atpay_tokens 0.0.7

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 629a0137006e92782fffe3b0012381272b1f9dbf
+  data.tar.gz: d06442cc7083d78c21d230b1494026404b63381a
+SHA512:
+  metadata.gz: 58779323c57e6b2ca635d38a69cf6748912dc890c788724e559bcb9ae2ccb8132933a44d80c795b8d8c6e466c80d837be0c56469ed190458e647e79bd99c5621
+  data.tar.gz: a187a35f082ce3f9a7a96bb656dc24f8af3345427f88f428491ab43c3735fef64dfa4b9935478622e2c4ed9051742d6a7e89004ff66c9a82358f37ca90e31f9d

data/.gitignore

@@ -0,0 +1,5 @@
+*.un~
+.bundle
+/vendor
+coverage
+Gemfile.lock

data/.travis.yml

@@ -0,0 +1,4 @@
+language: ruby
+
+before_script: "LD_LIBRARY_PATH=lib bundle exec rake ci"
+script: "LD_LIBRARY_PATH=lib bundle exec rspec spec"

data/Gemfile

@@ -0,0 +1,12 @@
+source "https://rubygems.org"
+
+gemspec
+
+gem 'rspec'
+gem 'rspec-mocks'
+gem 'rbnacl', :github => "cryptosphere/rbnacl", :ref => "907bf0c07dc058ad0efbdef47ebc431444c2f696"
+gem 'ruby-prof'
+gem 'simplecov', :require => false, :group => :test
+gem 'bundler'
+gem 'rake'
+gem 'coveralls', require: false

data/README.md

@@ -0,0 +1,105 @@
+# @Pay API Client
+
+[![Build Status](https://travis-ci.org/atpay/atpay-client.png)](https://travis-ci.org/atpay/atpay-client)
+
+
+Client interface for the @Pay API and key generation for 
+performance optimization. This library is designed for advanced
+implementation of the @Pay API, with the primary purpose
+of enhancing performance for high-traffic, heavily utilized
+platforms. 
+
+Interfaces here are implemented after receiving OAuth 2.0
+privileges for the partner/user record. You cannot authenticate
+directly to the API with this library at this moment.
+
+## Installation
+
+Add the 'atpay-client' gem to your Gemfile:
+
+```ruby
+#Gemfile
+
+gem 'atpay', :github => "atpay/atpay-client"
+```
+
+## Configuration
+
+With the `keys` scope, authenticate with OAuth, and make a request
+to the 'keys' endpoint (see the api documentation at
+https://developer.atpay.com) to receive the partner_id,
+public key and private key.
+
+Apply these values to your configuration
+
+```ruby
+session = AtPay::Session.new({
+  :environment  => :sandbox,    # Either :sandbox or :production
+  :partner_id   => 1234,        # Integer value partner id
+  :public_key   => "XXX",       # Provided public key
+  :private_key  => "YYY"        # Provided private key
+})
+```
+
+## Usage
+
+In order for an @Pay user to make a purchase via email, they'll
+need to send a specially crafted key to @Pay's address. You can
+either use the OAuth API endpoints to generate buttons and keys,
+or you can generate the keys yourself. In a high traffic 
+environment you'll want to generate keys locally. 
+
+Let's assume you have a member with an @Pay account, and you 
+would like to include a $20.00 purchase in an email to them:
+
+```ruby
+@key = session.security_key(:amount => 20.00, :email => "test@example.com")
+```
+
+Now, include the `@key` in a mailto link within the email
+addressed to transaction@payments.atpay.com. Your user will
+make the purchase by clicking the mailto and sending the 
+email. 
+
+## Expiration
+
+Keys will expire by default after two weeks. To extend or 
+shorten the expiration time of your offer, just use the 
+expires option and provide a unix timestamp representing the
+desired expiration:
+
+```ruby
+@key = session.security_key({
+  :amount   => 20.00,
+  :email    => "test@example.com",
+  :expires  => (Time.now.to_i + (3600 * 5)) # Expire in 5 hours
+})
+```
+
+## Key Groups
+
+You can generate groups of key values for a user that will automatically
+invalidate all members of the group when one key is processed. This
+is useful when sending out multiple keys via email when only one key should ever
+be processed:
+
+```ruby
+@keys = session.security_key({
+  :amount     => [20.00, 30.00, 40.00],
+  :email      => "test@example.com"
+})
+
+# returns array length == 3
+```
+
+## User Data
+
+You can pass in arbitrary data that will be returned to you upon the successful parsing of a token in @Pay's system.  There is a limit of 2500 characters on this argument.  It is expected to be a string beyond that any formatting should be returned as it was received.
+
+```ruby
+@key = session.security_key({
+  :amount    => 20.00,
+  :email     => 'email@address',
+  :user_data => "{ sku: '82', cid: '3', notes: 'expedited' } "
+})
+```

