adyen_jpiqueras 2.3.0

data/lib/adyen/rest/errors.rb

@@ -0,0 +1,33 @@
+module Adyen
+  module REST
+
+    # The main exception class for error reporting when using the REST API Client.
+    class Error < Adyen::Error
+    end
+
+    # Exception class for errors on requests
+    class RequestValidationFailed < Adyen::REST::Error
+    end
+
+    # Exception class for error responses from the Adyen API.
+    #
+    # @!attribute category
+    #    @return [String, nil]
+    # @!attribute code
+    #    @return [Integer, nil]
+    # @!attribute description
+    #    @return [String, nil]
+    class ResponseError < Adyen::REST::Error
+      attr_accessor :category, :code, :description
+
+      def initialize(response_body)
+        if match = /\A(\w+)\s(\d+)\s(.*)\z/.match(response_body)
+          @category, @code, @description = match[1], match[2].to_i, match[3]
+          super("API request error: #{description} (code: #{code}/#{category})")
+        else
+          super("API request error: #{response_body}")
+        end
+      end
+    end
+  end
+end

data/lib/adyen/rest/modify_payment.rb

@@ -0,0 +1,89 @@
+module Adyen
+  module REST
+
+    # This module implements the <b>Payment.capture</b> API to capture
+    # previously authorised payments.
+    module ModifyPayment
+      class Request < Adyen::REST::Request
+        def set_modification_amount(currency, value)
+          self['modification_amount'] = { currency: currency, value: value }
+        end
+
+        alias_method :set_amount, :set_modification_amount
+      end
+
+      class Response < Adyen::REST::Response
+        attr_reader :expected_response
+
+        def initialize(http_response, options = {})
+          super
+          @expected_response = options[:expects]
+        end
+
+        def received?
+          self[:response] == expected_response
+        end
+      end
+
+      # Constructs and issues a Payment.capture API call.
+      def capture_payment(attributes = {})
+        request = capture_payment_request(attributes)
+        execute_request(request)
+      end
+
+      def capture_payment_request(attributes = {})
+        Adyen::REST::ModifyPayment::Request.new('Payment.capture', attributes,
+          response_class: Adyen::REST::ModifyPayment::Response,
+          response_options: {
+            expects: '[capture-received]'
+          }
+        )
+      end
+
+      # Constructs and issues a Payment.cancel API call.
+      def cancel_payment(attributes = {})
+        request = cancel_payment_request(attributes)
+        execute_request(request)
+      end
+
+      def cancel_payment_request(attributes = {})
+        Adyen::REST::ModifyPayment::Request.new('Payment.cancel', attributes,
+          response_class: Adyen::REST::ModifyPayment::Response,
+          response_options: {
+            expects: '[cancel-received]'
+          }
+        )
+      end
+
+      # Constructs and issues a Payment.cancel API call.
+      def refund_payment(attributes = {})
+        request = refund_payment_request(attributes)
+        execute_request(request)
+      end
+
+      def refund_payment_request(attributes = {})
+        Adyen::REST::ModifyPayment::Request.new('Payment.refund', attributes,
+          response_class: Adyen::REST::ModifyPayment::Response,
+          response_options: {
+            expects: '[refund-received]'
+          }
+        )
+      end
+
+      # Constructs and issues a Payment.cancel API call.
+      def cancel_or_refund_payment(attributes = {})
+        request = cancel_or_refund_payment_request(attributes)
+        execute_request(request)
+      end
+
+      def cancel_or_refund_payment_request(attributes = {})
+        Adyen::REST::ModifyPayment::Request.new('Payment.cancelOrRefund', attributes,
+          response_class: Adyen::REST::ModifyPayment::Response,
+          response_options: {
+            expects: '[cancelOrRefund-received]'
+          }
+        )
+      end
+    end
+  end
+end

