bunq-client 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 0f110f1762a5cc428ece7acf12916702bd66dab0
+  data.tar.gz: 7c8c3561c1e98239994a8893e77c5394eade034f
+SHA512:
+  metadata.gz: 135f496f291fbd1796cf2fd404d9d998a06bc0a5a5fd8f1ad64c14a3f92b7be8182e3a02dea4fc93e92dafc5daee5d3ae8971461df3d595924d13789e1aa2c98
+  data.tar.gz: a5fb8ba159402143011cedbc90e3b64e1c85669e6d7f61949435051b65979f08d9804bc9f90ba7cbb72906525d23bd1b3ca74041cf6efb5eaba220e6d21f1ef2

data/.gitignore

@@ -0,0 +1,11 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+/.idea/
+.DS_Store

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.ruby-version

@@ -0,0 +1 @@
+2.3.2

data/.travis.yml

@@ -0,0 +1,5 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.3.2
+before_install: gem install bundler -v 1.13.6

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at lars.vonk@gmail.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in bunq-client.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Jortt B.V.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,154 @@
+# Bunq::Client
+
+The `Bunq::Client` is a ruby wrapper of the [bunq Public API](https://doc.bunq.com) extracted from [Jortt Online boekhouden](https://www.jortt.nl).
+
+The `Bunq::Client` is the main interface which can be used to navigate to other resources. The response objects are just
+hashes similar to the documentation of the bunq API. Only the content of `Response` is returned.
+
+The bunq [Pagination](https://doc.bunq.com/api/1/page/pagination) is implemented using a ruby `Enumerator`. 
+All `index` methods are `Paginated`. This means you can loop through large resultsets without loading
+everything into memory.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'bunq-client'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install bunq-client
+
+### One time setup
+
+1) Create installation
+```ruby
+
+# Generate keys on the fly. Make sure you save these keys in a secure location.
+# Alternatively use keys already generated.
+openssl_key = OpenSSL::PKey::RSA.new(2048)
+public_key = openssl_key.public_key.to_pem
+private_key = openssl_key.to_pem
+
+Bunq.configure do |config|
+  config.api_key = 'YOUR API KEY'
+  config.private_key = private_key
+  config.server_public_key = nil # you don't have this yet
+  cofig.installation_token = nil # this MUST be nil for creating installations
+end
+
+# Create the installation
+installation = Bunq.client.installations.create(public_key)
+
+# Print the installation token to put in your Bunq::Configuration
+installation_token = installation[1]['Token']['token']
+puts "config.installation_token = #{installation_token}"
+
+# Keep the public key to put in your Bunq::Configuration
+server_public_key_location = "./server_public_key.pub"
+File.open(server_public_key_location, 'w') { |file| file.write(installation[2]['ServerPublicKey']['server_public_key']) }
+puts "config.server_public_key written to file #{server_public_key_location}"
+```
+
+2) Register your device as device server 
+This is typically your application server (or your laptop when playing around).
+
+```ruby
+Bunq.configure do |config|
+  config.api_key = 'YOUR API KEY'
+  # Used for request signing
+  config.private_key = 'SAME PRIVATE KEY AS IN STEP 1'
+  # Used for response verification
+  config.server_public_key = 'THE CONTENTS OF THE PUBLIC KEY FILE RETURNED IN STEP 1'
+  cofig.installation_token = 'THE INSTALLATION TOKEN RETURNED IN STEP 1'
+end
+
+response = Bunq.client.device_servers.create('My Laptop')
+puts "Device server created: #{response[0]['Id']['id']}"
+```
+
+3) Optional: Pin certificate (if you want to receive callbacks)
+```ruby
+Bunq.configure do |config|
+  config.api_key = 'YOUR API KEY'
+  # Used for request signing
+  config.private_key = 'SAME PRIVATE KEY AS IN STEP 1'
+  # Used for response verification
+  config.server_public_key = 'THE CONTENTS OF THE PUBLIC KEY FILE RETURNED IN STEP 1'
+  cofig.installation_token = 'THE INSTALLATION TOKEN RETURNED IN STEP 1'
+end
+
+certificate_of_you_callback_url = IO.read('path_to_pem_file')
+Bunq.client.me_as_user.certificate_pinned.create(certificate_of_you_callback_url)
+```
+
+4) Optional: Register callback url (for realtime updates of e.g. payments)
+```ruby
+Bunq.configure do |config|
+  config.api_key = 'YOUR API KEY'
+  # Used for request signing
+  config.private_key = 'SAME PRIVATE KEY AS IN STEP 1'
+  # Used for response verification
+  config.server_public_key = 'THE CONTENTS OF THE PUBLIC KEY FILE RETURNED IN STEP 1'
+  cofig.installation_token = 'THE INSTALLATION TOKEN RETURNED IN STEP 1'
+end
+
+Bunq.client.me_as_user_company.update(
+  notification_filters: [{
+    "notification_delivery_method": "URL",
+    "notification_target": 'https://YOUR_CALLBACK_URL',
+    "category": "PAYMENT"
+  }]
+)
+```
+
+## Usage
+
+```ruby
+Bunq.configure do |config|
+  
+  # Mandatory configuration after inital setup phase
+  config.api_key = 'YOUR API KEY' 
+  # Private key used for request signing
+  config.private_key = 'YOUR PRIVATE KEY'
+  # Public key from bunq retrieved via Bunq.client.installations.create
+  config.server_public_key = 'SERVER PUBLIC KEY'
+  # Installation token retrieved via Bunq.client.installations.create
+  config.installation_token = 'YOUR INSTALLATION TOKEN'
+
+  
+  # Optional configuration for access to the sandbox
+  # config.sandbox = true 
+  # if config.sandbox
+  #  config.sandbox_user = 'USER'
+  #  config.sandbox_password = 'PASSWORD'
+  # end
+end
+
+# List id's of all your monetary_accounts
+Bunq.client.me_as_user.monetary_accounts.index.each do |monetary_account|
+  puts monetary_account['MonetaryAccountBank']['id']
+end
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/jorttbv/bunq-client. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
+

