adyen-ruby-api-library 4.0.0 → 4.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 57203cec793176b8f389062f66cf734dcc43e183
-  data.tar.gz: 6680ea0897e40cad89569ed46c841dcf45b900a4
+  metadata.gz: 50ac4158ef06b200711ce1b69d7b6c12cad0df4b
+  data.tar.gz: 338fbfd9fed83cd6a3569dd1f706fdf439e259c1
 SHA512:
-  metadata.gz: 16075771ada5ca4afb71c798e7823fcd1c2b162a6d0d21919b0a3ea8db301ec5379525c726ebc3d71b0b39d87ada719b539b7457fe927a5aa6ef4754b7dca3be
-  data.tar.gz: 968d9f0cb9a426ce89d8bc17a00cdf50766f1f48dacbb58a1966e3d29ae5fe99a3e784e6d0f40fa86f4f0ef5bfad27576124ad1504746e121af9998abd06f8a1
+  metadata.gz: c71dfcff2e34dd0244abdd56da08a0ab430b608de4fc095a472711a69269c416ffcee0b6021ed0db56bff3b8a5d1fc25e1fe13bac4f0c844367a61498ad6de1b
+  data.tar.gz: 9ea5ee2a69f6de0523ba4fff25975202583bdf3d1218a8cda8d0abe978b57e30158cccd4bb94921c928531ce40442df067089cdb74a066567a4f2cd1f526bcf5

data/lib/adyen-ruby-api-library.rb

@@ -8,6 +8,8 @@ require_relative "adyen/services/payouts"
 require_relative "adyen/services/recurring"
 require_relative "adyen/services/marketpay"
 require_relative "adyen/services/service"
+require_relative "adyen/hash_with_accessors"
+require_relative "adyen/utils/hmac_validator"
 
 # add snake case to camel case converter to String
 # to convert rubinic method names to Adyen API methods

data/lib/adyen/client.rb

@@ -2,7 +2,6 @@ require "faraday"
 require "json"
 require_relative "./errors"
 require_relative "./result"
-require_relative "./util"
 
 module Adyen
   class Client

data/lib/adyen/hash_with_accessors.rb

@@ -0,0 +1,38 @@
+# This utility method inherits from Hash, but allows keys to be read
+# and updated with dot notation. Usage is entirely optional (i.e.,  hash values
+# can still be accessed via symbol and string keys).
+#
+# Based on: https://gist.github.com/winfred/2185384#file-ruby-dot-hash-access-rb
+module Adyen
+  class HashWithAccessors < Hash
+    def method_missing(method, *args)
+      string_key = method.to_s.sub(/=\z/, '')
+      sym_key = string_key.to_sym
+
+      key = if has_key?(string_key)
+        string_key
+      elsif has_key?(sym_key)
+        sym_key
+      end
+
+      return super unless key
+
+      assignment = sym_key != method
+
+      if assignment
+        raise ArgumentError, "wrong number of arguments (given #{args.size}, expected 1)" unless args.size == 1
+
+        self[key] = args.first
+      else
+        raise ArgumentError, "wrong number of arguments (given #{args.size}, expected 0)" unless args.size == 0
+
+        self[key]
+      end
+    end
+
+    def respond_to_missing?(method, include_private = false)
+      string_key = method.to_s.sub(/=\z/, '')
+      has_key?(string_key) || has_key?(string_key.to_sym) || super
+    end
+  end
+end

data/lib/adyen/result.rb

@@ -5,11 +5,11 @@ module Adyen
     attr_reader :response, :header, :status
 
     def initialize(response, header, status)
-      @response = JSON.parse(response)
+      @response = JSON.parse(response, object_class: HashWithAccessors)
 
       # `header` in Faraday response is not a JSON string, but rather a
       # Faraday `Headers` object. Convert first before parsing
-      @header = JSON.parse(header.to_json)
+      @header = JSON.parse(header.to_json, object_class: HashWithAccessors)
       @status = status
     end
   end

data/lib/adyen/services/service.rb

@@ -2,6 +2,15 @@ module Adyen
   class Service
     attr_accessor :service, :version
 
