adyen-ruby-api-library 6.1.0 → 6.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4b2156b9db20964cb7f43be56c19a462ccc091e42fdcecd887c9da04dc880116
-  data.tar.gz: 47cb2a027baa58061a6eb46e5c703ff7bc18b05002e5a7c0c5b9d9e9d68616fd
+  metadata.gz: 45627b45fc5df26d004c1a86d7640412d615383ccac35201f24f0e3ebed99394
+  data.tar.gz: 72a067ba4b95419ed87e526a371db2377d5b1af7056f9ac035a6e11327715da0
 SHA512:
-  metadata.gz: a1e4c4a2fd0b91b3e375a66a59910548a9e272beb8940e2ecf6432593e2c14494006d7d6387020245fea48af0f24b50b7803d135db654294e9079c842f818390
-  data.tar.gz: de54e9a6c6da6a49b922d26cb6197651f59f145fef43412bfdf50863097f287d8139dd1647e6efd585d1c08d8dbffaca845f16e0e46ec49334e323f73ade74d1
+  metadata.gz: a893d921b3236805bb89b6ca5fc1c553888d010c84c1927689f6bc47e1a78b23302c081edbc979d596ac70c0b6f23cad61b9a83cc11c6f8b22e1d73520951bdb
+  data.tar.gz: 3cc14ff3d1550ffb11f6ec08c37ae7858b5e39e1b14023e6323e3a132441b59ee383e39ca6db6dcb83eff24e4b9ae937bff416bc9684e1ba6cb8ba7b20e37405

data/.github/CODEOWNERS

@@ -1 +1 @@
-* @crrood @wboereboom @AlexandrosMor @michaelpaul
+* @Adyen/api-libraries-reviewers

data/.github/workflows/codeql.yml

@@ -0,0 +1,41 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "develop", "main" ]
+  pull_request:
+    branches: [ "develop" ]
+  schedule:
+    - cron: "40 12 * * 0"
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ javascript ]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          queries: +security-and-quality
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: "/language:${{ matrix.language }}"

data/.github/workflows/ruby.yml

@@ -12,7 +12,7 @@ jobs:
         ruby: [2.5, 2.6, 2.7, '3.0', head]
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - uses: ruby/setup-ruby@v1
       with:
         ruby-version: ${{ matrix.ruby }}

data/.github/workflows/rubygems_release.yml

@@ -0,0 +1,19 @@
+name: Publish Gem
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Release Gem on RubyGems
+        if: contains(github.ref, 'refs/tags/v')
+        uses: cadwallion/publish-rubygems-action@master
+        env:
+          GITHUB_TOKEN: ${{secrets.TOKEN_RUBYGEMS_RELEASES_WITH_EXPIRATION}}
+          RUBYGEMS_API_KEY: ${{secrets.RUBYGEMS_API_KEY}}

data/lib/adyen/client.rb

@@ -6,9 +6,9 @@ require_relative "./result"
 module Adyen
   class Client
     attr_accessor :ws_user, :ws_password, :api_key, :client, :adapter, :live_url_prefix
-    attr_reader :env
+    attr_reader :env, :connection_options
 
-    def initialize(ws_user: nil, ws_password: nil, api_key: nil, env: :live, adapter: nil, mock_port: 3001, live_url_prefix: nil, mock_service_url_base: nil)
+    def initialize(ws_user: nil, ws_password: nil, api_key: nil, env: :live, adapter: nil, mock_port: 3001, live_url_prefix: nil, mock_service_url_base: nil, connection_options: nil)
       @ws_user = ws_user
       @ws_password = ws_password
       @api_key = api_key
@@ -16,6 +16,7 @@ module Adyen
       @adapter = adapter || Faraday.default_adapter
       @mock_service_url_base = mock_service_url_base || "http://localhost:#{mock_port}"
       @live_url_prefix = live_url_prefix
+      @connection_options = connection_options || Faraday::ConnectionOptions.new
     end
 
     # make sure that env can only be :live, :test, or :mock
@@ -96,7 +97,7 @@ module Adyen
       end
 
       # initialize Faraday connection object
-      conn = Faraday.new(url: url) do |faraday|
+      conn = Faraday.new(url, @connection_options) do |faraday|
         faraday.adapter @adapter
         faraday.headers["Content-Type"] = "application/json"
         faraday.headers["User-Agent"] = Adyen::NAME + "/" + Adyen::VERSION
@@ -143,6 +144,13 @@ module Adyen
             raise connection_error, "Connection to #{url} failed"
           end
         end
+        if action.fetch(:method) == "delete"
+          begin
+            response = conn.delete
+          rescue Faraday::ConnectionFailed => connection_error
+            raise connection_error, "Connection to #{url} failed"
+          end
+        end
         if action.fetch(:method) == "patch"
           begin
             response = conn.patch do |req|
@@ -168,11 +176,16 @@ module Adyen
       when 401
         raise Adyen::AuthenticationError.new("Invalid API authentication; https://docs.adyen.com/user-management/how-to-get-the-api-key", request_data)
       when 403
-        raise Adyen::PermissionError.new("Missing user permissions; https://docs.adyen.com/user-management/user-roles", request_data)
+        raise Adyen::PermissionError.new("Missing user permissions; https://docs.adyen.com/user-management/user-roles", request_data, response.body)
       end
-
-      formatted_response = AdyenResult.new(response.body, response.headers, response.status)
-
+      
+      # delete has no response.body (unless it throws an error)
+      if response.body == nil
+        formatted_response = AdyenResult.new("{}", response.headers, response.status)
+      else
+        formatted_response = AdyenResult.new(response.body, response.headers, response.status)
+      end
+      
       formatted_response
     end
 

