braintree 2.13.3 → 2.13.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. data/lib/braintree/transparent_redirect_gateway.rb +5 -2
  2. data/lib/braintree/version.rb +1 -1
  3. data/spec/unit/braintree/transparent_redirect_spec.rb +27 -2
  4. data/spec/unit/braintree/util_spec.rb +1 -1
  5. metadata +5 -5
data/lib/braintree/transparent_redirect_gateway.rb CHANGED
@@ -40,7 +40,8 @@ module Braintree
40
40
  def parse_and_validate_query_string(query_string) # :nodoc:
41
41
  params = Util.symbolize_keys(Util.parse_query_string(query_string))
42
42
  query_string_without_hash = query_string.split("&").reject{|param| param =~ /\Ahash=/}.join("&")
43
- query_string_without_hash = Util.url_decode(query_string_without_hash)
43
+ decoded_query_string_without_hash = Util.url_decode(query_string_without_hash)
44
+ encoded_query_string_without_hash = Util.url_encode(query_string_without_hash)
44
45
 
45
46
  if params[:http_status] == nil
46
47
  raise UnexpectedError, "expected query string to have an http_status param"
@@ -48,7 +49,9 @@ module Braintree
48
49
  Util.raise_exception_for_status_code(params[:http_status], params[:bt_message])
49
50
  end
50
51
 
51
- if _hash(query_string_without_hash) == params[:hash]
52
+ query_strings_without_hash = [query_string_without_hash, encoded_query_string_without_hash, decoded_query_string_without_hash]
53
+
54
+ if query_strings_without_hash.any? { |query_string| _hash(query_string) == params[:hash] }
52
55
  params
53
56
  else
54
57
  raise ForgedQueryString
data/lib/braintree/version.rb CHANGED
@@ -2,7 +2,7 @@ module Braintree
2
2
  module Version
3
3
  Major = 2
4
4
  Minor = 13
5
- Tiny = 3
5
+ Tiny = 4
6
6
 
7
7
  String = "#{Major}.#{Minor}.#{Tiny}"
8
8
  end
data/spec/unit/braintree/transparent_redirect_spec.rb CHANGED
@@ -65,8 +65,8 @@ describe Braintree::TransparentRedirect do
65
65
  end.to raise_error(Braintree::ForgedQueryString)
66
66
  end
67
67
 
68
- it "does not raise ForgedQueryString if any parameter is url encoded" do
69
- url_encoded_query_string_without_hash = "http_status=200&nested_param%5Bsub_param%5D=testing"
68
+ it "does not raise Braintree::ForgedQueryString if query string is url encoded" do
69
+ url_encoded_query_string_without_hash = "http_status%3D200%26nested_param%5Bsub_param%5D%3Dtesting"
70
70
  url_decoded_query_string_without_hash = Braintree::Util.url_decode(url_encoded_query_string_without_hash)
71
71
 
72
72
  hash = Braintree::Digest.hexdigest(Braintree::Configuration.private_key, url_decoded_query_string_without_hash)
@@ -78,6 +78,31 @@ describe Braintree::TransparentRedirect do
78
78
  end.to_not raise_error(Braintree::ForgedQueryString)
79
79
  end
80
80
 
81
+ it "does not raise Braintree::ForgedQueryString if query string is url decoded" do
82
+ url_decoded_query_string_without_hash = "http_status=200&nested_param[sub_param]=testing"
83
+ url_encoded_query_string_without_hash = Braintree::Util.url_encode(url_decoded_query_string_without_hash)
84
+
85
+ hash = Braintree::Digest.hexdigest(Braintree::Configuration.private_key, url_encoded_query_string_without_hash)
86
+
87
+ url_decoded_query_string = "#{url_decoded_query_string_without_hash}&hash=#{hash}"
88
+
89
+ expect do
90
+ Braintree::Configuration.gateway.transparent_redirect.parse_and_validate_query_string url_decoded_query_string
91
+ end.to_not raise_error(Braintree::ForgedQueryString)
92
+ end
93
+
94
+ it "does not raise Braintree::ForgedQueryString if the query string is partially encoded" do
95
+ url_partially_encoded_query_string_without_hash = "http_status=200&nested_param%5Bsub_param%5D=testing"
96
+
97
+ hash = Braintree::Digest.hexdigest(Braintree::Configuration.private_key, url_partially_encoded_query_string_without_hash)
98
+
99
+ url_partially_encoded_query_string = "#{url_partially_encoded_query_string_without_hash}&hash=#{hash}"
100
+
101
+ expect do
102
+ Braintree::Configuration.gateway.transparent_redirect.parse_and_validate_query_string url_partially_encoded_query_string
103
+ end.to_not raise_error(Braintree::ForgedQueryString)
104
+ end
105
+
81
106
  it "raises an AuthenticationError if authentication fails" do
82
107
  expect do
83
108
  Braintree::Configuration.gateway.transparent_redirect.parse_and_validate_query_string add_hash_to_query_string("http_status=401")
data/spec/unit/braintree/util_spec.rb CHANGED
@@ -259,7 +259,7 @@ describe Braintree::Util do
259
259
  end
260
260
 
261
261
  describe "self.url_decode" do
262
- it "url encodes the given text" do
262
+ it "url decodes the given text" do
263
263
  Braintree::Util.url_decode("foo%3Fbar").should == "foo?bar"
264
264
  end
265
265
  end
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: braintree
3
3
  version: !ruby/object:Gem::Version
4
- hash: 61
4
+ hash: 51
5
5
  prerelease:
6
6
  segments:
7
7
  - 2
8
8
  - 13
9
- - 3
10
- version: 2.13.3
9
+ - 4
10
+ version: 2.13.4
11
11
  platform: ruby
12
12
  authors:
13
13
  - Braintree
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2012-02-01 00:00:00 -06:00
18
+ date: 2012-02-07 00:00:00 -06:00
19
19
  default_executable:
20
20
  dependencies:
21
21
  - !ruby/object:Gem::Dependency
@@ -185,7 +185,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
185
185
  requirements: []
186
186
 
187
187
  rubyforge_project: braintree
188
- rubygems_version: 1.6.2
188
+ rubygems_version: 1.4.2
189
189
  signing_key:
190
190
  specification_version: 3
191
191
  summary: Braintree Gateway Ruby Client Library