+    # add snake case to camel case converter to String
+    # to convert rubinic method names to Adyen API methods
+    #
+    # i.e. snake_case -> snakeCase
+    # note that the first letter is not capitalized as normal
+    def self.action_for_method_name(method_name)
+      method_name.to_s.gsub(/_./) { |x| x[1].upcase }
+    end
+
     def initialize(client, version, service, method_names)
       @client = client
       @version = version
@@ -10,7 +19,7 @@ module Adyen
       # dynamically create API methods
       method_names.each do |method_name|
         define_singleton_method method_name do |request, headers = {}|
-          action = method_name.to_s.to_camel_case
+          action = self.class.action_for_method_name(method_name)
           @client.call_adyen_api(@service, action, request, headers, @version)
         end
       end

data/lib/adyen/utils/hmac_validator.rb

@@ -0,0 +1,48 @@
+module Adyen
+  module Utils
+    class HmacValidator
+      HMAC_ALGORITHM = 'sha256'.freeze
+      DATA_SEPARATOR = ':'.freeze
+      NOTIFICATION_VALIDATION_KEYS = %w[
+        pspReference originalReference merchantAccountCode merchantReference
+        amount.value amount.currency eventCode success
+      ].freeze
+
+      def valid_notification_hmac?(notification_request_item, hmac_key)
+        expected_sign = calculate_notification_hmac(notification_request_item, hmac_key)
+        merchant_sign = fetch(notification_request_item, 'additionalData.hmacSignature')
+
+        expected_sign == merchant_sign
+      end
+
+      def calculate_notification_hmac(notification_request_item, hmac_key)
+        data = data_to_sign(notification_request_item)
+
+        Base64.strict_encode64(OpenSSL::HMAC.digest(HMAC_ALGORITHM, [hmac_key].pack('H*'), data))
+      end
+
+      def data_to_sign(notification_request_item)
+        NOTIFICATION_VALIDATION_KEYS.map { |key| fetch(notification_request_item, key).to_s }
+                                    .map { |value| value.gsub('\\', '\\\\').gsub(':', '\\:') }
+                                    .join(DATA_SEPARATOR)
+      end
+
+      private
+
+      def fetch(hash, keys)
+        value = hash
+
+        keys.to_s.split('.').each do |key|
+          value = if key.to_i.to_s == key
+                    value[key.to_i]
+                  else
+                    value[key].nil? ? value[key.to_sym] : value[key]
+                  end
+          break if value.nil?
+        end
+
+        value
+      end
+    end
+  end
+end

data/lib/adyen/version.rb

@@ -1,4 +1,4 @@
-  module Adyen
+module Adyen
   NAME = "adyen-ruby-api-library"
-  VERSION = "4.0.0".freeze
+  VERSION = "4.0.1".freeze
 end

data/spec/checkout_spec.rb

@@ -57,10 +57,14 @@ RSpec.describe Adyen::Checkout, service: "checkout" do
       to eq(200)
     expect(response_hash).
       to eq(JSON.parse(response_body))
-    expect(response_hash.class).
-      to be Hash
+    expect(response_hash).
+      to be_a Adyen::HashWithAccessors
+    expect(response_hash).
+      to be_a_kind_of Hash
     expect(response_hash["resultCode"]).
       to eq("RedirectShopper")
+    expect(response_hash.resultCode).
+      to eq("RedirectShopper")
   end
 
   # must be created manually due to payments/result format
@@ -89,10 +93,14 @@ RSpec.describe Adyen::Checkout, service: "checkout" do
       to eq(200)
     expect(response_hash).
       to eq(JSON.parse(response_body))
-    expect(response_hash.class).
-      to be Hash
+    expect(response_hash).
+      to be_a Adyen::HashWithAccessors
+    expect(response_hash).
+      to be_a_kind_of Hash
     expect(response_hash["resultCode"]).
       to eq("Authorised")
+    expect(response_hash.resultCode).
+      to eq("Authorised")
   end
 
   # create client for automated tests

data/spec/checkout_utility_spec.rb

@@ -19,8 +19,10 @@ RSpec.describe Adyen::CheckoutUtility, service: "checkout utility" do
   # must be created manually because every field in the response is an array
   it "makes an origin_keys call" do
     parsed_body = create_test(@shared_values[:client], @shared_values[:service], "origin_keys", @shared_values[:client].checkout_utility)
-    expect(parsed_body["originKeys"].class).
-      to be Hash
+    expect(parsed_body["originKeys"]).
+      to be_a Adyen::HashWithAccessors
+    expect(parsed_body["originKeys"]).
+      to be_a_kind_of Hash
   end
 end
 

