Rails 5.1 secrets and Stripe using wrong key - ruby-on-rails

I am using
rails 5.1.2
gem 'stripe-rails
and when I deploy to Heroku I am double checking that the Heroku environment is using the correct Stripe Keys for production by doing the following:
heroku run rails console --remote heroku
This opens a ruby console on heroku for me: irb(main):009:0> where I then check what Stripe Keys it has by doing the following:
Rails.application.secrets.STRIPE_SECRET_KEY => sk_Live_***************
Rails.application.secrets.STRIPE_PUBLISHABLE_KEY => pk_Live_**************
I'm assuming that the production environment has the right keys set because of the prefixes sk_Live and pk_Live but when I try run the following:
Stripe::BillingPortal::Session.create(customer: 'cus_**LiveID*****',return_url: "http://someurl.com") it fails and says that a similar object exists in live mode, but a test mode key was used to make this request. The weird thing is that all my other Stripe actions like creating subscriptions are working as expected in production so I am entirely at a loss why this one action creating a BillingPortal is always using a test key and failing. Obviously it works when I test it locally because that is a test environment and stripe doesn't error. This error exists only on production.

There are a few debug steps:
Go to your Dashboard request log: Live mode log or Test mode
log and find the exact request that is failing
Confirm that it is using a Test mode key
On the console before calling the problematic Billing Portal, double check if the Stripe instance is using correct key by
p Stripe.api_key
Stripe::BillingPortal::Session.create(customer:'cus_**LiveID*****',return_url: "http://someurl.com")
Despite your Rails application could have correct secrets, it looks like your Stripe instance might still use the test key value from somewhere else.

Related

How to add a user to a rails app manually?

I've been assigned to work on a legacy Rails app, and nobody has a development environment working. I've gotten everything up and running, but I can't create a new user on my development environment because the facebook api doesn't like the api call originating from an IP that isn't the production server, and the mailer for the non facebook signup times out for the same reason. I've narrowed it down to a couple options:
Figure out a way to get the facebook api to accept the request from my development box
Fix the mailer or wrap it in a conditional so that email confirmation is not required in the development environment
Manually add a user to the database
Which option is best, and how would I go about doing it? I'm relatively new to rails and backend programming. Options one and two seem like potential security risks, but I have no idea how to go about doing option 3. I tried adding User.create([{email: '(redacted)'}, {password: '(redacted)'}]) to the seeds.rb file and running db:seed with no luck.
Suggestions?
Your easiest option is definitely simply to create the new user manually. Instead of launching your rails server ($ rails s), launch your rails console ($ rails c). From this command line (which is identical to the debugger, if you've ever used that before), you may create a user and save it. You will still be subject to the validations in the User model, but something along the lines of the following should work:
new_user = User.new( email: 'myemail#example.com', name: 'Joe Smith' )
new_user.save
As long as you match the validations of the model, and connect to the appropriate database, this is a very simple approach. To connect to the right database, either update config/database.yml so that your development environment is the one you want to hit, or run specifically in the correct environment (if it's production, as you implied, simply run $ rails c RAILS_ENV=production instead of the aforementioned$ rails c).

Stripe API key missing Rails

We're facing a problem with Stripe API keys. What I've done so far is:
set environment/*.rb to utilise appropriate Stripe keys using constants
created a config/initializers/stripe.rb with the line Stripe.api_key = STRIPE_SECRET
using the rails console, both STRIPE_PUBLIC and STRIPE_SECRET constants are set and visible. STRIPE_PUBLIC => "pk_test_xxxxxxxxx"
However, once these things are in place, making a call to Stripe's API using the browser results in:
Stripe::AuthenticationError in some_controller#some_action
No API key provided. Set your API key using "Stripe.api_key = <API-KEY>". You can generate API keys from the Stripe web interface. See https://stripe.com/api for details, or email support#stripe.com if you have any questions.
Using the web-console gem, we can tell that STRIPE_SECRET and STRIPE_PUBLIC are nil in the website. But every time we run rails console we get our keys from our constants.
I fixed my issue. The terminal running rails server had been opened since before the environment variables had been set.
Therefore, running source ~/.bashrc (for me) or using a new terminal worked for me.
Thank you, sincerely, to everyone who tried to help!
I think the issue you are encountering is happening because if the way you are setting the key.
You cannot expect something you set using the rails console to be available to the web application. The Rails console started up as its own unique process that does not share anything with the web process started and accessed by the browser.
If you want the key to be available to the web application try setting it as an environment variable and reading it accordingly in your stripe.rb file
Try restarting the rails server to make these values available to the rails app since the changes were made in the initializers directory.

