KEY"></a>
 
-    STRIPE_API_KEY & STRIPE_PUBLISHABLE_KEY
+    STRIPE_API_KEY
 
 Key and secret used to identify you Stripe account through the API.
 Retrieve them from https://dashboard.stripe.com/account/apikeys.
@@ -64,7 +64,6 @@ If you change these keys during the application lifecycle, you must run `rails f
 
 Please note that Stripe have changed the naming of their keys. Here's the matching:
 `STRIPE_API_KEY` = secret key
-`STRIPE_PUBLISHABLE_KEY` = public key
 <a name="STRIPE_CURRENCY"></a>
 
     STRIPE_CURRENCY

env.example

@@ -8,8 +8,7 @@ ELASTICSEARCH_HOST=fabmanager-elastic
 
 # Stripe
 SECRET_KEY_BASE=83daf5e7b80d990f037407bab78dff9904aaf3c195a50f84fa8695a22287e707dfbd9524b403b1dcf116ae1d8c06844c3d7ed942564e5b46be6ae3ead93a9d30
-STRIPE_API_KEY=
+STRIPE_API_KEY==
-STRIPE_PUBLISHABLE_KEY=
 STRIPE_CURRENCY=eur
 
 # Invoices

lib/tasks/fablab/stripe.rake

@@ -40,7 +40,7 @@ namespace :fablab do
       Dir['test/vcr_cassettes/*.yml'].each do |cassette_file|
         cassette = File.read(cassette_file)
         cassette = cassette.gsub(Rails.application.secrets.stripe_api_key, 'sk_test_testfaketestfaketestfake')
-        cassette = cassette.gsub(Rails.application.secrets.stripe_publishable_key, 'pk_test_faketestfaketestfaketest')
+        cassette = cassette.gsub(Setting.get('stripe_public_key'), 'pk_test_faketestfaketestfaketest')
         puts cassette
         File.write(cassette_file, cassette)
       end

setup/env.example

@@ -5,7 +5,6 @@ ELASTICSEARCH_HOST=elasticsearch
 SECRET_KEY_BASE=
 
 STRIPE_API_KEY=
-STRIPE_PUBLISHABLE_KEY=
 STRIPE_CURRENCY=eur
 
 INVOICE_PREFIX=Demo-FabLab_facture

setup/setup.sh

@@ -234,7 +234,7 @@ configure_env_file()
 
   local doc variables secret
   doc=$(\curl -sSL https://raw.githubusercontent.com/sleede/fab-manager/master/doc/environment.md)
-  variables=(STRIPE_API_KEY STRIPE_PUBLISHABLE_KEY STRIPE_CURRENCY INVOICE_PREFIX FABLAB_WITHOUT_ONLINE_PAYMENT FABLAB_WITHOUT_WALLET \
+  variables=(STRIPE_API_KEY STRIPE_CURRENCY INVOICE_PREFIX FABLAB_WITHOUT_ONLINE_PAYMENT FABLAB_WITHOUT_WALLET \
    USER_CONFIRMATION_NEEDED_TO_SIGN_IN DEFAULT_HOST DEFAULT_PROTOCOL DELIVERY_METHOD SMTP_ADDRESS SMTP_PORT SMTP_USER_NAME SMTP_PASSWORD SMTP_AUTHENTICATION \
    SMTP_ENABLE_STARTTLS_AUTO SMTP_OPENSSL_VERIFY_MODE SMTP_TLS \
    LOG_LEVEL MAX_IMAGE_SIZE MAX_CAO_SIZE MAX_IMPORT_SIZE DISK_SPACE_MB_ALERT \