data/lib/adyen/errors.rb

@@ -70,8 +70,8 @@ module Adyen
   end
 
   class PermissionError < AdyenError
-    def initialize(msg, request)
-      super(request, nil, msg, 403)
+    def initialize(msg, request, response)
+      super(request, response, msg, 403)
     end
   end
 

data/lib/adyen/services/checkout.rb

@@ -2,7 +2,7 @@ require_relative "service"
 
 module Adyen
   class Checkout < Service
-    DEFAULT_VERSION = 68
+    DEFAULT_VERSION = 70
 
     def initialize(client, version = DEFAULT_VERSION)
       service = "Checkout"
@@ -13,7 +13,7 @@ module Adyen
       ]
 
       with_application_info = [
-        :payment_session,
+        :payment_session
       ]
 
       super(client, version, service, method_names, with_application_info)
@@ -42,7 +42,7 @@ module Adyen
       else
         action = "paymentLinks"
         args[1] ||= {}  # optional headers arg
-        @client.call_adyen_api(@service, action, args[0], args[1], @version, true)
+        @client.call_adyen_api(@service, action, args[0], args[1], @version)
       end
     end
 
@@ -71,6 +71,14 @@ module Adyen
     def apple_pay
       @apple_pay ||= Adyen::CheckoutApplePay.new(@client, @version)
     end
+
+    def modifications
+      @modifications ||= Adyen::Modifications.new(@client, @version)
+    end
+
+    def stored_payment_methods
+      @stored_payment_methods ||= Adyen::StoredPaymentMethods.new(@client, @version)
+    end
   end
 
   class CheckoutDetail < Service
@@ -89,6 +97,16 @@ module Adyen
       action = "payments/result"
       @client.call_adyen_api(@service, action, request, headers, @version)
     end
+
+    def donations(request, headers = {})
+      action = "donations"
+      @client.call_adyen_api(@service, action, request, headers, @version)
+    end
+
+    def card_details(request, headers = {})
+      action = "cardDetails"
+      @client.call_adyen_api(@service, action, request, headers, @version)
+    end
   end
 
   class CheckoutLink < Service
@@ -100,12 +118,12 @@ module Adyen
 
     def get(linkId, headers = {})
       action = { method: 'get', url: "paymentLinks/" + linkId }
-      @client.call_adyen_api(@service, action, {}, headers, @version, true)
+      @client.call_adyen_api(@service, action, {}, headers, @version)
     end
 
     def update(linkId, request, headers = {})
       action = { method: 'patch', url: "paymentLinks/" + linkId }
-      @client.call_adyen_api(@service, action, request, headers, @version, false)
+      @client.call_adyen_api(@service, action, request, headers, @version)
     end
   end
 
@@ -147,4 +165,60 @@ module Adyen
       @client.call_adyen_api(@service, action, request, headers, @version)
     end
   end
-end
+
+  class Modifications < Service
+    def initialize(client, version = DEFAULT_VERSION)
+      @service = "Checkout"
+      @client = client
+      @version = version
+    end
+
+    def capture(linkId, request, headers = {})
+      action = "payments/" + linkId + "/captures"
+      @client.call_adyen_api(@service, action, request, headers, @version)
+    end
+
+    def cancel(linkId, request, headers = {})
+      action = "payments/" + linkId + "/cancels"
+      @client.call_adyen_api(@service, action, request, headers, @version)
+    end
+
+    def genericCancel(request, headers = {})
+      action = "cancels"
+      @client.call_adyen_api(@service, action, request, headers, @version)
+    end
+  
+    def refund(linkId, request, headers = {})
+      action = "payments/" + linkId + "/refunds"
+      @client.call_adyen_api(@service, action, request, headers, @version)
+    end
+
+    def reversal(linkId, request, headers = {})
+      action = "payments/" + linkId + "/reversals"
+      @client.call_adyen_api(@service, action, request, headers, @version)
+    end
+
+    def amountUpdate(linkId, request, headers = {})
+      action = "payments/" + linkId + "/amountUpdates"
+      @client.call_adyen_api(@service, action, request, headers, @version)
+    end
+  end
+
+  class StoredPaymentMethods < Service
+    def initialize(client, version = DEFAULT_VERSION)
+      @service = "Checkout"
+      @client = client
+      @version = version
+    end
+
+    def get(query_array={}, headers = {})
+      action = { method: 'get', url: "storedPaymentMethods" + create_query_string(query_array)}
+      @client.call_adyen_api(@service, action, {}, headers, @version)
+    end
+
+    def delete(recurringId, query_array={}, headers = {})
+      action = { method: 'delete', url: "storedPaymentMethods/%s" % recurringId + create_query_string(query_array)}
+      @client.call_adyen_api(@service, action, {}, headers, @version)
+    end
+  end
+end

data/lib/adyen/services/service.rb

@@ -24,5 +24,10 @@ module Adyen
         end
       end
     end
+
+    # create query parameter from an array
+    def create_query_string(arr)
+      "?" + URI.encode_www_form(arr)
+    end
   end
 end

