Memory Reduction: stripe removed (OWASP-BLT#3300)

* stripe removed * pre fix
tsu-ki · Jan 30, 2025 · 33d62f5 · 33d62f5
1 parent be4ac36
commit 33d62f5
Show file tree

Hide file tree

Showing 9 changed files with 8 additions and 557 deletions.
diff --git a/blt/settings.py b/blt/settings.py
@@ -528,18 +528,6 @@
 
 SUPERUSERS = ((SUPERUSER_USERNAME, SUPERUSER_EMAIL, SUPERUSER_PASSWORD),)
 
-STRIPE_LIVE_PUBLIC_KEY = os.environ.get("STRIPE_LIVE_PUBLIC_KEY", "<your publishable key>")
-STRIPE_LIVE_SECRET_KEY = os.environ.get("STRIPE_LIVE_SECRET_KEY", "<your secret key>")
-STRIPE_TEST_PUBLIC_KEY = os.environ.get(
-    "STRIPE_TEST_PUBLIC_KEY",
-    "pk_test_12345",
-)
-STRIPE_TEST_SECRET_KEY = os.environ.get(
-    "STRIPE_TEST_SECRET_KEY",
-    "sk_test_12345",
-)
-
-STRIPE_LIVE_MODE = False  # TODO: remove stripe
 DEFAULT_AUTO_FIELD = "django.db.models.AutoField"
 
 IS_TEST = False

diff --git a/blt/urls.py b/blt/urls.py
@@ -203,7 +203,6 @@
     UserDeleteView,
     UserProfileDetailsView,
     UserProfileDetailView,
-    addbalance,
     assign_badge,
     badge_user_list,
     contributors,
@@ -217,11 +216,9 @@
     profile,
     profile_edit,
     referral_signup,
-    stripe_connected,
     update_bch_address,
     user_dashboard,
     users_view,
-    withdraw,
 )
 
 favicon_view = RedirectView.as_view(url="/static/favicon.ico", permanent=True)
@@ -318,17 +315,6 @@
         organization_dashboard,
         name="organization_dashboard_home",
     ),
-    re_path(
-        r"^dashboard/user/profile/addbalance$",
-        addbalance,
-        name="addbalance",
-    ),
-    re_path(r"^dashboard/user/profile/withdraw$", withdraw, name="withdraw"),
-    re_path(
-        r"^dashboard/user/stripe/connected/(?P<username>[^/]+)/$",
-        stripe_connected,
-        name="stripe_connected",
-    ),
     re_path(
         r"^dashboard/admin/organization$",
         admin_organization_dashboard,

diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -39,7 +39,6 @@ cffi = "^1.17.1"
 django-mdeditor = "^0.1.20"
 django-tz-detect = "^0.4.0"
 django-star-ratings = "^0.9.2"
-stripe = "^7.14.0"
 django-environ = "^0.12.0"
 django-simple-captcha = "^0.6.1"
 django-filter = "^24.3"

diff --git a/website/templates/dashboard_profile.html b/website/templates/dashboard_profile.html
@@ -23,34 +23,6 @@
 * The CSS shown here will not be introduced in the Quickstart guide, but shows
 * how you can use CSS to style your Element's container.
 */
-.StripeElement {
-box-sizing: border-box;
-
-height: 40px;
-
-padding: 10px 12px;
-
-border: 1px solid transparent;
-border-radius: 4px;
-background-color: white;
-
-box-shadow: 0 1px 3px 0 #e6ebf1;
--webkit-transition: box-shadow 150ms ease;
-transition: box-shadow 150ms ease;
-}
-
-.StripeElement--focus {
-box-shadow: 0 1px 3px 0 #cfd7df;
-}
-
-.StripeElement--invalid {
-border-color: #fa755a;
-}
-
-.StripeElement--webkit-autofill {
-background-color: #fefde5 !important;
-}
-
 .overlay {
 background: #ff1d1d;
 display: none;
@@ -496,11 +468,6 @@
     font-size: 12px;
   }
 