data/Rakefile

@@ -0,0 +1,13 @@
+require "rake/clean"
+require "rbnacl/rake_tasks"
+
+file "lib/libsodium.so" => :build_libsodium do
+  cp $LIBSODIUM_PATH, "lib/libsodium.so"
+end
+
+task "ci:sodium" => "lib/libsodium.so"
+
+task :ci => %w(ci:sodium spec)
+
+
+CLEAN.add "lib/libsodium.*"

data/atpay_tokens.gemspec

@@ -0,0 +1,14 @@
+Gem::Specification.new do |s|
+  s.name        = 'atpay_tokens'
+  s.version     = '0.0.7'
+  s.date        = '2013-07-25'
+  s.summary     = "@Pay Token Generator"
+  s.description = "Client interface for the @Pay API, key generation for performance optimization"
+  s.authors     = ["James Kassemi", "Glen Holcomb"]
+  s.email       = 'james@atpay.com'
+  s.files       = `git ls-files`.split($/)
+  s.test_files  = s.files.grep(%r{^(test|spec|features)/})
+  s.homepage    = "https://atpay.com"
+  s.add_dependency "rbnacl"
+  s.add_runtime_dependency 'ffi'
+end

data/bin/atpay-client.rb

@@ -0,0 +1,216 @@
+$LOAD_PATH.unshift File.expand_path('../../lib', __FILE__)
+
+require 'atpay'
+require 'yaml'
+
+
+class Arguments
+  attr_reader :values
+
+  def initialize
+    @values = YAML.load_file(File.expand_path('../../config/credentials.yml', __FILE__))
+  end
+end
+
+module Usage
+  USAGE = <<-EOS
+
+    The @Pay Client will generate @Pay Tokens for you.  You can use this tool to generate both email
+    and site tokens.  There are quite a few arguments but only a handfull are required:
+
+
+    Examples:
+      ruby atpay-client.rb email_token targets bob@bob.com amount 8.0 expires 1454673223
+      ruby atpay-client.rb email_token targets bob@bob.com group "8.0 9.5 23.28"
+      ruby atpay-client.rb email_token cards OGQ3OWE0OWNhMFFTL4mMpQA= amount 12.0
+      ruby atpay-client.rb email_token cards OGQ3OWE0OWNhMFFTL4mMpQA= targets bob@bob.com amount 12.0
+
+      ruby atpay-client.rb site_token cards OGQ3OWE0OWNhMFFTL4mMpQA= amount 5.0 user_agent "curl/7.9.8" lang "en-US,en;q=0.8" charset "utf8" addr 173.163.242.213
+
+
+    Required:
+      site_token|email_token    You must specify the type of token you wish to generate
+      cards|targets             You must at least specify a card or email address.  For a site token
+                                you must provide a card.  If you are building multiple tokens ensure
+                                that you provide a card token for each email and that the order is
+                                correct.
+      amount|group              You also need to specify either a single amount or a group of amounts.
+
+
+    Required (for site token):
+      user_agent                The HTTP_USER_AGENT from the client's request header.
+      lang                      The HTTP_ACCEPT_LANGUAGE from the client's request header.
+      charset                   The HTTP_ACCEPT_CHARSET from the client's request header.
+      addr                      The IP address corresponding to the requesting source (The user's IP)
+
+
+    Optional:
+      expires                   This is the expiration date.  This should be an integer value of
+                                seconds since epoch.
+
+  EOS
+end
+
+
+class ClientRunner
+  OPTIONS = %w(expires group amount)
+  HEADERS = %w(HTTP_USER_AGENT HTTP_ACCEPT_LANGUAGE HTTP_ACCEPT_CHARSET)
+  EMAIL = /[\w\d\.]+@[\w\.]+[\w]+/
+  CARD = /.*=$/
+
+  def initialize(args)
+    @config = Arguments.new
+    @session = AtPay::Session.new(@config.values)
+    @options = {}
+    @site_params = [{}]
+    @targets = []
+
+    parse args
+  end
+
+  # Parse our arguments for all of our values
+  def parse(args)
+    OPTIONS.each do |option|
+      @options[option.to_sym] = args[args.index(option) + 1] unless args.grep(option).empty?
+    end
+
+    site_params args if ARGV[0] == 'site_token'
+    convert_amounts