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bunq-client.gemspec

@@ -0,0 +1,41 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'bunq/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "bunq-client"
+  spec.version       = Bunq::VERSION
+  spec.authors       = [
+    'Lars Vonk',
+    'Bob Forma',
+    'Derek Kraan',
+  ]
+  spec.email         = [
+    'lars.vonk@gmail.com',
+    'bforma@zilverline.com',
+    'dkraan@zilverline.com',
+  ]
+
+  spec.summary       = %q{Ruby client for the bunq public API.}
+  spec.description   = %q{www.jortt.nl}
+  spec.homepage      = "https://www.jortt.nl"
+  spec.license       = "MIT"
+
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_runtime_dependency 'rest-client', '~> 2.0'
+
+  spec.add_development_dependency "bundler", "~> 1.13"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.5"
+  spec.add_development_dependency "webmock", "~> 2.3.2"
+  spec.add_development_dependency "rspec-json_expectations", "~> 2.1"
+  spec.add_development_dependency "codecov", "~> 0.1.10"
+end

data/lib/bunq/bunq.rb

@@ -0,0 +1,19 @@
+require 'rest-client'
+require_relative './client'
+require_relative './signature'
+require_relative 'paginated'
+
+RestClient.add_before_execution_proc do |req, params|
+  next unless params[:url].include?('bunq.com')
+  req['X-Bunq-Client-Request-Id'] = params[:headers][:'X-Bunq-Client-Request-Id'] = SecureRandom.uuid
+
+  # can't sign the creation of an installation
+  # see https://doc.bunq.com/api/1/call/installation/method/post
+  next if params[:url].end_with?('/installation') && req.method == 'POST'
+  req['X-Bunq-Client-Signature'] = Bunq.signature.create(
+    params[:method].upcase,
+    req.path,
+    params[:headers],
+    params[:payload]
+  )
+end

data/lib/bunq/certificate_pinned.rb

@@ -0,0 +1,21 @@
+module Bunq
+  ##
+  # https://doc.bunq.com/api/1/call/certificate-pinned
+  class CertificatePinned
+    def initialize(parent_resource)
+      @resource = parent_resource.append("/certificate-pinned")
+    end
+
+    ##
+    # https://doc.bunq.com/api/1/call/certificate-pinned/method/post
+    def create(pem_certificate)
+      @resource.with_session do
+        @resource.post({
+          certificate_chain: [
+            {certificate: pem_certificate}
+          ]
+        })
+      end
+    end
+  end
+end

