auth_net_receiver 0.0.1 → 1.0.beta1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 36acd9aab2d7f88753ada698c7d0aefb2c4105d1
-  data.tar.gz: 4c9cfb7ebdb0017066e995beee7b247d902f9b2b
+  metadata.gz: fa66b884447c0da4498451cab15afb8d609b00d5
+  data.tar.gz: 510b888ac62fb9cda6517662413ed95b7b3dbe03
 SHA512:
-  metadata.gz: ea03767939582f5ab5b773981ab78fbea748235fb1c453373f9dad23ed91b517dd97e5c649aebfd34817808bcd48431508a6a4b6ed42e38df6fd321e400cf7c2
-  data.tar.gz: fb0edaca100795d524cb9ae56cacf18b2a29cf39dd01855c79b8b031343558ac23d80dcbd16b632e254e4491548cc809028d3caee7e7d0b3cabe182a3fd9c128
+  metadata.gz: ed7ed451278edbbae60f06a04a52233c5e6acc0e572fb495d703d3bb9d0c08eb303bae6e40014a197750765a731dc20eaf9de51f1e6c498add038b8d3d26a79a
+  data.tar.gz: 8da8bf5dd05b192fb4bbc010a2531bb0b534e39a93bc5a0e4d97eb5905c18af5894e573cbcee6c2f4409bb1610182e849a62f3b12ee1edf3c6dec793862914a4

data/README.md

@@ -1,3 +1,66 @@
 # AuthNetReceiver
 
-This project rocks and uses MIT-LICENSE.
+The goal of this project is to capture and process transactions posted via the Authorize.Net [Silent Post URL](https://www.authorize.net/support/CNP/helpfiles/Account/Settings/Transaction_Format_Settings/Transaction_Response_Settings/Silent_Post_URL.htm) for use in a Ruby on Rails web application. 
+
+## What is that?
+
+The Silent Post URL is a feature of Authorize.Net that makes a post to a user-defined URL any time a transaction is made. Transactions are posted in real time and must be accepted by the web server within 2 seconds.
+
+This is primarily useful for those using the [Automated Recurring Billing](http://developer.authorize.net/api/arb/) system, or ARB for short. Subscriptions created in ARB will make their transactions at the requested schedule, but (at this time) there is no direct API for pulling down those transactions. By making use of the Silent Post, you can capture all ARB transactions and use that data to reconcile the state of your user's subscription. 
+
+## Requirements
+
+AuthNetReceiver is tested against Rails 4.1+ and Ruby 2+.
+
+## Installation & Usage
+
+1. Add the gem to your Gemfile
+
+        gem 'auth_net_receiver'
+
+2. Run bundle install
+3. Copy the database migrations to your rails project
+
+        bundle exec rake railties:install:migrations
+        rake db:migrate
+
+4. Mount the engine in your routes.rb file
+
+        mount AuthNetReceiver::Engine => "/auth_net"
+
+5. Configure the receiver (see section below)
+6. Restart your application
+
+## Configuration
+
+The processing side will require some configuration before it works.
+
+    AuthNetReceiver.configure do |config|
+      config.gateway_login = "AUTH NET API LOGIN"
+      config.hash_value = "HASH VALUE"
+    end
+
+The gateway login should be the same value you use when authenticating against Authorize.Net. MD5 Hash is a secret value you configure in the Authorize.Net dashboard. You can read more about the MD5 value [here](https://support.authorize.net/authkb/index?page=content&id=A588).
+
+As a final step, you should log in to your Authorize.Net account and enter the desired endpoint into Silent Post URL setting. Depending on how you mounted the engine in your routes.rb file, the URL will look something like this: `http://sample.com/auth_net/transactions/receiver`. It is strongly recommended that you try this in a [sandbox account](https://sandbox.authorize.net) first. 
+
+**NOTE:** Because Authorize.Net has to actually make an HTTP post to your endpoint, it is not possible to run this application on localhost without a bit of work on the networking side. I won't attempt to cover the entire topic here, but if you are comfortable with DNS and port forwards you can probably figure out the rest. 
+
+## Processing
+
+Run the `auth_net_receiver:process` rake task to process all pending transactions:
+
+    $ rake auth_net_receiver:process 
+    D, [2014-11-06T19:31:38.191435 #39766] DEBUG -- : Processing Authorize.Net transactions...
+    D, [2014-11-06T19:31:38.289545 #39766] DEBUG -- : Done!
+    D, [2014-11-06T19:31:38.289593 #39766] DEBUG -- : - 12 authentic
+    D, [2014-11-06T19:31:38.289616 #39766] DEBUG -- : - 0 errrors
+    D, [2014-11-06T19:31:38.289635 #39766] DEBUG -- : - 1 forgeries
+
+## Useful resources:
+
+- [Silent Post URL](https://support.authorize.net/authkb/index?page=content&id=A609&actp=search&viewlocale=en_US&searchid=1415328138657)
+- [What is the MD5 Hash Security feature, and how does it work?](https://support.authorize.net/authkb/index?page=content&id=A588)
+- [Silent Post returned value pairs](https://support.authorize.net/authkb/index?page=content&id=A170&actp=search&viewlocale=en_US&searchid=1415328138657)
+- [All About Authorize.Net’s Silent Post](http://www.johnconde.net/blog/all-about-authorize-nets-silent-post/)
+- [(ARB) API Guide - Authorize.Net](http://www.authorize.net/support/ARB_guide.pdf)