+    convert_expiration
+    get_emails args
+    get_cards args
+
+    unless @options[:card] or @options[:email]
+      puts USAGE and exit
+    end
+  end
+
+  # Build our list of email addresses to generate tokens for
+  def get_emails(args)
+    return unless args.index('targets')
+
+    args[args.index('targets') + 1].split(' ')[0].match(EMAIL) ? @options[:email] = args[(args.index('targets') + 1)].split(' ') : @options[:email] = File.read(args[args.index('targets') + 1]).split("\n")
+  end
+
+  # Grab all the card tokens
+  def get_cards(args)
+    return unless args.index('cards')
+
+    args[args.index('cards') + 1].split(' ')[0].match(CARD) ? @options[:card] = args[(args.index('cards') + 1)].split(' ') : @options[:card] = File.read(args[args.index('cards') + 1]).split("\n")
+  end
+
+  # Need expiration as an integer
+  def convert_expiration
+    @options[:expires] = @options[:expires].to_i if @options[:expires]
+  end
+
+  # Convert any amounts to floats.
+  def convert_amounts
+    @options[:amount] = @options[:amount].to_f if @options[:amount]
+    @options[:amount] = @options[:group].split(' ').map(&:to_f) if @options[:group]
+
+    @options.delete :group
+  end
+
+  # Check our input for site params.
+  def site_params(args)
+    if args.grep('addr').empty?
+      puts "You must provide an IP Address for a site token.\n" + USAGE
+      exit
+    end
+
+    @site_params[1] = args[args.index('addr') + 1]
+
+    headers(args)
+  end
+
+  def headers(args)
+    if args.grep('user_agent').empty? or args.grep('charset').empty? or args.grep('lang').empty?
+      puts "You must provide a user_agent, charset, and lang for a site token.\n" + USAGE
+      exit
+    end
+
+    @site_params[0][HEADERS[0]] = args[args.index('user_agent') + 1]
+    @site_params[0][HEADERS[1]] = args[args.index('lang') + 1]
+    @site_params[0][HEADERS[2]] = args[args.index('charset') + 1]
+  end
+
+  # Generate multiple site tokens
+  def site_tokens
+    options = @options.clone
+
+    @options[:card].each_with_index do |card, index|
+      options[:card] = card
+      options[:email] = @options[:email][index] if @options[:email]
+
+      site_token options
+    end
+  end
+
+  # Generate a site token
+  def site_token(options = @options)
+    if options[:card].is_a? Array
+      site_tokens
+      return
+    end
+
+    keys = security_key(options)
+
+    if keys.is_a? Array
+      puts keys.map { |key| key.site_token @site_params[1], @site_params[0] }
+    else
+      puts keys.site_token @site_params[1], @site_params[0]
+    end
+  end
+
+  # Generate multiple email tokens
+  def email_tokens
+    options = @options.clone
+
+    @options[:email].each_with_index do |email, index|
+      options[:email] = email
+      options[:card] = @options[:card][index] if @options[:card]
+
+      email_token options
+    end
+  end
+
+  # Generate an email token
+  def email_token(options = @options)
+    if options[:email].is_a? Array
+      email_tokens
+      return
+    end
+
+    keys = security_key(options)
+
+    if keys.is_a? Array
+      puts keys.map { |key| key.email_token }
+    else
+      puts keys.email_token
+    end
+  end
+
+  # Get a security key object we can ask to generate keys for us.
+  def security_key(options = @options)
+    @session.security_key(options)
+  end
+end
+
+
+operation = ARGV[0]
+arguments = ARGV[1..-1]
+
+unless operation
+  puts Usage::USAGE
+  exit
+end
+
+unless arguments.length > 0 and arguments.length % 2 == 0
+  puts Usage::USAGE
+  exit
+end
+
+runner = ClientRunner.new arguments
+
+runner.send operation

data/config/credentials.yml

@@ -0,0 +1,4 @@
+:environment: :sandbox
+:partner_id: 0
+:public_key: azkHt3L37euW7HpajtPTix9K6Dqgb0OEjzo3NlvaMBY=
+:private_key: 7hKlBre4DrnU6NlU86VmyY3FOWQ4I/ZtGlH4XzzT6cg=

