Stripe API upgrade

Gemfile

@@ -126,7 +126,7 @@ gem 'sidekiq', '~> 6.5.12'
 gem 'sidekiq-limit_fetch', '~> 4.4.1'
 gem 'statistics2', '~> 0.54'
 gem 'strip_attributes', git: 'https://github.com/mysociety/strip_attributes.git', branch: 'globalize3-rails7'
-gem 'stripe', '~> 5.55.0'
+gem 'stripe', '~> 11.7.0'
 gem 'syck', '~> 1.4.1', require: false
 gem 'syslog_protocol', '~> 0.9.0'
 gem 'vpim', '~> 24.2.20'
@@ -180,8 +180,7 @@ group :test do
   gem 'simplecov', '~> 0.22.0'
   gem 'simplecov-lcov', '~> 0.7.0'
   gem 'capybara', '~> 3.40.0'
-  gem 'stripe-ruby-mock', git: 'https://github.com/stripe-ruby-mock/stripe-ruby-mock',
-                          ref: '6ceea96'
+  gem 'stripe-ruby-mock', '~> 4.0.0'
   gem 'rails-controller-testing'
 end
 

Gemfile.lock

@@ -23,16 +23,6 @@ GIT
     strip_attributes (1.12.0)
       activemodel (>= 3.0, < 8.0)
 
-GIT
-  remote: https://github.com/stripe-ruby-mock/stripe-ruby-mock
-  revision: 6ceea9679bb573cb8bc6830f1bdf670b220a9859
-  ref: 6ceea96
-  specs:
-    stripe-ruby-mock (3.1.0.rc3)
-      dante (>= 0.2.0)
-      multi_json (~> 1.0)
-      stripe (> 5, < 6)
-
 PATH
   remote: gems/alaveteli_features
   specs:
@@ -529,7 +519,11 @@ GEM
     statistics2 (0.54)
     stimulus-rails (1.3.4)
       railties (>= 6.0.0)
-    stripe (5.55.0)
+    stripe (11.7.0)
+    stripe-ruby-mock (4.0.0)
+      dante (>= 0.2.0)
+      multi_json (~> 1.0)
+      stripe (> 5, < 12)
     syck (1.4.1)
     syslog_protocol (0.9.2)
     text (1.3.1)
@@ -664,8 +658,8 @@ DEPENDENCIES
   statistics2 (~> 0.54)
   stimulus-rails (~> 1.3.4)
   strip_attributes!
-  stripe (~> 5.55.0)
-  stripe-ruby-mock!
+  stripe (~> 11.7.0)
+  stripe-ruby-mock (~> 4.0.0)
   syck (~> 1.4.1)
   syslog_protocol (~> 0.9.0)
   turbo-rails (~> 2.0.11)

app/controllers/alaveteli_pro/plans_controller.rb

@@ -12,7 +12,9 @@ def index
   end
 
   def show
-    stripe_plan = Stripe::Plan.retrieve(plan_name)
+    stripe_plan = Stripe::Plan.retrieve(
+      id: plan_name, expand: ['product']
+    )
     @plan = AlaveteliPro::WithTax.new(stripe_plan)
   rescue Stripe::InvalidRequestError
     raise ActiveRecord::RecordNotFound

app/controllers/alaveteli_pro/stripe_webhooks_controller.rb

@@ -57,13 +57,14 @@ def invoice_payment_succeeded
       charge = Stripe::Charge.retrieve(charge_id)
 
       subscription_id = @stripe_event.data.object.subscription
-      subscription = Stripe::Subscription.retrieve(subscription_id)
-      plan_name = subscription.plan.name
-
-      charge.description =
-        "#{ pro_site_name }: #{ plan_name }"
-
-      charge.save
+      subscription = Stripe::Subscription.retrieve(
+        id: subscription_id, expand: ['plan.product']
+      )
+      plan_name = subscription.plan.product.name
+
+      Stripe::Charge.update(
+        charge.id, description: "#{pro_site_name}: #{plan_name}"
+      )
     end
   end
 

app/controllers/alaveteli_pro/subscriptions_controller.rb

@@ -49,16 +49,14 @@ def create
       @pro_account.token = @token
       @pro_account.update_stripe_customer
 
-      @subscription = @pro_account.subscriptions.build
-      @subscription.update_attributes(
+      attributes = {
         plan: params.require(:plan_id),
         tax_percent: tax_percent,
         payment_behavior: 'allow_incomplete'
-      )
-
-      @subscription.coupon = coupon_code if coupon_code?
+      }
+      attributes[:coupon] = coupon_code if coupon_code?
 