data/lib/adyen/utils/hmac_validator.rb

@@ -22,16 +22,15 @@ module Adyen
       end
 
       def data_to_sign(notification_request_item)
-        NOTIFICATION_VALIDATION_KEYS.map { |key| fetch(notification_request_item, key).to_s }
-                                    .map { |value| value.gsub('\\', '\\\\').gsub(':', '\\:') }
+        data = NOTIFICATION_VALIDATION_KEYS.map { |key| fetch(notification_request_item, key).to_s }
                                     .join(DATA_SEPARATOR)
+        return data
       end
 
       private
 
       def fetch(hash, keys)
         value = hash
-
         keys.to_s.split('.').each do |key|
           value = if key.to_i.to_s == key
                     value[key.to_i]

data/lib/adyen/version.rb

@@ -1,4 +1,4 @@
 module Adyen
   NAME = "adyen-ruby-api-library"
-  VERSION = "6.1.0".freeze
-end
+  VERSION = "6.3.0".freeze
+end

data/spec/checkout_spec.rb

@@ -405,6 +405,248 @@ RSpec.describe Adyen::Checkout, service: "checkout" do
       to be_a_kind_of Hash
   end
 
+  it "makes a capture call" do
+    request_body = JSON.parse(json_from_file("mocks/requests/Checkout/capture.json"))
+  
+    response_body = json_from_file("mocks/responses/Checkout/capture.json")
+  
+    url = @shared_values[:client].service_url(@shared_values[:service], "payments/12345/captures", @shared_values[:client].checkout.version)
+    WebMock.stub_request(:post, url).
+      with(
+        body: request_body,
+        headers: {
+          "x-api-key" => @shared_values[:client].api_key
+        }
+      )
+      .to_return(body: response_body, status: 201)
+  
+    result = @shared_values[:client].checkout.modifications.capture("12345", request_body)
+    response_hash = result.response
+  
+    expect(result.status).
+      to eq(201)
+    expect(response_hash).
+      to eq(JSON.parse(response_body))
+    expect(response_hash).
+      to be_a Adyen::HashWithAccessors
+    expect(response_hash).
+      to be_a_kind_of Hash
+    expect(response_hash.reference).
+      to eq("123456789")
+    expect(response_hash.pspReference).
+      to eq("12345")
+  end
+
+  it "makes a psp specific cancel call" do
+    request_body = JSON.parse(json_from_file("mocks/requests/Checkout/psp_cancel.json"))
+  
+    response_body = json_from_file("mocks/responses/Checkout/psp_cancel.json")
+  
+    url = @shared_values[:client].service_url(@shared_values[:service], "payments/12345/cancels", @shared_values[:client].checkout.version)
+    WebMock.stub_request(:post, url).
+      with(
+        body: request_body,
+        headers: {
+          "x-api-key" => @shared_values[:client].api_key
+        }
+      )
+      .to_return(body: response_body, status: 201)
+  
+    result = @shared_values[:client].checkout.modifications.cancel("12345", request_body)
+    response_hash = result.response
+  
+    expect(result.status).
+      to eq(201)
+    expect(response_hash).
+      to eq(JSON.parse(response_body))
+    expect(response_hash).
+      to be_a Adyen::HashWithAccessors
+    expect(response_hash).
+      to be_a_kind_of Hash
+    expect(response_hash.reference).
+      to eq("123456789")
+    expect(response_hash.pspReference).
+      to eq("12345")
+  end
+
+  it "makes a psp specific refunds call" do
+    request_body = JSON.parse(json_from_file("mocks/requests/Checkout/refund.json"))
+  
+    response_body = json_from_file("mocks/responses/Checkout/refund.json")
+  
+    url = @shared_values[:client].service_url(@shared_values[:service], "payments/12345/refunds", @shared_values[:client].checkout.version)
+    WebMock.stub_request(:post, url).
+      with(
+        body: request_body,
+        headers: {
+          "x-api-key" => @shared_values[:client].api_key
+        }
+      )
+      .to_return(body: response_body, status: 201)
+  
+    result = @shared_values[:client].checkout.modifications.refund("12345", request_body)
+    response_hash = result.response
+  
+    expect(result.status).
+      to eq(201)
+    expect(response_hash).
+      to eq(JSON.parse(response_body))
+    expect(response_hash).
+      to be_a Adyen::HashWithAccessors
+    expect(response_hash).
+      to be_a_kind_of Hash
+    expect(response_hash.reference).
+      to eq("123456789")
+    expect(response_hash.pspReference).
+      to eq("12345")
+  end
+
+  it "makes a psp specific reversals call" do
+    request_body = JSON.parse(json_from_file("mocks/requests/Checkout/psp_cancel.json"))
+  
+    response_body = json_from_file("mocks/responses/Checkout/psp_cancel.json")
+  
+    url = @shared_values[:client].service_url(@shared_values[:service], "payments/12345/reversals", @shared_values[:client].checkout.version)
+    WebMock.stub_request(:post, url).
+      with(
+        body: request_body,
+        headers: {
+          "x-api-key" => @shared_values[:client].api_key
+        }
+      )
+      .to_return(body: response_body, status: 201)
+  
+    result = @shared_values[:client].checkout.modifications.reversal("12345", request_body)
+    response_hash = result.response
+  
+    expect(result.status).
+      to eq(201)
+    expect(response_hash).
+      to eq(JSON.parse(response_body))
+    expect(response_hash).
+      to be_a Adyen::HashWithAccessors
+    expect(response_hash).
+      to be_a_kind_of Hash
+    expect(response_hash.reference).
+      to eq("123456789")
+    expect(response_hash.pspReference).
+      to eq("12345")
+  end
+
+  it "makes a psp specific amountUpdates call" do
+    request_body = JSON.parse(json_from_file("mocks/requests/Checkout/amount_updates.json"))
+  
+    response_body = json_from_file("mocks/responses/Checkout/amount_updates.json")