data/app/models/auth_net_receiver/raw_transaction.rb

@@ -5,6 +5,11 @@ module AuthNetReceiver
     scope :unprocessed, ->{ where(:is_processed => false) }
     scope :forgeries, ->{ where(:is_processed => true, :is_authentic => false) }
 
+    # Process all raw transactions
+    #
+    # * Returns a hash of counts in the form of:
+    #     {:authentic => 0, :forgeries => 0, :errors => 0}
+    #
     def self.process_all!
       result = {:authentic => 0, :forgeries => 0, :errors => 0}
       unprocessed.each do |raw_transaction|
@@ -19,15 +24,19 @@ module AuthNetReceiver
       return result
     end
 
+    # Return the JSON data on this record as a hash
+    #
     def json_data
       begin
         return JSON.parse(self.data)
-      rescue JSON::ParserError => e
-        logger.fatal "Error while parsing raw transaction data: #{e.message}"
+      rescue JSON::ParserError, TypeError => e
+        logger.warn "Error while parsing raw transaction data: #{e.message}"
         return {}
       end
     end
 
+    # Process this transaction
+    #
     def process!
       if is_processed
         raise StandardError, 'The requested transaction has already been processed'
@@ -38,6 +47,8 @@ module AuthNetReceiver
 
 private
 
+    # Perform the actual processing, update the status columns, and create an AuthNetReceiver::Transaction record
+    #
     def do_processing
       json = self.json_data
       if md5_hash_is_valid?(json)
@@ -55,19 +66,30 @@ private
       end
     end
 
+    # Check that the x_MD5_Hash value matches our expectations
+    #
+    # The formula for the hash differs for subscription vs regular transactions. Regular transactions
+    # will be associated with the gateway ID that was used in the originating API call. Subscriptions
+    # however are ran on the server at later date, and therefore will not be associated to a gateway ID.
+    #
+    # * Subscriptions: MD5 Digest(AUTH_NET_HASH_VAL + TRANSACTION_ID + TRANSACTION_AMOUNT)
+    # * Other Transactions: MD5 Digest(AUTH_NET_HASH_VAL + GATEWAY_LOGIN + TRANSACTION_ID + TRANSACTION_AMOUNT)
+    #
     def md5_hash_is_valid?(json)
-      if AuthNetReceiver.config.hash_value.nil?
-        raise StandardError, 'AuthNetReceiver.config.hash_value cannot be nil!'
+      if AuthNetReceiver.config.hash_value.nil? || AuthNetReceiver.config.gateway_login.nil?
+        raise StandardError, 'AuthNetReceiver hash_value and gateway_login cannot be nil!'
       end
-      if json['x_subscription_id'].present?
-        hash_string = AuthNetReceiver.config.hash_value + json['x_trans_id'] + json['x_amount']
-      else
-        hash_string = AuthNetReceiver.config.hash_value + AuthNetReceiver.config.gateway_login + json['x_trans_id'] + json['x_amount']
-      end
-      hash = Digest::MD5.hexdigest(hash_string).upcase
+      parts = []
+      parts << AuthNetReceiver.config.hash_value
+      parts << AuthNetReceiver.config.gateway_login if json['x_subscription_id'].blank?
+      parts << json['x_trans_id']
+      parts << json['x_amount']
+      hash = Digest::MD5.hexdigest(parts.join()).upcase
       return hash == json['x_MD5_Hash']
     end
 
