RubyGems - aliquot - Versions diffs - 0.12.0 → 0.13.0 - Mend

aliquot 0.12.0 → 0.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a327bbbe5f475b924454c120979cb3bc965c5363c2740366a9f1abea19a59707
-  data.tar.gz: 044dd4f0c2daa2d72685133fbd27408247281449276c0e36cba1141778d98176
+  metadata.gz: 4fd348440efd40e2b2f67cbff74deb5100e7e68280710af2d67f6d64343122b7
+  data.tar.gz: 121a611e53d3d4745082877e0ab50d733349cc857d61abc905945b4392f7c193
 SHA512:
-  metadata.gz: f25a55664501aa93322675512975d3471c4586112855d2d30f32b0f61fcad6240fdd3750d36e418feaa415f3a49ee752271f2d7c1dc5fe28cd6615fc5d16811b
-  data.tar.gz: e48a4d748adc053caa2e8a7770d5ef580fee0867497fa2d98dfac8cfc202a8183e3e8c900b56bac1cd121a95fadc4d8699511442263e93076d10e95ce53407af
+  metadata.gz: 647493009e7daee01e264752c5fd1bd32969c4e1e3c9c1e78ee4e4f5bd074730d39144be9c07bc8757d653bd61301bf9eb11f1bb45339e39d83d4d1a1e5d0c44
+  data.tar.gz: cdc115e4500ddebdbbdb49b427ccb057162259c1f1400f5274e6d07a9e814333b07f2ea981a3b7b5151c9cac29ef9dbab8c7c90cdd61e31b56816a1c333a8777

data/lib/aliquot/error.rb CHANGED

@@ -28,4 +28,6 @@ module Aliquot
   # When shared_secret is invalid
   class InvalidSharedSecretError < Error; end
+  class InvalidMerchantIDError < Error; end
 end

data/lib/aliquot/payment.rb CHANGED

@@ -17,7 +17,7 @@ module Aliquot
     # Parameters:
     # token_string::  Google Pay token (JSON string)
     # shared_secret:: Base64 encoded shared secret
-    # merchant_id::   Google Pay merchant ID ("merchant:<SOMETHING>")
+    # merchant_id::   Google Pay merchant ID
     # signing_keys::  Signing keys fetched from Google
     def initialize(token_string, shared_secret, merchant_id,
                    signing_keys: ENV['GOOGLE_SIGNING_KEYS'])
@@ -43,13 +43,15 @@ module Aliquot
         raise Error, "supported protocol versions are #{SUPPORTED_PROTOCOL_VERSIONS.join(', ')}"
       end
+      @recipient_id = validate_merchant_id
+      check_shared_secret
       if protocol_version == 'ECv2'
         @intermediate_key = validate_intermediate_key
         raise InvalidSignatureError, 'intermediate certificate expired' if intermediate_key_expired?
       end
-      check_shared_secret
       check_signature
       @signed_message = validate_signed_message
@@ -100,6 +102,11 @@ module Aliquot
       @intermediate_key[:keyExpiration].to_i < cur_millis
     end
+    def validate_merchant_id
+      raise InvalidMerchantIDError unless /[[:graph:]]/ =~ @merchant_id
+      "merchant:#{@merchant_id}"
+    end
     def check_shared_secret
       begin
         decoded = Base64.strict_decode64(@shared_secret)
@@ -111,7 +118,7 @@ module Aliquot
     end
     def check_signature
-      signed_string_message = ['Google', @merchant_id, protocol_version, @token[:signedMessage]].map do |str|
+      signed_string_message = ['Google', @recipient_id, protocol_version, @token[:signedMessage]].map do |str|
         [str.length].pack('V') + str
       end.join
       message_signature = Base64.strict_decode64(@token[:signature])

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aliquot
 version: !ruby/object:Gem::Version
-  version: 0.12.0
+  version: 0.13.0
 platform: ruby
 authors:
 - Clearhaus
@@ -58,14 +58,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '0.11'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '0.11'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement