adyen 2.1.0 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8b0487de131168302d566b9dbe912c921ebf4b8a
-  data.tar.gz: f9913d706f1280146dfc27c5e6bbcb7f2727ea03
+  metadata.gz: 79d7e1124e75e3e161c514b3d4fe8eab7058bec4
+  data.tar.gz: 97a72df3756f9d5ab4385b17f9db517c0c67d762
 SHA512:
-  metadata.gz: 6914750599b1a3ecdabd6d7000dde4ea4c2131f85c691d4d4ad693a6ba8cdbf4b95a2f4cc7a41b54b83ae7351a1bac2b18c6d4eb7fb69f64523e7ee48686994c
-  data.tar.gz: 7401dcb3c7808508fe3da582a172150af1441a3dba9bf7744da5a91b77b78be94c0b75772ed671153258b9c5a429e5b9bdb786960619d8d7216eb5f609912bac
+  metadata.gz: 870d40ed54714492339b6945c61acf0069d4d90a82e547e8b0c0fc69075e49b2c568b0ab25504e8efdddb7a61126fe4934c776e2003340279970167ad987f46b
+  data.tar.gz: 61da208663797528ecd1c8e2beaf1fd9c3bf895dead0a13833bf27b4114880a799ece1e1fb84dc77356e937fcf01a34817506c2f665099e8f32c88d2ad882ebf

data/CHANGELOG.md

@@ -4,12 +4,24 @@ The following changes have been made to the library over the years. Pleae add an
 
 #### Unrelease changes
 
-- Add `Adyen::REST` to intereact with Adyen's webservices.
-- Add `Adyen::HPP` to integrate with Adyen's Hosted Payment Pages.
+Nothing yet!
+
+#### Version 2.2.0
+
+- Add `Adyen::HPP` to integrate with Adyen's Hosted Payment Pages. `Adyen::HPP` supports the new HMAC-256 signing mechanism. `Adyen::Form` should be considered deprecated and will be removed from a future release.
+
+#### Version 2.1.0
+
+- Create syntax sugar for signature responses
+- Various code cleanups.
+
+#### Version 2.0.0
+
+- Add `Adyen::REST` to intereact with Adyen's webservices. `Adyen::API` should be considered deprecated and will be removed from a future release.
 - Make client-side encryption a first class citizen.
 - Add integration test suite that uses a functional example app.
-- Deprecate `Adyen::API` and `Adyen::Form`.
-- DOcumentation updates and improvements.
+- Documentation updates and improvements.
+- Drop support for Ruby 1.9
 
 #### Version 1.6.0
 

data/lib/adyen.rb

@@ -3,18 +3,14 @@
 # configuration methods.
 #
 # The most important submodules are:
-# * {Adyen::Form} for generating payment form fields, generating redirect URLs
-#   to the Adyen payment system, and generating and checking of signatures.
-# * {Adyen::API} for communicating with the Adyen SOAP services for issuing
-#   (recurring) payments and recurring contract maintenance.
+# * {Adyen::HPP} for interacting with Adyen's Hosted Payment Pages.
+# * {Adyen::REST} for communicating with the Adyen REST webservices.
 require 'adyen/base'
 require 'adyen/version'
 
 require 'adyen/form'
 require 'adyen/api'
 require 'adyen/rest'
-
-# TODO: Move into main hpp file once it exists
-require 'adyen/hpp/signature'
+require 'adyen/hpp'
 
 require 'adyen/railtie' if defined?(::Rails) && ::Rails::VERSION::MAJOR >= 3

data/lib/adyen/configuration.rb

@@ -86,14 +86,19 @@ class Adyen::Configuration
   # @return [String]
   attr_accessor :cse_public_key
 
-  # Default arguments that will be used for in every HTML form.
+  # Default arguments that will be used in every HTML form.
   #
   # @example
-  #   Adyen.configuration.default_form_params[:shared_secret] = 'secret'
+  #   Adyen.configuration.default_form_params[:merchant_account] = 'SuperShop'
   #
   # @return [Hash]
   attr_accessor :default_form_params
 
+  # Name of the default skin for HPP requests.
+  #
+  # @return [String]
+  attr_accessor :default_skin
+
   # Username that's set in Notification settings screen in Adyen PSP system and used by notification service to
   # authenticate instant payment notification requests.
   #
@@ -152,7 +157,7 @@ class Adyen::Configuration
     @form_skins[skin_name.to_sym]
   end
 