data/lib/atpay/config.rb

@@ -0,0 +1,55 @@
+require 'base64'
+
+module AtPay
+  class Config
+    class << self 
+      def base64_decoding_attr_accessor(*names)
+        names.each do |name|
+          attr_reader name
+
+          define_method "#{name}=" do |v|
+            instance_variable_set("@#{name}", Base64.decode64(v))
+          end
+        end
+      end
+    end
+
+    attr_reader :partner_id
+
+    base64_decoding_attr_accessor :private_key, 
+      :public_key,
+      :atpay_private_key,
+      :atpay_public_key
+
+    def initialize(options)
+      options.each do |k,v|
+        self.send("#{k.to_s}=", v)
+      end
+
+      unless options[:environment] or (atpay_private_key and atpay_public_key)
+        self.environment = :sandbox
+      end
+    end
+
+    def partner_id=(v)
+      @partner_id = v
+    end
+
+    def environment=(v)
+      @environment = v
+
+      raise ValueError unless [:production, :sandbox, :development, :test].include? v
+
+      @atpay_public_key = Base64.decode64({
+        production: "QZuSjGhUz2DKEvjule1uRuW+N6vCOoMuR2PgCl57vB0=",
+        sandbox: "x3iJge6NCMx9cYqxoJHmFgUryVyXqCwapGapFURYh18=",
+        development: "x3iJge6NCMx9cYqxoJHmFgUryVyXqCwapGapFURYh18=",
+        test: '8LkeQ7BDO8+e+WRFLWV6Ac4Aq8Ev0odtWOiR1adDYyI='
+      }[v])
+
+      if @environment == :test
+        @atpay_private_key ||= Base64.decode64('bSyQWtGrWsYfJSZisrZ5eKHKcjtZQv1RO299tJ9bqIg=')
+      end
+    end
+  end
+end

data/lib/atpay/security_key.rb

@@ -0,0 +1,108 @@
+require 'rbnacl'
+require 'base64'
+require 'securerandom'
+
+module AtPay
+  class SecurityKey
+    def initialize(session, options)
+      raise ArgumentError.new("User Data can't exceed 2500 characters.") if options[:user_data] and options[:user_data].length > 2500
+      raise ArgumentError.new("email") unless options[:email].nil? or options[:email] =~ /.+@.+/
+      raise ArgumentError.new("amount") unless options[:amount].is_a? Float
+      raise ArgumentError.new("card or email or member required") if options[:email].nil? and options[:card].nil? and options[:member].nil?
+
+      @session = session
+      @options = options
+    end
+
+    def email_token
+      "@#{version}#{Base64.strict_encode64([nonce, partner_frame, body_frame].join)}"
+    ensure
+      @nonce = nil
+    end
+
+    def site_token(remote_addr, headers)
+      raise ArgumentError.new("card or member required for site tokens") if @options[:card].nil? and @options[:member].nil?
+      "@#{version}#{Base64.strict_encode64([nonce, partner_frame, site_frame(remote_addr, headers), body_frame].join)}"
+    ensure
+      @nonce = nil
+    end
+
+    def to_s
+      email_token
+    end
+
+
+    private
+    def version
+      @options[:version] ? (Base64.strict_encode64([@options[:version]].pack("Q>")) + '-') : nil
+    end
+
+    def partner_frame
+      [@session.config.partner_id].pack("Q>")
+    end
+
+    def site_frame(remote_addr, headers)
+      message = boxer.box(nonce, Digest::SHA1.hexdigest([
+        headers["HTTP_USER_AGENT"],
+        headers["HTTP_ACCEPT_LANGUAGE"],
+        headers["HTTP_ACCEPT_CHARSET"],
+        remote_addr
+      ].join))
+
+      [[message.length].pack("l>"), message, 
+        [remote_addr.length].pack("l>"), remote_addr].join
+    end
+
+    def body_frame
+      boxer.box(nonce, crypted_frame)
+    end
+
+    def crypted_frame
+      if user_data = user_data_frame
+        [target, options_group, '/', options_frame, '/', user_data].flatten.compact.join
+      else
+        [target, options_group, "/", options_frame].flatten.compact.join
+      end
+    end
+
+    def options_frame
+      [@options[:amount], expires].pack("g l>")
+    end
+
+    def user_data_frame
+      @options[:user_data].to_s if @options[:user_data]
+    end
+
+    def options_group
+      ":#{@options[:group]}" if @options[:group]
+    end
+
+    def target
+      card_format || member_format || email_format
+    end
+
+    def card_format
+      "card<#{@options[:card]}>" if @options[:card]
+    end
+
+    def member_format
+      "member<#{@options[:member]}>" if @options[:member]
+    end
+
+    def email_format
+      "email<#{@options[:email]}>" if @options[:email]
+    end
+
+    def expires
+      @options[:expires] || (Time.now.to_i + 3600 * 24 * 7)
+    end
+
+    def boxer
+      @session.boxer
+    end
+
+    def nonce
+      @nonce ||= SecureRandom.random_bytes(24)
+    end
+  end
+end