-  /* Stripe Element placeholder */
-  .sr-card-element {
-    padding-top: 12px;
-  }
-
   /* Responsiveness */
   @media (max-width: 720px) {
     .sr-root {
@@ -1355,17 +1322,14 @@ <h2>Withdraw Money</h2>
                     <span class="close">×</span>
                     <h2>Add Money</h2>
                 </div>
-                <script src="https://js.stripe.com/v3/"></script>
+                <!-- <script src="https://js.stripe.com/v3/"></script> -->
                 <form class="col-md-6 left-1/2 -translate-x-1/2" id="payment-form">
                     {% csrf_token %}
                     <label for="amount">Enter Amount</label>
                     <input type="number" name="amount" id="amount" min="1" step="any" />
                     <div>
                         <label for="card-element">Credit or debit card</label>
-                        <div id="card-element">
-                            <!-- A Stripe Element will be inserted here. -->
-                        </div>
-                        <!-- Used to display form errors. -->
+                        <div id="card-element"></div>
                         <div id="card-errors" role="alert"></div>
                     </div>
                     <button>Submit Payment</button>
@@ -1374,15 +1338,6 @@ <h2>Add Money</h2>
         </div>
     {% endif %}
     <script type="text/javascript">
-  // Create a Stripe client.
-  var stripe = Stripe(
-    'pk_test_51HFiXMFf0OkkOVnDkNs4opFLqM0Sx5GA6Pedf63uGzG1gHhumFYHEOLfCA7yzZwXUpjaa5j9ZhS1yciNhouYCMh400pSx5ZEx6');
-
-  // Create an instance of Elements.
-  var elements = stripe.elements();
-
-  // Custom styling can be passed to options when creating an Element.
-  // (Note that this demo uses a wider set of styles than the guide below.)
   var style = {
     base: {
       color: '#32325d',
@@ -1416,54 +1371,6 @@ <h2>Add Money</h2>
     }
   });
 
-  // Handle form submission.
-  var form = document.getElementById('payment-form');
-  form.addEventListener('submit', function (event) {
-    event.preventDefault();
-    document.getElementsByClassName("overlay")[0].style.display = "block";
-    addmodal.style.display = "none";
-    stripe.createToken(card).then(function (result) {
-      if (result.error) {
-        addmodal.style.display = "block";
-        document.getElementsByClassName("overlay")[0].style.display = "none";
-        // Inform the user if there was an error.
-        var errorElement = document.getElementById('card-errors');
-        errorElement.textContent = result.error.message;
-      } else {
-        // Send the token to your server.
-        stripeTokenHandler(result.token);
-      }
-    });
-  });
-
-  // Submit the form with the token ID.
-  function stripeTokenHandler(token) {
-    // Insert the token ID into the form so it gets submitted to the server
-    var form = document.getElementById('payment-form');
-    var hiddenInput = document.createElement('input');
-    hiddenInput.setAttribute('type', 'hidden');
-    hiddenInput.setAttribute('name', 'stripeToken');
-    hiddenInput.setAttribute('value', token.id);
-    form.appendChild(hiddenInput);
-
-    var serializedData = $("#payment-form").serializeArray()
-    $.ajax({
-      type: 'POST',
-      url: "/dashboard/user/profile/addbalance",
-      data: serializedData,
-      success: function (response) {
-        document.getElementsByClassName("overlay")[0].style.display = "none";
-        window.location.reload();
-        console.log("SUCCESS")
-      },
-      error: function (response) {
-        // alert the error if any error occured
-        alert(response["responseJSON"]["error"]);
-      }
-    })
-    // Submit the form
-    // form.submit();
-  }
     </script>
     <script>
   // Get the modal