-  # Returns skin information by code code.
+  # Returns skin information by skin code.
   #
   # @param [String] skin_code The code of the skin.
   #

data/lib/adyen/hpp.rb

@@ -0,0 +1,27 @@
+require 'adyen/hpp/signature'
+require 'adyen/hpp/request'
+require 'adyen/hpp/response'
+
+module Adyen
+  module HPP
+
+    # The DOMAIN of the Adyen payment system that still requires the current
+    # Adyen enviroment.
+    HPP_DOMAIN = "%s.adyen.com"
+
+    # The URL of the Adyen payment system that still requires the current
+    # domain and payment flow to be filled.
+    HPP_URL = "https://%s/hpp/%s.shtml"
+
+    class Error < Adyen::Error
+    end
+
+    class ForgedResponse < Adyen::HPP::Error
+    end
+
+    class Notification
+      def initialize(request)
+      end
+    end
+  end
+end

data/lib/adyen/hpp/request.rb

@@ -0,0 +1,192 @@
+require 'adyen/hpp/signature'
+require 'cgi'
+
+module Adyen
+  module HPP
+
+    class Request
+      attr_accessor :parameters
+      attr_writer :skin, :environment, :shared_secret
+
+      # Initialize the HPP request
+      #
+      # @param [Hash] parameters The payment parameters
+      #    You must not provide the +:merchant_sig+ parameter: it will be calculated automatically.
+      # @param [Hash|String] skin A skin hash in the same format that is returned by
+      #    Adyen::Configuration.register_form_skin, or the name of a registered skin.
+      #    When not set, the default skin specified in the configuration will be used.
+      # @param [String] environment The Adyen environment to use.
+      #    When not set, the environment specified in the configuration will be used.
+      # @param [String] shared_secret The shared secret to use for signing the request.
+      #    When not set, the shared secret of the skin will be used.
+      def initialize(parameters, skin: nil, environment: nil, shared_secret: nil)
+        @parameters, @skin, @environment, @shared_secret = parameters, skin, environment, shared_secret
+        @skin = Adyen.configuration.form_skin_by_name(@skin) unless skin.nil? || skin.is_a?(Hash)
+      end
+
+      # Returns the Adyen skin to use for the request, in the same format that is
+      #   returned by Adyen::Configuration.register_form_skin
+      #
+      # @return [Hash] skin if set, configuration default otherwise
+      def skin
+        @skin || Adyen.configuration.form_skin_by_name(Adyen.configuration.default_skin) || {}
+      end
+
+      # Returns the Adyen environment the request will be directed to
+      #
+      # @return [String] environment if set, configuration default otherwise
+      def environment
+        @environment || Adyen.configuration.environment
+      end
+
+      # Returns the shared secret to use for signing the request
+      #
+      # @return [String] shared secret if set, the skin's shared secret otherwise
+      def shared_secret
+        @shared_secret || skin[:shared_secret]
+      end
+
+      # Returns the DOMAIN of the Adyen payment system, adjusted for an Adyen environment.
+      #
+      # @return [String] The domain of the Adyen payment system that can be used
+      #    for payment forms or redirects.
+      # @see Adyen::HPP::Request.redirect_url
+      def domain
+        (Adyen.configuration.payment_flow_domain || HPP_DOMAIN) % [environment.to_s]
+      end
+
+      # Returns the URL of the Adyen payment system, adjusted for an Adyen environment.
+      #
+      # @param [String] payment_flow The Adyen payment type to use. This parameter can be
+      #    left out, in which case the default payment type will be used.
+      # @return [String] The absolute URL of the Adyen payment system that can be used
+      #    for payment forms or redirects.
+      # @see Adyen::HPP::Request.domain
+      # @see Adyen::HPP::Request.redirect_url
+      # @see Adyen::HPP::Request.payment_methods_url
+      def url(payment_flow = nil)
+        payment_flow ||= Adyen.configuration.payment_flow
+        HPP_URL % [domain, payment_flow.to_s]
+      end
+
+      # Transforms the payment parameters hash to be in the correct format. It will also
+      # include the Adyen::Configuration#default_form_params hash and it will
+      # include the +:skin_code+ parameter and the default attributes of the skin
+      # Any default parameter value will be overrided if another value is provided in the request.
+      #
+      # @return [Hash] Completed and formatted payment parameters.
+      # @raise [ArgumentError] Thrown if some parameter health check fails.
+      def formatted_parameters
+        raise ArgumentError, "Cannot generate request: parameters should be a hash!" unless parameters.is_a?(Hash)
+
+        formatted_parameters = parameters
+        default_form_parameters = Adyen.configuration.default_form_params
+        unless skin.empty?
+          formatted_parameters[:skin_code] ||= skin[:skin_code]
+          default_form_parameters = default_form_parameters.merge(skin[:default_form_params] || {})
+        end
+        formatted_parameters = default_form_parameters.merge(formatted_parameters)