data/lib/bunq/client.rb

@@ -0,0 +1,197 @@
+require 'openssl'
+require 'base64'
+
+require_relative './version'
+require_relative './resource'
+
+require_relative './installations'
+require_relative './installation'
+require_relative './device_servers'
+require_relative './session_servers'
+require_relative './user'
+require_relative './user_company'
+require_relative './monetary_account'
+require_relative './monetary_accounts'
+require_relative './payments'
+require_relative './signature'
+
+##
+# Usage
+#
+#   Bunq.configure do |config|
+#     config.api_key = 'YOUR_APIKEY'
+#     config.installation_token = 'YOUR_INSTALLATION_TOKEN' 
+#     config.private_key = 'YOUR PRIVATE KEY'
+#     config.server_public_key = 'SERVER PUBLIC KEY'
+#   end
+#
+#   client = Bunq.client
+#   number_of_accounts = client.me_as_user.monetary_accounts.index.to_a.count
+#   puts "User has #{number_of_accounts} accounts"
+#
+module Bunq
+  class << self
+    attr_accessor :configuration
+
+    def configure
+      self.configuration ||= Configuration.new
+      yield(configuration)
+
+      configuration.base_url = Configuration::SANDBOX_BASE_URL if configuration.sandbox
+
+      fail 'api_key is mandatory' unless self.configuration.api_key
+    end
+
+    ##
+    # Returns a new instance of +Client+ with the current +configuration+.
+    #
+    def client
+      fail "No configuration! Call Bunq.configure first." unless configuration
+      Client.new(configuration)
+    end
+
+    ##
+    # Returns a new instance of +Signature+
+    #
+    def signature
+      fail "No configuration! Call Bunq.configure first." unless configuration
+      Signature.new(configuration.private_key, configuration.server_public_key)
+    end
+  end
+
+  ##
+  # Configuration object for connecting to the bunq api
+  #
+  class Configuration
+    SANDBOX_BASE_URL = 'https://sandbox.public.api.bunq.com'
+    PRODUCTION_BASE_URL = 'https://api.bunq.com'
+
+    DEFAULT_LANGUAGE = 'nl_NL'
+    DEFAULT_REGION = 'nl_NL'
+    DEFAULT_GEOLOCATION = '0 0 0 0 000'
+    DEFAULT_USER_AGENT = "bunq ruby client #{Bunq::VERSION}"
+
+    # Base url for the bunq api. Defaults to +PRODUCTION_BASE_URL+
+    attr_accessor :base_url,
+      # Flag to set to connect to sandbox. Defaults to +false+.
+      # If set to +true+ you must also specify +sandbox_user+
+      # and +sandbox_password+
+      :sandbox,
+      # The username for connecting to the sandbox
+      :sandbox_user,
+      # The password for connecting to the sandbox
+      :sandbox_password,
+      # Your installation token obtained from bunq
+      :installation_token,
+      # Your api key obtained from bunq
+      :api_key,
+      # Your language. Defaults to  +DEFAULT_LANGUAGE+
+      :language,
+      # Your region. Defaults to  +DEFAULT_REGION+
+      :region,
+      # Your geolocation. Defaults to +DEFAULT_GEOLOCATION+
+      :geolocation,
+      # Arbitrary user agent to connect to bunq. Defaults to +DEFAULT_USER_AGENT+
+      :user_agent,
+      # Flag to set when you want to disable the signature
+      # retrieved from bunq. Mainly useful for testing.
+      # Defaults to +false+
+      :disable_response_signature_verification,
+      # The private key for signing the request
+      :private_key,
+      # The public key of this installation for verifying the response
+      :server_public_key
+
+
+    def initialize
+      @sandbox = false
+      @base_url = PRODUCTION_BASE_URL
+      @language = DEFAULT_LANGUAGE
+      @region = DEFAULT_REGION
+      @geolocation = DEFAULT_GEOLOCATION
+      @user_agent = DEFAULT_USER_AGENT
+      @disable_response_signature_verification = false
+    end
+  end
+
+  ##
+  # The Bunq::Client is the adapter for the Bunq Public Api (doc.bunq.com)
+  #
+  # An instance of a +Client+ can be obtained via +Bunq.client+
+  class Client
+
+    attr_accessor :current_session
+    attr_reader :configuration
+
+    def initialize(configuration)
+      @configuration = configuration
+    end
+
+    def installations
+      Bunq::Installations.new(self)
+    end
+
+    def installation(id)
+      Bunq::Installation.new(self, id)
+    end
+
+    def device_servers
+      Bunq::DeviceServers.new(self)
+    end
+
+    def session_servers
+      Bunq::SessionServers.new(self)
+    end
+
+    def user(id)
+      Bunq::User.new(self, id)
+    end
+
+    def user_company(id)
+      Bunq::UserCompany.new(self, id)
+    end
+
+    # Returns the +Bunq::UserCompany+ represented by the +Bunq::Configuration.api_key+
+    def me_as_user_company
+      with_session { user_company(current_session_user_id) }
+    end
+
+    # Returns the +Bunq::User+ represented by the +Bunq::Configuration.api_key+
+    def me_as_user
+      with_session { user(current_session_user_id) }
+    end
+
+    def ensure_session!
+      @current_session ||= session_servers.create
+    end
+
+    def with_session(&block)
+      ensure_session!
+      block.call
+    end
+
+    def headers
+      {
+        'Accept': 'application/json',
+        'Cache-Control': 'no-cache',
+        'Content-Type': 'application/json',
+        'User-Agent': configuration.user_agent,
+        'X-Bunq-Language': configuration.language,
+        'X-Bunq-Geolocation': configuration.geolocation,
+        'X-Bunq-Region': configuration.region,
+      }.tap do |h|
+        if configuration.installation_token
+          h[:'X-Bunq-Client-Authentication'] = configuration.installation_token
+        end
+
+        if current_session
+          h[:'X-Bunq-Client-Authentication'] = current_session[1]['Token']['token']
+        end
+      end
+    end
+
+    def current_session_user_id
+      current_session[2].first[1]['id']
+    end
+  end
+end

