RubyGems - aliquot - Versions diffs - 2.0.0 → 2.1.1 - Mend

aliquot 2.0.0 → 2.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b4b575c575e5104e23692cbf9ddf45fd40555862d306a88995d33c7c2fa2085b
-  data.tar.gz: b2be001378fea01010ae490230d8cd14c0767b6fec3155a7a4d6c24c95262c7d
+  metadata.gz: 340c8e93be8733d7b403356c5d7b85f0f1b69466e8492f6750875f7d1b4b0332
+  data.tar.gz: 27bb764e594448851ddceaaf0e65afd0a8c7916b82cf65514f077ad67d65ac56
 SHA512:
-  metadata.gz: 41e6616072916a6bf54baa76e62e8e9ccd07afc5056f7bcbf3886292d941f66c451f434924837e667592543184c91089f7032b25a1bb9daf646d9a69ef647529
-  data.tar.gz: adfe0fe58146dd4824c1677a482e948b4405973d6c18b7bcd31f516d446921f3b6266b8600148ec05b7c03ba78650c7f33de39f100e93eed8587abcee28999c2
+  metadata.gz: 70e3dfd919b5b2dde76eb7025a6627b46f2462096a7a9ce747764315c8b612104be97a38c7c4e8f7b2d5927e807adf992dc4bd7c145d5e091c6a699c5fae4830
+  data.tar.gz: 58c0275b221f378289d417131eb3e84039be05183b09e0e00cdb0b5ad8450d59c28d859ec5242544ce6eedbd0b0a933b6ad82e4e3bd0fb3ae0d62041e9e44a8d

data/lib/aliquot/validator.rb CHANGED Viewed

@@ -9,143 +9,221 @@ module Aliquot
   module Validator
     # Verified according to:
     # https://developers.google.com/pay/api/web/guides/resources/payment-data-cryptography#payment-method-token-structure
-    module Predicates
-      include Dry::Logic::Predicates
-      CUSTOM_PREDICATE_ERRORS = {
-        base64?:          'must be Base64',
-        pan?:             'must be a pan',
-        ec_public_key?:   'must be an EC public key',
-        eci?:             'must be an ECI',
-        json_string?:     'must be valid JSON',
-        integer_string?:  'must be string encoded integer',
-        month?:           'must be a month (1..12)',
-        year?:            'must be a year (2000..3000)',
-        base64_asn1?:     'must be base64 encoded asn1 value',
-        json_object?:     'must be a JSON object',
-        authMethodCryptogram3DS: 'authMethod CRYPTOGRAM_3DS requires eciIndicator',
-        authMethodCard:          'eciIndicator/cryptogram must be omitted when PAN_ONLY',
-      }.freeze
-      # Support Ruby 2.3, but use the faster #match? when available.
-      match_b = ''.respond_to?(:match?) ? ->(s, re) { s.match?(re) } : ->(s, re) { !!(s =~ re) }
-      def self.to_bool(lbd)
-        lbd.call
-        true
-      rescue
-        false
-      end
-      predicate(:base64?) do |x|
-        str?(x) &&
-          match_b.call(x, /\A[=A-Za-z0-9+\/]*\z/) && # allowable chars
-          x.length.remainder(4).zero? && # multiple of 4
-          !match_b.call(x, /=[^$=]/) && # may only end with ='s
-          !match_b.call(x, /===/) # at most 2 ='s
-      end
+    CUSTOM_ERRORS = {
+      base64?:         'must be Base64',
+      pan?:            'must be a PAN',
+      ec_public_key?:  'must be an EC public key',
+      eci?:            'must be an ECI',
+      integer_string?: 'must be string encoded integer',
+      month?:          'must be a month (1..12)',
+      year?:           'must be a year (2000..3000)',
+      base64_asn1?:    'must be base64-encoded ANS.1 value',
+      json?:           'must be valid JSON',
+      is_authMethodCryptogram3DS: 'authMethod CRYPTOGRAM_3DS requires eciIndicator',
+      is_authMethodCard:          'eciIndicator/cryptogram must be omitted when PAN_ONLY',
+    }.freeze
+    def self.base64_check(value)
+      /\A[=A-Za-z0-9+\/]*\z/.match?(value) && # allowable chars
+        value.length.remainder(4).zero? && # multiple of 4
+        !/=[^$=]/.match?(value) && # may only end with ='s
+        !/===/.match?(value) # at most 2 ='s
+    end
-      # We should figure out how strict we should be. Hopefully we can discard
-      # the above Base64? predicate and use the following simpler one:
-      #predicate(:strict_base64?) { |x| !!Base64.strict_decode64(x) rescue false }
+    Dry::Validation.register_macro(:base64?) do
+      if key?
