authorize_net 0.0.3 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 25131b6aba3bdd77249b7c79294ae7a0016cba76
-  data.tar.gz: 1a66aeec86f8ff7e6f2396ece8f27b1034fad314
+  metadata.gz: 2f6bd562739bb8e06f0f8bce4b17e9bb6f455236
+  data.tar.gz: c1354c19a0c83fdd2bc514427c5a90347f132e7f
 SHA512:
-  metadata.gz: 33541d2b9b109398bfecbdc1635b5362a4dcb347bcfca77a6ce876dcce587ca916e2dce93208117489bedd0bf2be77789a97c43d07976c1057c6b10d7deb300f
-  data.tar.gz: 6cf8ec0d218442015876e7ee7fc8d70be1d2871646b446308789aad7d00e7a40aeb3a40abb9e30d6831068cfe12fd72b667d1408b5bf9cb1060103498690b164
+  metadata.gz: 2ae07841af1a1587e311fcccf3c5a7101cc32c17fe1419b71869b929cd05ca15f1f21bfcb4359344aa066fe9c1c0c77463ca69b25edd6cc9211f74af6723b327
+  data.tar.gz: e6ab0deb8c4b96a64b44491d935436aa076dd38210f1c1003a8270b9f74685cfeec51c7f8f192b37e4ca3fa54f151a915bbfa10a1b6798534cb90c1135417cb2

data/lib/authorize_net/api.rb

@@ -1,4 +1,5 @@
 require 'nokogiri'
+require 'openssl'
 
 # ===============================================================
 # This class uses the AuthroizeRequest object to interact with
@@ -8,10 +9,11 @@ require 'nokogiri'
 # ===============================================================
 class AuthorizeNet::Api
 
-  def initialize(api_login_id, api_transaction_key, is_test_api)
+  def initialize(api_login_id, api_transaction_key, options={})
     @api_login_id = api_login_id
     @api_transaction_key = api_transaction_key
-    @is_test_api = is_test_api
+    @is_sandbox = options[:sandbox]
+    @md5_hash = options[:md5_hash]
     @logger = nil
     @log_full_request = false
   end
@@ -45,6 +47,7 @@ class AuthorizeNet::Api
     end
 
     response = sendRequest("createTransactionRequest", xml_obj)
+    validate_hash(response, amount, use_api_login: true)
     if !response.nil?
       return AuthorizeNet::Transaction.parse(response)
     end
@@ -77,12 +80,12 @@ class AuthorizeNet::Api
         "id" => customer_profile.merchant_id,
         "email" => customer_profile.email,
         "description" => customer_profile.description,
-        "billTo" => payment_profile.billing_address.to_h,
       },
+      "billTo" => payment_profile.billing_address.to_h,
     }
 
     response = sendRequest("createTransactionRequest", xml_obj)
-
+    validate_hash(response, amount, use_api_login: true)
     if !response.nil?
       return {
         :transaction => AuthorizeNet::Transaction.parse(response),
@@ -115,6 +118,7 @@ class AuthorizeNet::Api
     }
 
     response = sendRequest("createTransactionRequest", xml_obj)
+    validate_hash(response, amount, use_api_login: false)
     if !response.nil?
       return AuthorizeNet::Transaction.parse(response)
     end
@@ -270,13 +274,46 @@ class AuthorizeNet::Api
     end
   end
 
+  # =============================================
+  # Validates that the returned transaction hash
+  # value is what we expect it to be
+  #
+  # @throws AuthorizeNet::Exception
+  # =============================================
+  def validate_hash(response_xml, amount, options={})
+    if @md5_hash.nil?
+      return
+    end
+
+    digest = OpenSSL::Digest.new('md5')
+    transaction_id = AuthorizeNet::Util.getXmlValue(response_xml, "transId")
+    trans_hash = AuthorizeNet::Util.getXmlValue(response_xml, "transHash").downcase
+    formatted_amount = "%.2f" % amount
+
+    if options[:use_api_login]
+      calculated_hash = digest.hexdigest("#{@md5_hash}#{@api_login_id}#{transaction_id}#{formatted_amount}")
+    else
+      calculated_hash = digest.hexdigest("#{@md5_hash}#{transaction_id}#{formatted_amount}")
+    end
+
+    if calculated_hash != trans_hash
+      if @logger.respond_to? :error
+        @logger.error("[AuthorizeNet] Response Transaction Hash doesn't equal expected value. trans_hash=#{trans_hash} calculated_hash=#{calculated_hash}")
+      end
+
+      e = AuthorizeNet::Exception.new("[AuthorizeNet] Returned hash doesn't match expected value.")
+      e.errors.push({:text => "Something went wrong. Please contact customer assistance or try again later"})
+      raise e
+    end
+  end
+
   # =============================================
   # Send HTTP request to Authorize Net
   # @param Net::HTTPResponse
   # @return response
   # =============================================
   def sendRequest(type, xml_obj)
-    uri = @is_test_api ? AuthorizeNet::TEST_URI : AuthorizeNet::URI
+    uri = @is_sandbox ? AuthorizeNet::TEST_URI : AuthorizeNet::URI
     request = AuthorizeNet::Request.new(type, xml_obj, uri)
 
     if @logger.respond_to? :info

data/lib/authorize_net/exception.rb

@@ -5,8 +5,8 @@ class AuthorizeNet::Exception < Exception
   attr_accessor :message
   attr_accessor :errors
 
-  def initialize
-    @message = GENERIC_ERROR_MESSAGE
+  def initialize(message=GENERIC_ERROR_MESSAGE)
+    @message = message
     @errors = []
   end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authorize_net
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.1.0
 platform: ruby
 authors:
 - Avenir Interactive LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-03-11 00:00:00.000000000 Z
+date: 2016-04-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -70,7 +70,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.2
+rubygems_version: 2.6.3
 signing_key: 
 specification_version: 4
 summary: API interface for Authorize.net payment gateway