+
+        raise ArgumentError, "Cannot generate request: :currency code attribute not found!"         unless formatted_parameters[:currency_code]
+        raise ArgumentError, "Cannot generate request: :payment_amount code attribute not found!"   unless formatted_parameters[:payment_amount]
+        raise ArgumentError, "Cannot generate request: :merchant_account attribute not found!"      unless formatted_parameters[:merchant_account]
+        raise ArgumentError, "Cannot generate request: :skin_code attribute not found!"             unless formatted_parameters[:skin_code]
+
+        formatted_parameters[:recurring_contract] = 'RECURRING' if formatted_parameters.delete(:recurring) == true
+        formatted_parameters[:order_data]         = Adyen::Util.gzip_base64(formatted_parameters.delete(:order_data_raw)) if formatted_parameters[:order_data_raw]
+        formatted_parameters[:ship_before_date]   = Adyen::Util.format_date(formatted_parameters[:ship_before_date])
+        formatted_parameters[:session_validity]   = Adyen::Util.format_timestamp(formatted_parameters[:session_validity])
+        formatted_parameters
+      end
+
+      # Transforms and flattens payment parameters to be in the correct format which is understood and accepted by adyen
+      #
+      # @return [Hash] The payment parameters, with camelized and prefixed key, stringified values and
+      #    the +:merchant_signature+ parameter set.
+      def flat_payment_parameters
+        Adyen::HPP::Signature.sign(Adyen::Util.flatten(formatted_parameters), shared_secret)
+      end
+
+      # Returns an absolute URL to the Adyen payment system, with the payment parameters included
+      # as GET parameters in the URL. The URL also depends on the Adyen enviroment
+      #
+      # Note that Internet Explorer has a maximum length for URLs it can handle (2083 characters).
+      # Make sure that the URL is not longer than this limit if you want your site to work in IE.
+      #
+      # @example
+      #
+      #    def pay
+      #      # Generate a URL to redirect to Adyen's payment system.
+      #      payment_parameters = {
+      #        :currency_code => 'USD',
+      #        :payment_amount => 1000,
+      #        :merchant_account => 'MyMerchant',
+      #        ...
+      #      }
+      #      hpp_request = Adyen::HPP::Request.new(payment_parameters, skin: :my_skin, environment: :test)
+      #
+      #      respond_to do |format|
+      #        format.html { redirect_to(hpp_request.redirect_url) }
+      #      end
+      #    end
+      #
+      # @return [String] An absolute URL to redirect to the Adyen payment system.
+      def redirect_url
+        url + '?' + flat_payment_parameters.map { |(k, v)|
+          "#{CGI.escape(k)}=#{CGI.escape(v)}"
+        }.join('&')
+      end
+
+      # @see Adyen::HPP::Request.redirect_url
+      #
+      # Returns an absolute URL very similar to the one returned by Adyen::HPP::Request.redirect_url
+      # except that it uses the directory.shtml call which returns a list of all available
+      # payment methods
+      #
+      # @return [String] An absolute URL to redirect to the Adyen payment system.
+      def payment_methods_url
+        url(:directory) + '?' + flat_payment_parameters.map { |(k, v)|
+          "#{CGI.escape(k)}=#{CGI.escape(v)}"
+        }.join('&')
+      end
+
+      # Returns a HTML snippet of hidden INPUT tags with the provided payment parameters.
+      # The snippet can be included in a payment form that POSTs to the Adyen payment system.
+      #
+      # The payment parameters that are provided to this method will be merged with the
+      # {Adyen::Configuration#default_form_params} hash. The default parameter values will be
+      # overrided if another value is provided to this method.
+      #
+      # You do not have to provide the +:merchant_sig+ parameter: it will be calculated automatically.
+      #
+      # @example
+      #
+      #      <%
+      #        payment_parameters = {
+      #          :currency_code => 'USD',
+      #          :payment_amount => 1000,
+      #          :merchant_account => 'MyMerchant',
+      #          ...
+      #        }
+      #        hpp_request = Adyen::HPP::Request.new(payment_parameters, skin: :my_skin, environment: :test)
+      #     %>
+      #
+      #    <%= form_tag(hpp_request.url, authenticity_token: false, enforce_utf8: false) do %>
+      #      <%= hpp_request.hidden_fields %>
+      #      <%= submit_tag("Pay invoice")
+      #    <% end %>
+      #
+      # @return [String] An HTML snippet that can be included in a form that POSTs to the
+      #    Adyen payment system.
+      def hidden_fields
+
+        # Generate a hidden input tag per parameter, join them by newlines.
+        form_str = flat_payment_parameters.map { |key, value|
+          "<input type=\"hidden\" name=\"#{CGI.escapeHTML(key)}\" value=\"#{CGI.escapeHTML(value)}\" />"
+        }.join("\n")
+
+        form_str.respond_to?(:html_safe) ? form_str.html_safe : form_str
+      end
+    end
+  end
+end