data/spec/hash_with_accessors_spec.rb

@@ -0,0 +1,127 @@
+require 'spec_helper'
+
+RSpec.describe Adyen::HashWithAccessors do
+  shared_examples :hash_with_accessors do
+    subject do
+      h = described_class.new
+      h[key] = 1
+      h
+    end
+
+    it 'returns values of a hashes' do
+      expect(subject.arbitrary_accessor).to be 1
+    end
+
+    it 'can assign existing values' do
+      subject.arbitrary_accessor = 2
+      expect(subject.arbitrary_accessor).to be 2
+      expect(subject[key]).to be 2
+    end
+
+    it 'complains if there are arguments for the accessor' do
+      expect { subject.arbitrary_accessor(1) }.to raise_error(ArgumentError, 'wrong number of arguments (given 1, expected 0)')
+      expect { subject.arbitrary_accessor(1, 2) }.to raise_error(ArgumentError, 'wrong number of arguments (given 2, expected 0)')
+    end
+
+    it 'complains if there are arguments for the accessor =' do
+      # using send because i'm not sure how to do this wrong with normal ruby setter calling.
+      # just here for completeness
+      expect { subject.send(:arbitrary_accessor=) }.to raise_error(ArgumentError, 'wrong number of arguments (given 0, expected 1)')
+      expect { subject.send(:arbitrary_accessor=, 1, 2) }.to raise_error(ArgumentError, 'wrong number of arguments (given 2, expected 1)')
+    end
+
+    it 'responds to the accessor' do
+      expect(subject).to respond_to(:arbitrary_accessor)
+      expect(subject).to respond_to(:arbitrary_accessor=)
+      expect(subject).to_not respond_to(:another_accessor)
+      expect(subject).to_not respond_to(:another_accessor=)
+    end
+
+    it "raises when the key doesn't exist" do
+      expect { subject.another_accessor }.to raise_error(NoMethodError)
+      expect { subject.another_accessor = 1 }.to raise_error(NoMethodError)
+    end
+  end
+
+  context 'with a string key' do
+    let(:key) { 'arbitrary_accessor' }
+
+    it_behaves_like :hash_with_accessors
+  end
+
+  context 'with a symbol key' do
+    let(:key) { :arbitrary_accessor }
+
+    it_behaves_like :hash_with_accessors
+  end
+
+  context 'with a conflicting key' do
+    subject do
+      h = described_class.new
+      h['keys'] = 'not the keys'
+      h
+    end
+
+    it "does original thing if there'd be a conflict" do
+      expect(subject.keys).to eq ['keys'] # the default behaviour
+      expect(subject['keys']).to eq 'not the keys'
+    end
+
+    it 'still does the writer thing even if the reader is defined' do
+      subject.keys = 'written keys'
+      expect(subject['keys']).to eq 'written keys'
+      expect(subject.keys).to eq ['keys']
+    end
+  end
+
+  context 'with some other method missing defined' do
+    # this test setup is kind of janky,
+    # but we want to confirm super is set up correctly
+    # We could do a lot more house-keeping if we weren't sure Hash doesn't
+    # define its own method_missing and respond_to_missing? by default,
+    # and there was any particular reason to clean up properly and remove our
+    # called_super method from Hash.
+
+    before(:all) do
+      class Hash
+        def called_super(*args)
+        end
+
+        def method_missing(*args)
+          called_super(:method_missing, *args)
+          super
+        end
+
+        def respond_to_missing?(*args)
+          called_super(:respond_to_missing?, *args)
+          super
+        end
+      end
+    end
+
+    subject do
+      h = described_class.new
+      h[:my_accessor] = 1
+      h
+    end
+
+    it 'can fall back to another respond_to_missing?' do
+      expect(subject).to_not receive(:called_super).with(:respond_to_missing?, :my_accessor, false)
+      expect(subject).to respond_to(:my_accessor)
+      expect(subject).to receive(:called_super).with(:respond_to_missing?, :literally_anything, false)
+      expect(subject.respond_to?(:literally_anything)).to be false
+    end
+
+    it 'can fall back to another method_missing' do
+      expect(subject).to_not receive(:called_super).with(:method_missing, :my_accessor)
+      expect(subject.my_accessor).to be 1
+      expect(subject).to receive(:called_super).with(:method_missing, :something_else)
+      expect { subject.something_else }.to raise_error(NoMethodError)
+    end
+
+  end
+
+  it "doesn't modify all hashes" do
+    expect { {a: 1}.a }.to raise_error(NoMethodError)
+  end
+end

