braintree 2.13.3 → 2.13.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. data/lib/braintree/transparent_redirect_gateway.rb +5 -2
  2. data/lib/braintree/version.rb +1 -1
  3. data/spec/unit/braintree/transparent_redirect_spec.rb +27 -2
  4. data/spec/unit/braintree/util_spec.rb +1 -1
  5. metadata +5 -5
data/lib/braintree/transparent_redirect_gateway.rb CHANGED
@@ -40,7 +40,8 @@ module Braintree
40
40
  def parse_and_validate_query_string(query_string) # :nodoc:
41
41
  params = Util.symbolize_keys(Util.parse_query_string(query_string))
42
42
  query_string_without_hash = query_string.split("&").reject{|param| param =~ /\Ahash=/}.join("&")
43
- query_string_without_hash = Util.url_decode(query_string_without_hash)
43
+ decoded_query_string_without_hash = Util.url_decode(query_string_without_hash)
44
+ encoded_query_string_without_hash = Util.url_encode(query_string_without_hash)
44
45
 
45
46
  if params[:http_status] == nil
46
47
  raise UnexpectedError, "expected query string to have an http_status param"
@@ -48,7 +49,9 @@ module Braintree
48
49
  Util.raise_exception_for_status_code(params[:http_status], params[:bt_message])
49
50
  end
50
51
 
51
- if _hash(query_string_without_hash) == params[:hash]
52
+ query_strings_without_hash = [query_string_without_hash, encoded_query_string_without_hash, decoded_query_string_without_hash]
53
+
54
+ if query_strings_without_hash.any? { |query_string| _hash(query_string) == params[:hash] }
52
55
  params
53
56
  else
54
57
  raise ForgedQueryString
data/lib/braintree/version.rb CHANGED
@@ -2,7 +2,7 @@ module Braintree
2
2
  module Version
3
3
  Major = 2
4
4
  Minor = 13
5
- Tiny = 3
5
+ Tiny = 4
6
6
 
7
7
  String = "#{Major}.#{Minor}.#{Tiny}"
8
8
  end
data/spec/unit/braintree/transparent_redirect_spec.rb CHANGED
@@ -65,8 +65,8 @@ describe Braintree::TransparentRedirect do
65
65
  end.to raise_error(Braintree::ForgedQueryString)
66
66
  end
67
67
 
68
- it "does not raise ForgedQueryString if any parameter is url encoded" do
69
- url_encoded_query_string_without_hash = "http_status=200&nested_param%5Bsub_param%5D=testing"
68
+ it "does not raise Braintree::ForgedQueryString if query string is url encoded" do
69
+ url_encoded_query_string_without_hash = "http_status%3D200%26nested_param%5Bsub_param%5D%3Dtesting"
70
70
  url_decoded_query_string_without_hash = Braintree::Util.url_decode(url_encoded_query_string_without_hash)
71
71
 
72
72
  hash = Braintree::Digest.hexdigest(Braintree::Configuration.private_key, url_decoded_query_string_without_hash)
@@ -78,6 +78,31 @@ describe Braintree::TransparentRedirect do
78
78
  end.to_not raise_error(Braintree::ForgedQueryString)
79
79
  end
80
80
 
81
+ it "does not raise Braintree::ForgedQueryString if query string is url decoded" do
82
+ url_decoded_query_string_without_hash = "http_status=200&nested_param[sub_param]=testing"
83
+ url_encoded_query_string_without_hash = Braintree::Util.url_encode(url_decoded_query_string_without_hash)
84
+
85
+ hash = Braintree::Digest.hexdigest(Braintree::Configuration.private_key, url_encoded_query_string_without_hash)
86
+
87
+ url_decoded_query_string = "#{url_decoded_query_string_without_hash}&hash=#{hash}"
88
+
89
+ expect do
90
+ Braintree::Configuration.gateway.transparent_redirect.parse_and_validate_query_string url_decoded_query_string
91
+ end.to_not raise_error(Braintree::ForgedQueryString)
92
+ end
93
+
94
+ it "does not raise Braintree::ForgedQueryString if the query string is partially encoded" do
95
+ url_partially_encoded_query_string_without_hash = "http_status=200&nested_param%5Bsub_param%5D=testing"
96
+
97
+ hash = Braintree::Digest.hexdigest(Braintree::Configuration.private_key, url_partially_encoded_query_string_without_hash)
98
+
99
+ url_partially_encoded_query_string = "#{url_partially_encoded_query_string_without_hash}&hash=#{hash}"
100
+
101
+ expect do
102
+ Braintree::Configuration.gateway.transparent_redirect.parse_and_validate_query_string url_partially_encoded_query_string
103
+ end.to_not raise_error(Braintree::ForgedQueryString)
104
+ end
105
+
81
106
  it "raises an AuthenticationError if authentication fails" do
82
107
  expect do
83
108
  Braintree::Configuration.gateway.transparent_redirect.parse_and_validate_query_string add_hash_to_query_string("http_status=401")
data/spec/unit/braintree/util_spec.rb CHANGED
@@ -259,7 +259,7 @@ describe Braintree::Util do
259
259
  end
260
260
 
261
261
  describe "self.url_decode" do
262
- it "url encodes the given text" do
262
+ it "url decodes the given text" do
263
263
  Braintree::Util.url_decode("foo%3Fbar").should == "foo?bar"
264
264
  end
265
265
  end
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: braintree
3
3
  version: !ruby/object:Gem::Version
4
- hash: 61
4
+ hash: 51
5
5
  prerelease:
6
6
  segments:
7
7
  - 2
8
8
  - 13
9
- - 3
10
- version: 2.13.3
9
+ - 4
10
+ version: 2.13.4
11
11
  platform: ruby
12
12
  authors:
13
13
  - Braintree
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2012-02-01 00:00:00 -06:00
18
+ date: 2012-02-07 00:00:00 -06:00
19
19
  default_executable:
20
20
  dependencies:
21
21
  - !ruby/object:Gem::Dependency
@@ -185,7 +185,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
185
185
  requirements: []
186
186
 
187
187
  rubyforge_project: braintree
188
- rubygems_version: 1.6.2
188
+ rubygems_version: 1.4.2
189
189
  signing_key:
190
190
  specification_version: 3
191
191
  summary: Braintree Gateway Ruby Client Library