data/lib/atpay/session.rb

@@ -0,0 +1,38 @@
+require 'atpay/config'
+require 'atpay/security_key'
+
+module AtPay
+  class Session
+    attr_accessor :config
+
+    def initialize(options)
+      @config = Config.new(options)
+    end
+
+    def security_keys(options)
+      options = options.clone
+      
+      options[:group] ||= "#{SecureRandom.uuid.gsub("-", "")}-#{Time.now.to_i}"
+
+      keys = []
+
+      options[:amount].each do |amount|
+        keys << security_key(options.update(:amount => amount))
+      end
+
+      keys
+    end
+
+    def security_key(options)
+      if options[:amount].is_a? Array
+        security_keys(options)
+      else
+        SecurityKey.new(self, options.update(:amount => options[:amount]))
+      end
+    end
+
+    def boxer
+      @boxer ||= Crypto::Box.new(config.atpay_public_key, config.private_key)
+    end
+  end
+end

data/lib/atpay/tokenator.rb

@@ -0,0 +1,186 @@
+module AtPay
+  class Tokenator
+    attr_reader :token, 
+      :payload,
+      :partner_id, 
+      :source, 
+      :amount, 
+      :expires, 
+      :group,
+      :site_frame,
+      :ip,
+      :user_data
+
+    # A bit clunky but useful for testing token decomposition.
+    # If you provide a test session then the config values there 
+    # will be used so that decryption will function without @Pay's
+    # private key.
+    def initialize(token, session = nil)
+      @token = token
+      @session = session
+      strip_version
+
+      @checksum = Digest::SHA1.hexdigest(token) # Before or after removing version?
+    end
+
+    class << self
+      # Get the version of the given token.
+      def token_version(token)
+        token.scan('-').empty? ? 0 : unpack_version(token.split('-')[0])
+      end
+
+      # Check and make sure we haven't seen this token before.
+      # NOTE: This is really for internal use by @Pay.
+      def find_by_checksum(token)
+        checksum = Digest::SHA1.hexdigest(token)
+
+        SecurityKey.find_by_encoded_key(checksum) || ValidationToken.find_by_encoded_key(checksum)
+      end
+
+
+      private
+
+      # Unpack the actual version value.
+      def unpack_version(version)
+        Base64.decode64(version[1..-1]).unpack("Q>")[0]
+      end
+    end
+    
+
+    # We want to pull the header out of the token.  This means we
+    # grab the nonce and the partner id from the token.  The version
+    # frame should be removed before calling header.
+    def header
+      decode
+      nonce
+      destination
+    end
+
+    # Here we parse the body of the token.  All the useful shit
+    # comes out of this.
+    def body(key)
+      payload(nonce, key, @token)
+      part_out_payload
+    end
+
+    # With a site token you want to call this after header.  It will
+    # pull the ip address and header sha out of the token.
+    def browser_data(key)
+      length = @token.slice!(0, 4).unpack("l>")[0]
+      @site_frame = boxer(key).open(nonce, @token.slice!(0, length))
+
+      length = @token.slice!(0, 4).unpack("l>")[0]
+      @ip = @token.slice!(0, length)
+    end
+
+    def source
+      {email: @email, card: @card, member: @member}
+    end
+
+    # Return parts in a hash structure, handy for ActiveRecord.
+    def to_h
+      {
+        sale_price: @amount,
+        expires_at: Time.at(@expires),
+        group: @group,
+        encoded_key: @checksum
+      }
+    end
+
+
+    private
+
+    # Strip the version frame from the token.
+    def strip_version
+      @token = @token.split('-').last
+    end
+
+    # Fix our Base64 problems
+    def decode
+      @token = Base64.decode64 @token 
+    end
+
+    # Extract our entropy
+    def nonce
+      @nonce ||= @token.slice!(0, 24)
+    end
+
+    # Find the recipient of the betokened transaction
+    def destination
+      nonce unless @nonce
+
+      #@partner ||= OpportunityMap.find(@token.slice!(0, 8).unpack("Q>")[0]).opportunity
+      @partner_id ||= @token.slice!(0, 8).unpack("Q>")[0]
+    end
+
+    def boxer(key)
+      if @session
+        Crypto::Box.new(key, @session.config.atpay_private_key)
+      else
+        Crypto::Box.new(key, ENCRYPTION[:security_key_sec])
+      end
+    end
+
+    # Decrypt the payload.
+    def payload(nonce, key, decoded)
+      @payload = boxer(key).open(nonce, decoded)
+    end
+
+    # Break the payload out into it's constituent logical parts.
+    def part_out_payload
+      # TARGET:GROUP/AMOUNTEXPIRATION/USERDATA
+      # TARGET:GROUP/AMOUNTEXPIRATION
+      # TARGET:/AMOUNTEXPIRATION (?)
+      # TARGET/AMOUNTEXPIRATION/USERDATA
+      # TARGET/AMOUNTEXPIRATION
+      if @payload.match '>:'
+        raw_target, @group = @payload.split(':', 2)
+      else
+        raw_target = @payload
+      end
+
+      target raw_target
+
+      if @group
+        @group = @payload.slice!(0, @group.index("/")) 
+        @payload.slice!(0, 1)
+      end
+      
+      @amount = parse_amount!
+      @expiration = parse_expiration!
+      @user_data = parse_user_data!
+    end
+
+    def parse_amount!
+      @amount = @payload.slice!(0, 4).unpack("g")[0]
+    end
+
+    def parse_expiration!
+      @expires = @payload.slice!(0, 4).unpack("l>")[0]
+    end
+
+    def parse_user_data!
+      @user_data = @payload[1..-1]
+      @payload = nil
+      return @user_data
+    end
+
+    # Find the target of the token.  This could be a Credit Card
+    # Email Address or Member UUID.
+    def target(target)
+      case target
+      when /card<(.*?)>/
+        @card = $1
+        @payload.slice!(0, ($1.length + 7))
+      when /email<(.*?)>/
+        @email = $1
+        @payload.slice!(0, ($1.length + 8))
+      when /member<(.*?)>/
+        @member = $1
+        @payload.slice!(0, ($1.length + 9))
+      else
+        raise "No target found"
+      end
+    end
+  end
+end