-      @subscription.save
+      @subscription = @pro_account.subscriptions.create(attributes)
 
     rescue ProAccount::CardError,
            Stripe::CardError => e
@@ -151,13 +149,9 @@ def destroy
       @customer = current_user.pro_account.try(:stripe_customer)
       raise ActiveRecord::RecordNotFound unless @customer
 
-      @subscription = Stripe::Subscription.retrieve(params[:id])
-
-      unless @subscription.customer == @customer.id
-        raise ActiveRecord::RecordNotFound
-      end
-
-      @subscription.delete(at_period_end: true)
+      @subscription = current_user.pro_account.subscriptions.
+        retrieve(params[:id])
+      @subscription.update(cancel_at_period_end: true)
 
       flash[:notice] = _('You have successfully cancelled your subscription ' \
                          'to {{pro_site_name}}',

app/models/alaveteli_pro/invoice.rb

@@ -14,7 +14,7 @@ def paid?
     end
 
     # attributes
-    def date
+    def created
       Time.at(super).to_date
     end
 

app/models/alaveteli_pro/subscription.rb

@@ -37,6 +37,14 @@ def require_authorisation?
       ].include?(payment_intent.status)
     end
 
+    def update(attributes)
+      __setobj__(Stripe::Subscription.update(id, attributes))
+    end
+
+    def delete
+      Stripe::Subscription.cancel(id)
+    end
+
     private
 
     def method_missing(*args)

app/models/alaveteli_pro/subscription_collection.rb

@@ -15,12 +15,9 @@ def initialize(customer)
       @customer = customer
     end
 
-    def build
+    def create(attributes = {})
       AlaveteliPro::Subscription.new(
-        Stripe::Subscription.new.tap do |subscription|
-          params = { customer: @customer }
-          subscription.update_attributes(params)
-        end
+        Stripe::Subscription.create(attributes.merge(customer: @customer.id))
       )
     end
 

app/models/pro_account.rb

@@ -49,30 +49,32 @@ def update_stripe_customer
     return unless feature_enabled?(:pro_pricing)
 
     @subscriptions = nil unless stripe_customer
-    @stripe_customer = stripe_customer || Stripe::Customer.new
 
-    update_email
-    update_source
+    attributes = {}
+    attributes[:email] = user.email if stripe_customer.try(:email) != user.email
+    attributes[:source] = @token.id if @token
+
+    @stripe_customer = (
+      if attributes.empty?
+        stripe_customer
+      elsif stripe_customer
+        Stripe::Customer.update(stripe_customer.id, attributes)
+      else
+        Stripe::Customer.create(attributes)
+      end
+    )
 
-    stripe_customer.save
-    update(stripe_customer_id: stripe_customer.id)
+    update(stripe_customer_id: @stripe_customer.id)
   end
 
   private
 
-  def update_email
-    return unless stripe_customer.try(:email) != user.email
-
-    stripe_customer.email = user.email
-  end
-
-  def update_source
-    return unless @token
-
-    stripe_customer.source = @token.id
-  end
-
   def stripe_customer!
-    Stripe::Customer.retrieve(stripe_customer_id) if stripe_customer_id
+    return unless stripe_customer_id
+
+    Stripe::Customer.retrieve(
+      id: stripe_customer_id,
+      expand: ['subscriptions.data.plan.product']
+    )
   end
 end

app/views/alaveteli_pro/invoices/_invoice.html.erb

@@ -1,5 +1,5 @@
 <li>
-  <strong><%= invoice.date.to_fs(:long) %></strong>
+  <strong><%= invoice.created.to_fs(:long) %></strong>
 