data/lib/bunq/device_servers.rb

@@ -0,0 +1,28 @@
+module Bunq
+  ##
+  # See https://doc.bunq.com/api/1/call/device-server
+  class DeviceServers
+
+    ##
+    # +client+ an instance of +Bunq::Client+
+    #
+    def initialize(client)
+      @resource = Bunq::Resource.new(client, "/v1/device-server")
+      @client = client
+    end
+
+    ##
+    # https://doc.bunq.com/api/1/call/device-server/method/post
+    def create(description)
+      fail ArgumentError.new('description is required') unless description
+
+      @resource.post(description: description, secret: @client.configuration.api_key)['Response']
+    end
+
+    ##
+    # https://doc.bunq.com/api/1/call/device-server/method/list
+    def index
+      @resource.get['Response']
+    end
+  end
+end

data/lib/bunq/draft_share_invite_bank.rb

@@ -0,0 +1,13 @@
+require_relative 'qr_code_content'
+
+module Bunq
+  class DraftShareInviteBank
+    def initialize(parent_resource, id)
+      @resource = parent_resource.append("/draft-share-invite-bank/#{id}")
+    end
+
+    def qr_code_content
+      Bunq::QrCodeContent.new(@resource)
+    end
+  end
+end

data/lib/bunq/draft_share_invite_banks.rb

@@ -0,0 +1,17 @@
+require_relative 'qr_code_content'
+
+module Bunq
+  class DraftShareInviteBanks
+    def initialize(parent_resource)
+      @resource = parent_resource.append("/draft-share-invite-bank")
+    end
+
+    def create(invite)
+      @resource.with_session { @resource.post(invite) }['Response']
+    end
+
+    def index
+      @resource.with_session { @resource.get }['Response']
+    end
+  end
+end

data/lib/bunq/installation.rb

@@ -0,0 +1,11 @@
+module Bunq
+  class Installation
+    def initialize(client, id)
+      @resource = Bunq::Resource.new(client, "/v1/installation/#{id}")
+    end
+
+    def show
+      @resource.with_session { @resource.get }['Response']
+    end
+  end
+end

data/lib/bunq/installations.rb

@@ -0,0 +1,17 @@
+module Bunq
+  class Installations
+    def initialize(client)
+      @resource = Bunq::Resource.new(client, "/v1/installation")
+    end
+
+    def create(public_key)
+      fail ArgumentError.new('public_key is required') unless public_key
+
+      @resource.post({client_public_key: public_key}, true)['Response']
+    end
+
+    def index
+      @resource.get['Response']
+    end
+  end
+end

