banklink_lv 1.0.2 → 1.1.1

data/lib/banklink/seb/notification.rb

@@ -0,0 +1,144 @@
+module Banklink
+  module Seb
+    class Notification
+      include Banklink::Common
+
+      attr_accessor :params
+      attr_accessor :raw
+
+      # set this to an array in the subclass, to specify which IPs are allowed to send requests
+      attr_accessor :production_ips
+
+      def initialize(post, options = {})
+        @options = options
+        empty!
+        parse(post)
+      end
+
+      def gross_cents
+        (gross.to_f * 100.0).round
+      end
+
+      # This combines the gross and currency and returns a proper Money object.
+      # this requires the money library located at http://dist.leetsoft.com/api/money
+      def amount
+        return gross_cents
+      end
+
+      # reset the notification.
+      def empty!
+        @params  = Hash.new
+        @raw     = ""
+      end
+
+      # Check if the request comes from an official IP
+      def valid_sender?(ip)
+        return true if Rails.env == :test || production_ips.blank?
+        production_ips.include?(ip)
+      end
+
+      def complete?
+        params['IB_STATUS'] == 'ACCOMPLISHED'
+      end
+
+      def wait?
+        params['IB_SERVICE'] == '1201'
+      end
+
+      def failed?
+        params['IB_SERVICE'] == '1901'
+      end
+
+      def currency
+        params['IB_CURR']
+      end
+
+      def transaction_id
+        params['IB_PAYMENT_ID']
+      end
+
+      def sender_name
+        params['IB_PAYER_NAME']
+      end
+
+      def sender_bank_account
+        params['IB_PAYER_ACC']
+      end
+
+      def receiver_name
+        params['IB_REC_NAME']
+      end
+      alias_method :reciever_name, :receiver_name
+
+      def receiver_bank_account
+        params['IB_REC_ACC']
+      end
+      alias_method :reciever_bank_account, :receiver_bank_account
+
+      # When was this payment received by the client.
+      # We're expecting a dd.mm.yyyy format.
+      def received_at
+        require 'date'
+        date = params['IB_T_DATE']
+        return nil unless date
+        day, month, year = *date.split('.').map(&:to_i)
+        Date.civil(year, month, day)
+      end
+
+      def signature
+        Base64.decode64(params['IB_CRC'])
+      end
+
+      # The money amount we received, string.
+      def gross
+        params['IB_AMOUNT']
+      end
+
+      # Was this a test transaction?
+      def test?
+        params['IB_REC_ID'] == 'testvpos'
+      end
+
+      # TODO what should be here?
+      def status
+        complete? ? 'Completed' : 'Failed'
+      end
+
+      # If our request was sent automatically by the bank (true) or manually
+      # by the user triggering the callback by pressing a "return" button (false).
+      def automatic?
+        (params['IB_FROM_SERVER'].present? && params['IB_FROM_SERVER'].upcase == 'Y')
+      end
+
+      def success?
+        acknowledge && complete?
+      end
+
+      # We don't actually acknowledge the notification by making another request ourself,
+      # instead, we check the notification by checking the signature that came with the notification.
+      # This method has to be called when handling the notification & deciding whether to process the order.
+      # Example:
+      #
+      #   def notify
+      #     notify = Notification.new(params)
+      #
+      #     if notify.acknowledge
+      #       ... process order ... if notify.complete?
+      #     else
+      #       ... log possible hacking attempt ...
+      #     end
+      def acknowledge
+        bank_signature_valid?(signature, params['IB_SERVICE'], params)
+      end
+
+      def get_data_string
+        generate_data_string(params['IB_SERVICE'], params, Seb.required_service_params)
+      end
+
+      def bank_signature_valid?(bank_signature, service_msg_number, sigparams)
+        Seb.get_bank_public_key.verify(OpenSSL::Digest::SHA1.new, bank_signature, generate_data_string(service_msg_number, sigparams, Seb.required_service_params))
+      end
+
+    end
+  end
+end

data/lib/banklink/swedbank.rb

@@ -1,27 +1,99 @@
-module Swedbank
-
-  # Raw X509 certificate of the bank, string format.
-  mattr_accessor :bank_certificate
-  # RSA public key of the bank, taken from the X509 certificate of the bank. OpenSSL container.
-  def self.get_bank_public_key
-    cert = self.bank_certificate
-    OpenSSL::X509::Certificate.new(cert.gsub(/  /, '')).public_key
-  end
+require 'banklink/swedbank/helper'
+require 'banklink/swedbank/notification'
 
-  mattr_accessor :private_key
-  # Our RSA private key. OpenSSL container.
-  def self.get_private_key
-    private_key = self.private_key
-    OpenSSL::PKey::RSA.new(private_key.gsub(/  /, ''))
-  end
+module Banklink
+  module Swedbank
 
-  mattr_accessor :service_url
-  def self.service_url
-    self.service_url
-  end
+    # Raw X509 certificate of the bank, string format.
+    mattr_accessor :bank_certificate
+    # RSA public key of the bank, taken from the X509 certificate of the bank. OpenSSL container.
+    def self.get_bank_public_key
+      cert = self.bank_certificate
+      OpenSSL::X509::Certificate.new(cert.gsub(/  /, '')).public_key
+    end
 
-  def self.notification(post)
-    Notification.new(post)
-  end
+    mattr_accessor :private_key
+    # Our RSA private key. OpenSSL container.
+    def self.get_private_key
+      private_key = self.private_key
+      OpenSSL::PKey::RSA.new(private_key.gsub(/  /, ''))
+    end
+
+    mattr_accessor :service_url
 
+    def self.notification(post)
+      Notification.new(post)
+    end
+
+    def self.helper(order, account, options = {})
+      Helper.new(order, account, options)
+    end
+
+    # Define required fields for each service message.
+    # We need to know this in order to calculate VK_MAC
+    # from a given hash of parameters.
+    # Order of the parameters is important.
+    mattr_accessor :required_service_params
+    self.required_service_params = {
+    1001 => [
+      'VK_SERVICE',
+      'VK_VERSION',
+      'VK_SND_ID',
+      'VK_STAMP',
+      'VK_AMOUNT',
+      'VK_CURR',
+      'VK_ACC',
+      'VK_NAME',
+      'VK_REF',
+      'VK_MSG'],
+    1002 => [
+      'VK_SERVICE',
+      'VK_VERSION',
+      'VK_SND_ID',
+      'VK_STAMP',
+      'VK_AMOUNT',
+      'VK_CURR',
+      'VK_REF',
+      'VK_MSG' ],
+    1101 => [
+      'VK_SERVICE',
+      'VK_VERSION',
+      'VK_SND_ID',
+      'VK_REC_ID',
+      'VK_STAMP',
+      'VK_T_NO',
+      'VK_AMOUNT',
+      'VK_CURR',
+      'VK_REC_ACC',
+      'VK_REC_NAME',
+      'VK_SND_ACC',
+      'VK_SND_NAME',
+      'VK_REF',
+      'VK_MSG',
+      'VK_T_DATE'],
+    1201 => [
+      'VK_SERVICE',
+      'VK_VERSION',
+      'VK_SND_ID',
+      'VK_REC_ID',
+      'VK_STAMP',
+      'VK_AMOUNT',
+      'VK_CURR',
+      'VK_REC_ACC',
+      'VK_REC_NAME',
+      'VK_SND_ACC',
+      'VK_SND_NAME',
+      'VK_REF',
+      'VK_MSG'],
+    1901 => [
+      'VK_SERVICE',
+      'VK_VERSION',
+      'VK_SND_ID',
+      'VK_REC_ID',
+      'VK_STAMP',
+      'VK_REF',
+      'VK_MSG']
+    }
+
+  end
 end

data/lib/banklink/swedbank/helper.rb

@@ -0,0 +1,115 @@
+module Banklink #:nodoc:
+  module Swedbank
+    class Helper
+      attr_reader :fields
+      include Banklink::Common
+
+      def initialize(order, account, options = {})
+
+        @options = options
+        @fields = {}
+
+        @options['VK_SND_ID'] = account
+        @options['VK_STAMP'] = order
+        @options['VK_AMOUNT'] = options[:amount]
+        @options['VK_CURR'] = options[:currency]
+        @options['VK_RETURN'] = options[:return]
+        @options['VK_REF'] = options[:reference] || ""
+        @options['VK_MSG'] = options[:message]
+        @options['VK_LANG'] = options[:lang] if options[:lang]
+
+        if options[:service_msg_number]
+          @service_msg_number = options.delete(:service_msg_number)
+        else
+          @service_msg_number = default_service_msg_number
+        end
+
+        add_required_params
+        add_vk_mac
+        add_charset_field
+        add_return_url_field
+        add_lang_field
+      end
+
+
+      def form_fields
+        @fields
+      end
+
+      def self.mapping(attribute, options = {})
+        self.mappings ||= {}
+        self.mappings[attribute] = options
+      end
+
+      def add_field(name, value)
+        return if name.blank? || value.blank?
+        @fields[name.to_s] = value.to_s
+      end
+
+      def add_vk_mac
+        # Signature used to validate previous parameters
+        add_field('VK_MAC', generate_mac(@service_msg_number, form_fields, Swedbank.required_service_params))
+      end
+
+      def add_return_url_field
+        add_field('VK_RETURN', @options['VK_RETURN'])
+      end
+
+      def add_lang_field
+        if @options['VK_LANG']
+          add_field(vk_lang_param, @options['VK_LANG'])
+        else
+          add_field vk_lang_param, vk_lang
+        end
+      end
+
+      def add_charset_field
+        add_field vk_charset_param, vk_charset
+      end
+
+      def add_required_params
+        required_params = Swedbank.required_service_params[@service_msg_number]
+        required_params.each do |param|
+          param_value = (@options.delete(param) || send(param.to_s.downcase)).to_s
+          add_field param, encode_to_utf8(param_value)
+        end
+      end
+
+      # Default parameters
+      def vk_charset
+        'UTF-8'
+      end
+
+      def vk_charset_param
+        'VK_ENCODING'
+      end
+
+      def vk_lang
+        'LAT'
+      end
+
+      def vk_lang_param
+        'VK_LANG'
+      end
+
+      def vk_service
+        @service_msg_number
+      end
+
+      def vk_version
+        '008'
+      end
+
+      def redirect_url
+        Swedbank.service_url
+      end
+
+      # Default service message number.
+      # Use '1002' because it requires the least amount of parameters.
+      def default_service_msg_number
+        1002
+      end
+
+    end
+  end
+end