+  
+    url = @shared_values[:client].service_url(@shared_values[:service], "payments/12345/amountUpdates", @shared_values[:client].checkout.version)
+    WebMock.stub_request(:post, url).
+      with(
+        body: request_body,
+        headers: {
+          "x-api-key" => @shared_values[:client].api_key
+        }
+      )
+      .to_return(body: response_body, status: 201)
+  
+    result = @shared_values[:client].checkout.modifications.amountUpdate("12345", request_body)
+    response_hash = result.response
+  
+    expect(result.status).
+      to eq(201)
+    expect(response_hash).
+      to eq(JSON.parse(response_body))
+    expect(response_hash).
+      to be_a Adyen::HashWithAccessors
+    expect(response_hash).
+      to be_a_kind_of Hash
+    expect(response_hash.reference).
+      to eq("123456789")
+    expect(response_hash.pspReference).
+      to eq("12345")
+  end
+
+  it "makes a generic cancel call" do
+    request_body = JSON.parse(json_from_file("mocks/requests/Checkout/generic_cancel.json"))
+  
+    response_body = json_from_file("mocks/responses/Checkout/generic_cancel.json")
+  
+    url = @shared_values[:client].service_url(@shared_values[:service], "cancels", @shared_values[:client].checkout.version)
+    WebMock.stub_request(:post, url).
+      with(
+        body: request_body,
+        headers: {
+          "x-api-key" => @shared_values[:client].api_key
+        }
+      )
+      .to_return(body: response_body, status: 201)
+  
+    result = @shared_values[:client].checkout.modifications.genericCancel(request_body)
+    response_hash = result.response
+  
+    expect(result.status).
+      to eq(201)
+    expect(response_hash).
+      to eq(JSON.parse(response_body))
+    expect(response_hash).
+      to be_a Adyen::HashWithAccessors
+    expect(response_hash).
+      to be_a_kind_of Hash
+    expect(response_hash.reference).
+      to eq("123456789")
+    expect(response_hash.pspReference).
+      to eq("12345")
+  end
+
+  it "makes a get storedPaymentMethods call" do
+    response_body = json_from_file("mocks/responses/Checkout/stored_payment_methods.json")
+
+    url = @shared_values[:client].service_url(@shared_values[:service], "storedPaymentMethods?merchantAccount=TestMerchantAccount&shopperReference=test-1234", @shared_values[:client].checkout.version)
+    WebMock.stub_request(:get, url).
+      with(
+        headers: {
+          "x-api-key" => @shared_values[:client].api_key
+        }
+      ).
+      to_return(
+        body: response_body
+      )
+
+    result = @shared_values[:client].checkout.stored_payment_methods.get({"merchantAccount" => "TestMerchantAccount", "shopperReference" => "test-1234"})
+    response_hash = result.response
+
+    expect(result.status).
+      to eq(200)
+    expect(response_hash).
+      to eq(JSON.parse(response_body))
+    expect(response_hash).
+      to be_a Adyen::HashWithAccessors
+    expect(response_hash).
+      to be_a_kind_of Hash
+    expect(response_hash["shopperReference"]).
+      to eq("test-1234")
+  end
+
+  it "makes a delete storedPaymentMethods call" do
+    response_body = json_from_file("mocks/responses/Checkout/stored_payment_methods.json")
+
+    url = @shared_values[:client].service_url(@shared_values[:service], "storedPaymentMethods/RL8FW7WZM6KXWD82?merchantAccount=TestMerchantAccount&shopperReference=test-1234", @shared_values[:client].checkout.version)
+    WebMock.stub_request(:delete, url).
+      with(
+        headers: {
+          "x-api-key" => @shared_values[:client].api_key
+        }
+      ).
+      to_return(
+        body: response_body
+      )
+
+    result = @shared_values[:client].checkout.stored_payment_methods.delete("RL8FW7WZM6KXWD82", {"merchantAccount" => "TestMerchantAccount", "shopperReference" => "test-1234"})
+    response_hash = result.response
+
+    expect(result.status).
+      to eq(200)
+  end
+
   # create client for automated tests
   client = create_client(:api_key)
 

data/spec/client_spec.rb

@@ -83,4 +83,31 @@ RSpec.describe Adyen do
     expect(client.service_url_base("Payment")).
       to eq("https://abcdef1234567890-TestCompany-pal-live.adyenpayments.com/pal/servlet")
   end
+
+  it "generates a new set of ConnectionOptions when none are provided" do
+    expect(Faraday::ConnectionOptions).to receive(:new).and_call_original
+    client = Adyen::Client.new(env: :test)
+  end
+
+  it "uses the ConnectionOptions provided" do
+    connection_options = Faraday::ConnectionOptions.new
+    expect(Faraday::ConnectionOptions).not_to receive(:new)
+    client = Adyen::Client.new(env: :test, connection_options: connection_options)
+  end
+
+  it "initiates a Faraday connection with the provided options" do
+    connection_options = Faraday::ConnectionOptions.new
+    expect(Faraday::ConnectionOptions).not_to receive(:new)
+    client = Adyen::Client.new(api_key: "api_key", env: :mock, connection_options: connection_options)
+
+    mock_faraday_connection = double(Faraday::Connection)
+    url = client.service_url(@shared_values[:service], "payments/details", client.checkout.version)
+    request_body = JSON.parse(json_from_file("mocks/requests/Checkout/payment-details.json"))
+    mock_response = Faraday::Response.new(status: 200)
+
+    expect(Adyen::AdyenResult).to receive(:new)
+    expect(Faraday).to receive(:new).with("http://localhost:3001/v70/payments/details", connection_options).and_return(mock_faraday_connection)
+    expect(mock_faraday_connection).to receive(:post).and_return(mock_response)
+    client.checkout.payments.details(request_body)
+  end
 end

