atmos-braintree_transparent_redirect_slice 0.1.1

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 Corey Donohoe
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README

@@ -0,0 +1,41 @@
+BraintreeTransparentRedirectSlice
+=================================
+
+A slice for the Merb framework that lets you store shit securely in Braintree's
+vault (http://dev.braintreepaymentsolutions.com/vault/transparent-redirect/).
+You get tokens for user's sensitive info and you can charge against those
+tokens.  The information is securely stored in Braintree's vault to allow you
+to charge against credit cards without having ANY sensitive information pass
+through your controller actions or logs.  It's quite cool.
+
+------------------------------------------------------------------------------
+
+Installation
+------------
+% grep braintree_transparent_redirect config/*.rb
+dependency "braintree_transparent_redirect_slice", "=1.0.7.1"
+
+------------------------------------------------------------------------------
+# example: /:controller/:action/:id
+slice(:BraintreeTransparentRedirectSlice)
+
+# example: /billing/controller/:action/:id
+add_slice(:braintree_transparent_redirect_slice, :name_prefix => nil, :path_prefix => "billing")
+
+Normally you should also run the following rake task:
+rake slices:braintree_transparent_redirect_slice:install
+------------------------------------------------------------------------------
+
+Goals
+-----
+* actually work, as in all specs passing
+* sanitize and abstract the braintree models into a gem you can use outside of merb
+* hook into merb-auth so you can associate vault items into more than just the user.
+  i.e. instance method on the session perhaps
+* support bank account info, not just credit cards
+
+Developing
+----------
+% thor merb:gem:install
+% cp config/braintree.yml-example config/braintree.yml
+% bin/rake

data/Rakefile

@@ -0,0 +1,65 @@
+require 'rubygems'
+require 'rake/gempackagetask'
+
+require 'merb-core'
+require 'merb-core/tasks/merb'
+require 'lib/braintree_transparent_redirect_slice/version'
+
+GEM_NAME = "braintree_transparent_redirect_slice"
+AUTHOR = "Corey Donohoe"
+EMAIL = "atmos@atmos.org"
+HOMEPAGE = "http://github.com/atmos/braintree_transparent_redirect_slice/"
+SUMMARY = "Merb Slice that allows you to process stuff with braintree, without storing credit cards and shit" 
+GEM_VERSION = BraintreeTransparentRedirectSlice::VERSION
+
+spec = Gem::Specification.new do |s|
+  s.rubyforge_project = 'merb'
+  s.name = GEM_NAME
+  s.version = GEM_VERSION
+  s.platform = Gem::Platform::RUBY
+  s.has_rdoc = true
+  s.extra_rdoc_files = ["README", "LICENSE", 'TODO']
+  s.summary = SUMMARY
+  s.description = s.summary
+  s.author = AUTHOR
+  s.email = EMAIL
+  s.homepage = HOMEPAGE
+  s.add_dependency 'merb-slices', '>= 1.0.7.1'
+  s.add_dependency 'libxml-ruby', '=0.9.7'
+  s.add_dependency 'dm-core', '>=0.9.8'
+  s.add_dependency 'dm-validations', '>=0.9.8'
+  s.add_dependency 'merb-auth-core'
+  s.add_dependency 'merb-auth-more'
+  s.add_dependency 'merb-haml'
+  s.add_dependency 'merb-helpers'
+  s.add_dependency 'merb-assets'
+  s.add_dependency 'merb-action-args'
+  s.require_path = 'lib'
+  s.files = %w(LICENSE README Rakefile TODO) + Dir.glob("{lib,spec,app,public,stubs}/**/*")
+end
+
+Rake::GemPackageTask.new(spec) do |pkg|
+  pkg.gem_spec = spec
+end
+
+desc "Install the gem"
+task :install do
+  Merb::RakeHelper.install(GEM_NAME, :version => GEM_VERSION)
+end
+
+desc "Uninstall the gem"
+task :uninstall do
+  Merb::RakeHelper.uninstall(GEM_NAME, :version => GEM_VERSION)
+end
+
+desc "Create a gemspec file"
+task :gemspec do
+  File.open("#{GEM_NAME}.gemspec", "w") do |file|
+    file.puts spec.to_ruby
+  end
+end
+
+require 'spec/rake/spectask'
+require 'merb-core/test/tasks/spectasks'
+desc 'Default: run spec examples'
+task :default => 'spec'