data/lib/banklink/swedbank/notification.rb

@@ -0,0 +1,156 @@
+module Banklink
+  module Swedbank
+    class Notification
+      include Banklink::Common
+
+      attr_accessor :params
+      attr_accessor :raw
+
+      # set this to an array in the subclass, to specify which IPs are allowed to send requests
+      attr_accessor :production_ips
+
+      def initialize(post, options = {})
+        @options = options
+        empty!
+        parse(post)
+      end
+
+      def gross_cents
+        (gross.to_f * 100.0).round
+      end
+
+      # This combines the gross and currency and returns a proper Money object.
+      # this requires the money library located at http://dist.leetsoft.com/api/money
+      def amount
+        return gross_cents
+      end
+
+      # reset the notification.
+      def empty!
+        @params  = Hash.new
+        @raw     = ""
+      end
+
+      # Check if the request comes from an official IP
+      def valid_sender?(ip)
+        return true if Rails.env == :test || production_ips.blank?
+        production_ips.include?(ip)
+      end
+
+          # A helper method to parse the raw post of the request & return
+      # the right Notification subclass based on the sender id.
+      #def self.get_notification(http_raw_data)
+      #  params = ActiveMerchant::Billing::Integrations::Notification.new(http_raw_data).params
+      #  Banklink.get_class(params)::Notification.new(http_raw_data)
+      #end
+
+      def get_data_string
+        generate_data_string(params['VK_SERVICE'], params, Swedbank.required_service_params)
+      end
+
+      def bank_signature_valid?(bank_signature, service_msg_number, sigparams)
+        Swedbank.get_bank_public_key.verify(OpenSSL::Digest::SHA1.new, bank_signature, generate_data_string(service_msg_number, sigparams, Swedbank.required_service_params))
+      end
+
+      def complete?
+        params['VK_SERVICE'] == '1101'
+      end
+
+      def wait?
+        params['VK_SERVICE'] == '1201'
+      end
+
+      def failed?
+        params['VK_SERVICE'] == '1901'
+      end
+
+      def currency
+        params['VK_CURR']
+      end
+
+      # The order id we passed to the form helper.
+      def item_id
+        params['VK_STAMP']
+      end
+
+      def transaction_id
+        params['VK_REF']
+      end
+
+      def sender_name
+        params['VK_SND_NAME']
+      end
+
+      def sender_bank_account
+        params['VK_SND_ACC']
+      end
+
+      def receiver_name
+        params['VK_REC_NAME']
+      end
+      alias_method :reciever_name, :receiver_name
+
+      def receiver_bank_account
+        params['VK_REC_ACC']
+      end
+      alias_method :reciever_bank_account, :receiver_bank_account
+
+      # When was this payment received by the client.
+      # We're expecting a dd.mm.yyyy format.
+      def received_at
+        require 'date'
+        date = params['VK_T_DATE']
+        return nil unless date
+        day, month, year = *date.split('.').map(&:to_i)
+        Date.civil(year, month, day)
+      end
+
+      def signature
+        Base64.decode64(params['VK_MAC'])
+      end
+
+      # The money amount we received, string.
+      def gross
+        params['VK_AMOUNT']
+      end
+
+      # Was this a test transaction?
+      def test?
+        params['VK_REC_ID'] == 'testvpos'
+      end
+
+      # TODO what should be here?
+      def status
+        complete? ? 'Completed' : 'Failed'
+      end
+
+      # If our request was sent automatically by the bank (true) or manually
+      # by the user triggering the callback by pressing a "return" button (false).
+      def automatic?
+        params['VK_AUTO'].upcase == 'Y'
+      end
+
+      def success?
+        acknowledge && complete?
+      end
+
+      # We don't actually acknowledge the notification by making another request ourself,
+      # instead, we check the notification by checking the signature that came with the notification.
+      # This method has to be called when handling the notification & deciding whether to process the order.
+      # Example:
+      #
+      #   def notify
+      #     notify = Notification.new(params)
+      #
+      #     if notify.acknowledge
+      #       ... process order ... if notify.complete?
+      #     else
+      #       ... log possible hacking attempt ...
+      #     end
+      def acknowledge
+        bank_signature_valid?(signature, params['VK_SERVICE'], params)
+      end
+
+    end
+  end
+end