+    # Generate the AuthNetReceiver::Transaction model fields from the given JSON data
+    #
     def fields_from_json(json)
       fields = {
         :transaction_id => json['x_trans_id'],
@@ -83,7 +105,7 @@ private
       }
       begin
         fields[:amount] = BigDecimal.new(json['x_amount'])
-      rescue e
+      rescue TypeError
         fields[:amount] = nil
       end
       return fields

data/app/models/auth_net_receiver/transaction.rb

@@ -4,6 +4,8 @@ module AuthNetReceiver
     belongs_to :raw_transaction
     validates_presence_of :raw_transaction_id
 
+    # Return true if this record belongs to an Automated Recurring Billing subscription
+    #
     def is_subscription?
       return self.subscription_id.present?
     end

data/lib/auth_net_receiver/version.rb

@@ -1,3 +1,3 @@
 module AuthNetReceiver
-  VERSION = "0.0.1"
+  VERSION = "1.0.beta1"
 end

data/lib/tasks/auth_net_receiver_tasks.rake

@@ -5,12 +5,12 @@
 
 namespace :auth_net_receiver do
 
-  desc 'Process raw Authorize.net transactions'
+  desc 'Process raw Authorize.Net transactions'
   task :process => :environment do
-    logger.debug 'Processing Authorize.net transactions...'
+    logger.debug 'Processing Authorize.Net transactions...'
     result = AuthNetReceiver::RawTransaction.process_all!
     logger.debug 'Done!'
-    logger.debug "- #{result[:authentic]} success"
+    logger.debug "- #{result[:authentic]} authentic"
     logger.debug "- #{result[:errors]} errrors"
     logger.debug "- #{result[:forgeries]} forgeries"
   end

data/spec/controllers/auth_net_receiver/raw_transactions_controller_spec.rb

@@ -3,5 +3,11 @@ require 'rails_helper'
 module AuthNetReceiver
   RSpec.describe RawTransactionsController, :type => :controller do
 
+    it "should create a new raw transaction" do
+      post :create, {:use_route => :auth_net_receiver}
+      expect(response).to be_success
+      expect(AuthNetReceiver::RawTransaction.unprocessed.count).to eq(1)
+    end
+
   end
 end

data/spec/dummy/config/application.rb

@@ -18,6 +18,11 @@ module Dummy
     # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
     # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
     # config.i18n.default_locale = :de
+
+    AuthNetReceiver.configure do |config|
+      config.gateway_login = 'password'
+      config.hash_value = 'Top Secret!'
+    end
+
   end
 end
-

data/spec/dummy/config/routes.rb

@@ -1,4 +1,3 @@
 Rails.application.routes.draw do
-
   mount AuthNetReceiver::Engine => "/auth_net_receiver"
 end

data/spec/factories/auth_net_receiver_raw_transactions.rb

@@ -1,6 +1,9 @@
 # Read about factories at https://github.com/thoughtbot/factory_girl
 
 FactoryGirl.define do
-  factory :auth_net_receiver_raw_transaction, :class => 'RawTransaction' do
+  factory :raw_transaction, :class => 'AuthNetReceiver::RawTransaction' do
+    is_processed false
+    is_authentic false
+    data ""
   end
 end

data/spec/factories/auth_net_receiver_transactions.rb

@@ -1,6 +1,18 @@
 # Read about factories at https://github.com/thoughtbot/factory_girl
 
 FactoryGirl.define do
-  factory :auth_net_receiver_transaction, :class => 'Transaction' do
+  factory :transaction, :class => 'AuthNetReceiver::Transaction' do
+    association :raw_transaction, :factory => :auth_net_receiver_raw_transaction
+    transaction_id 1
+    subscription_id 1
+    subscription_paynum 1
+    invoice_num "MyString"
+    transaction_type "MyString"
+    amount 9.99
+    card_type "MyString"
+    account_number "MyString"
+    description "MyString"
+    response_reason_code 1
+    response_reason_text "MyString"
   end
 end