data/lib/adyen/hpp/response.rb

@@ -0,0 +1,52 @@
+module Adyen
+  module HPP
+
+    class Response
+      attr_reader :params, :shared_secret
+
+      # Initialize the HPP response
+      #
+      # @param [Hash] params params A hash of HTTP GET parameters for the redirect request. This
+      #      should include the +:merchantSig+ parameter, which contains the signature.
+      # @param [String] shared_secret Optional shared secret; if not provided, the shared secret
+      #     of the skin determined by params['skinCode'] will be used
+      def initialize(params, shared_secret: nil)
+        raise ArgumentError, "params should be a Hash" unless params.is_a?(Hash)
+        raise ArgumentError, "params should contain :merchantSig" unless params.key?('merchantSig')
+
+        @params = params
+        skin = Adyen.configuration.form_skin_by_code(params['skinCode']) || {}
+        @shared_secret = shared_secret || skin[:shared_secret]
+      end
+
+      # Checks the redirect signature for this request by calculating the signature from
+      # the provided parameters, and comparing it to the signature provided in the +merchantSig+
+      # parameter.
+      #
+      # If this method returns false, the request could be a forgery and should not be handled.
+      # Therefore, you should include this check in a +before_filter+, and raise an error of the
+      # signature check fails.
+      #
+      # @example
+      #   class PaymentsController < ApplicationController
+      #     before_filter :check_signature, :only => [:return_from_adyen]
+      #
+      #     def return_from_adyen
+      #       @invoice = Invoice.find(params[:merchantReference])
+      #       @invoice.set_paid! if params[:authResult] == 'AUTHORISED'
+      #     end
+      #
+      #     private
+      #
+      #     def check_signature
+      #       raise "Forgery!" unless Adyen::HPP::Response.new(params).has_valid_signature?
+      #     end
+      #   end
+      #
+      # @return [true, false] Returns true only if the signature in the parameters is correct.
+      def has_valid_signature?
+        Adyen::HPP::Signature.verify(params, shared_secret)
+      end
+    end
+  end
+end

data/lib/adyen/hpp/signature.rb

@@ -8,10 +8,11 @@ module Adyen
 
       # Sign the parameters with the given shared secret
       # @param [Hash] params The set of parameters to sign.
-      # @param [String] shared_secret The shared secret for signing/verification. Can also be sent in the
-      #   params hash with the `sharedSecret` key.
+      # @param [String] shared_secret The shared secret for signing.
       # @return [Hash] params The params that were passed in plus a new `merchantSig` param
-      def sign(params, shared_secret = nil)
+      def sign(params, shared_secret)
+        params = params.dup
+        params.delete('merchantSig')
         params["sharedSecret"] ||= shared_secret
         params.merge('merchantSig' => Adyen::Signature.sign(params))
       end
@@ -19,10 +20,10 @@ module Adyen
       # Verify the parameters with the given shared secret
       # @param [Hash] params The set of parameters to verify. Must include a `merchantSig`
       #   param that will be compared to the signature we calculate.
-      # @param [String] shared_secret The shared secret for signing/verification. Can also be sent in the
-      #   params hash with the `sharedSecret` key.
+      # @param [String] shared_secret The shared secret for verification.
       # @return [Boolean] true if the `merchantSig` in the params matches our calculated signature
-      def verify(params, shared_secret = nil)
+      def verify(params, shared_secret)
+        params = params.dup
         params["sharedSecret"] ||= shared_secret
         their_sig = params.delete('merchantSig')
         raise ArgumentError, "params must include 'merchantSig' for verification" if their_sig.empty?

data/lib/adyen/matchers.rb

@@ -7,7 +7,7 @@ module Adyen
 
       def self.build_xpath_query(checks)
         # Start by finding the check for the Adyen form tag
-        xpath_query =  "//form[@action='#{Adyen::Form.url}']"
+        xpath_query =  "//form[@id='adyen']"
 