data/lib/adyen/rest/payout.rb

@@ -0,0 +1,89 @@
+module Adyen
+  module REST
+    # This module implements the <b>Payout</b>
+    # API calls, and includes a custom response class to make handling the response easier.
+    # https://docs.adyen.com/developers/payout-manual
+    module Payout
+      class Request < Adyen::REST::Request
+      end
+
+      class Response < Adyen::REST::Response
+
+        def success?
+          result_code == SUCCESS
+        end
+
+        def received?
+          result_code == RECEIVED
+        end
+
+        def confirmed?
+          response == CONFIRMED
+        end
+
+        def declined?
+          response == DECLINED
+        end
+
+        def result_code
+          self[:result_code]
+        end
+
+        def psp_reference
+          self[:psp_reference]
+        end
+
+        def response
+          self[:response]
+        end
+
+        SUCCESS          = 'Success'.freeze
+        RECEIVED         = '[payout-submit-received]'.freeze
+        CONFIRMED        = '[payout-confirm-received]'.freeze
+        DECLINED         = '[payout-decline-received]'.freeze
+        private_constant :SUCCESS, :RECEIVED, :CONFIRMED, :DECLINED
+      end
+
+      # Constructs and issues a Payment.capture API call.
+      def store_payout(attributes = {})
+        request = store_request('Payout.storeDetail', attributes)
+        execute_request(request)
+      end
+
+      def submit_payout(attributes = {})
+        request = store_request('Payout.submit', attributes)
+        execute_request(request)
+      end
+
+      def submit_and_store_payout(attributes = {})
+        request = store_request('Payout.storeDetailAndSubmit', attributes)
+        execute_request(request)
+      end
+
+      def confirm_payout(attributes = {})
+        request = review_request('Payout.confirm', attributes)
+        execute_request(request)
+      end
+
+      def decline_payout(attributes = {})
+        request = review_request('Payout.decline', attributes)
+        execute_request(request)
+      end
+
+      private
+      # Require you to use a client initialize with payout_store
+      def store_request(action, attributes)
+        Adyen::REST::Payout::Request.new(action, attributes,
+          response_class: Adyen::REST::Payout::Response
+        )
+      end
+
+      # Require you to use a client initialize with payout review
+      def review_request(action, attributes)
+        Adyen::REST::Payout::Request.new(action, attributes,
+          response_class: Adyen::REST::Payout::Response
+        )
+      end
+    end
+  end
+end

