adyen_jpiqueras 2.3.0

data/lib/adyen/hpp.rb

@@ -0,0 +1,27 @@
+require 'adyen/hpp/signature'
+require 'adyen/hpp/request'
+require 'adyen/hpp/response'
+
+module Adyen
+  module HPP
+
+    # The DOMAIN of the Adyen payment system that still requires the current
+    # Adyen enviroment.
+    HPP_DOMAIN = "%s.adyen.com"
+
+    # The URL of the Adyen payment system that still requires the current
+    # domain and payment flow to be filled.
+    HPP_URL = "https://%s/hpp/%s.shtml"
+
+    class Error < Adyen::Error
+    end
+
+    class ForgedResponse < Adyen::HPP::Error
+    end
+
+    class Notification
+      def initialize(request)
+      end
+    end
+  end
+end

data/lib/adyen/hpp/request.rb

@@ -0,0 +1,192 @@
+require 'adyen/hpp/signature'
+require 'cgi'
+
+module Adyen
+  module HPP
+
+    class Request
+      attr_accessor :parameters
+      attr_writer :skin, :environment, :shared_secret
+
+      # Initialize the HPP request
+      #
+      # @param [Hash] parameters The payment parameters
+      #    You must not provide the +:merchant_sig+ parameter: it will be calculated automatically.
+      # @param [Hash|String] skin A skin hash in the same format that is returned by
+      #    Adyen::Configuration.register_form_skin, or the name of a registered skin.
+      #    When not set, the default skin specified in the configuration will be used.
+      # @param [String] environment The Adyen environment to use.
+      #    When not set, the environment specified in the configuration will be used.
+      # @param [String] shared_secret The shared secret to use for signing the request.
+      #    When not set, the shared secret of the skin will be used.
+      def initialize(parameters, skin: nil, environment: nil, shared_secret: nil)
+        @parameters, @skin, @environment, @shared_secret = parameters, skin, environment, shared_secret
+        @skin = Adyen.configuration.form_skin_by_name(@skin) unless skin.nil? || skin.is_a?(Hash)
+      end
+
+      # Returns the Adyen skin to use for the request, in the same format that is
+      #   returned by Adyen::Configuration.register_form_skin
+      #
+      # @return [Hash] skin if set, configuration default otherwise
+      def skin
+        @skin || Adyen.configuration.form_skin_by_name(Adyen.configuration.default_skin) || {}
+      end
+
+      # Returns the Adyen environment the request will be directed to
+      #
+      # @return [String] environment if set, configuration default otherwise
+      def environment
+        @environment || Adyen.configuration.environment
+      end
+
+      # Returns the shared secret to use for signing the request
+      #
+      # @return [String] shared secret if set, the skin's shared secret otherwise
+      def shared_secret
+        @shared_secret || skin[:shared_secret]
+      end
+
+      # Returns the DOMAIN of the Adyen payment system, adjusted for an Adyen environment.
+      #
+      # @return [String] The domain of the Adyen payment system that can be used
+      #    for payment forms or redirects.
+      # @see Adyen::HPP::Request.redirect_url
+      def domain
+        (Adyen.configuration.payment_flow_domain || HPP_DOMAIN) % [environment.to_s]
+      end
+
+      # Returns the URL of the Adyen payment system, adjusted for an Adyen environment.
+      #
+      # @param [String] payment_flow The Adyen payment type to use. This parameter can be
+      #    left out, in which case the default payment type will be used.
+      # @return [String] The absolute URL of the Adyen payment system that can be used
+      #    for payment forms or redirects.
+      # @see Adyen::HPP::Request.domain
+      # @see Adyen::HPP::Request.redirect_url
+      # @see Adyen::HPP::Request.payment_methods_url
+      def url(payment_flow = nil)
+        payment_flow ||= Adyen.configuration.payment_flow
+        HPP_URL % [domain, payment_flow.to_s]
+      end
+
+      # Transforms the payment parameters hash to be in the correct format. It will also
+      # include the Adyen::Configuration#default_form_params hash and it will
+      # include the +:skin_code+ parameter and the default attributes of the skin
+      # Any default parameter value will be overrided if another value is provided in the request.
+      #
+      # @return [Hash] Completed and formatted payment parameters.
+      # @raise [ArgumentError] Thrown if some parameter health check fails.
+      def formatted_parameters
+        raise ArgumentError, "Cannot generate request: parameters should be a hash!" unless parameters.is_a?(Hash)
+
+        formatted_parameters = parameters
+        default_form_parameters = Adyen.configuration.default_form_params
+        unless skin.empty?
+          formatted_parameters[:skin_code] ||= skin[:skin_code]
+          default_form_parameters = default_form_parameters.merge(skin[:default_form_params] || {})
+        end
+        formatted_parameters = default_form_parameters.merge(formatted_parameters)
+