data/spec/service_spec.rb

@@ -0,0 +1,42 @@
+require 'spec_helper'
+
+RSpec.describe Adyen::Service do
+  describe '.action_for_method_name' do
+    it 'handles all methods that exist currently' do
+      expect(described_class.action_for_method_name(:adjust_authorisation)).to eq 'adjustAuthorisation'
+      expect(described_class.action_for_method_name(:authorise)).to eq 'authorise'
+      expect(described_class.action_for_method_name(:authorise3d)).to eq 'authorise3d'
+      expect(described_class.action_for_method_name(:authorise3ds2)).to eq 'authorise3ds2'
+      expect(described_class.action_for_method_name(:cancel)).to eq 'cancel'
+      expect(described_class.action_for_method_name(:cancel_or_refund)).to eq 'cancelOrRefund'
+      expect(described_class.action_for_method_name(:capture)).to eq 'capture'
+      expect(described_class.action_for_method_name(:close_account)).to eq 'closeAccount'
+      expect(described_class.action_for_method_name(:close_account_holder)).to eq 'closeAccountHolder'
+      expect(described_class.action_for_method_name(:confirm_third_party)).to eq 'confirmThirdParty'
+      expect(described_class.action_for_method_name(:create_account)).to eq 'createAccount'
+      expect(described_class.action_for_method_name(:create_account_holder)).to eq 'createAccountHolder'
+      expect(described_class.action_for_method_name(:decline_third_party)).to eq 'declineThirdParty'
+      expect(described_class.action_for_method_name(:delete_bank_accounts)).to eq 'deleteBankAccounts'
+      expect(described_class.action_for_method_name(:delete_shareholders)).to eq 'deleteShareholders'
+      expect(described_class.action_for_method_name(:disable)).to eq 'disable'
+      expect(described_class.action_for_method_name(:get_account_holder)).to eq 'getAccountHolder'
+      expect(described_class.action_for_method_name(:get_tier_configuration)).to eq 'getTierConfiguration'
+      expect(described_class.action_for_method_name(:get_uploaded_documents)).to eq 'getUploadedDocuments'
+      expect(described_class.action_for_method_name(:list_recurring_details)).to eq 'listRecurringDetails'
+      expect(described_class.action_for_method_name(:origin_keys)).to eq 'originKeys'
+      expect(described_class.action_for_method_name(:payment_methods)).to eq 'paymentMethods'
+      expect(described_class.action_for_method_name(:payment_session)).to eq 'paymentSession'
+      expect(described_class.action_for_method_name(:refund)).to eq 'refund'
+      expect(described_class.action_for_method_name(:store_detail)).to eq 'storeDetail'
+      expect(described_class.action_for_method_name(:store_detail_and_submit_third_party)).to eq 'storeDetailAndSubmitThirdParty'
+      expect(described_class.action_for_method_name(:store_token)).to eq 'storeToken'
+      expect(described_class.action_for_method_name(:submit_third_party)).to eq 'submitThirdParty'
+      expect(described_class.action_for_method_name(:suspend_account_holder)).to eq 'suspendAccountHolder'
+      expect(described_class.action_for_method_name(:un_suspend_account_holder)).to eq 'unSuspendAccountHolder'
+      expect(described_class.action_for_method_name(:update_account)).to eq 'updateAccount'
+      expect(described_class.action_for_method_name(:update_account_holder)).to eq 'updateAccountHolder'
+      expect(described_class.action_for_method_name(:update_account_holder_state)).to eq 'updateAccountHolderState'
+      expect(described_class.action_for_method_name(:upload_document)).to eq 'uploadDocument'
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -39,7 +39,8 @@ def create_test(client, service, method_name, parent_object)
   end
 
   # stub request
-  url = client.service_url(service, method_name.to_camel_case, parent_object.version)
+  action = Adyen::Service.action_for_method_name(method_name)
+  url = client.service_url(service, action, parent_object.version)
   WebMock.stub_request(:post, url).
     with(
       body: request_body,
@@ -50,7 +51,7 @@ def create_test(client, service, method_name, parent_object)
     )
   result = parent_object.public_send(method_name, request_body)
 
-  # result.response is already a Ruby hash (rather than an unparsed JSON string)
+  # result.response is already a Ruby object (Adyen::HashWithAccessors) (rather than an unparsed JSON string)
   response_hash = result.response
 
   # boilerplate error checks
@@ -58,8 +59,10 @@ def create_test(client, service, method_name, parent_object)
     to eq(200)
   expect(response_hash).
     to eq(JSON.parse(response_body))
-  expect(response_hash.class).
-    to be Hash
+  expect(response_hash).
+    to be_a Adyen::HashWithAccessors
+  expect(response_hash).
+    to be_a_kind_of Hash
 
