Giters

RailsApps / rails-stripe-membership-saas

An example Rails 4.2 app with Stripe and the Payola gem for a membership or subscription site.

Home Page:http://railsapps.github.io/rails-stripe-membership-saas

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Stripe keys shouldn't be enforced in tests

MarkDBlackwell opened this issue · comments

commented

The README recommends we set Stripe's API keys.

That's all well and good, but IMHO it should be enforced by a (non-test) Rails initializer instead of by tests.

Some routine development work on the Rails Example App should be possible without entering the Stripe keys. For example: making sure new gem and Ruby versions don't break the tests.

The Cucumber tests should employ some kind of Stripe testbed mode, or perhaps should mock the Stripe service. Does Stripe have a test mode? Or otherwise accept dummy, unreal values for STRIPE_API_KEY and STRIPE_PUBLIC_KEY?

Anyway, I'm getting these test failures:

Failures:
  1) Config Variables STRIPE_API_KEY should be set
     Failure/Error: Stripe.api_key.should_not eq("Your_Stripe_API_key"),
       Your STRIPE_API_KEY is not set, Please refer to the 'Configure the Stripe Initializer' section of the README
     # ./spec/stripe/stripe_config_spec.rb:8:in `block (3 l evels) in <top (required)>'

  2) Config Variables STRIPE_PUBLIC_KEY should be set
     Failure/Error: STRIPE_PUBLIC_KEY.should_not eq("Your_Stripe_Public_Key"),
       Your STRIPE_PUBLIC_KEY is not set, Please refer to the 'Configure the Stripe Initializer' section of the README
     # ./spec/stripe/stripe_config_spec.rb:17:in `block (3 levels) in <top (required)>'
commented

The README file explains: "Two sets of keys are available: one for testing, one for live transactions. Use the testing keys on your development machine. When you deploy, use the live keys."

In development and testing, on your local machine, I recommend installing the "test" set of keys, either in Unix environment variables or using the config/application.yml file. It's easy to get the Stripe keys and install them and your testing will be realistic. In production, deploy the app and set the "live" API keys on the production server. You can still test locally with the "test" API keys even after you deploy to production.

Have I fully addressed your concerns? Any questions?

commented

I believe your explanation is right for programmer end-users and others.

One implication of your answer seems to be that safe CI testing of this generated example app is possible if we provide test keys to the CI server.

commented

In addition to a developer acquiring an account with Stripe, Googling "mock Stripe" reveals software which can mock out the actual invocation of Stripe for testing purposes.