data/TODO

@@ -0,0 +1,15 @@
+TODO:
+
+- Fix BraintreeTransparentRedirectSlice.description and BraintreeTransparentRedirectSlice.version
+- Fix LICENSE with your name
+- Fix Rakefile with your name and contact info
+- Add your code to lib/braintree_transparent_redirect_slice.rb
+- Add your Merb rake tasks to lib/braintree_transparent_redirect_slice/merbtasks.rb
+
+Remove anything that you don't need:
+
+- app/controllers/main.rb BraintreeTransparentRedirectSlice::Main controller
+- app/views/layout/braintree_transparent_redirect_slice.html.erb
+- spec/controllers/main_spec.rb controller specs
+- public/* any public files
+- stubs/* any stub files

data/app/controllers/application.rb

@@ -0,0 +1,5 @@
+class BraintreeTransparentRedirectSlice::Application < Merb::Controller
+  before :ensure_authenticated
+  include Merb::BraintreeTransparentRedirectSlice::CreditCardsHelper 
+  controller_for_slice
+end

data/app/controllers/credit_cards.rb

@@ -0,0 +1,54 @@
+class BraintreeTransparentRedirectSlice::CreditCards < BraintreeTransparentRedirectSlice::Application
+  def index
+    render
+  end
+
+  def new
+    @credit_card = CreditCard.new
+    @credit_card_info = @credit_card.info
+
+    unless message[:transaction_id].nil?
+      @credit_card_info = Braintree::TransactionInfo.new(message[:transaction_id])
+    end
+
+    @gateway_request = Braintree::GatewayRequest.new(:orderid => Digest::SHA1.hexdigest(Time.now.to_s))
+    render
+  end
+
+  def new_response
+    @gateway_response = Braintree::GatewayResponse.validate(params)
+    if error = @gateway_response.error
+      redirect(slice_url(:new_credit_card), :message => {:notice => error, :transaction_id => params[:transactionid]})
+    else
+      session.user.credit_cards.create(:token => @gateway_response.customer_vault_id)
+      redirect(slice_url(:credit_cards), :message => {:notice => 'Successfully stored your card info securely.'})
+    end
+  end
+
+  def edit(id)
+    fetch_credit_card(id)
+    @credit_card_info = @credit_card.info
+    @gateway_request = Braintree::GatewayRequest.new
+    render
+  end
+
+  def edit_response(id)
+    @gateway_response = Braintree::GatewayResponse.validate(params)
+    if error = @gateway_response.error
+      redirect(slice_url(:edit_credit_card, id), :message => {:notice => error})
+    else
+      redirect(slice_url(:credit_cards), :message => {:notice => 'Successfully updated your info in the vault.'})
+    end
+  end
+
+  def show(id)
+    fetch_credit_card(id)
+    render
+  end
+
+  def destroy(id)
+    fetch_credit_card(id)
+    @gateway_request = Braintree::GatewayRequest.new
+    render
+  end
+end

data/app/controllers/main.rb

@@ -0,0 +1,7 @@
+class BraintreeTransparentRedirectSlice::Main < BraintreeTransparentRedirectSlice::Application
+  
+  def index
+    render
+  end
+  
+end

data/app/controllers/payments.rb

@@ -0,0 +1,17 @@
+class BraintreeTransparentRedirectSlice::Payments < BraintreeTransparentRedirectSlice::Application
+  def new(credit_card_id)
+    fetch_credit_card(credit_card_id)
+
+    @gateway_request = Braintree::GatewayRequest.new(:amount => '10.00')
+    render
+  end
+
+  def new_response(credit_card_id)
+    @gateway_response = Braintree::GatewayResponse.validate(params)
+    if error = @gateway_response.error
+      redirect(slice_url(:new_credit_card_payment), :message => {:notice => error})
+    else
+      redirect(slice_url(:credit_card, credit_card_id), :message => {:notice => 'Successfully charged your Credit Card.'})
+    end
+  end
+end