   <%= _('Invoice {{invoice_number}} for {{invoice_amount}}',
         invoice_number: invoice.number,

app/views/alaveteli_pro/plans/show.html.erb

@@ -29,7 +29,7 @@
           <h3><%= _('Selected plan') %></h3>
           <div class="plan-overview">
             <div class="plan-overview__desc">
-              <%= @plan.name %>
+              <%= @plan.product.name %>
             </div>
             <div class="plan-overview__details">
               <%= billing_frequency(@plan.interval) %>

app/views/alaveteli_pro/subscriptions/_subscription.html.erb

@@ -1,7 +1,7 @@
 
 <div class="plan-overview">
   <div class="plan-overview__desc">
-    <%= subscription.plan.name %>
+    <%= subscription.plan.product.name %>
   </div>
 
   <div class="plan-overview__details">

config/initializers/stripe.rb

@@ -1,5 +1,5 @@
 Stripe.api_key = AlaveteliConfiguration.stripe_secret_key
-Stripe.api_version = '2017-01-27'
+Stripe.api_version = '2020-03-02'
 Stripe.enable_telemetry = false
 
 module Stripe

doc/CHANGES.md

@@ -2,6 +2,7 @@
 
 ## Highlighted Features
 
+* Upgrade Stripe API version (Graeme Porteous)
 * Drop support for Azure storage (Graeme Porteous)
 * Add basic Citation searching in admin UI (Gareth Rees)
 * Improve citations admin to allow title and description updates (Graeme
@@ -140,6 +141,10 @@
   `config/nginx-ssl.conf.example` and update your production configuration if
   needed.
 
+* _Note:_ If you have Pro pricing enabled, this release changes the Stripe API
+  version from `2017-01-27` to `2020-03-02`. No changes should be necessary to
+  your Stripe account.
+
 # 0.44.0.1
 
 ## Highlighted Features

spec/controllers/alaveteli_pro/plans_controller_spec.rb

@@ -138,7 +138,7 @@
           subscription =
             Stripe::Subscription.create(customer: customer, plan: 'pro')
 
-          subscription.delete
+          Stripe::Subscription.cancel(subscription.id)
           user.create_pro_account(stripe_customer_id: customer.id)
           get :show, params: { id: 'pro' }
         end

spec/controllers/alaveteli_pro/stripe_webhooks_controller_spec.rb

@@ -7,7 +7,7 @@
     let(:signing_secret) { config_secret }
     let(:stripe_helper) { StripeMock.create_test_helper }
 
-    let(:product) { stripe_helper.create_product }
+    let(:product) { stripe_helper.create_product(name: 'Test') }
 
     let(:stripe_customer) do
       Stripe::Customer.create(source: stripe_helper.generate_card_token,
@@ -16,7 +16,7 @@
 
     let(:stripe_plan) do
       stripe_helper.create_plan(
-        id: 'test', name: 'Test', product: product.id,
+        id: 'test', product: product.id,
         amount: 10, currency: 'gbp'
       )
     end
@@ -37,7 +37,7 @@
               currency: stripe_plan.currency,
               type: 'subscription'
             },
-            plan: { id: stripe_plan.id, name: stripe_plan.name }
+            plan: { id: stripe_plan.id }
           }
         ],
         subscription: stripe_subscription.id
@@ -203,7 +203,7 @@ def send_request
       context 'the webhook is for a matching namespaced plan' do
         let(:stripe_plan) do
           stripe_helper.create_plan(
-            id: 'WDTK-test', name: 'Test', product: product.id,
+            id: 'WDTK-test', product: product.id,
             amount: 10, currency: 'gbp'
           )
         end
@@ -219,7 +219,16 @@ def send_request
         end
 
         it 'returns a 200 OK response' do
+          allow(Stripe::Subscription).to receive(:retrieve).with(
+            id: stripe_subscription.id, expand: ['plan.product']
+          ).and_return(stripe_subscription)
+
+          allow(stripe_subscription.plan).to receive(:product).and_return(
+            product
+          )
+
           send_request
+
           expect(response.status).to eq(200)
           expect(response.body).to match('OK')
         end
@@ -330,6 +339,14 @@ def send_request
 
     describe 'updating the Stripe charge description when a payment succeeds' do
       before do
+        allow(Stripe::Subscription).to receive(:retrieve).with(
+          id: stripe_subscription.id, expand: ['plan.product']
+        ).and_return(stripe_subscription)
+
+        allow(stripe_subscription.plan).to receive(:product).and_return(
+          product
+        )
+
         send_request
       end