+        unless Aliquot::Validator.base64_check(value)
+          key.failure(CUSTOM_ERRORS[:base64?])
+        end
+      end
+    end
-      predicate(:pan?) { |x| match_b.call(x, /\A[1-9][0-9]{11,18}\z/) }
+    def self.ans1_check(value)
+      OpenSSL::ASN1.decode(Base64.strict_decode64(value)) rescue false
+    end
-      predicate(:eci?) { |x| str?(x) && match_b.call(x, /\A\d{1,2}\z/) }
+    Dry::Validation.register_macro(:base64_asn1?) do
+      if key?
+        unless Aliquot::Validator.ans1_check(value)
+          key.failure(CUSTOM_ERRORS[:base64_asn1?])
+        end
+      end
+    end
-      predicate(:ec_public_key?) { |x| base64?(x) && OpenSSL::PKey::EC.new(Base64.decode64(x)).check_key rescue false }
+    Dry::Validation.register_macro(:pan?) do
+      if key?
+        unless /\A[1-9][0-9]{11,18}\z/.match?(value)
+          key.failure(CUSTOM_ERRORS[:pan?])
+        end
+      end
+    end
-      predicate(:json_string?) { |x| !!JSON.parse(x) rescue false }
+    Dry::Validation.register_macro(:ec_public_key?) do
+      if key?
+        begin
+          OpenSSL::PKey::EC.new(Base64.decode64(value)).check_key
+        rescue
+          key.failure(CUSTOM_ERRORS[:ec_public_key?])
+        end
+      end
+    end
-      predicate(:integer_string?) { |x| str?(x) && match_b.call(x, /\A\d+\z/) }
+    Dry::Validation.register_macro(:eci?) do
+      if key?
+        unless /\A\d{1,2}\z/.match?(value)
+          key.failure(CUSTOM_ERRORS[:eci?])
+        end
+      end
+    end
-      predicate(:month?) { |x| x.between?(1, 12) }
+    Dry::Validation.register_macro(:integer_string?) do
+      if key?
+        unless /\A\d+\z/.match?(value)
+          key.failure(CUSTOM_ERRORS[:integer_string?])
+        end
+      end
+    end
-      predicate(:year?) { |x| x.between?(2000, 3000) }
+    Dry::Validation.register_macro(:json?) do
+      if key?
+        json = JSON.parse(value) rescue false
+        key.failure(CUSTOM_ERRORS[:json?]) unless json
+      end
+    end
-      predicate(:base64_asn1?) { |x| OpenSSL::ASN1.decode(Base64.strict_decode64(x)) rescue false }
+    Dry::Validation.register_macro(:month?) do
+      if key?
+        unless value.between?(1, 12)
+          key.failure(CUSTOM_ERRORS[:month?])
+        end
+      end
+    end
-      predicate(:json_object?) { |x| hash?(x) }
+    Dry::Validation.register_macro(:year?) do
+      if key?
+        unless value.between?(2000, 3000)
+          key.failure(CUSTOM_ERRORS[:year?])
+        end
+      end
     end
-    # Base for DRY-Validation schemas used in Aliquot.
-    class BaseSchema < Dry::Validation::Schema::JSON
-      predicates(Predicates)
-      def self.messages
-        super.merge(en: { errors: Predicates::CUSTOM_PREDICATE_ERRORS })
+    class SignedKeyContract < Dry::Validation::Contract
+      json do
+        required(:keyExpiration).filled(:str?)
+        required(:keyValue).filled(:str?)
       end
+      rule(:keyExpiration).validate(:integer_string?)
+      rule(:keyValue).validate(:ec_public_key?)
     end
-    # Schema used for the 'intermediateSigningKey' hash included in ECv2.
-    IntermediateSigningKeySchema = Dry::Validation.Schema(BaseSchema) do
-      required(:signedKey).filled(:str?, :json_string?)