data/lib/adyen/rest/request.rb

@@ -0,0 +1,104 @@
+require 'adyen/util'
+require 'adyen/rest/errors'
+require 'adyen/rest/response'
+
+module Adyen
+  module REST
+
+    # The request object models an API request to be sent to Adyen's webservice.
+    #
+    # Some API calls may use a subclass to model their request.
+    #
+    # @!attribute prefix [r]
+    #   The prefix to use for every request attribute (except action)
+    #   @return [String]
+    # @!attribute form_data [r]
+    #   The attributes to include in the API request as form data.
+    #   @return [Hash<String, String>] A dictionary of key value pairs
+    # @!required_attributes [r]
+    #   The list of required attributes that should show up in the request.
+    #   {#validate!} will fail if any of these attributes is missing or empty.
+    #   @return [Array<String>]
+    # @!attribute response_class [rw]
+    #   The response class to use to wrap the HTTP response to this request.
+    #   @return [Class]
+    # @!attribute response_options [rw]
+    #   The options to send to the response class initializer.
+    #   @return [Hash]
+    #
+    # @see Adyen::REST::Client
+    # @see Adyen::REST::Response
+    class Request
+      attr_reader :prefix, :form_data, :required_attributes, :path
+      attr_accessor :response_class, :response_options
+
+      def initialize(action, attributes, options = {})
+        @form_data = generate_form_data(attributes)
+        @path = generate_path(action)
+
+        @response_class   = options[:response_class]   || Adyen::REST::Response
+        @response_options = options[:response_options] || {}
+
+        @required_attributes = []
+      end
+
+      # Returns the request's action
+      # @return [String]
+      def action
+        form_data['action']
+      end
+
+      # Retrieves an attribute from the request
+      def [](attribute)
+        form_data[canonical_name(attribute)]
+      end
+
+      # Sets an attribute on the request
+      def []=(attribute, value)
+        form_data.merge!(Adyen::Util.flatten(attribute => value))
+        value
+      end
+
+      def merchant_account=(value)
+        self[:merchantAccount] = value
+      end
+
+      # Runs validations on the request before it is sent.
+      # @return [void]
+      # @raises [Adyen::REST::RequestValidationFailed]
+      def validate!
+        required_attributes.each do |attribute|
+          if form_data[attribute].nil? || form_data[attribute].empty?
+            raise Adyen::REST::RequestValidationFailed, "#{attribute} is empty, but required!"
+          end
+        end
+      end
+
+      # Builds a Adyen::REST::Response instnace for a given Net::HTTP response.
+      # @param http_response [Net::HTTPResponse] The HTTP response return for this request.
+      # @return [Adyen::REST::Response] An instance of {Adyen::REST::Response}, or a subclass.
+      def build_response(http_response)
+        response_class.new(http_response, response_options)
+      end
+
+      protected
+
+      def canonical_name(name)
+        Adyen::Util.camelize(name)
+      end
+
+      # @return [Hash<String, String>] A dictionary of API request attributes that
+      def generate_form_data(attributes)
+        Adyen::Util.flatten(attributes)
+      end
+
+      def generate_path(action)
+        PATH % action.split('.')
+      end
+
+      # @see Adyen::REST::Request#set_path
+      PATH = '/pal/servlet/%s/v12/%s'
+      private_constant :PATH
+    end
+  end
+end

data/lib/adyen/rest/response.rb

@@ -0,0 +1,80 @@
+require 'adyen/util'
+
+module Adyen
+  module REST
+
+    # The Response class models the HTTP response that is the result of a
+    # API call to Adyen's REST webservice.
+    #
+    # Some API calls may respond with an instance of a subclass, to make
+    # dealing with the response easier.
+    #
+    # @!attribute http_response [r]
+    #   The underlying net/http response.
+    #   @return [Net::HTTPResponse]
+    # @!attribute prefix [r]
+    #   The prefix to use when reading attributes from the response
+    #   @return [String]
+    #
+    # @see Adyen::REST::Client
+    # @see Adyen::REST::Request
+    class Response
+      attr_reader :http_response, :prefix, :attributes
+
+      def initialize(http_response, options = {})
+        @http_response = http_response
+        @prefix = options.key?(:prefix) ? options[:prefix].to_s : nil
+        @attributes = parse_response_attributes
+      end
+
+      # Looks up an attribute in the response.
+      # @return [String, nil] The value of the attribute if it was included in the response.
+      def [](name)
+        attributes[canonical_name(name)]
+      end
+
+      def has_attribute?(name)
+        attributes.has_key?(canonical_name(name))
+      end
+
+      def psp_reference
+        Integer(self[:psp_reference])
+      end
+
+      protected
+
+      def map_response_list(response_prefix, mapped_attributes)
+        list  = []
+        index = 0
+
+        loop do
+          response = {}
+          mapped_attributes.each do |key, value|
+            new_value = attributes["#{response_prefix}.#{index.to_s}.#{value}"]
+            response[key] = new_value unless new_value.empty?
+          end
+
+          index += 1
+          break unless response.any?
+          list << response
+        end
+
+        list
+      end
+
+      def canonical_name(name)
+        Adyen::Util.camelize(apply_prefix(name))
+      end
+
+      def apply_prefix(name)
+        prefix ? name.to_s.sub(/\A(?!#{Regexp.quote(prefix)}\.)/, "#{prefix}.") : name.to_s
+      end
+
+      def parse_response_attributes
+        attributes = CGI.parse(http_response.body)
+        attributes.each { |key, values| attributes[key] = values.first }
+        attributes
+      end
+    end
+  end
+end