data/spec/errors_spec.rb

@@ -33,7 +33,7 @@ RSpec.describe Adyen::AdyenError do
       expect(Adyen::AdyenError.new(@shared_values[:request], nil, nil, 'code').to_s).to eq("Adyen::AdyenError code:code, request:#{@shared_values[:request]}")
     end
     it 'uses the proper error class name' do
-      expect(Adyen::PermissionError.new('message', @shared_values[:request]).to_s).to eq("Adyen::PermissionError code:403, msg:message, request:#{@shared_values[:request]}")
+      expect(Adyen::PermissionError.new('message', @shared_values[:request], 'response').to_s).to eq("Adyen::PermissionError code:403, msg:message, request:#{@shared_values[:request]}, response:response")
     end
   end
   describe '#masking' do

data/spec/mocks/requests/Checkout/amount_updates.json

@@ -0,0 +1,22 @@
+{
+    "amount": {
+      "currency": "str",
+      "value": 0
+    },
+    "merchantAccount": "TestMerchant",
+    "reason": "delayedCharge",
+    "reference": "123456789",
+    "splits": [
+      {
+        "account": "string",
+        "amount": {
+          "currency": "str",
+          "value": 0
+        },
+        "description": "string",
+        "reference": "string",
+        "type": "BalanceAccount"
+      }
+    ]
+}
+  

data/spec/mocks/requests/Checkout/capture.json

@@ -0,0 +1,34 @@
+{
+    "amount": {
+      "currency": "str",
+      "value": 0
+    },
+    "lineItems": [
+      {
+        "amountExcludingTax": 0,
+        "amountIncludingTax": 0,
+        "description": "string",
+        "id": "string",
+        "imageUrl": "string",
+        "itemCategory": "string",
+        "productUrl": "string",
+        "quantity": 0,
+        "taxAmount": 0,
+        "taxPercentage": 0
+      }
+    ],
+    "merchantAccount": "string",
+    "reference": "string",
+    "splits": [
+      {
+        "account": "string",
+        "amount": {
+          "currency": "str",
+          "value": 0
+        },
+        "description": "string",
+        "reference": "string",
+        "type": "BalanceAccount"
+      }
+    ]
+}

data/spec/mocks/requests/Checkout/generic_cancel.json

@@ -0,0 +1,5 @@
+{
+    "merchantAccount": "TestMerchant",
+    "paymentReference": "12345",
+    "reference": "123456789"
+}

data/spec/mocks/requests/Checkout/psp_cancel.json

@@ -0,0 +1,4 @@
+{
+    "merchantAccount": "TestMerchant",
+    "reference": "123456789"
+}

data/spec/mocks/requests/Checkout/refund.json

@@ -0,0 +1,34 @@
+{
+    "amount": {
+      "currency": "str",
+      "value": 0
+    },
+    "lineItems": [
+      {
+        "amountExcludingTax": 0,
+        "amountIncludingTax": 0,
+        "description": "string",
+        "id": "string",
+        "imageUrl": "string",
+        "itemCategory": "string",
+        "productUrl": "string",
+        "quantity": 0,
+        "taxAmount": 0,
+        "taxPercentage": 0
+      }
+    ],
+    "merchantAccount": "TestMerchant",
+    "reference": "123456789",
+    "splits": [
+      {
+        "account": "string",
+        "amount": {
+          "currency": "str",
+          "value": 0
+        },
+        "description": "string",
+        "reference": "string",
+        "type": "BalanceAccount"
+      }
+    ]
+}

data/spec/mocks/responses/Checkout/amount_updates.json

@@ -0,0 +1,24 @@
+{
+    "amount": {
+      "currency": "str",
+      "value": 0
+    },
+    "merchantAccount": "TestMerchant",
+    "paymentPspReference": "123456789",
+    "pspReference": "12345",
+    "reason": "delayedCharge",
+    "reference": "123456789",
+    "splits": [
+      {
+        "account": "string",
+        "amount": {
+          "currency": "str",
+          "value": 0
+        },
+        "description": "string",
+        "reference": "string",
+        "type": "BalanceAccount"
+      }
+    ],
+    "status": "received"
+}

data/spec/mocks/responses/Checkout/capture.json

@@ -0,0 +1,37 @@
+{
+    "amount": {
+      "currency": "str",
+      "value": 0
+    },
+    "lineItems": [
+      {
+        "amountExcludingTax": 0,
+        "amountIncludingTax": 0,
+        "description": "string",
+        "id": "string",
+        "imageUrl": "string",
+        "itemCategory": "string",
+        "productUrl": "string",
+        "quantity": 0,
+        "taxAmount": 0,
+        "taxPercentage": 0
+      }
+    ],
+    "merchantAccount": "string",
+    "paymentPspReference": "string",
+    "pspReference": "12345",
+    "reference": "123456789",
+    "splits": [
+      {
+        "account": "string",
+        "amount": {
+          "currency": "str",
+          "value": 0
+        },
+        "description": "string",
+        "reference": "string",
+        "type": "BalanceAccount"
+      }
+    ],
+    "status": "received"
+}