         # Add recurring/single check if specified
         recurring =  checks.delete(:recurring)

data/lib/adyen/signature.rb

@@ -13,7 +13,7 @@ module Adyen
     # @return [String] The signature
     def sign(params, type = :hpp)
       shared_secret = params.delete('sharedSecret')
-      raise ArgumentError, 'Cannot sign without a shared secret' if shared_secret.nil?
+      raise ArgumentError, "Cannot sign parameters without a shared secret" unless shared_secret
       sig = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), Array(shared_secret).pack("H*"), string_to_sign(params, type))
       Base64.encode64(sig).strip
     end

data/lib/adyen/version.rb

@@ -1,5 +1,5 @@
 module Adyen
   # Version constant for the Adyen plugin.
   # Set it & commit the change before running rake release.
-  VERSION = "2.1.0"
+  VERSION = "2.2.0"
 end

data/test/form_test.rb

@@ -270,7 +270,7 @@ class FormTest < Minitest::Test
 
   def test_hidden_payment_form_fields
     payment_snippet = <<-HTML
-      <form action="#{CGI.escapeHTML(Adyen::Form.url)}" method="post">
+      <form id="adyen" action="#{CGI.escapeHTML(Adyen::Form.url)}" method="post">
         #{Adyen::Form.hidden_fields(@payment_attributes)}
       </form>
     HTML
@@ -286,7 +286,7 @@ class FormTest < Minitest::Test
 
   def test_hidden_recurring_payment_form_fields
     recurring_snippet = <<-HTML
-      <form action="#{CGI.escapeHTML(Adyen::Form.url)}" method="post">
+      <form id="adyen" action="#{CGI.escapeHTML(Adyen::Form.url)}" method="post">
         #{Adyen::Form.hidden_fields(@recurring_payment_attributes)}
       </form>
     HTML

data/test/helpers/configure_adyen.rb

@@ -3,3 +3,4 @@ Adyen.configuration.api_username = 'ws@Company.VanBergen'
 Adyen.configuration.api_password = '7phtHzbfnzsp'
 Adyen.configuration.cse_public_key = '10001|AC2CEF7D1BE904AF35B76467927A7044CCFC470E725B4D5327CC143BC5245983A56A4E5B0AC969F7F706F4B4A81B184DE2ECEA229CDBB943E6F7D6AD1623604F66640D1F2FAE1E4AE80EE1E5D4486AA8F553F6CE47BF57C8EFEF745E731AE27DD7B74F8895D41DA8339CC32677E4BD35288EC2FB9A18D46E7E3DFF5C7DD6D756F2223BED29427E5899A5877F0E9D1FAA50C17F8C96BA96DFA79BD04B1116366FFEE33F1BD18B8C3694BACBF8BFC7E2045CB9FFFEFA49AAB18EF1D9E9710A16B7DC67433ABD3A4FD3661CD9F5B1967753E4DC744DD3A1F8C8BED87827EED443CBED06A0D5C86C329406BE452B9A6EB997EE43A9FA7241A74E87AC3FC898F327CD'
 Adyen.configuration.register_form_skin(:testing, 'tifSfXeX', 'testing123', :merchant_account => 'VanBergenORG')
+Adyen.configuration.default_skin = :testing

data/test/helpers/example_server.rb

@@ -12,6 +12,31 @@ class Adyen::ExampleServer < Sinatra::Base
   end
 
   get '/hpp' do
+    @payment = {
+      :currency_code => 'EUR',
+      :payment_amount => 4321,
+      :merchant_reference => params[:merchant_reference] || 'HPP test order',
+      :ship_before_date => (Date.today + 1).strftime('%F'),
+      :session_validity => (Time.now.utc + 30*60).strftime('%FT%TZ'),
+      :billing_address => {
+        :street               => 'Alexanderplatz',
+        :house_number_or_name => '0815',
+        :city                 => 'Berlin',
+        :postal_code          => '10119',
+        :state_or_province    => 'Berlin',
+        :country              => 'Germany',
+      },
+      :shopper => {
+        :telephone_number       => '123-4512-345',
+        :first_name             => 'John',
+        :last_name              => 'Doe',
+      }
+    }
+
+    erb :hpp
+  end
+
+  get '/form' do
    @payment = {
       :skin => :testing,
       :currency_code => 'EUR',
@@ -38,7 +63,7 @@ class Adyen::ExampleServer < Sinatra::Base
   end
 
   get '/hpp/result' do
-    raise "Forgery!" unless Adyen::Form.redirect_signature_check(params)
+    raise "Forgery!" unless Adyen::HPP::Response(params).has_valid_signature?
 