data/lib/adyen/rest/signature.rb

@@ -0,0 +1,27 @@
+require 'adyen/signature'
+
+module Adyen
+  module REST
+    # The Signature module can sign and verify HMAC SHA-256 signatures for API
+    module Signature
+      extend self
+
+      # Sign the parameters with the given shared secret
+      # @param [Hash] params The set of parameters to sign. Should sent `sharedSecret` to sign.
+      # @return [String] signature from parameters
+      def sign(params)
+        Adyen::Signature.sign(params, :rest)
+      end
+
+      # Verify the parameters with the given shared secret
+      # @param [Hash] params The set of parameters to verify.
+      # Should include `sharedSecret` param to sign and the `hmacSignature` param to compare with the signature calculated
+      # @return [Boolean] true if the `hmacSignature` in the params matches our calculated signature
+      def verify(params)
+        their_sig = params.delete('hmacSignature')
+        raise ArgumentError, "params must include 'hmacSignature' for verification" if their_sig.empty?
+        Adyen::Signature.verify(params, their_sig, :rest)
+      end
+    end
+  end
+end

data/lib/adyen/signature.rb

@@ -0,0 +1,76 @@
+require 'openssl'
+require 'base64'
+
+module Adyen
+  # The Signature module generic to sign and verify HMAC SHA-256 signatures
+  module Signature
+    extend self
+
+    # Sign the parameters with the given shared secret
+    # @param [Hash] params The set of parameters to verify. Must include a `shared_secret` param for signing/verification
+    #
+    # @param [String] type The type to sign (:hpp or :rest). Default is :hpp
+    # @return [String] The signature
+    def sign(params, type = :hpp)
+      shared_secret = params.delete('sharedSecret')
+      raise ArgumentError, "Cannot sign parameters without a shared secret" unless shared_secret
+      sig = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), Array(shared_secret).pack("H*"), string_to_sign(params, type))
+      Base64.encode64(sig).strip
+    end
+
+    # Compare a signature calculated with anoter HMAC Signature
+    # @param [Hash] params The set of parameters to verify. Must include a `shared_secret`
+    #   param for signing/verification
+    # @param [String] hmacSignature will be compared to the signature calculated.
+    # @return [Boolean] true if the `hmacSignature` matches our calculated signature
+    def verify(params, hmacSignature, type = :hpp)
+      raise ArgumentError,"hmacSignature cannot be empty for verification" if hmacSignature.empty?
+      our_sig = sign(params, type)
+      secure_compare(hmacSignature, our_sig)
+    end
+
+    private
+
+    def string_to_sign(params, type)
+      string = ''
+      if type == :hpp
+        string = sorted_keys(params) + sorted_values(params)
+      elsif type == :rest
+        keys = %w(pspReference originalReference merchantAccountCode merchantReference value currency eventCode success)
+        string = sorted_values(params, keys)
+      else
+        raise NotImplementedError, 'Type sign not implemented'
+      end
+
+      string.map{ |el| escape_value(el) }.join(':')
+    end
+
+    def sorted_keys(hash, keys_to_sort = nil)
+      hash.sort.map{ |el| el[0] }
+    end
+
+    def sorted_values(hash, keys_to_sort = nil)
+      if keys_to_sort.is_a? Array
+        keys_to_sort.map { |key| hash[key] }
+      else
+        hash.sort.map{ |el| el[1] }
+      end
+    end
+
+    def escape_value(value)
+      value.gsub(':', '\\:').gsub('\\', '\\\\')
+    end
+
+    # Constant-time compare for two fixed-length strings
+    # Stolen from https://github.com/rails/rails/commit/c8c660002f4b0e9606de96325f20b95248b6ff2d
+    def secure_compare(a, b)
+      return false unless a.bytesize == b.bytesize
+
+      l = a.unpack "C#{a.bytesize}"
+
+      res = 0
+      b.each_byte { |byte| res |= byte ^ l.shift }
+      res == 0
+    end
+  end
+end