data/lib/bunq/monetary_account.rb

@@ -0,0 +1,19 @@
+module Bunq
+  ##
+  # https://doc.bunq.com/api/1/call/monetary-account
+  class MonetaryAccount
+    def initialize(parent_resource, id)
+      @resource = parent_resource.append("/monetary-account/#{id}")
+    end
+
+    def payments
+      Bunq::Payments.new(@resource)
+    end
+
+    ##
+    # https://doc.bunq.com/api/1/call/monetary-account/method/get
+    def show
+      @resource.with_session { @resource.get }['Response']
+    end
+  end
+end

data/lib/bunq/monetary_accounts.rb

@@ -0,0 +1,16 @@
+module Bunq
+  ##
+  # https://doc.bunq.com/api/1/call/monetary-account
+  class MonetaryAccounts
+    def initialize(parent_resource)
+      @resource = parent_resource.append("/monetary-account")
+    end
+
+    # https://doc.bunq.com/api/1/call/monetary-account-bank/method/list
+    def index(count: 200, older_id: nil, newer_id: nil)
+      Bunq::Paginated
+        .new(@resource)
+        .paginate(count: count, older_id: older_id, newer_id: newer_id)
+    end
+  end
+end

data/lib/bunq/paginated.rb

@@ -0,0 +1,53 @@
+require_relative 'unexpected_response'
+
+module Bunq
+  class MissingPaginationObject < UnexpectedResponse; end
+  # https://doc.bunq.com/api/1/page/pagination
+  class Paginated
+    def initialize(resource)
+      @resource = resource
+    end
+
+    def paginate(count: 200, older_id: nil, newer_id: nil)
+      params = setup_params(count, older_id, newer_id)
+      @resource.with_session { enumerator(params) }
+    end
+
+    private
+
+    def setup_params(count, older_id, newer_id)
+      fail ArgumentError.new('Cant pass both older_id and newer_id') if older_id && newer_id
+
+      params = {count: count}
+      params[:older_id] = older_id if older_id
+      params[:newer_id] = newer_id if newer_id
+      params
+    end
+
+    def enumerator(params)
+      last_page = false
+      next_params = params
+
+      Enumerator.new do |yielder|
+        loop do
+          raise StopIteration if last_page
+
+          result = @resource.get(next_params)
+          result['Response'].each do |item|
+            yielder << item
+          end
+
+          pagination = result['Pagination']
+          fail MissingPaginationObject unless pagination
+
+          last_page = !pagination['older_url']
+          next_params = params.merge(older_id: param('older_id', pagination['older_url'])) unless last_page
+        end
+      end
+    end
+
+    def param(name, url)
+      CGI.parse(URI(url).query)[name]&.first
+    end
+  end
+end

data/lib/bunq/payments.rb

@@ -0,0 +1,17 @@
+require_relative 'paginated'
+
+module Bunq
+  # https://doc.bunq.com/api/1/call/payment
+  class Payments
+    def initialize(parent_resource)
+      @resource = parent_resource.append("/payment")
+    end
+
+    # https://doc.bunq.com/api/1/call/payment/method/list
+    def index(count: 200, older_id: nil, newer_id: nil)
+      Bunq::Paginated
+        .new(@resource)
+        .paginate(count: count, older_id: older_id, newer_id: newer_id)
+    end
+  end
+end

data/lib/bunq/qr_code_content.rb

@@ -0,0 +1,13 @@
+module Bunq
+  class QrCodeContent
+    def initialize(parent_resource)
+      @resource = parent_resource.append("/qr-code-content")
+    end
+
+    def show
+      @resource.with_session do 
+        @resource.get { |response| response.body }
+      end
+    end
+  end
+end