     case params['authResult']
     when 'AUTHORISED'

data/test/helpers/views/hpp.erb

@@ -3,10 +3,11 @@
 	<title> HPP Payment</title>
 </head>
 <body>
-	<form action="<%= Adyen::Form.url(:test) %>" method="post">
+  <% hpp_client = Adyen::HPP::Client.new(:test, :testing) %>
+	<form action="<%= hpp_client.url %>" method="post">
 		<p> Price: <strong>EUR 43.21</strong>. </p>
 		<p>
-			<%= Adyen::Form.hidden_fields(@payment) %>
+			<%= hpp_client.new_request.hidden_fields(@payment) %>
 			<input type="submit" value="Pay" />
 		</p>
 	</form>

data/test/hpp_test.rb

@@ -0,0 +1,250 @@
+require 'test_helper'
+require 'adyen/hpp'
+
+class HppTest < Minitest::Test
+  include Adyen::Matchers
+  include Adyen::Test::EachXMLBackend
+
+  def setup
+    @skin_code1 = 'abcdefgh'
+    @skin_code2 = 'ijklmnop'
+    @shared_secret_skin1 = '4468D9782DEF54FCD706C9100C71EC43932B1EBC2ACF6BA0560C05AAA7550C48'
+    @shared_secret_skin2 = '21F58626031F08A30F6BD07BB8AC12C19B56F6C99C6E1DA991A52A1C64A4C010'
+
+    Adyen.configuration.default_form_params[:merchant_account] = 'TestMerchant'
+    Adyen.configuration.register_form_skin(:skin1, @skin_code1, @shared_secret_skin1)
+    Adyen.configuration.register_form_skin(:skin2, @skin_code2, @shared_secret_skin2, merchant_account: 'OtherMerchant')
+
+    # Use autodetection for the environment unless otherwise specified
+    Adyen.configuration.environment = nil
+    Adyen.configuration.payment_flow = :select
+    Adyen.configuration.payment_flow_domain = nil
+    Adyen.configuration.default_skin = :skin1
+
+    @payment_attributes = {
+      :currency_code => 'GBP',
+      :payment_amount => 10000,
+      :merchant_reference => 'Internet Order 12345',
+      :ship_before_date => '2007-10-20',
+      :session_validity => '2007-10-11T11:00:00Z',
+      :billing_address => {
+        :street               => 'Alexanderplatz',
+        :house_number_or_name => '0815',
+        :city                 => 'Berlin',
+        :postal_code          => '10119',
+        :state_or_province    => 'Berlin',
+        :country              => 'Germany',
+      },
+      :shopper => {
+        :telephone_number       => '1234512345',
+        :first_name             => 'John',
+        :last_name              => 'Doe',
+        :social_security_number => '123-45-1234'
+      }
+    }
+
+    @recurring_payment_attributes = @payment_attributes.merge(
+      :recurring_contract => 'DEFAULT',
+      :shopper_reference  => 'grasshopper52',
+      :shopper_email      => 'gras.shopper@somewhere.org'
+    )
+  end
+
+  def test_autodetected_redirect_url
+    request = Adyen::HPP::Request.new(@payment_attributes)
+    assert_equal 'https://test.adyen.com/hpp/select.shtml', request.url
+
+    Adyen.configuration.stubs(:autodetect_environment).returns('live')
+    assert_equal 'https://live.adyen.com/hpp/select.shtml', request.url
+  end
+
+  def test_explicit_redirect_url
+    assert_equal 'https://test.adyen.com/hpp/select.shtml',
+      Adyen::HPP::Request.new(@payment_attributes, skin: :skin1, environment: :test).url
+    assert_equal 'https://live.adyen.com/hpp/select.shtml',
+      Adyen::HPP::Request.new(@payment_attributes, skin: :skin1, environment: :live).url
+    assert_equal 'https://test.adyen.com/hpp/select.shtml',
+      Adyen::HPP::Request.new(@payment_attributes, skin: :skin2, environment: :test).url
+    assert_equal 'https://live.adyen.com/hpp/select.shtml',
+      Adyen::HPP::Request.new(@payment_attributes, skin: :skin2, environment: :live).url
+    assert_equal 'https://test.adyen.com/hpp/select.shtml',
+      Adyen::HPP::Request.new(@payment_attributes, environment: :test).url
+    assert_equal 'https://live.adyen.com/hpp/select.shtml',
+      Adyen::HPP::Request.new(@payment_attributes, environment: :live).url
+  end
+
+  def test_redirect_url_for_different_payment_flows
+    request = Adyen::HPP::Request.new(@payment_attributes, environment: :test)
+
+    Adyen.configuration.payment_flow = :select
+    assert_equal 'https://test.adyen.com/hpp/select.shtml', request.url
+
+    Adyen.configuration.payment_flow = :pay