data/app/helpers/application_helper.rb

@@ -0,0 +1,63 @@
+module Merb
+  module BraintreeTransparentRedirectSlice
+    module ApplicationHelper
+      # @param *segments<Array[#to_s]> Path segments to append.
+      #
+      # @return <String> 
+      #  A path relative to the public directory, with added segments.
+      def image_path(*segments)
+        public_path_for(:image, *segments)
+      end
+      
+      # @param *segments<Array[#to_s]> Path segments to append.
+      #
+      # @return <String> 
+      #  A path relative to the public directory, with added segments.
+      def javascript_path(*segments)
+        public_path_for(:javascript, *segments)
+      end
+      
+      # @param *segments<Array[#to_s]> Path segments to append.
+      #
+      # @return <String> 
+      #  A path relative to the public directory, with added segments.
+      def stylesheet_path(*segments)
+        public_path_for(:stylesheet, *segments)
+      end
+      
+      # Construct a path relative to the public directory
+      # 
+      # @param <Symbol> The type of component.
+      # @param *segments<Array[#to_s]> Path segments to append.
+      #
+      # @return <String> 
+      #  A path relative to the public directory, with added segments.
+      def public_path_for(type, *segments)
+        ::BraintreeTransparentRedirectSlice.public_path_for(type, *segments)
+      end
+      
+      # Construct an app-level path.
+      # 
+      # @param <Symbol> The type of component.
+      # @param *segments<Array[#to_s]> Path segments to append.
+      #
+      # @return <String> 
+      #  A path within the host application, with added segments.
+      def app_path_for(type, *segments)
+        ::BraintreeTransparentRedirectSlice.app_path_for(type, *segments)
+      end
+      
+      # Construct a slice-level path.
+      # 
+      # @param <Symbol> The type of component.
+      # @param *segments<Array[#to_s]> Path segments to append.
+      #
+      # @return <String> 
+      #  A path within the slice source (Gem), with added segments.
+      def slice_path_for(type, *segments)
+        ::BraintreeTransparentRedirectSlice.slice_path_for(type, *segments)
+      end
+      
+    end
+  end
+end

data/app/helpers/credit_cards_helper.rb

@@ -0,0 +1,15 @@
+module Merb
+  module BraintreeTransparentRedirectSlice
+    module CreditCardsHelper
+      def fetch_credit_card(id)
+        @credit_card = CreditCard.get(id)
+        raise Merb::ControllerExceptions::NotFound if @credit_card.nil?
+        raise Merb::ControllerExceptions::Unauthorized unless @credit_card.user_id == session.user.id
+      end
+
+      def braintree_date_reformatter(str)
+        DateTime.parse(str).strftime('%Y/%m/%d %H:%M:%S')
+      end
+    end
+  end
+end # Merb

