It is VERY easy for a novice Rails developer to critically fail at that implementation, though. All you have to do is put a name attribute on the credit card or CVV text field. That seems logical, will not cause any visible problems, and immediately both compromises customer security and introduces substantial business risk due to putting you in PCI scope (and you just failed).
Next to this, the marginal hazing value of forcing them to write 20 lines from scratch seems muted.
What you raise is a valid concern, but is it better for a new developer to work off a best practice style example app or try to reinvent the wheel on their own?
A new developer by definition doesn't know what best practices are, so they can't judge whether the example app they're working off of is safe or not. By way of a too-abstract analogy, learning multiplication tables is not reinventing the wheel.
I share your point of view. In this case, the code is much more of a "starter app" than an "out of the box" solution. There's a good amount of customizing and tweaking required before the app can be deployed, which will encourage an inexperienced developer to gain some skill. The tutorial helps; it's probably the most detailed introduction to the implementation issues of a membership site and Stripe that is offered anywhere. The intent is to be a mentor for the "rite of passage."
It's an application (example app or starter app), not a library. Stripe is integrated to the extent that you can set up a real subscription-based site with recurring billing. Yes, there's no Purchase model, but you'll find the integration code in JavaScript and the User model's methods. Certainly it could be refactored if you'd like to see a Purchase model but the integration is already there. The tutorial describes the architecture and implementation with much detail.
Thanks for the encouragement. It's what drives the project. I'm thinking about offering some of the RailsApps advanced tutorials through a subscription site to support the project.
For most things, I want to know:
1. What are the pieces?
2. Where do they go?
3. How do they interact with eachother?
When implementing payments into a site (which is a core concern for the business/application), I'd like to know each answer in pretty good detail, so I'd be more than happy to pay $15-$40 for an ebook which will hold my hand through the "best practices" to those 3 answers.
Thanks for detailing the price range you'd pay. I ran some pricing tests (for a different tutorial) and compared offers of $9 for an ebook versus $19/month for a subscription-based online tutorial. Both offers performed well.
Here's a diff that shows the differences between a fresh Rails installation and RailsApps/rails-stripe-membership-saas as of ea5bc35c02de4be277682dca964bff8dcb84917c.
That's cool, but it's for sites with users who have Stripe accounts to sell things to take payments. What I'm looking for is basically DailyCred (https://www.dailycred.com/) but with paid user plans. It has to be white-label.
What you described is a bit vague so I'm not sure quite what you need, but it allows you to basically spin up merchant accounts for your customers on the fly in a way that's basically as seamless as legally possible.
I'd parallel my concern to beginner developers who create Rails projects that don't check for User ownership when navigating to /edit paths.
Implementing Stripe is almost a small rite of passage. It forces you to understand the API, and how it treats payments and other various objects.