data/lib/atpay_tokens.rb

@@ -0,0 +1,5 @@
+require 'atpay/session'
+require 'atpay/tokenator'
+
+module AtPay
+end

data/spec/atpay/config_spec.rb

@@ -0,0 +1,63 @@
+require 'helper'
+
+describe AtPay::Config do
+  let(:config) {
+    AtPay::Config.new({
+      :partner_id     => partner_id,
+      :private_key    => private_key,
+      :public_key     => public_key,
+      :environment    => :sandbox
+    })
+  }
+
+  describe "overview" do
+    it "accepts multiple arguments" do
+      AtPay::Config.any_instance.should_receive(:partner_id=).with(partner_id)
+      AtPay::Config.any_instance.should_receive(:private_key=).with(private_key)
+      AtPay::Config.any_instance.should_receive(:public_key=).with(public_key)
+      AtPay::Config.any_instance.should_receive(:environment=).with(:sandbox)
+
+      AtPay::Config.new({
+        :partner_id     => partner_id,
+        :private_key    => private_key,
+        :public_key     => public_key,
+        :environment    => :sandbox
+      })
+    end
+  end
+
+  describe "values" do
+    it "accepts partner id" do
+      config.partner_id = partner_id
+      config.partner_id.should eq(partner_id)
+    end
+
+    it "accepts private key" do
+      config.private_key = private_key
+      config.private_key.should_not be_empty
+    end
+
+    it "accepts public key" do
+      config.public_key = public_key
+      config.public_key.should_not be_empty
+    end
+
+    it "accepts environment" do
+      config.environment = :sandbox
+      config.atpay_public_key.should_not be_empty
+    end
+  end
+
+  describe "environment" do
+    it "required to be production or sandbox" do
+      expect {
+        AtPay::Config.new :environment => :none
+      }.to raise_error
+    end
+
+    it "defaults to sandbox" do
+      AtPay::Config.any_instance.should_receive(:environment=).with(:sandbox)
+      config = AtPay::Config.new({})
+    end
+  end
+end

data/spec/atpay/security_key_spec.rb

@@ -0,0 +1,60 @@
+# TODO: Decode utilities for further testing
+
+require 'atpay'
+require 'rbnacl'
+require 'base64'
+require 'helper'
+
+describe AtPay::SecurityKey do
+  let(:session){
+    AtPay::Session.new({
+      :partner_id     => partner_id,
+      :private_key    => private_key,
+      :public_key     => public_key,
+      :environment    => :sandbox
+    })
+  }
+
+  describe "#initialize" do
+    it "fails when no email given" do
+      expect {
+        AtPay::SecurityKey.new(session, {
+          :amount => 25,
+          :email => nil
+        })
+      }.to raise_error
+    end
+
+    it "fails when no amount given" do
+      expect {
+        AtPay::SecurityKey.new(session, {
+          :amount => nil,
+          :email => "test@example.com"
+        })
+      }.to raise_error
+    end
+
+    it "fails when amount not float" do
+      expect {
+        AtPay::SecurityKey.new(session, {
+          :amount => "25", 
+          :email => "test@example.com"
+        })
+      }.to raise_error
+    end
+  end
+
+  describe "#to_s" do
+    it "returns a valid key" do
+      key = AtPay::SecurityKey.new(session, {:email => "james@atpay.com", :amount => 25.00}).to_s
+    end
+
+    it "returns a key with a group" do
+      key = AtPay::SecurityKey.new(session, {:email => "james@atpay.com", :amount => 25.00, :group => "1234"}).to_s
+    end
+
+    it "returns a key with user_data" do
+      key = AtPay::SecurityKey.new(session, {:email => "glen@atpay.com", :amount => 25.00, :user_data => 'bacon and eggs'}).to_s
+    end
+  end
+end