diff --git a/website/templates/join.html b/website/templates/join.html
@@ -523,13 +523,11 @@ <h3>Wallet</h3>
     {% endif %}
     <div class="formHolder card">
         <h3>Card</h3>
-        <script src="https://js.stripe.com/v3/"></script>
+        <!-- <script src="https://js.stripe.com/v3/"></script> -->
         <div class="col-md-12" id="card-element-container">
             <div>
                 <label for="card-element">Credit or debit card</label>
-                <div id="card-element">
-                    <!-- A Stripe Element will be inserted here. -->
-                </div>
+                <div id="card-element"></div>
                 <!-- Used to display form errors. -->
                 <div id="card-errors" role="alert"></div>
             </div>
@@ -570,11 +568,6 @@ <h3>Card</h3>
   showwallet.addEventListener('click', function (event) {
     paymentType = 'wallet'
   })
-  var stripe = Stripe(
-    'pk_test_51HFiXMFf0OkkOVnDkNs4opFLqM0Sx5GA6Pedf63uGzG1gHhumFYHEOLfCA7yzZwXUpjaa5j9ZhS1yciNhouYCMh400pSx5ZEx6');
-
-  // Create an instance of Elements.
-  var elements = stripe.elements();
 
   // Custom styling can be passed to options when creating an Element.
   // (Note that this demo uses a wider set of styles than the guide below.)
@@ -610,76 +603,6 @@ <h3>Card</h3>
       displayError.textContent = '';
     }
   });
-
-  // Handle form submission.
-  var form = document.getElementById('payment-form');
-  form.addEventListener('submit', function (event) {
-    event.preventDefault();
-    document.getElementsByClassName("overlay")[0].style.display = "block";
-    if (paymentType == 'card') {
-      stripe.createToken(card).then(function (result) {
-        if (result.error) {
-          document.getElementsByClassName("overlay")[0].style.display = "none";
-          // Inform the user if there was an error.
-          var errorElement = document.getElementById('card-errors');
-          errorElement.textContent = result.error.message;
-        } else {
-          // Send the token to your server.
-          stripeTokenHandler(result.token);
-        }
-      });
-    } else {
-      stripeTokenHandler('', false)
-    }
-  });
-
-  // Submit the form with the token ID.
-  function stripeTokenHandler(token, flag = true) {
-    // Insert the token ID into the form so it gets submitted to the server
-    var paymentType = 'card'
-    if (flag == true) {
-      var form = document.getElementById('payment-form');
-      var hiddenInput = document.createElement('input');
-      hiddenInput.setAttribute('type', 'hidden');
-      hiddenInput.setAttribute('name', 'stripeToken');
-      hiddenInput.setAttribute('value', token.id);
-      var typeHiddenInput = document.createElement('input');
-      typeHiddenInput.setAttribute('type', 'hidden');
-      typeHiddenInput.setAttribute('name', 'paymentType');
-      typeHiddenInput.setAttribute('value', 'wallet');
-      form.appendChild(typeHiddenInput);
-      form.appendChild(hiddenInput);
-    } else {
-      paymentType = 'wallet'
-      var form = document.getElementById('payment-form');
-      var typeHiddenInput = document.createElement('input');
-      typeHiddenInput.setAttribute('type', 'hidden');
-      typeHiddenInput.setAttribute('name', 'paymentType');
-      typeHiddenInput.setAttribute('value', 'wallet');
-      form.appendChild(typeHiddenInput);
-    }
-    var serializedData = $("#payment-form").serializeArray()
-    console.log(serializedData)
-    console.log(card)
-    $.ajax({
-      type: 'POST',
-      url: "/join",
-      data: serializedData,
-      success: function (response) {
-        document.getElementsByClassName("overlay")[0].style.display = "none";
-        document.getElementsByClassName("base-body")[0].style.display = "none";
-        document.getElementsByClassName("content")[0].style.display = "block";
-        document.body.style.background = "#000";
-        console.log("SUCCESS")
-      },
-      error: function (response) {
-        // alert the error if any error occured
-        alert(response["responseJSON"]["error"]);
-      }
-    })
-    // Submit the form
-    // form.submit();
-  }
     </script>
     <script type="text/javascript">
   $('document').ready(function () {