+    SignedKeySchema = SignedKeyContract.new
-      required(:signatures).filled(:array?) { each { base64? & base64_asn1? } }
+    # Schema used for the 'intermediateSigningKey' hash included in ECv2.
+    class IntermediateSigningKeyContract < Dry::Validation::Contract
+      json do
+        required(:signedKey).filled(:str?)
+        required(:signatures).array(:str?)
+      end
+      rule(:signedKey).validate(:json?)
+      rule(:signatures).each do
+        key.failure('must be Base64') unless Aliquot::Validator.base64_check(value) &&
+          Aliquot::Validator.ans1_check(value)
+      end
     end
-    SignedKeySchema = Dry::Validation.Schema(BaseSchema) do
-      required(:keyExpiration).filled(:integer_string?)
-      required(:keyValue).filled(:ec_public_key?)
-    end
+    IntermediateSigningKeySchema = IntermediateSigningKeyContract.new
     # DRY-Validation schema for Google Pay token
-    TokenSchema = Dry::Validation.Schema(BaseSchema) do
-      required(:signature).filled(:str?, :base64?, :base64_asn1?)
-      required(:protocolVersion).filled(:str?).when(eql?: 'ECv2') do
-        required(:intermediateSigningKey)
+    class TokenContract < Dry::Validation::Contract
+      json do
+        required(:signature).filled(:str?)
+        required(:signedMessage).filled(:str?)
+        required(:protocolVersion).filled(:str?)
+        optional(:intermediateSigningKey).hash(IntermediateSigningKeyContract.new.schema)
       end
+      rule(:signature).validate(:base64?, :base64_asn1?)
+      rule(:signedMessage).validate(:json?)
-      required(:signedMessage).filled(:str?, :json_string?)
-      optional(:intermediateSigningKey).value(:json_object?) { schema(IntermediateSigningKeySchema) }
+      rule(:intermediateSigningKey) do
+        key.failure('is missing') if 'ECv2'.eql?(values[:protocolVersion]) &&
+          values[:intermediateSigningKey].nil?
+      end
     end
+    TokenSchema = TokenContract.new
     # DRY-Validation schema for signedMessage component Google Pay token
-    SignedMessageSchema = Dry::Validation.Schema(BaseSchema) do
-      required(:encryptedMessage).filled(:str?, :base64?)
-      required(:ephemeralPublicKey).filled(:str?, :base64?)
-      required(:tag).filled(:str?, :base64?)
+    class SignedMessageContract < Dry::Validation::Contract
+      json do
+        required(:encryptedMessage).filled(:str?)
+        required(:ephemeralPublicKey).filled(:str?)
+        required(:tag).filled(:str?)
+      end
+      rule(:encryptedMessage).validate(:base64?)
+      rule(:ephemeralPublicKey).validate(:base64?)
+      rule(:tag).validate(:base64?)
     end
-    # DRY-Validation schema for paymentMethodDetails component Google Pay token
-    PaymentMethodDetailsSchema = Dry::Validation.Schema(BaseSchema) do
-      required(:pan).filled(:integer_string?, :pan?)
-      required(:expirationMonth).filled(:int?, :month?)
-      required(:expirationYear).filled(:int?, :year?)
-      required(:authMethod).filled(:str?, included_in?: %w[PAN_ONLY CRYPTOGRAM_3DS])
-      optional(:cryptogram).filled(:str?)
-      optional(:eciIndicator).filled(:str?, :eci?)
+    SignedMessageSchema = SignedMessageContract.new
-      rule(cryptogram: %i[authMethod cryptogram]) do |method, cryptogram|
-        method.eql?('CRYPTOGRAM_3DS') > required(:cryptogram)
+    # DRY-Validation schema for paymentMethodDetails component Google Pay token
+    class PaymentMethodDetailsContract < Dry::Validation::Contract
+      json do
+        required(:pan).filled(:str?)
+        required(:expirationMonth).filled(:int?)
+        required(:expirationYear).filled(:int?)
+        required(:authMethod).filled(:str?, included_in?: %w[PAN_ONLY CRYPTOGRAM_3DS])
+        optional(:cryptogram).filled(:str?)
+        optional(:eciIndicator).filled(:str?)
+      end
+      rule(:pan).validate(:integer_string?, :pan?)
+      rule(:expirationMonth).validate(:month?)
+      rule(:expirationYear).validate(:year?)
+      rule(:eciIndicator).validate(:eci?)