data/spec/mocks/responses/Checkout/generic_cancel.json

@@ -0,0 +1,7 @@
+{
+    "merchantAccount": "string",
+    "paymentReference": "123456789",
+    "pspReference": "12345",
+    "reference": "123456789",
+    "status": "received"
+}

data/spec/mocks/responses/Checkout/psp_cancel.json

@@ -0,0 +1,7 @@
+{
+    "merchantAccount": "TestMerchant",
+    "paymentPspReference": "string",
+    "pspReference": "12345",
+    "reference": "123456789",
+    "status": "received"
+}

data/spec/mocks/responses/Checkout/refund.json

@@ -0,0 +1,37 @@
+{
+    "amount": {
+      "currency": "str",
+      "value": 0
+    },
+    "lineItems": [
+      {
+        "amountExcludingTax": 0,
+        "amountIncludingTax": 0,
+        "description": "string",
+        "id": "string",
+        "imageUrl": "string",
+        "itemCategory": "string",
+        "productUrl": "string",
+        "quantity": 0,
+        "taxAmount": 0,
+        "taxPercentage": 0
+      }
+    ],
+    "merchantAccount": "TestMerchant",
+    "paymentPspReference": "123456789",
+    "pspReference": "12345",
+    "reference": "123456789",
+    "splits": [
+      {
+        "account": "string",
+        "amount": {
+          "currency": "str",
+          "value": 0
+        },
+        "description": "string",
+        "reference": "string",
+        "type": "BalanceAccount"
+      }
+    ],
+    "status": "received"
+}

data/spec/mocks/responses/Checkout/stored_payment_methods.json

@@ -0,0 +1 @@
+{"merchantAccount":"TestMerchantAccount", "shopperReference":"test-1234"}

data/spec/mocks/responses/Webhooks/backslash_notification.json

@@ -0,0 +1,41 @@
+{
+  "additionalData": {
+    "acquirerCode": "TestPmmAcquirer",
+    "acquirerReference": "DZMKWLXW6N6",
+    "authCode": "076181",
+    "avsResult": "5 No AVS data provided",
+    "avsResultRaw": "5",
+    "cardSummary": "1111",
+    "checkout.cardAddedBrand": "visa",
+    "cvcResult": "1 Matches",
+    "cvcResultRaw": "M",
+    "expiryDate": "03/2030",
+    "hmacSignature": "nIgT81gaB5oJpn2jPXupDq68iRo2wUlBsuYjtYfwKqo=",
+    "paymentMethod": "visa",
+    "refusalReasonRaw": "AUTHORISED",
+    "retry.attempt1.acquirer": "TestPmmAcquirer",
+    "retry.attempt1.acquirerAccount": "TestPmmAcquirerAccount",
+    "retry.attempt1.avsResultRaw": "5",
+    "retry.attempt1.rawResponse": "AUTHORISED",
+    "retry.attempt1.responseCode": "Approved",
+    "retry.attempt1.scaExemptionRequested": "lowValue",
+    "scaExemptionRequested": "lowValue"
+  },
+  "amount": {
+    "currency": "EUR",
+    "value": 1000
+  },
+  "eventCode": "AUTHORISATION",
+  "eventDate": "2023-01-09T16:27:29+01:00",
+  "merchantAccountCode": "AntoniStroinski",
+  "merchantReference": "\\\\slashes are fun",
+  "operations": [
+    "CANCEL",
+    "CAPTURE",
+    "REFUND"
+  ],
+  "paymentMethod": "visa",
+  "pspReference": "T7FD4VM4D3RZNN82",
+  "reason": "076181:1111:03/2030",
+  "success": "true"
+}

data/spec/mocks/responses/Webhooks/colon_notification.json

@@ -0,0 +1,41 @@
+{
+    "additionalData": {
+      "acquirerCode": "TestPmmAcquirer",
+      "acquirerReference": "8NQH5BNF58M",
+      "authCode": "039404",
+      "avsResult": "5 No AVS data provided",
+      "avsResultRaw": "5",
+      "cardSummary": "1111",
+      "checkout.cardAddedBrand": "visa",
+      "cvcResult": "1 Matches",
+      "cvcResultRaw": "M",
+      "expiryDate": "03/2030",
+      "hmacSignature": "2EQYm7YJpKO4EtHSPu55SQTyWf8dkW5u2nD1tJFpViA=",
+      "paymentMethod": "visa",
+      "refusalReasonRaw": "AUTHORISED",
+      "retry.attempt1.acquirer": "TestPmmAcquirer",
+      "retry.attempt1.acquirerAccount": "TestPmmAcquirerAccount",
+      "retry.attempt1.avsResultRaw": "5",
+      "retry.attempt1.rawResponse": "AUTHORISED",
+      "retry.attempt1.responseCode": "Approved",
+      "retry.attempt1.scaExemptionRequested": "lowValue",
+      "scaExemptionRequested": "lowValue"
+    },
+    "amount": {
+      "currency": "EUR",
+      "value": 1000
+    },
+    "eventCode": "AUTHORISATION",
+    "eventDate": "2023-01-10T13:40:54+01:00",
+    "merchantAccountCode": "AntoniStroinski",
+    "merchantReference": ":slashes are fun",
+    "operations": [
+      "CANCEL",
+      "CAPTURE",
+      "REFUND"
+    ],
+    "paymentMethod": "visa",
+    "pspReference": "M8NB66SBZSGLNK82",
+    "reason": "039404:1111:03/2030",
+    "success": "true"
+  }