data/spec/models/auth_net_receiver/raw_transaction_spec.rb

@@ -1,7 +1,79 @@
 require 'rails_helper'
+require 'sample_data'
+
+RSpec.configure do |c|
+  c.include AuthNetReceiver::SampleData
+end
 
 module AuthNetReceiver
   RSpec.describe RawTransaction, :type => :model do
-    pending "add some examples to (or delete) #{__FILE__}"
+    
+    describe "::process_all!" do
+      it "should process all pending transactions" do
+        3.times do
+          FactoryGirl.create(:raw_transaction, :data => authentic_transaction.to_json)
+        end
+        2.times do
+          FactoryGirl.create(:raw_transaction, :data => forged_transaction.to_json)
+        end
+        result = AuthNetReceiver::RawTransaction.process_all!
+        expect(result[:authentic]).to eq(3)
+        expect(result[:forgeries]).to eq(2)
+        expect(AuthNetReceiver::RawTransaction.unprocessed.count).to eq(0)
+      end
+    end
+
+    describe "#process!" do
+      it "should process an authentic transaction" do
+        raw_transaction = FactoryGirl.create(:raw_transaction, :data => authentic_transaction.to_json)
+        raw_transaction.process!
+        expect(raw_transaction.is_processed).to eq(true)
+        expect(raw_transaction.is_authentic).to eq(true)
+        expect(raw_transaction.processed_transaction).to_not be_nil
+      end
+
+      it "should process a forged transaction" do
+        raw_transaction = FactoryGirl.create(:raw_transaction, :data => forged_transaction.to_json)
+        raw_transaction.process!
+        expect(raw_transaction.is_processed).to eq(true)
+        expect(raw_transaction.is_authentic).to eq(false)
+        expect(raw_transaction.processed_transaction).to be_nil
+      end
+
+      it "should process an authentic subscription" do
+        raw_transaction = FactoryGirl.create(:raw_transaction, :data => authentic_subscription.to_json)
+        raw_transaction.process!
+        expect(raw_transaction.is_processed).to eq(true)
+        expect(raw_transaction.is_authentic).to eq(true)
+        expect(raw_transaction.processed_transaction.is_subscription?).to be(true)
+      end
+
+      it "should not process the same raw transaction twice" do
+        raw_transaction = FactoryGirl.create(:raw_transaction, :data => authentic_transaction.to_json)
+        raw_transaction.process!
+        expect{
+          raw_transaction.process!
+        }.to raise_error
+      end
+
+      it "should pass the correct values from the json" do
+        data = authentic_transaction
+        raw_transaction = FactoryGirl.create(:raw_transaction, :data => data.to_json)
+        raw_transaction.process!
+        t = raw_transaction.processed_transaction
+
+        expect(t.subscription_id).to      eq(data['x_subscription_id'])
+        expect(t.subscription_paynum).to  eq(data['x_subscription_paynum'])
+        expect(t.invoice_num).to          eq(data['x_invoice_num'])
+        expect(t.transaction_type).to     eq(data['x_type'])
+        expect(t.amount).to               eq(BigDecimal.new(data['x_amount']))
+        expect(t.card_type).to            eq(data['x_card_type'])
+        expect(t.account_number).to       eq(data['x_account_number'])
+        expect(t.description).to          eq(data['x_description'])
+        expect(t.response_reason_code).to eq(data['x_response_reason_code'].to_i)
+        expect(t.response_reason_text).to eq(data['x_response_reason_text'])
+      end
+    end
+
   end
 end

data/spec/models/auth_net_receiver/transaction_spec.rb

@@ -2,6 +2,6 @@ require 'rails_helper'
 
 module AuthNetReceiver
   RSpec.describe Transaction, :type => :model do
-    pending "add some examples to (or delete) #{__FILE__}"
+
   end
 end