data/lib/bunq/resource.rb

@@ -0,0 +1,84 @@
+require_relative 'signature'
+require_relative 'unexpected_response'
+require 'restclient'
+require 'json'
+
+module Bunq
+  class Resource
+    attr_reader :resource
+
+    def initialize(client, path)
+      @client = client
+      @path = path
+      @resource = RestClient::Resource.new(
+        "#{client.configuration.base_url}#{path}",
+        {
+          headers: client.headers
+        }.tap do |x|
+          if client.configuration.sandbox
+            x[:user] = client.configuration.sandbox_user
+            x[:password] = client.configuration.sandbox_password
+          end
+        end
+      )
+    end
+
+    def get(params = {}, &block)
+      @resource.get(params: params) do |response, request, result|
+        verify_and_handle_response(response, request, result, &block)
+      end
+    end
+
+    def post(payload, skip_verify = false, &block)
+      if skip_verify
+        @resource.post(JSON.generate(payload)) do |response, request, result|
+          handle_response(response, request, result, &block)
+        end
+      else
+        @resource.post(JSON.generate(payload)) do |response, request, result|
+          verify_and_handle_response(response, request, result, &block)
+        end
+      end
+    end
+
+    def put(payload, &block)
+      @resource.put(JSON.generate(payload)) do |response, request, result|
+        verify_and_handle_response(response, request, result, &block)
+      end
+    end
+
+    def append(path)
+      Bunq::Resource.new(client, @path + path)
+    end
+
+    def ensure_session!
+      client.ensure_session!
+    end
+
+    def with_session(&block)
+      client.with_session(&block)
+    end
+
+    private
+
+    attr_reader :client
+
+    def verify_and_handle_response(response, request, result, &block)
+      Bunq.signature.verify!(response) unless client.configuration.disable_response_signature_verification
+      handle_response(response, request, result, &block)
+    end
+
+    def handle_response(response, _request, _result, &block)
+      case response.code
+      when 200, 201
+        if block_given?
+          yield(response)
+        else
+          JSON.parse(response.body)
+        end
+      else
+        fail UnexpectedResponse.new(code: response.code, headers: response.raw_headers, body: response.body)
+      end
+    end
+  end
+end

data/lib/bunq/session_servers.rb

@@ -0,0 +1,17 @@
+module Bunq
+  ##
+  # https://doc.bunq.com/api/1/call/session-server
+  class SessionServers
+    def initialize(client)
+      @resource = Bunq::Resource.new(client, "/v1/session-server")
+      @api_key = client.configuration.api_key
+    end
+
+    ##
+    # https://doc.bunq.com/api/1/call/session-server/method/post
+    def create
+      fail 'Cannot create session, please provide api_key to Bunq::Client' unless @api_key
+      @resource.post(secret: @api_key)['Response']
+    end
+  end
+end

data/lib/bunq/signature.rb

@@ -0,0 +1,63 @@
+require_relative 'unexpected_response'
+
+module Bunq
+
+  class Signature
+    # headers in raw_headers hash in rest client are all lower case
+    BUNQ_HEADER_PREFIX = 'X-Bunq-'.downcase
+    BUNQ_SERVER_SIGNATURE_RESPONSE_HEADER = 'X-Bunq-Server-Signature'.downcase
+    CACHE_CONTROL_HEADER = 'Cache-Control'.downcase
+    USER_AGENT_HEADER = 'User-Agent'.downcase
+    SIGNABLE_HEADERS = [CACHE_CONTROL_HEADER, USER_AGENT_HEADER]
+
+    def initialize(private_key, server_public_key)
+      fail ArgumentError.new('private_key is mandatory') unless private_key
+      fail ArgumentError.new('server_public_key is mandatory') unless server_public_key
+
+      @private_key = OpenSSL::PKey::RSA.new(private_key)
+      @server_public_key = OpenSSL::PKey::RSA.new(server_public_key)
+    end
+
+    def create(verb, path, headers, body)
+      signature = private_key.sign(digest, signable_input(verb, path, headers.select { |header_name, _| signable_header?(header_name) }, body))
+      Base64.strict_encode64(signature)
+    end
+
+    def verify!(response)
+      sorted_bunq_headers = response.raw_headers.select(&method(:verifiable_header?)).sort.to_h.map { |k, v| "#{k.to_s.split('-').map(&:capitalize).join('-')}: #{v.first}" }
+      data = %Q{#{response.code}\n#{sorted_bunq_headers.join("\n")}\n\n#{response.body}}
+
+      signature_headers = response.raw_headers.find { |k, _| k.to_s.downcase == BUNQ_SERVER_SIGNATURE_RESPONSE_HEADER }[1]
+      fail UnexpectedResponse.new(code: response.code, headers: response.raw_headers, body: response.body) unless signature_headers
+
+      signature = Base64.strict_decode64(signature_headers.first)
+      fail UnexpectedResponse.new(code: response.code, headers: response.raw_headers, body: response.body) unless server_public_key.verify(digest, signature, data)
+    end
+
+    private
+
+    attr_reader :private_key, :server_public_key
+
+    def digest
+      OpenSSL::Digest::SHA256.new
+    end
+
+    def signable_input(verb, path, headers, body)
+      head = [
+        [verb, path].join(' '),
+        headers.sort.to_h.map { |k,v| "#{k}: #{v}" }.join("\n")
+      ].join("\n")
+      "#{head}\n\n#{body}"
+    end
+
+    def signable_header?(header_name)
+      _header_name = header_name.to_s.downcase
+      SIGNABLE_HEADERS.include?(_header_name) || _header_name.start_with?(BUNQ_HEADER_PREFIX)
+    end
+
+    def verifiable_header?(header_name, _)
+      _header_name = header_name.to_s.downcase
+      _header_name.start_with?(BUNQ_HEADER_PREFIX) && _header_name != BUNQ_SERVER_SIGNATURE_RESPONSE_HEADER
+    end
+  end
+end