+        raise ArgumentError, "Cannot generate request: :currency code attribute not found!"         unless formatted_parameters[:currency_code]
+        raise ArgumentError, "Cannot generate request: :payment_amount code attribute not found!"   unless formatted_parameters[:payment_amount]
+        raise ArgumentError, "Cannot generate request: :merchant_account attribute not found!"      unless formatted_parameters[:merchant_account]
+        raise ArgumentError, "Cannot generate request: :skin_code attribute not found!"             unless formatted_parameters[:skin_code]
+
+        formatted_parameters[:recurring_contract] = 'RECURRING' if formatted_parameters.delete(:recurring) == true
+        formatted_parameters[:order_data]         = Adyen::Util.gzip_base64(formatted_parameters.delete(:order_data_raw)) if formatted_parameters[:order_data_raw]
+        formatted_parameters[:ship_before_date]   = Adyen::Util.format_date(formatted_parameters[:ship_before_date])
+        formatted_parameters[:session_validity]   = Adyen::Util.format_timestamp(formatted_parameters[:session_validity])
+        formatted_parameters
+      end
+
+      # Transforms and flattens payment parameters to be in the correct format which is understood and accepted by adyen
+      #
+      # @return [Hash] The payment parameters, with camelized and prefixed key, stringified values and
+      #    the +:merchant_signature+ parameter set.
+      def flat_payment_parameters
+        Adyen::HPP::Signature.sign(Adyen::Util.flatten(formatted_parameters), shared_secret)
+      end
+
+      # Returns an absolute URL to the Adyen payment system, with the payment parameters included
+      # as GET parameters in the URL. The URL also depends on the Adyen enviroment
+      #
+      # Note that Internet Explorer has a maximum length for URLs it can handle (2083 characters).
+      # Make sure that the URL is not longer than this limit if you want your site to work in IE.
+      #
+      # @example
+      #
+      #    def pay
+      #      # Generate a URL to redirect to Adyen's payment system.
+      #      payment_parameters = {
+      #        :currency_code => 'USD',
+      #        :payment_amount => 1000,
+      #        :merchant_account => 'MyMerchant',
+      #        ...
+      #      }
+      #      hpp_request = Adyen::HPP::Request.new(payment_parameters, skin: :my_skin, environment: :test)
+      #
+      #      respond_to do |format|
+      #        format.html { redirect_to(hpp_request.redirect_url) }
+      #      end
+      #    end
+      #
+      # @return [String] An absolute URL to redirect to the Adyen payment system.
+      def redirect_url
+        url + '?' + flat_payment_parameters.map { |(k, v)|
+          "#{CGI.escape(k)}=#{CGI.escape(v)}"
+        }.join('&')
+      end
+
+      # @see Adyen::HPP::Request.redirect_url
+      #
+      # Returns an absolute URL very similar to the one returned by Adyen::HPP::Request.redirect_url
+      # except that it uses the directory.shtml call which returns a list of all available
+      # payment methods
+      #
+      # @return [String] An absolute URL to redirect to the Adyen payment system.
+      def payment_methods_url
+        url(:directory) + '?' + flat_payment_parameters.map { |(k, v)|
+          "#{CGI.escape(k)}=#{CGI.escape(v)}"
+        }.join('&')
+      end
+
+      # Returns a HTML snippet of hidden INPUT tags with the provided payment parameters.
+      # The snippet can be included in a payment form that POSTs to the Adyen payment system.
+      #
+      # The payment parameters that are provided to this method will be merged with the
+      # {Adyen::Configuration#default_form_params} hash. The default parameter values will be
+      # overrided if another value is provided to this method.
+      #
+      # You do not have to provide the +:merchant_sig+ parameter: it will be calculated automatically.
+      #
+      # @example
+      #
+      #      <%
+      #        payment_parameters = {
+      #          :currency_code => 'USD',
+      #          :payment_amount => 1000,
+      #          :merchant_account => 'MyMerchant',
+      #          ...
+      #        }
+      #        hpp_request = Adyen::HPP::Request.new(payment_parameters, skin: :my_skin, environment: :test)
+      #     %>
+      #
+      #    <%= form_tag(hpp_request.url, authenticity_token: false, enforce_utf8: false) do %>
+      #      <%= hpp_request.hidden_fields %>
+      #      <%= submit_tag("Pay invoice")
+      #    <% end %>
+      #
+      # @return [String] An HTML snippet that can be included in a form that POSTs to the
+      #    Adyen payment system.
+      def hidden_fields
+
+        # Generate a hidden input tag per parameter, join them by newlines.
+        form_str = flat_payment_parameters.map { |key, value|
+          "<input type=\"hidden\" name=\"#{CGI.escapeHTML(key)}\" value=\"#{CGI.escapeHTML(value)}\" />"
+        }.join("\n")
+
+        form_str.respond_to?(:html_safe) ? form_str.html_safe : form_str
+      end
+    end
+  end
+end