data/spec/sample_data.rb

@@ -0,0 +1,85 @@
+module AuthNetReceiver::SampleData
+
+  TRANS_AMOUNT = "9.99"
+  TRANS_ID = "12345"
+  SUBSCRIPTION_ID = "67890"
+
+  def valid_hash_for_transaction
+    return Digest::MD5.hexdigest(AuthNetReceiver.config.hash_value + AuthNetReceiver.config.gateway_login + TRANS_ID + TRANS_AMOUNT).upcase
+  end
+
+  def valid_hash_for_subscription 
+    return Digest::MD5.hexdigest(AuthNetReceiver.config.hash_value + TRANS_ID + TRANS_AMOUNT).upcase
+  end
+
+  def authentic_transaction
+    authentic_transaction = base_transaction.clone()
+    authentic_transaction['x_trans_id'] = TRANS_ID
+    authentic_transaction['x_MD5_Hash'] = valid_hash_for_transaction
+    return authentic_transaction
+  end
+
+  def forged_transaction
+    forged_transaction = base_transaction.clone()
+    forged_transaction['x_trans_id'] = TRANS_ID
+    forged_transaction['x_MD5_Hash'] = 'fail!'
+    return forged_transaction
+  end
+
+  def authentic_subscription
+    authentic_subscription = base_transaction.clone()
+    authentic_subscription['x_trans_id'] = TRANS_ID
+    authentic_subscription['x_subscription_id'] = SUBSCRIPTION_ID
+    authentic_subscription['x_MD5_Hash'] = valid_hash_for_subscription
+    return authentic_subscription
+  end
+
+  def base_transaction
+    return {
+      "x_response_code"         => "1",
+      "x_response_reason_code"  => "1",
+      "x_response_reason_text"  => "This transaction has been approved.",
+      "x_avs_code"              => "P",
+      "x_auth_code"             => "xxxx",
+      "x_trans_id"              => "",
+      "x_method"                => "CC",
+      "x_card_type"             => "MasterCard",
+      "x_account_number"        => "XXXX1234",
+      "x_first_name"            => "",
+      "x_last_name"             => "",
+      "x_company"               => "",
+      "x_address"               => "",
+      "x_city"                  => "",
+      "x_state"                 => "",
+      "x_zip"                   => "",
+      "x_country"               => "",
+      "x_phone"                 => "",
+      "x_fax"                   => "",
+      "x_email"                 => "",
+      "x_invoice_num"           => "1-234567890",
+      "x_description"           => "This is a transaction",
+      "x_type"                  => "prior_auth_capture",
+      "x_cust_id"               => "",
+      "x_ship_to_first_name"    => "",
+      "x_ship_to_last_name"     => "",
+      "x_ship_to_company"       => "",
+      "x_ship_to_address"       => "",
+      "x_ship_to_city"          => "",
+      "x_ship_to_state"         => "",
+      "x_ship_to_zip"           => "",
+      "x_ship_to_country"       => "",
+      "x_amount"                => TRANS_AMOUNT,
+      "x_tax"                   => "0.00",
+      "x_duty"                  => "0.00",
+      "x_freight"               => "0.00",
+      "x_tax_exempt"            => "FALSE",
+      "x_po_num"                => "",
+      "x_MD5_Hash"              => "",
+      "x_cvv2_resp_code"        => "",
+      "x_cavv_response"         => "",
+      "x_test_request"          => "false"
+    }
+  end
+
+end
+

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: auth_net_receiver
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 1.0.beta1
 platform: ruby
 authors:
 - Greg Woods
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-11-06 00:00:00.000000000 Z
+date: 2014-11-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -94,8 +94,8 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.7.1
-description: AuthNetReceiver is an endpoint and processor for transactions posted
-  via Authorize.NET
+description: AuthNetReceiver is an endpoint and processor for Authorize.Net Silent
+  Post transactions
 email:
 - greg@westlakedesign.com
 executables: []
@@ -158,6 +158,7 @@ files:
 - spec/models/auth_net_receiver/raw_transaction_spec.rb
 - spec/models/auth_net_receiver/transaction_spec.rb
 - spec/rails_helper.rb
+- spec/sample_data.rb
 - spec/spec_helper.rb
 homepage: https://bitbucket.org/westlakedesign/auth_net_receiver
 licenses:
@@ -174,15 +175,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.4.2
 signing_key: 
 specification_version: 4
-summary: Processor for Authorize.NET Silent Post transactions
+summary: Processor for Authorize.Net Silent Post transactions
 test_files:
 - spec/controllers/auth_net_receiver/raw_transactions_controller_spec.rb
 - spec/dummy/app/assets/javascripts/application.js
@@ -225,4 +226,5 @@ test_files:
 - spec/models/auth_net_receiver/raw_transaction_spec.rb
 - spec/models/auth_net_receiver/transaction_spec.rb
 - spec/rails_helper.rb
+- spec/sample_data.rb
 - spec/spec_helper.rb