+      rule(:cryptogram) do
+        key.failure('is missing') if 'CRYPTOGRAM_3DS'.eql?(values[:authMethod]) &&
+          values[:cryptogram].nil?
       end
-      rule(eciIndicator: %i[authMethod eciIndicator]) do |method, eci|
-        method.eql?('PAN_ONLY').then(eci.none?)
+      rule(:cryptogram) do
+        key.failure('cannot be defined') if 'PAN_ONLY'.eql?(values[:authMethod]) &&
+          !values[:cryptogram].nil?
       end
-      rule(cryptogram: %i[authMethod cryptogram]) do |method, cryptogram|
-        method.eql?('PAN_ONLY').then(cryptogram.none?)
+      rule(:eciIndicator) do
+        key.failure('cannot be defined') if 'PAN_ONLY'.eql?(values[:authMethod]) &&
+          !values[:eciIndicator].nil?
       end
     end
+    PaymentMethodDetailsSchema = PaymentMethodDetailsContract.new
     # DRY-Validation schema for encryptedMessage component Google Pay token
-    EncryptedMessageSchema = Dry::Validation.Schema(BaseSchema) do
-      required(:messageExpiration).filled(:str?, :integer_string?)
-      required(:messageId).filled(:str?)
-      required(:paymentMethod).filled(:str?, eql?: 'CARD')
-      required(:paymentMethodDetails).value(:json_object?) { schema PaymentMethodDetailsSchema }
+    class EncryptedMessageContract < Dry::Validation::Contract
+      json do
+        required(:messageExpiration).filled(:str?)
+        required(:messageId).filled(:str?)
+        required(:paymentMethod).filled(:str?)
+        required(:paymentMethodDetails).filled(:hash).schema(PaymentMethodDetailsContract.schema)
+      end
+      rule(:messageExpiration).validate(:integer_string?)
+      rule(:paymentMethod) do
+        key.failure('must be equal to CARD') unless 'CARD'.eql?(value)
+      end
     end
+    EncryptedMessageSchema = EncryptedMessageContract.new
     module InstanceMethods
       attr_reader :output
       def validate
         @validation ||= @schema.call(@input)
-        @output = @validation.output
+        @output = @validation.to_h
         return true if @validation.success?
         raise Aliquot::ValidationError, "validation error(s), #{errors_formatted}"
       end
@@ -176,7 +254,9 @@ module Aliquot
     # Class for validating a Google Pay token
     class Token
       include InstanceMethods
       class Error < ::Aliquot::Error; end
       def initialize(input)
         @input = input
         @schema = TokenSchema
@@ -186,7 +266,9 @@ module Aliquot
     # Class for validating the SignedMessage component of a Google Pay token
     class SignedMessage
       include InstanceMethods
       class Error < ::Aliquot::Error; end
       def initialize(input)
         @input = input
         @schema = SignedMessageSchema
@@ -196,7 +278,9 @@ module Aliquot
     # Class for validating the encryptedMessage component of a Google Pay token
     class EncryptedMessageValidator
       include InstanceMethods
       class Error < ::Aliquot::Error; end
       def initialize(input)
         @input = input
         @schema = EncryptedMessageSchema
@@ -205,7 +289,9 @@ module Aliquot
     class SignedKeyValidator
       include InstanceMethods
       class Error < ::Aliquot::Error; end
       def initialize(input)
         @input = input
         @schema = SignedKeySchema

metadata CHANGED Viewed

@@ -1,35 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: aliquot
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.1.1
 platform: ruby
 authors:
 - Clearhaus
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-09-01 00:00:00.000000000 Z
+date: 2022-09-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dry-validation
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.11.0
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.13'
+        version: '1.8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.11.0
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.13'
+        version: '1.8'
 - !ruby/object:Gem::Dependency
   name: excon
   requirement: !ruby/object:Gem::Requirement
@@ -64,14 +58,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: 2.1.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: 2.1.1
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -86,7 +108,21 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3'
-description:
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description:
 email: hello@clearhaus.com
 executables: []
 extensions: []
@@ -100,23 +136,23 @@ homepage: https://github.com/clearhaus/aliquot
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - "~>"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.7'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
-signing_key:
+rubygems_version: 3.1.6
+signing_key:
 specification_version: 4
 summary: Validates Google Pay tokens
 test_files: []