data/spec/atpay/session_spec.rb

@@ -0,0 +1,40 @@
+require 'helper'
+
+describe AtPay::Session do
+  let(:session) {
+    AtPay::Session.new({
+      :partner_id => partner_id,
+      :private_key => private_key,
+      :public_key => public_key,
+      :environment => :sandbox
+    })
+  }
+
+  it "Uses the configuration options" do
+    AtPay::Config.any_instance.should_receive(:initialize).with({})
+    AtPay::Session.new({})
+  end
+
+  it "Generates security key" do
+    session.security_key(:amount => 20.00, 
+      :email => "james@example.com").to_s.should_not be_empty
+  end
+
+  it "Generates site token" do
+    session.security_key(:amount => 20.00, 
+      :card => "test").site_token("0.0.0.0", {
+      "HTTP_USER_AGENT" => "0",
+      "HTTP_ACCEPT_LANGUAGE" => "1",
+      "HTTP_ACCEPT_CHARSET" => "2"
+    }).should_not be_empty
+  end
+
+  it "Generates multiple security keys" do
+    session.security_key(:amount => [20.00, 30.00],
+      :email => "james@example.com").length.should eq(2)
+  end
+
+  it "Returns a box and caches it" do
+    session.boxer.object_id.should eq(session.boxer.object_id)
+  end
+end

data/spec/atpay/tokenator_spec.rb

@@ -0,0 +1,142 @@
+require 'atpay'
+require 'rbnacl'
+require 'base64'
+require 'helper'
+
+describe AtPay::Tokenator do
+  let(:headers) { {'HTTP_USER_AGENT' => 'agent', 'HTTP_ACCEPT_LANGUAGE' => 'lang', 'HTTP_ACCEPT_CHARSET' => 'charset'} }
+  let(:ip) { '1.1.1.1' }
+
+  let(:payment) { AtPay::Tokenator.new token(50.00, [:email_token], {email: 'email@address'}), build_session }
+  let(:site) { AtPay::Tokenator.new token(50.00, [:site_token, ip, headers], {card: 'OGQ3OWE0OWNhMFFTL4mMpQA='}), build_session }
+  let(:user_data) { AtPay::Tokenator.new token(50.00, [:email_token], {email: 'email@address', user_data: 'lots of pills, paying forever'}), build_session }
+  let(:version) { AtPay::Tokenator.new token(50.00, [:email_token], {email: 'email@address', version: 2}), build_session }
+  let(:member) { AtPay::Tokenator.new token(50.00, [:email_token], {member: '4DF08A79-C16C-4842-AA1B-AE878C9C6C2C'}), build_session }
+  let(:group) { AtPay::Tokenator.new token(50.00, [:email_token], {member: '4DF08A79-C16C-4842-AA1B-AE878C9C6C2C', group: '18', user_data: 'hello from data'}), build_session }
+
+  describe "Parsing" do
+    it "Uses the key specified in ENCRYPTION if not given a session" do
+      tokenator = AtPay::Tokenator.new token(50.0, [:email_token], {email: 'email@address'})
+
+      expect { tokenator.send(:boxer, Base64.decode64(public_key)) }.to raise_error
+    end
+
+    describe "Payment Tokens" do
+      it "Extracts the partner" do
+        payment.header
+
+        payment.instance_eval { @partner_id }.should eq(123)
+      end
+
+      it "Extracts the body" do
+        payment.header
+        payment.body(Base64.decode64(public_key))
+
+        payment.source[:email].should eq('email@address')
+        payment.amount.should eq(50.0)
+        payment.expires.should_not eq(nil)
+      end
+
+      it "Presents token values as a hash" do
+        payment.header
+        payment.body(Base64.decode64(public_key))
+
+        payment.to_h.should be_a(Hash)
+      end
+
+      it "Processes a member token" do
+        member.header
+        member.body(Base64.decode64(public_key))
+
+        member.source[:member].should eq('4DF08A79-C16C-4842-AA1B-AE878C9C6C2C')
+      end
+
+      it "Processes a token with a group" do
+        group.header
+        group.body(Base64.decode64(public_key))
+
+        group.group.should eq('18')
+        group.user_data.should eq('hello from data')
+      end
+    end
+
+    describe "Exceptions" do
+      it "Raises target not found if there is no valid target" do
+        expect { payment.send :target, 'mom' }.to raise_error
+      end
+    end
+
+    describe "Site Tokens" do
+      it "Extracts the Partner" do
+        site.header
+
+        site.instance_eval { @partner_id }.should eq(123)
+      end
+
+      it "Extracts the site frame" do
+        site.header
+        site.browser_data(Base64.decode64(public_key))
+        sha = Digest::SHA1.hexdigest((headers.values + [ip]).join)
+
+        site.instance_eval { @site_frame }.should eq(sha)
+        site.instance_eval { @ip }.should eq(ip)
+      end
+
+      it "Extracts payload after extracting site frame" do
+        site.header
+        site.browser_data(Base64.decode64(public_key))
+        site.body(Base64.decode64(public_key))
+
+        site.source[:card].should eq('OGQ3OWE0OWNhMFFTL4mMpQA=')
+        site.amount.should eq(50.0)
+        site.expires.should_not eq(nil)
+      end
+    end
+
+    describe "User Data" do
+      it "Extracts supplied User Data" do
+        user_data.header
+        user_data.body(Base64.decode64(public_key))
+
+        user_data.user_data.should eq('lots of pills, paying forever')
+      end
+    end
+
+    describe "Versioning" do
+      let(:versioned) { token(50.00, [:email_token], {email: 'email@address', version: 2}) }
+
+      it "Extracts the version" do
+        AtPay::Tokenator.token_version(versioned).should eq(2)
+      end
+
+      it "Returns 0 when there is no version" do
+        test_token = token(50.00, [:email_token], {email: 'email@address'})
+
+        AtPay::Tokenator.token_version(test_token).should eq(0)
+      end
+
+      it "Behaves as a normal token when versioned" do
+        version.header
+        version.body(Base64.decode64(public_key))
+
+        version.amount.should eq(50.0)
+      end
+    end
+
+    describe "Checksum lookup" do
+      before do
+        class AtPay::SecurityKey; end
+        class AtPay::ValidationToken; end
+
+        AtPay::SecurityKey.should_receive(:find_by_encoded_key)
+        AtPay::ValidationToken.should_receive(:find_by_encoded_key)
+      end
+
+      it "should look for a token with a matching checksum" do
+        token = token(50.0, [:email_token], {email: 'email@address'})
+
+        AtPay::Tokenator.find_by_checksum(token)
+      end
+    end
+  end
+end