data/lib/bunq/unexpected_response.rb

@@ -0,0 +1,5 @@
+module Bunq
+
+  class UnexpectedResponse < StandardError; end
+
+end

data/lib/bunq/user.rb

@@ -0,0 +1,38 @@
+require_relative 'resource'
+require_relative 'monetary_account'
+require_relative 'monetary_accounts'
+require_relative 'draft_share_invite_bank'
+require_relative 'draft_share_invite_banks'
+require_relative 'certificate_pinned'
+
+module Bunq
+  class User
+    def initialize(client, id)
+      @resource = Bunq::Resource.new(client, "/v1/user/#{id}")
+    end
+
+    def monetary_account(id)
+      Bunq::MonetaryAccount.new(@resource, id)
+    end
+
+    def monetary_accounts
+      Bunq::MonetaryAccounts.new(@resource)
+    end
+
+    def draft_share_invite_bank(id)
+      Bunq::DraftShareInviteBank.new(@resource, id)
+    end
+
+    def draft_share_invite_banks
+      Bunq::DraftShareInviteBanks.new(@resource)
+    end
+
+    def certificate_pinned
+      Bunq::CertificatePinned.new(@resource)
+    end
+
+    def show
+      @resource.with_session { @resource.get }['Response']
+    end
+  end
+end

data/lib/bunq/user_company.rb

@@ -0,0 +1,18 @@
+require_relative 'resource'
+require_relative 'draft_share_invite_bank'
+
+module Bunq
+  class UserCompany
+    def initialize(client, id)
+      @resource = Bunq::Resource.new(client, "/v1/user-company/#{id}")
+    end
+
+    def show
+      @resource.with_session { @resource.get }['Response']
+    end
+
+    def update(user_company)
+      @resource.with_session { @resource.put(user_company) }['Response']
+    end
+  end
+end

data/lib/bunq/version.rb

@@ -0,0 +1,3 @@
+module Bunq
+  VERSION = "0.1.0"
+end

metadata

@@ -0,0 +1,176 @@
+--- !ruby/object:Gem::Specification
+name: bunq-client
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Lars Vonk
+- Bob Forma
+- Derek Kraan
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2017-04-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rest-client
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.13'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.13'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.3.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.3.2
+- !ruby/object:Gem::Dependency
+  name: rspec-json_expectations
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+- !ruby/object:Gem::Dependency
+  name: codecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.10
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.10
+description: www.jortt.nl
+email:
+- lars.vonk@gmail.com
+- bforma@zilverline.com
+- dkraan@zilverline.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".ruby-version"
+- ".travis.yml"
+- CODE_OF_CONDUCT.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bunq-client.gemspec
+- lib/bunq/bunq.rb
+- lib/bunq/certificate_pinned.rb
+- lib/bunq/client.rb
+- lib/bunq/device_servers.rb
+- lib/bunq/draft_share_invite_bank.rb
+- lib/bunq/draft_share_invite_banks.rb
+- lib/bunq/installation.rb
+- lib/bunq/installations.rb
+- lib/bunq/monetary_account.rb
+- lib/bunq/monetary_accounts.rb
+- lib/bunq/paginated.rb
+- lib/bunq/payments.rb
+- lib/bunq/qr_code_content.rb
+- lib/bunq/resource.rb
+- lib/bunq/session_servers.rb
+- lib/bunq/signature.rb
+- lib/bunq/unexpected_response.rb
+- lib/bunq/user.rb
+- lib/bunq/user_company.rb
+- lib/bunq/version.rb
+homepage: https://www.jortt.nl
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.2
+signing_key: 
+specification_version: 4
+summary: Ruby client for the bunq public API.
+test_files: []