data/app/models/braintree/gateway_request.rb

@@ -0,0 +1,55 @@
+module Braintree
+  class GatewayRequest
+    attr_accessor :orderid, :amount, :key, :key_id, :time, :response_url,
+      :type, :customer_vault, :customer_vault_id
+
+    attr_reader :hash
+
+    def initialize(attributes = nil)
+      attributes.each { |k,v| self.send("#{k}=", v) } unless attributes.nil?
+      self.key, self.key_id = BraintreeTransparentRedirectSlice.config[:key], BraintreeTransparentRedirectSlice.config[:key_id]
+      self.time = self.class.formatted_time_value
+    end
+
+    def hash
+      items = if customer_vault_id.nil?
+        [orderid, amount, time, BraintreeTransparentRedirectSlice.config[:key]]
+      else
+        [orderid, amount, customer_vault_id, time, BraintreeTransparentRedirectSlice.config[:key]]
+      end
+      Digest::MD5.hexdigest(items.join('|'))
+    end
+
+    def self.formatted_time_value
+      Time.now.getutc.strftime("%Y%m%d%H%M%S")
+    end
+
+    def hash_attributes
+      { 'orderid' => orderid, 'amount' => amount, 'key_id' => key_id, 
+        'time' => time, 'hash' => hash, 'customer_vault_id' => customer_vault_id }
+    end
+
+    def post(params)
+      uri = Addressable::URI.parse(BraintreeTransparentRedirectSlice.config[:transact_api_url])
+
+      server = Net::HTTP.new(uri.host, 443)
+      server.use_ssl = true
+      server.read_timeout = 20
+      server.verify_mode = OpenSSL::SSL::VERIFY_NONE
+
+      resp = server.start do |http|
+        req = Net::HTTP::Post.new(uri.path)
+        req.set_form_data(hash_attributes.merge(params))
+        http.request(req)
+      end
+      case resp
+      when Net::HTTPRedirection
+        Addressable::URI.parse(resp.header['Location'])
+      when Net::HTTPSuccess
+        resp
+      else
+        resp.error!
+      end
+    end
+  end
+end

data/app/models/braintree/gateway_response.rb

@@ -0,0 +1,101 @@
+require 'digest/md5'
+
+module Braintree
+  class GatewayResponse
+    def self.validate(params)
+      new(params).validate
+    end
+
+    def initialize(params)
+      @time, @hash, @amount = params.values_at(:time, :hash, :amount)
+      @transaction_id, @order_id, @customer_vault_id = params.values_at(:transactionid, :orderid, :customer_vault_id)
+      @response, @response_text = params.values_at(:response, :responsetext)
+      @avs_response, @cvv_response = params.values_at(:avsresponse, :cvvresponse)
+    end
+
+    attr_reader :time, :hash, :amount, :error,
+      :transaction_id, :order_id, :customer_vault_id,
+      :response, :response_text,
+      :avs_response, :cvv_response
+#    :authcode
+#    :username
+#    :type
+#    :response_code
+#    :full_response
+
+    def validate
+      raise Merb::ControllerExceptions::Unauthorized, "Hashes did not match" unless matching_hash?
+      if approved?
+        if cvv_matches?
+          true
+        else
+          @error = cvv_response_message
+        end
+      else
+        @error = response_text
+      end
+      self
+    end
+
+    # The hash sent with the Gateway Response should equal a hash that can get
+    # generated using the key and the sent parameters.
+    def matching_hash?
+      hash == generated_hash
+    end
+
+    # Takes the values of the Gateway Response and generates a hash from them using
+    # MD5 and format listed in the documentation.
+    def generated_hash
+      items = [order_id, amount, response]
+      items += [transaction_id, avs_response, cvv_response]
+      items << customer_vault_id if customer_vault_id
+      items += [time, BraintreeTransparentRedirectSlice.config[:key]]
+      Digest::MD5.hexdigest(items.join('|'))
+    end
+
+    def approved?
+      response == "1"
+    end
+
+    # AVS_RESPONSE_CODES
+    def avs_matches?
+      avs_response.include?("Y")
+    end
+
+    # CVV_RESPONSE_CODES
+    def cvv_matches?
+      cvv_response == "M"
+    end
+
+    # A string representation of the response status given as a number.
+    def response_message
+      case response
+      when "1"
+        "Approved"
+      when "2"
+        "Declined"
+      when "3"
+        "Error"
+      else
+        raise "Unknown response: #{response.inspect}"
+      end
+    end
+
+    def cvv_response_message
+      case cvv_response
+      when "M"
+        "CVV2/CVC2 Match"
+      when "N"
+        "CVV2/CVC2 No Match"
+      when "P"
+        "Not Processed"
+      when "S"
+        "Merchant has indicated the CVV2/CVC2 is not present on card"
+      when "U"
+        "Issuer is not certified and/or has not provided Visa encryption keys"
+      else
+        #raise "Unknown CVV response: #{cvv_response.inspect}"
+      end
+    end
+  end
+end