data/spec/mocks/responses/Webhooks/forwardslash_notification.json

@@ -0,0 +1,41 @@
+{
+    "amount": {
+      "value": 1000,
+      "currency": "EUR"
+    },
+    "reason": "087330:1111:03/2030",
+    "success": "true",
+    "eventCode": "AUTHORISATION",
+    "eventDate": "2023-01-10T13:37:30+01:00",
+    "operations": [
+      "CANCEL",
+      "CAPTURE",
+      "REFUND"
+    ],
+    "pspReference": "X3GWNS6KJ8NKGK82",
+    "paymentMethod": "visa",
+    "additionalData": {
+      "authCode": "087330",
+      "avsResult": "5 No AVS data provided",
+      "cvcResult": "1 Matches",
+      "expiryDate": "03/2030",
+      "cardSummary": "1111",
+      "acquirerCode": "TestPmmAcquirer",
+      "avsResultRaw": "5",
+      "cvcResultRaw": "M",
+      "hmacSignature": "9Z0xdpG9Xi3zcmXv14t/BvMBut77O/Xq9D4CQXSDUi4=",
+      "paymentMethod": "visa",
+      "refusalReasonRaw": "AUTHORISED",
+      "acquirerReference": "HHCCC326PH6",
+      "scaExemptionRequested": "lowValue",
+      "checkout.cardAddedBrand": "visa",
+      "retry.attempt1.acquirer": "TestPmmAcquirer",
+      "retry.attempt1.rawResponse": "AUTHORISED",
+      "retry.attempt1.avsResultRaw": "5",
+      "retry.attempt1.responseCode": "Approved",
+      "retry.attempt1.acquirerAccount": "TestPmmAcquirerAccount",
+      "retry.attempt1.scaExemptionRequested": "lowValue"
+    },
+    "merchantReference": "//slashes are fun",
+    "merchantAccountCode": "AntoniStroinski"
+  }

data/spec/mocks/responses/Webhooks/mixed_notification.json

@@ -0,0 +1,41 @@
+{
+    "additionalData": {
+      "acquirerCode": "TestPmmAcquirer",
+      "acquirerReference": "J8DXDJ2PV6P",
+      "authCode": "052095",
+      "avsResult": "5 No AVS data provided",
+      "avsResultRaw": "5",
+      "cardSummary": "1111",
+      "checkout.cardAddedBrand": "visa",
+      "cvcResult": "1 Matches",
+      "cvcResultRaw": "M",
+      "expiryDate": "03/2030",
+      "hmacSignature": "CZErGCNQaSsxbaQfZaJlakqo7KPP+mIa8a+wx3yNs9A=",
+      "paymentMethod": "visa",
+      "refusalReasonRaw": "AUTHORISED",
+      "retry.attempt1.acquirer": "TestPmmAcquirer",
+      "retry.attempt1.acquirerAccount": "TestPmmAcquirerAccount",
+      "retry.attempt1.avsResultRaw": "5",
+      "retry.attempt1.rawResponse": "AUTHORISED",
+      "retry.attempt1.responseCode": "Approved",
+      "retry.attempt1.scaExemptionRequested": "lowValue",
+      "scaExemptionRequested": "lowValue"
+    },
+    "amount": {
+      "currency": "EUR",
+      "value": 1000
+    },
+    "eventCode": "AUTHORISATION",
+    "eventDate": "2023-01-10T13:42:29+01:00",
+    "merchantAccountCode": "AntoniStroinski",
+    "merchantReference": "\\:/\\/slashes are fun",
+    "operations": [
+      "CANCEL",
+      "CAPTURE",
+      "REFUND"
+    ],
+    "paymentMethod": "visa",
+    "pspReference": "ZVWN7D3WSMK2WN82",
+    "reason": "052095:1111:03/2030",
+    "success": "true"
+  }

data/spec/utils/hmac_validator_spec.rb

@@ -28,12 +28,6 @@ RSpec.describe Adyen::Utils::HmacValidator do
       expect(data_to_sign).to eq '7914073381342284::TestMerchant:TestPayment-1407325143704:1130:EUR:AUTHORISATION:true'
     end
 
-    it 'should get correct data with escaped characters' do
-      notification_request_item['merchantAccountCode'] = 'Test:\\Merchant'
-      data_to_sign = validator.data_to_sign(notification_request_item)
-      expect(data_to_sign).to eq '7914073381342284::Test\\:\\Merchant:TestPayment-1407325143704:1130:EUR:AUTHORISATION:true'
-    end
-
     it 'should encrypt properly' do
       encrypted = validator.calculate_notification_hmac(notification_request_item, key)
       expect(encrypted).to eq expected_sign
@@ -48,5 +42,25 @@ RSpec.describe Adyen::Utils::HmacValidator do
 