data/spec/helper.rb

@@ -0,0 +1,46 @@
+require 'simplecov'
+require 'coveralls'
+
+SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter[
+  SimpleCov::Formatter::HTMLFormatter,
+  Coveralls::SimpleCov::Formatter
+]
+
+SimpleCov.start
+
+require 'rubygems'
+require 'bundler/setup'
+require 'atpay'
+require 'rspec/core/shared_context'
+
+module Setup
+  extend RSpec::Core::SharedContext
+
+  let(:partner_id)      { 123 }
+  let(:keys)            { 
+    sec = Crypto::PrivateKey.generate
+    pub = sec.public_key
+    [pub.to_bytes, sec.to_bytes]
+  }
+  let(:public_key)      { Base64.strict_encode64(keys[0]) }
+  let(:private_key)     { Base64.strict_encode64(keys[1]) }
+
+  def token(amount, type, options = {})
+    build_session.security_key({
+      amount: amount,
+    }.merge(options)).send(*type).to_s
+  end
+
+  def build_session
+    AtPay::Session.new({
+      public_key: public_key,
+      private_key: private_key,
+      partner_id: partner_id,
+      environment: :test
+    })
+  end
+end
+
+RSpec.configure do |r|
+  r.include Setup
+end

metadata

@@ -0,0 +1,94 @@
+--- !ruby/object:Gem::Specification
+name: atpay_tokens
+version: !ruby/object:Gem::Version
+  version: 0.0.7
+platform: ruby
+authors:
+- James Kassemi
+- Glen Holcomb
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-07-25 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rbnacl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: ffi
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Client interface for the @Pay API, key generation for performance optimization
+email: james@atpay.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .travis.yml
+- Gemfile
+- README.md
+- Rakefile
+- atpay_tokens.gemspec
+- bin/atpay-client.rb
+- config/credentials.yml
+- lib/atpay/config.rb
+- lib/atpay/security_key.rb
+- lib/atpay/session.rb
+- lib/atpay/tokenator.rb
+- lib/atpay_tokens.rb
+- spec/atpay/config_spec.rb
+- spec/atpay/security_key_spec.rb
+- spec/atpay/session_spec.rb
+- spec/atpay/tokenator_spec.rb
+- spec/helper.rb
+homepage: https://atpay.com
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.2
+signing_key: 
+specification_version: 4
+summary: '@Pay Token Generator'
+test_files:
+- spec/atpay/config_spec.rb
+- spec/atpay/security_key_spec.rb
+- spec/atpay/session_spec.rb
+- spec/atpay/tokenator_spec.rb
+- spec/helper.rb