   response_hash
 end

data/spec/utils/hmac_validator_spec.rb

@@ -0,0 +1,52 @@
+require 'spec_helper'
+
+RSpec.describe Adyen::Utils::HmacValidator do
+  let(:validator) { described_class.new }
+  let(:key) { '44782DEF547AAA06C910C43932B1EB0C71FC68D9D0C057550C48EC2ACF6BA056' }
+  let(:expected_sign) { 'coqCmt/IZ4E3CzPvMY8zTjQVL5hYJUiBRg8UU+iCWo0=' }
+  let(:notification_request_item) do
+    {
+      additionalData: {
+        hmacSignature: expected_sign
+      },
+      amount: {
+        value: 1130,
+        currency: 'EUR'
+      },
+      pspReference: '7914073381342284',
+      eventCode: 'AUTHORISATION',
+      merchantAccountCode: 'TestMerchant',
+      merchantReference: 'TestPayment-1407325143704',
+      paymentMethod: 'visa',
+      success: 'true'
+    }
+  end
+
+  describe 'HMAC Validator' do
+    it 'should get correct data' do
+      data_to_sign = validator.data_to_sign(notification_request_item)
+      expect(data_to_sign).to eq '7914073381342284::TestMerchant:TestPayment-1407325143704:1130:EUR:AUTHORISATION:true'
+    end
+
+    it 'should get correct data with escaped characters' do
+      notification_request_item['merchantAccountCode'] = 'Test:\\Merchant'
+      data_to_sign = validator.data_to_sign(notification_request_item)
+      expect(data_to_sign).to eq '7914073381342284::Test\\:\\Merchant:TestPayment-1407325143704:1130:EUR:AUTHORISATION:true'
+    end
+
+    it 'should encrypt properly' do
+      encrypted = validator.calculate_notification_hmac(notification_request_item, key)
+      expect(encrypted).to eq expected_sign
+    end
+
+    it 'should have a valid hmac' do
+      expect(validator.valid_notification_hmac?(notification_request_item, key)).to be true
+    end
+
+    it 'should have an invalid hmac' do
+      notification_request_item['additionalData'] = { 'hmacSignature' => 'invalidHMACsign' }
+
+      expect(validator.valid_notification_hmac?(notification_request_item, key)).to be false
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: adyen-ruby-api-library
 version: !ruby/object:Gem::Version
-  version: 4.0.0
+  version: 4.0.1
 platform: ruby
 authors:
 - Adyen
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-11-12 00:00:00.000000000 Z
+date: 2019-12-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -103,6 +103,7 @@ files:
 - lib/adyen-ruby-api-library.rb
 - lib/adyen/client.rb
 - lib/adyen/errors.rb
+- lib/adyen/hash_with_accessors.rb
 - lib/adyen/result.rb
 - lib/adyen/services/checkout.rb
 - lib/adyen/services/checkout_utility.rb
@@ -111,7 +112,7 @@ files:
 - lib/adyen/services/payouts.rb
 - lib/adyen/services/recurring.rb
 - lib/adyen/services/service.rb
-- lib/adyen/util.rb
+- lib/adyen/utils/hmac_validator.rb
 - lib/adyen/version.rb
 - spec/account_spec.rb
 - spec/checkout_spec.rb
@@ -119,6 +120,7 @@ files:
 - spec/client_spec.rb
 - spec/errors_spec.rb
 - spec/fund_spec.rb
+- spec/hash_with_accessors_spec.rb
 - spec/mocks/requests/Account/close_account.json
 - spec/mocks/requests/Account/close_account_holder.json
 - spec/mocks/requests/Account/create_account.json
@@ -221,7 +223,9 @@ files:
 - spec/payments_spec.rb
 - spec/payouts_spec.rb
 - spec/recurring_spec.rb
+- spec/service_spec.rb
 - spec/spec_helper.rb
+- spec/utils/hmac_validator_spec.rb
 homepage: https://www.adyen.com
 licenses:
 - MIT

data/lib/adyen/util.rb

@@ -1,21 +0,0 @@
-# This utility method monkey-patches Ruby's Hash class to allow keys to be read
-# and updated with dot notation. Usage is entirely optional (i.e.,  hash values
-# can still be accessed via symbol and string keys).
-#
-# Credit: https://gist.github.com/winfred/2185384#file-ruby-dot-hash-access-rb
-
-class Hash
-  class NoKeyOrMethodError < NoMethodError; end
-  def method_missing(method,*args)
-    m = method.to_s
-    string_key = m.gsub(/=$/,'')
-    sym_key = string_key.to_sym
-    if self.has_key? string_key
-      m.match(/=$/) ? self.send("[#{string_key}]=", *args) : self[string_key]
-    elsif self.has_key? sym_key
-      m.match(/=$/) ? self.send("[#{sym_key}]=", *args) : self[sym_key]
-    else
-      raise NoKeyOrMethodError
-    end
-  end
-end