Stripe Python API library broken for use on Google AppEngine about stripe-python HOT 12 CLOSED

I've created a question at StackOverflow as well: http://stackoverflow.com/questions/23579794/stripe-payments-on-google-appengine-using-python-api-library

from stripe-python.

You need to enable ssl: https://developers.google.com/appengine/docs/python/sockets/ssl_support

Please note that there is a bug in the development server (doesn't affect deployed code) that will still prevent this from working without applying a fix (or using an old stripe version). See: #73

from stripe-python.

Another workaround would be (after enabling SSL):

import os
import stripe
if os.environ.get('SERVER_SOFTWARE', '').startswith('Development'):
    stripe.verify_ssl_certs = False

This disables SSL cert checking in the development server.

from stripe-python.

Daniel, thanks a lot - the 1st workaround with replacing the socket.py worked for me.

I think it would be great if you make some comments regards GAE in docs. Especially the option with stripe.verify_ssl_certs=False would be very handy if I knew about it.

By the way, is it OK to disable ssl certs verification completely in production (live) environment as well? Or that would not be working for real transactions?

from stripe-python.

The SSL check does the following:

• tells the appengine urlfetch api to make sure the certificate provided is valid for that hostname
• performs a check to make sure the ssl certificate hasn't been revoked.

The stripe library doesn't currently let you do the first without the second (it is the second that causes an issue with the dev server) however there were talks of automatically disabling the second check if the GAE dev server environment was detected.

The first check prevents the following attack:

• Someone that has control over the communication between GAE and stripe being able to impersonate stripe with an SSL certificate for another website (note that an attacker needs control of the communication between google and stripe - basically only the government would be able to pull that off)

The second check makes sure that the certificate presented hasn't been revoked, this prevents the same attack as above but where the attacker is using stripe's old private key which could have theoretically been exposed because of heartbleed.

It should be noted that the second check is only performed once and thus it would be possible for an attacker to let a few requests go to stripe before launching their MITM attack and this would go unnoticed.

These are very very high level attack vectors and thus the risk is incredibly low, you also have the advantage that it would be impossible for an attacker to be able to distinguish between your requests and someone else's that is running on appengine and thus any attempts to eavesdrop will be picked up by the other users that are verifying the certificate.

I'm not going to recommend that you disable the check as disabling any form of security shouldn't be a recommendation (although the second check can be bypassed) but the risk is practically zero.

from stripe-python.

Daniel, thanks for the detailed explanation!

I think at this stage it's really good idea to disable check in DEV (on GAE) by default with an ability to turn it on if needed. Just have to be explained clearly so developers understand risks of deploying to production environment that different from development.

And I'm so exited with Stripe - you are doing really awesome product and your API/docs/UI/examples/support are so much superior comparing to PayPal and others I had experience with (mostly Russian payments providers). Keep it that way and conquer the world!

Alex

P.S. I hope I'll be able to bring my 2 cents to your revenue&profit soon.

from stripe-python.

Glad I could help, BTW I'm not a stripe developer :)

from stripe-python.

Oh, then thanks even more Daniel!

BTW, any chance you can point me how I can convert UTC integer timestamps used by Stripe API to python datetime object (and back from datetime to int)? Am a bit new to Python and I found to many ways to do that so not sure what way is most correct.

from stripe-python.

@astec This has now been fixed (although not yet released) so the issue can be closed.

from stripe-python.

I just cut a release -- this should be fixed.

from stripe-python.

okay, so this issue is killing me.

I've detailed a lot of my problems in issue #75, I understand that the workaround should be:

stripe.verify_ssl_certs = False

However, I've got this set, and a debug log shows it is set to false, just before my call to create a customer, however when I try to create the customer , I'm still getting the SSL error:

  File "/home/john/PycharmProjects/flask-peachy-new/server/lib/stripe/api_requestor.py", line 257, in _check_ssl_cert
    raise error.APIConnectionError(e)
APIConnectionError: [Errno 13] Permission denied

from stripe-python.

Adding this to app.yaml fixed it for me:
- name: ssl
version: latest

from stripe-python.