blood runner blood runner - 1 month ago 15
Ruby Question

Stripe Connect - Stripe::AuthenticationError

I have a built a peer to peer marketplace using Stripe Connect to process credit card payments with stripe checkout and transfer that charge to a connected stripe account with their bank account information and my account will take a commission.

My code was working previously in development mode but once I pushed it live to heroku I'm getting an error after the charge is sent through stripe checkout.

This is the current error I'm catching from running heroku logs...


Stripe::AuthenticationError (The provided key 'sk_live_********************3yOZ' does not have access to account 'ca_*******************1LR1' (or that account does not exist). Application access may have been revoked.):


Here is my spaghetti code... (Note: I'm just a weekend warrior at Rails... it's amazing I've gotten this far along not having any prior programming experience.)

Orders Controller

class OrdersController < ApplicationController
before_action :set_order, only: [:show, :edit, :update, :destroy]
before_action :authenticate_user!


def sales
@orders = Order.all.where(seller: current_user).order("created_at DESC")
end

def purchases
@orders = Order.all.where(buyer: current_user).order("created_at DESC")
end

# GET /orders/new
def new
@order = Order.new
@item = Item.find(params[:item_id])
end

# POST /orders
# POST /orders.json
def create
@order = Order.new(order_params)
@item = Item.find(params[:item_id])
@seller = @item.user

@order.item_id = @item.id
@order.buyer_id = current_user.id
@order.seller_id = @seller.id

token = params[:stripeToken]

begin

customer = Stripe::Customer.create(
:email => params[:stripeEmail],
:source => token
)

require 'json'

charge = Stripe::Charge.create({
:customer => customer.id,
:amount => (@item.price * 91.1).floor - 30,
:currency => "usd",
:description => @item.title,
:application_fee => ((@item.price * 100) * 0.089).floor + 30
},
{:stripe_account => ENV["STRIPE_CONNECT_CLIENT_ID"] }
)
@order.name = params[:stripeShippingName]
@order.address = params[:stripeShippingAddressLine1]
@order.city = params[:stripeShippingAddressCity]
@order.state = params[:stripeShippingAddressState]
@order.zip = params[:stripeShippingAddressZip]
@order.country = params[:stripeShippingAddressCountry]

flash[:notice] = "Thanks for ordering!"
rescue Stripe::CardError => e
flash[:danger] = e.message
redirect_to new_order_path
end

respond_to do |format|
if @order.save
format.html { redirect_to root_url }
format.json { render :show, status: :created, location: @order }
else
flash[:alert] = "Something went wrong :("
# gon.client_token = generate_client_token
format.html { render :new }
format.json { render json: @order.errors, status: :unprocessable_entity }
end
end
end

private
# Use callbacks to share common setup or constraints between actions.
def set_order
@order = Order.find(params[:id])
end

# Never trust parameters from the scary internet, only allow the white list through.
def order_params
if params[:orders] && params[:orders][:stripe_card_token].present?
params.require(:orders).permit(:stripe_card_token)
end
end

end


OmniAuth Callbacks Controller

class OmniauthCallbacksController < Devise::OmniauthCallbacksController

def stripe_connect
@user = current_user
if @user.update_attributes({
provider: request.env["omniauth.auth"].provider,
uid: request.env["omniauth.auth"].uid,
access_code: request.env["omniauth.auth"].credentials.token,
publishable_key: request.env["omniauth.auth"].info.stripe_publishable_key
})
# anything else you need to do in response..
sign_in_and_redirect @user, :event => :authentication
set_flash_message(:notice, :success, :kind => "Stripe") if is_navigational_format?
else
session["devise.stripe_connect_data"] = request.env["omniauth.auth"]
redirect_to new_user_registration_url
end
end

end


Items Coffee Script (User must connect bank account info with Stripe Connect before listing)

jQuery ->
Stripe.setPublishableKey($('meta[name="stripe-key"]').attr('content'))
item.setupForm()

item =
setupForm: ->
$('#new_item').submit ->
$('input[type=submit]').attr('disabled', true)
Stripe.bankAccount.createToken($('#new_item'), item.handleStripeResponse)
false

handleStripeResponse: (status, response) ->
if status == 200
$('#new_item').append($('<input type="hidden" name="stripeToken" />').val(response.id))
$('#new_item')[0].submit()
else
$('#stripe_error').text(response.error.message).show()
$('input[type=submit]').attr('disabled', false)


Orders Coffee Script (Stripe will handle the card information at checkout)

jQuery ->
Stripe.setPublishableKey($('meta[name="stripe-key"]').attr('content'))
payment.setupForm()

payment =
setupForm: ->
$('#new_order').submit ->
$('input[type=submit]').attr('disabled', true)
Stripe.card.createToken($('#new_order'), payment.handleStripeResponse)
false

handleStripeResponse: (status, response) ->
if status == 200
$('#new_order').append($('<input type="hidden" name="stripeToken" />').val(response.id))
$('#new_order')[0].submit()
else
$('#stripe_error').text(response.error.message).show()
$('input[type=submit]').attr('disabled', false)


devise.rb initializer

config.omniauth :stripe_connect,
ENV['STRIPE_CONNECT_CLIENT_ID'],
ENV['STRIPE_SECRET_KEY'],
:scope => 'read_write',
:stripe_landing => 'register'


stripe.rb initializer

Rails.configuration.stripe = {
:publishable_key => ENV['STRIPE_PUBLISHABLE_KEY'],
:secret_key => ENV['STRIPE_SECRET_KEY']
}

Stripe.api_key = Rails.configuration.stripe[:secret_key]


application.yml (figaro) (keys censored)

production:
STRIPE_SECRET_KEY: "sk_live_****************3yOZ"
STRIPE_PUBLISHABLE_KEY: "pk_live_******************HhWi"
STRIPE_CONNECT_CLIENT_ID: "ca_**********************1LR1"
CONNECTED_STRIPE_ACCOUNT_ID: "acct_***********crNm"


orders _form.html.erb (just the stripe script)

<script src="https://checkout.stripe.com/checkout.js" class="stripe-button"
data-key="<%= Rails.configuration.stripe[:publishable_key] %>"
data-description="<%= @item.title %>"
data-amount="<%= (@item.price * 100).floor %>"
data-email="<%= current_user.email %>"
data-shipping-address="true"
data-locale="auto"></script>

Answer

The issue here is that you're mixing your constants. Whenever you make an API request on behalf of a connected account, you want to pass the connected account's id, acct_XXXYYYZZZ, in the Stripe-Account header.

The problem here is that you're instead passing your platform's client id ca_XXXX there. Stripe is then trying to find the account with the id ca_XXXX connected to your platform and it doesn't exist.

You need to fix your charge code to pass the correct constant:

charge = Stripe::Charge.create({
    :customer => customer.id,
    :amount => (@item.price * 91.1).floor - 30,
    :currency => "usd",
    :description => @item.title,
    :application_fee => ((@item.price * 100) * 0.089).floor + 30
  },
  {:stripe_account => ENV["CONNECTED_STRIPE_ACCOUNT_ID"] }
)