Heroku rails blogger not processing login

So I push my rails_blogger app to Heroku and it goes fine, I run rake db:migrate and it goes fine, but then when I try to login using the email and password I made, it doesn't let me login and just renders the login page again.
When I run webrick on my computer everything works fine with login, but when I access the app from the heroku URL in my browser, it won't let me login!
Also, it won't even show the articles on the main page that anyone should see, logged in or not.
I've looked all over various google search results to find the answer to this to no avail.
Can someone help me understand the problem here?
GitHub repo: https://github.com/ck626/project_rails_blogger
Heroku page: scary-goblin-6551.herokuapp.com
The database that you use at heroku are different from your local database, so you need to create authors separately on heroku and at your local development server. In Rails you can configure your database (what database to use at production and at development) at config/database.yml.
Another thing to note heroku does not support sqlite, you need to use pg instead.

Rails Tutorial: Why can I sign up a new user without problems on the local server but not on Heroku?

I've completed the Rails Tutorial. I kept up with every detail until the end of chapter 8. The last four chapters I just copied and pasted without trying to understand much.
The Sample App works perfectly on a Cloud9 local web server, but not on Heroku. Specifically, When I want to sign up a new user, I get the message "We're sorry, but something went wrong."
Why can I sign up a new user without problems on the local server but not on Heroku? Is the functionality of the final sample app supposed to be exactly the same on both local and heroku?
You are getting a 500, look at the server logs for a clue. Probably need to run migrations.
Run your migrations:
heroku run rake:db migrate
You may need to restart heroku:
heroku restart
If it still doesn't work, try resetting your database. If you're using postgres, try:
heroku pg:reset DATABASE
I completed every step in the entire Rails Tutorial book, except one, which I thought was optional and wouldn't affect the result in production.
10.3 Email in Production shows you how to configure your application to send emails in production (for account activation in the book's sample application) using a Heroku add-on called Sendgrid.
You do have to give Heroku credit card information (though for the purposes of the book you don't have to actually make any purchase or subscription), and this is why I initially didn't implement this section of the book.
After following along and implementing section 10.3 my final application is fully functional in production.

Rails 3.2 has_secure_password fails silently when deployed to Heroku

I upgraded the authentication in my application to use Rails 3.1's has_secure_password facility. In the process, I created a page to allow users to change their passwords. I tested it and it works on my development machine, both in development and production environments.
When I deployed the application to Heroku, I went to try it and it seemed to work, except when I logged out and logged back in, my password was unchanged. I tried changing the password manually in the console and that works fine. If I try to enter different text for the password and confirmation, it shows the validation it is supposed to, which means the password is getting sent to the app correctly.
Here is the relevant change to my controller: https://github.com/mjm/sis-lunch/commit/930ced467a0e23ad48f4497999183112c5f846b1#diff-2
Is there something I'm missing? What could be wrong with it in production on Heroku that could cause this to silently fail?
I'm not sure how you are testing it on your development machine, since PeopleControllerTest is empty, but the password field is protected against mass assignment. It shouldn't work in PeopleController the way it is written. (that's a good thing!)
You will need to explicitly call Person#password= in your controller.
The relevant Rails source code for ActiveModel::SecurePassword can show you exactly what happens when you use has_secure_password.
I believe I figured it out. I deployed the app to Heroku, then ran the migrations. The app was not fully aware of the new password_digest column, but new consoles were, so they worked fine. Restarting the app using heroku restart fixed it.

Resources