data/lib/adyen/hpp/response.rb

@@ -0,0 +1,52 @@
+module Adyen
+  module HPP
+
+    class Response
+      attr_reader :params, :shared_secret
+
+      # Initialize the HPP response
+      #
+      # @param [Hash] params params A hash of HTTP GET parameters for the redirect request. This
+      #      should include the +:merchantSig+ parameter, which contains the signature.
+      # @param [String] shared_secret Optional shared secret; if not provided, the shared secret
+      #     of the skin determined by params['skinCode'] will be used
+      def initialize(params, shared_secret: nil)
+        raise ArgumentError, "params should be a Hash" unless params.is_a?(Hash)
+        raise ArgumentError, "params should contain :merchantSig" unless params.key?('merchantSig')
+
+        @params = params
+        skin = Adyen.configuration.form_skin_by_code(params['skinCode']) || {}
+        @shared_secret = shared_secret || skin[:shared_secret]
+      end
+
+      # Checks the redirect signature for this request by calculating the signature from
+      # the provided parameters, and comparing it to the signature provided in the +merchantSig+
+      # parameter.
+      #
+      # If this method returns false, the request could be a forgery and should not be handled.
+      # Therefore, you should include this check in a +before_filter+, and raise an error of the
+      # signature check fails.
+      #
+      # @example
+      #   class PaymentsController < ApplicationController
+      #     before_filter :check_signature, :only => [:return_from_adyen]
+      #
+      #     def return_from_adyen
+      #       @invoice = Invoice.find(params[:merchantReference])
+      #       @invoice.set_paid! if params[:authResult] == 'AUTHORISED'
+      #     end
+      #
+      #     private
+      #
+      #     def check_signature
+      #       raise "Forgery!" unless Adyen::HPP::Response.new(params).has_valid_signature?
+      #     end
+      #   end
+      #
+      # @return [true, false] Returns true only if the signature in the parameters is correct.
+      def has_valid_signature?
+        Adyen::HPP::Signature.verify(params, shared_secret)
+      end
+    end
+  end
+end

data/lib/adyen/hpp/signature.rb

@@ -0,0 +1,34 @@
+require 'adyen/signature'
+
+module Adyen
+  module HPP
+    # The Signature module can sign and verify HMAC SHA-256 signatures for Hosted Payment Pages
+    module Signature
+      extend self
+
+      # Sign the parameters with the given shared secret
+      # @param [Hash] params The set of parameters to sign.
+      # @param [String] shared_secret The shared secret for signing.
+      # @return [Hash] params The params that were passed in plus a new `merchantSig` param
+      def sign(params, shared_secret)
+        params = params.dup
+        params.delete('merchantSig')
+        params["sharedSecret"] ||= shared_secret
+        params.merge('merchantSig' => Adyen::Signature.sign(params))
+      end
+
+      # Verify the parameters with the given shared secret
+      # @param [Hash] params The set of parameters to verify. Must include a `merchantSig`
+      #   param that will be compared to the signature we calculate.
+      # @param [String] shared_secret The shared secret for verification.
+      # @return [Boolean] true if the `merchantSig` in the params matches our calculated signature
+      def verify(params, shared_secret)
+        params = params.dup
+        params["sharedSecret"] ||= shared_secret
+        their_sig = params.delete('merchantSig')
+        raise ArgumentError, "params must include 'merchantSig' for verification" if their_sig.empty?
+        Adyen::Signature.verify(params, their_sig)
+      end
+    end
+  end
+end