diff --git a/website/templates/sitemap.html b/website/templates/sitemap.html
@@ -296,18 +296,6 @@ <h2 class="text-6xl text-black font-bold">Sitemap</h2>
                                 <i class="fas fa-tachometer-alt w-5 h-5 mr-1 align-middle"></i>
                                 <a href="{% url 'user' %}">User Dashboard</a>
                             </li>
-                            <li class="flex items-center space-x-3 text-black hover:text-red-600 hover:translate-x-1 transition duration-200 cursor-pointer">
-                                <i class="fas fa-plus-circle w-5 h-5 mr-1 align-middle"></i>
-                                <a href="{% url 'addbalance' %}">User Dashboard Addbalance</a>
-                            </li>
-                            <li class="flex items-center space-x-3 text-black hover:text-red-600 hover:translate-x-1 transition duration-200 cursor-pointer">
-                                <i class="fas fa-dollar-sign w-5 h-5 mr-1 align-middle"></i>
-                                <a href="{% url 'withdraw' %}">User Dashboard Withdraw</a>
-                            </li>
-                            <li class="flex items-center space-x-3 text-black hover:text-red-600 hover:translate-x-1 transition duration-200 cursor-pointer">
-                                <i class="fas fa-plug w-5 h-5 mr-1 align-middle"></i>
-                                <a href="{% url 'stripe_connected' 1 %}">User Dashboard Stripe connected</a>
-                            </li>
                             <li class="flex items-center space-x-3 text-black hover:text-red-600 hover:translate-x-1 transition duration-200 cursor-pointer">
                                 <i class="fas fa-eye w-5 h-5 mr-1 align-middle"></i>
                                 <a href="{% url 'view_hunt' 1 %}">User Dashboard View Hunt</a>

diff --git a/website/views/organization.py b/website/views/organization.py
@@ -6,7 +6,6 @@
 from urllib.parse import urlparse
 
 import requests
-import stripe
 from bs4 import BeautifulSoup
 from django.conf import settings
 from django.contrib import messages
@@ -230,23 +229,6 @@ def organization_hunt_results(request, pk, template="organization_hunt_results.h
                     break
                 index = index + 1
             total_amount = Decimal(hunt.prize_winner) + Decimal(hunt.prize_runner) + Decimal(hunt.prize_second_runner)
-            from django.conf import settings
-
-            stripe.api_key = settings.STRIPE_TEST_SECRET_KEY
-            balance = stripe.Balance.retrieve()
-            if balance.available[0].amount > total_amount * 100:
-                if winner.winner:
-                    wallet, created = Wallet.objects.get_or_create(user=winner.winner)
-                    wallet.deposit(hunt.prize_winner)
-                    wallet.save()
-                if winner.runner:
-                    wallet, created = Wallet.objects.get_or_create(user=winner.runner)
-                    wallet.deposit(hunt.prize_runner)
-                    wallet.save()
-                if winner.second_runner:
-                    wallet, created = Wallet.objects.get_or_create(user=winner.second_runner)
-                    wallet.deposit(hunt.prize_second_runner)
-                    wallet.save()
             winner.prize_distributed = True
             winner.hunt = hunt
             winner.save()
@@ -363,15 +345,6 @@ def post(self, request, *args, **kwargs):
             return JsonResponse({"status": "Success"})
             # company.subscription =
         elif paymentType == "card":
-            from django.conf import settings
-
-            stripe.api_key = settings.STRIPE_TEST_SECRET_KEY
-            charge = stripe.Charge.create(
-                amount=int(Decimal(sub.charge_per_month) * 100),
-                currency="usd",
-                description="Example charge",
-                source=request.POST["stripeToken"],
-            )
             organization = Organization()
             organization.admin = request.user
             organization.name = name