+    assert_equal 'https://test.adyen.com/hpp/pay.shtml', request.url
+
+    Adyen.configuration.payment_flow = :details
+    assert_equal 'https://test.adyen.com/hpp/details.shtml', request.url
+  end
+
+  def test_redirect_url_for_custom_domain
+    request = Adyen::HPP::Request.new(@payment_attributes, environment: :test)
+
+    Adyen.configuration.payment_flow_domain = "checkout.mydomain.com"
+    assert_equal 'https://checkout.mydomain.com/hpp/select.shtml', request.url
+  end
+
+  def test_redirect_url_generation
+    attributes = {
+      :currency_code => 'GBP', :payment_amount => 10000, :ship_before_date => Date.parse('2015-10-26'),
+      :merchant_reference => 'Internet Order 12345', :session_validity => Time.parse('2015-10-26 10:30')
+    }
+
+    request = Adyen::HPP::Request.new(attributes)
+
+    processed_attributes = {
+      'currencyCode' => 'GBP', 'paymentAmount' => '10000', 'shipBeforeDate' => '2015-10-26',
+      'merchantReference' => 'Internet Order 12345', 'sessionValidity' => '2015-10-26T10:30:00Z',
+      'merchantAccount' => 'TestMerchant', 'skinCode' => @skin_code1, 'merchantSig' => 'ewDgqa+m3rMO6MOZfQ0ugWdwsu+otvRVBVujqGfgvb8='
+    }
+
+    redirect_uri = URI(request.redirect_url)
+    assert_match %r[^#{request.url}], redirect_uri.to_s
+
+    params = CGI.parse(redirect_uri.query)
+    processed_attributes.each do |key, value|
+      assert_equal value, params[key].first
+    end
+  end
+
+  def test_redirect_url_generation_explicit_skin_code_and_shared_secret
+    attributes = {
+      :currency_code => 'GBP', :payment_amount => 10000, :ship_before_date => Date.parse('2015-10-26'),
+      :merchant_reference => 'Internet Order 12345', :session_validity => Time.parse('2015-10-26 10:30'),
+      :skin_code => @skin_code1
+    }
+
+    request = Adyen::HPP::Request.new(attributes, shared_secret: @shared_secret_skin1)
+
+    processed_attributes = {
+      'currencyCode' => 'GBP', 'paymentAmount' => '10000', 'shipBeforeDate' => '2015-10-26',
+      'merchantReference' => 'Internet Order 12345', 'sessionValidity' => '2015-10-26T10:30:00Z',
+      'merchantAccount' => 'TestMerchant', 'skinCode' => @skin_code1, 'merchantSig' => 'ewDgqa+m3rMO6MOZfQ0ugWdwsu+otvRVBVujqGfgvb8='
+    }
+
+    redirect_uri = URI(request.redirect_url)
+    assert_match %r[^#{request.url}], redirect_uri.to_s
+
+    params = CGI.parse(redirect_uri.query)
+    processed_attributes.each do |key, value|
+      assert_equal value, params[key].first
+    end
+  end
+
+  def test_redirect_url_generation_with_direct_skin_details
+    attributes = {
+      :currency_code => 'GBP', :payment_amount => 10000, :ship_before_date => Date.parse('2015-10-26'),
+      :merchant_reference => 'Internet Order 12345', :session_validity => Time.parse('2015-10-26 10:30'),
+      :merchant_account => 'OtherMerchant'
+    }
+
+    request = Adyen::HPP::Request.new(attributes, skin: :skin2)
+
+    processed_attributes = {
+      'currencyCode' => 'GBP', 'paymentAmount' => '10000', 'shipBeforeDate' => '2015-10-26',
+      'merchantReference' => 'Internet Order 12345', 'sessionValidity' => '2015-10-26T10:30:00Z',
+      'merchantAccount' => 'OtherMerchant', 'skinCode' => @skin_code2, 'merchantSig' => 'uS/tdqapxD8rQKBRzKQ9wOIiOFRmcOR3HsC8CO15Zto='
+    }
+
+    redirect_uri = URI(request.redirect_url)
+    assert_match %r[^#{request.url}], redirect_uri.to_s
+
+    params = CGI.parse(redirect_uri.query)
+    processed_attributes.each do |key, value|
+      assert_equal value, params[key].first
+    end
+  end
+
+  def test_payment_methods_url_generation
+    attributes = {
+      :currency_code => 'GBP', :payment_amount => 10000, :ship_before_date => Date.parse('2015-10-26'),
+      :merchant_reference => 'Internet Order 12345', :session_validity => Time.parse('2015-10-26 10:30')
+    }
+
+    request = Adyen::HPP::Request.new(attributes)
+
+    processed_attributes = {
+      'currencyCode' => 'GBP', 'paymentAmount' => '10000', 'shipBeforeDate' => '2015-10-26',
+      'merchantReference' => 'Internet Order 12345', 'sessionValidity' => '2015-10-26T10:30:00Z',