data/lib/adyen/matchers.rb

@@ -0,0 +1,92 @@
+require 'adyen/api/xml_querier'
+
+module Adyen
+  module Matchers
+
+    module XPathPaymentFormCheck
+
+      def self.build_xpath_query(checks)
+        # Start by finding the check for the Adyen form tag
+        xpath_query =  "//form[@id='adyen']"
+
+        # Add recurring/single check if specified
+        recurring =  checks.delete(:recurring)
+        unless recurring.nil?
+          if recurring
+            xpath_query << "[descendant::input[@type='hidden'][@name='recurringContract']]"
+          else
+            xpath_query << "[not(descendant::input[@type='hidden'][@name='recurringContract'])]"
+          end
+        end
+
+        # Add a check for all the other fields specified
+        checks.each do |key, value|
+          condition  = "\n  descendant::input[@type='hidden'][@name='#{Adyen::Util.camelize(key)}']"
+          condition << "[@value='#{value}']" unless value == :anything
+          xpath_query << "[#{condition}]"
+        end
+
+        return xpath_query
+      end
+
+      def self.check(subject, checks = {})
+        document = Adyen::API::XMLQuerier.html(subject)
+        result = document.xpath(build_xpath_query(checks))
+        !result.empty?
+      end
+    end
+
+    class HaveAdyenPaymentForm
+
+      def initialize(checks)
+        @checks = checks
+      end
+
+      def matches?(document)
+        Adyen::Matchers::XPathPaymentFormCheck.check(document, @checks)
+      end
+
+      def description
+        "have an adyen payment form"
+      end
+
+      def failure_message
+        "expected to find a valid Adyen form on this page"
+      end
+
+      def negative_failure_message
+        "expected not to find a valid Adyen form on this page"
+      end
+    end
+
+    def have_adyen_payment_form(checks = {})
+      default_checks = {:merchant_sig => :anything, :payment_amount => :anything, :currency_code => :anything, :skin_code => :anything }
+      HaveAdyenPaymentForm.new(default_checks.merge(checks))
+    end
+
+    def have_adyen_recurring_payment_form(checks = {})
+      recurring_checks = { :recurring => true, :shopper_email => :anything, :shopper_reference => :anything }
+      have_adyen_payment_form(recurring_checks.merge(checks))
+    end
+
+    def have_adyen_single_payment_form(checks = {})
+      recurring_checks = { :recurring => false }
+      have_adyen_payment_form(recurring_checks.merge(checks))
+    end
+
+    def assert_adyen_payment_form(subject, checks = {})
+      default_checks = {:merchant_sig => :anything, :payment_amount => :anything, :currency_code => :anything, :skin_code => :anything }
+      assert Adyen::Matchers::XPathPaymentFormCheck.check(subject, default_checks.merge(checks)), 'No Adyen payment form found'
+    end
+
+    def assert_adyen_recurring_payment_form(subject, checks = {})
+      recurring_checks = { :recurring => true, :shopper_email => :anything, :shopper_reference => :anything }
+      assert_adyen_payment_form(subject, recurring_checks.merge(checks))
+    end
+
+    def assert_adyen_single_payment_form(subject, checks = {})
+      recurring_checks = { :recurring => false }
+      assert_adyen_payment_form(subject, recurring_checks.merge(checks))
+    end
+  end
+end

data/lib/adyen/notification_generator.rb

@@ -0,0 +1,30 @@
+require 'rails/generators'
+require 'rails/generators/migration'
+
+# @private
+class Adyen::NotificationGenerator < Rails::Generators::Base
+  include Rails::Generators::Migration
+
+  def self.source_root
+    @source_root ||= File.join(File.dirname(__FILE__), 'templates')
+  end
+
+  # Implement the required interface for Rails::Generators::Migration.
+  # taken from http://github.com/rails/rails/blob/master/activerecord/lib/generators/active_record.rb
+  def self.next_migration_number(dirname)
+    if ActiveRecord::Base.timestamped_migrations
+      Time.now.utc.strftime("%Y%m%d%H%M%S")
+    else
+      "%.3d" % (current_migration_number(dirname) + 1)
+    end
+  end
+
+  # Create a migration file for the adyen_notifications table
+  def create_migration_file
+    migration_template 'notification_migration.rb', 'db/migrate/create_adyen_notifications.rb'
+  end
+  
+  def create_model_file
+    template 'notification_model.rb', 'app/models/adyen_notification.rb'
+  end
+end

data/lib/adyen/railtie.rb

@@ -0,0 +1,13 @@
+require 'rails'
+
+# @private
+class Adyen::Railtie < ::Rails::Railtie
+  
+  generators do
+    require 'adyen/notification_generator'
+  end
+  
+  config.before_configuration do
+    config.adyen = Adyen.configuration
+  end
+end