       expect(validator.valid_notification_hmac?(notification_request_item, key)).to be false
     end
+
+    it 'should validate backslashes correctly' do
+      webhook = JSON.parse(json_from_file("mocks/responses/Webhooks/backslash_notification.json"))
+      expect(validator.valid_notification_hmac?(webhook, '74F490DD33F7327BAECC88B2947C011FC02D014A473AAA33A8EC93E4DC069174')).to be true
+    end
+
+    it 'should validate colons correctly' do
+      webhook = JSON.parse(json_from_file("mocks/responses/Webhooks/colon_notification.json"))
+      expect(validator.valid_notification_hmac?(webhook, '74F490DD33F7327BAECC88B2947C011FC02D014A473AAA33A8EC93E4DC069174')).to be true
+    end
+
+    it 'should validate forward slashes correctly' do
+      webhook = JSON.parse(json_from_file("mocks/responses/Webhooks/forwardslash_notification.json"))
+      expect(validator.valid_notification_hmac?(webhook, '74F490DD33F7327BAECC88B2947C011FC02D014A473AAA33A8EC93E4DC069174')).to be true
+    end
+
+    it 'should validate mix of slashes and colon correctly' do
+      webhook = JSON.parse(json_from_file("mocks/responses/Webhooks/mixed_notification.json"))
+      expect(validator.valid_notification_hmac?(webhook, '74F490DD33F7327BAECC88B2947C011FC02D014A473AAA33A8EC93E4DC069174')).to be true
+    end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: adyen-ruby-api-library
 version: !ruby/object:Gem::Version
-  version: 6.1.0
+  version: 6.3.0
 platform: ruby
 authors:
 - Adyen
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-08-12 00:00:00.000000000 Z
+date: 2023-03-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -81,7 +81,9 @@ files:
 - ".github/ISSUE_TEMPLATE/feature_request.md"
 - ".github/PULL_REQUEST_TEMPLATE.md"
 - ".github/dependabot.yml"
+- ".github/workflows/codeql.yml"
 - ".github/workflows/ruby.yml"
+- ".github/workflows/rubygems_release.yml"
 - ".gitignore"
 - CODE_OF_CONDUCT.md
 - CONTRIBUTING.md
@@ -153,7 +155,11 @@ files:
 - spec/mocks/requests/Account/upload_document.json
 - spec/mocks/requests/BinLookup/get_3ds_availability.json
 - spec/mocks/requests/BinLookup/get_cost_estimate.json
+- spec/mocks/requests/Checkout/amount_updates.json
 - spec/mocks/requests/Checkout/apple_pay_sessions.json
+- spec/mocks/requests/Checkout/capture.json
+- spec/mocks/requests/Checkout/generic_cancel.json
+- spec/mocks/requests/Checkout/modifications_request.json
 - spec/mocks/requests/Checkout/orders.json
 - spec/mocks/requests/Checkout/orders_cancel.json
 - spec/mocks/requests/Checkout/origin_keys.json
@@ -164,6 +170,8 @@ files:
 - spec/mocks/requests/Checkout/payment_methods_balance.json
 - spec/mocks/requests/Checkout/payment_session.json
 - spec/mocks/requests/Checkout/payments.json
+- spec/mocks/requests/Checkout/psp_cancel.json
+- spec/mocks/requests/Checkout/refund.json
 - spec/mocks/requests/Checkout/sessions.json
 - spec/mocks/requests/Checkout/verify.json
 - spec/mocks/requests/DataProtectionService/request_subject_erasure.json
@@ -230,8 +238,12 @@ files:
 - spec/mocks/responses/Account/upload_document.json
 - spec/mocks/responses/BinLookup/get_3ds_availability.json
 - spec/mocks/responses/BinLookup/get_cost_estimate.json
+- spec/mocks/responses/Checkout/amount_updates.json
 - spec/mocks/responses/Checkout/apple_pay_sessions.json
+- spec/mocks/responses/Checkout/capture.json
+- spec/mocks/responses/Checkout/generic_cancel.json
 - spec/mocks/responses/Checkout/get-payment-link.json
+- spec/mocks/responses/Checkout/modifications.json
 - spec/mocks/responses/Checkout/orders.json
 - spec/mocks/responses/Checkout/orders_cancel.json
 - spec/mocks/responses/Checkout/origin_keys.json
@@ -242,7 +254,10 @@ files:
 - spec/mocks/responses/Checkout/payment_methods_balance.json
 - spec/mocks/responses/Checkout/payment_session.json
 - spec/mocks/responses/Checkout/payments.json
+- spec/mocks/responses/Checkout/psp_cancel.json
+- spec/mocks/responses/Checkout/refund.json
 - spec/mocks/responses/Checkout/sessions-success.json
+- spec/mocks/responses/Checkout/stored_payment_methods.json
 - spec/mocks/responses/Checkout/update-payment-link.json
 - spec/mocks/responses/Checkout/verify.json
 - spec/mocks/responses/DataProtectionService/request_subject_erasure.json
@@ -290,6 +305,10 @@ files:
 - spec/mocks/responses/Terminal/assign_terminals.json
 - spec/mocks/responses/Terminal/find_terminal.json
 - spec/mocks/responses/Terminal/get_terminals_under_account.json
+- spec/mocks/responses/Webhooks/backslash_notification.json
+- spec/mocks/responses/Webhooks/colon_notification.json
+- spec/mocks/responses/Webhooks/forwardslash_notification.json
+- spec/mocks/responses/Webhooks/mixed_notification.json
 - spec/notification_spec.rb
 - spec/payments_spec.rb
 - spec/payouts_spec.rb