+      'merchantAccount' => 'TestMerchant', 'skinCode' => @skin_code1, 'merchantSig' => 'ewDgqa+m3rMO6MOZfQ0ugWdwsu+otvRVBVujqGfgvb8='
+    }
+
+    payment_methods_uri = URI(request.payment_methods_url)
+    assert_match %r[^#{request.url(:directory)}], payment_methods_uri.to_s
+
+    params = CGI.parse(payment_methods_uri.query)
+    processed_attributes.each do |key, value|
+      assert_equal value, params[key].first
+    end
+  end
+
+  def test_has_valid_signature
+    params = {
+      'authResult' => 'AUTHORISED', 'pspReference' => '1211992213193029',
+      'merchantReference' => 'Internet Order 12345', 'skinCode' => @skin_code1,
+      'merchantSig' => 'owrLGxBP/l5xej5VZn8FKS1exn0qOgk0P9kmRdBBw9Q='
+    }
+
+    correct_secret = @shared_secret_skin1
+    incorrect_secret = @shared_secret_skin2
+
+    assert Adyen::HPP::Response.new(params).has_valid_signature?
+    assert Adyen::HPP::Response.new(params, shared_secret: correct_secret).has_valid_signature?
+
+    refute Adyen::HPP::Response.new(params.merge('skinCode' => @skin_code2)).has_valid_signature?
+    refute Adyen::HPP::Response.new(params, shared_secret: incorrect_secret).has_valid_signature?
+
+    refute Adyen::HPP::Response.new(params.merge('pspReference' => 'tampered')).has_valid_signature?
+    refute Adyen::HPP::Response.new(params.merge('merchantSig' => 'tampered')).has_valid_signature?
+
+    assert_raises(ArgumentError) { Adyen::HPP::Response.new(nil).has_valid_signature? }
+    assert_raises(ArgumentError) { Adyen::HPP::Response.new({}).has_valid_signature? }
+    assert_raises(ArgumentError) { Adyen::HPP::Response.new(params.delete(:skinCode)).has_valid_signature? }
+  end
+
+  def test_hidden_payment_form_fields
+    request = Adyen::HPP::Request.new(@payment_attributes, skin: :skin1, environment: :test)
+
+    payment_snippet = <<-HTML
+      <form id="adyen" action="#{CGI.escapeHTML(request.url)}" method="post">
+        #{request.hidden_fields}
+      </form>
+    HTML
+
+    for_each_xml_backend do
+      assert_adyen_single_payment_form payment_snippet,
+        merchantAccount: 'TestMerchant',
+        currencyCode: 'GBP',
+        paymentAmount: '10000',
+        skinCode: @skin_code1
+    end
+  end
+
+  def test_hidden_recurring_payment_form_fields
+    request = Adyen::HPP::Request.new(@recurring_payment_attributes, skin: :skin2, environment: :live)
+
+    recurring_snippet = <<-HTML
+      <form id="adyen" action="#{CGI.escapeHTML(request.url)}" method="post">
+        #{request.hidden_fields}
+      </form>
+    HTML
+
+    for_each_xml_backend do
+      assert_adyen_recurring_payment_form recurring_snippet,
+        merchantAccount: 'OtherMerchant',
+        currencyCode: 'GBP',
+        paymentAmount: '10000',
+        recurringContract: 'DEFAULT',
+        skinCode: @skin_code2
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: adyen
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.2.0
 platform: ruby
 authors:
 - Willem van Bergen
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-06-15 00:00:00.000000000 Z
+date: 2016-06-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -166,6 +166,9 @@ files:
 - lib/adyen/base.rb
 - lib/adyen/configuration.rb
 - lib/adyen/form.rb
+- lib/adyen/hpp.rb
+- lib/adyen/hpp/request.rb
+- lib/adyen/hpp/response.rb
 - lib/adyen/hpp/signature.rb
 - lib/adyen/matchers.rb
 - lib/adyen/notification_generator.rb
@@ -210,6 +213,7 @@ files:
 - test/helpers/views/pay.erb
 - test/helpers/views/redirect_shopper.erb
 - test/hpp/signature_test.rb
+- test/hpp_test.rb
 - test/integration/hpp_integration_test.rb
 - test/integration/payment_using_3d_secure_integration_test.rb
 - test/integration/payment_with_client_side_encryption_integration_test.rb
@@ -279,6 +283,7 @@ test_files:
 - test/helpers/views/pay.erb
 - test/helpers/views/redirect_shopper.erb
 - test/hpp/signature_test.rb
+- test/hpp_test.rb
 - test/integration/hpp_integration_test.rb
 - test/integration/payment_using_3d_secure_integration_test.rb
 - test/integration/payment_with_client_side_encryption_integration_test.rb