candy_check 0.1.0.pre → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 45e40e19795d3d805ea61453fe6bea1d5e94ec3a
-  data.tar.gz: 9ba798923e9c36b324aa93c860f6ea75687e56bc
+SHA256:
+  metadata.gz: 417a8850353b9726251dcae68864b46f77d30de0e73db9488c68c52282a90e70
+  data.tar.gz: 5dbcba7f14f6c81d73a0baa7554c01f0e53cb7167e0ff22029a6ddd8deac6b23
 SHA512:
-  metadata.gz: f6e4a4bd35ab65c5ad309052f8b27408b3bd570701a39674f9b6120900242ebe2199bf5814788a8fa9572774a8686cc3b57908eeda35223a5c7786b4e921181e
-  data.tar.gz: 8f3e4cd0adff6af8067667294fb439e05a840e69c9b24d73c0af0a607d348d4a8ffcbe3392e469fd2fab36e26155241739936ae91a8c1509f32595f7a1bf299d
+  metadata.gz: 6777436feed72baacb24e07634fa921f9723c37f207f8c9ab373aa68b007f326236877ecff04a32001ee046c0c5200d033218939e59b5af429e2b65d3e15504c
+  data.tar.gz: bc28443c9277dbad870f04fcc85a4c92705c7ce72d4a88b9a4ab9c882a5e90e7281a3ef13a77e1f12866e0c77b3896d8ea6be542184041a16d3eb15d16758917

data/.rubocop.yml

@@ -5,3 +5,26 @@ AllCops:
     - 'vendor/**/*'
 Style/Documentation:
   Enabled: false
+Style/FrozenStringLiteralComment:
+  Enabled: false
+Style/NumericPredicate:
+  Enabled: false
+Lint/UnifiedInteger:
+  Enabled: false
+Style/PercentLiteralDelimiters:
+  PreferredDelimiters:
+    default: ()
+    "%i": ()
+    "%w": ()
+Metrics/BlockLength:
+  Exclude:
+    - 'spec/**/*'
+Security/MarshalLoad:
+  Exclude:
+    - 'lib/candy_check/play_store/discovery_repository.rb'
+Style/DateTime:
+  Enabled: false
+Style/Encoding:
+  Enabled: false
+Style/ExpandPathArguments:
+  Enabled: false

data/.ruby-version

@@ -1 +1 @@
-2.3.1
+2.7.1

data/.travis.yml

@@ -2,18 +2,17 @@ language: ruby
 sudo: false
 cache: bundler
 rvm:
-  - '2.3.1'
-  - '2.3.0'
-  - '2.2'
-  - '2.1'
-  - '2.0'
+  - 2.6.5
+  - 2.5.7
+  - 2.4.9
+  - jruby-9.2.9.0
   - ruby-head
-  - rbx-2
-  - jruby-20mode
-  - jruby-21mode
   - jruby-head
 matrix:
   allow_failures:
     - rvm: ruby-head
     - rvm: jruby-head
   fast_finish: true
+before_install:
+  - gem update --system
+  - gem install bundler -v 2.0.2

data/Guardfile

@@ -0,0 +1,42 @@
+# A sample Guardfile
+# More info at https://github.com/guard/guard#readme
+
+## Uncomment and set this to only include directories you want to watch
+directories %w(lib spec) \
+  .select{|d| Dir.exist?(d) ? d : UI.warning("Directory #{d} does not exist")}
+
+## Note: if you are using the `directories` clause above and you are not
+## watching the project directory ('.'), then you will want to move
+## the Guardfile to a watched dir and symlink it back, e.g.
+#
+#  $ mkdir config
+#  $ mv Guardfile config/
+#  $ ln -s config/Guardfile .
+#
+# and, you'll have to watch "config/Guardfile" instead of "Guardfile"
+
+guard :minitest do
+  # with Minitest::Unit
+  # watch(%r{^test/(.*)\/?test_(.*)\.rb$})
+  # watch(%r{^lib/(.*/)?([^/]+)\.rb$})     { |m| "test/#{m[1]}test_#{m[2]}.rb" }
+  # watch(%r{^test/test_helper\.rb$})      { 'test' }
+
+  # with Minitest::Spec
+  watch(%r{^spec/(.*)_spec\.rb$})
+  watch(%r{^lib/(.+)\.rb$})         { |m| "spec/#{m[1]}_spec.rb" }
+  watch(%r{^spec/spec_helper\.rb$}) { 'spec' }
+
+  # Rails 4
+  # watch(%r{^app/(.+)\.rb$})                               { |m| "test/#{m[1]}_test.rb" }
+  # watch(%r{^app/controllers/application_controller\.rb$}) { 'test/controllers' }
+  # watch(%r{^app/controllers/(.+)_controller\.rb$})        { |m| "test/integration/#{m[1]}_test.rb" }
+  # watch(%r{^app/views/(.+)_mailer/.+})                    { |m| "test/mailers/#{m[1]}_mailer_test.rb" }
+  # watch(%r{^lib/(.+)\.rb$})                               { |m| "test/lib/#{m[1]}_test.rb" }
+  # watch(%r{^test/.+_test\.rb$})
+  # watch(%r{^test/test_helper\.rb$}) { 'test' }
+
+  # Rails < 4
+  # watch(%r{^app/controllers/(.*)\.rb$}) { |m| "test/functional/#{m[1]}_test.rb" }
+  # watch(%r{^app/helpers/(.*)\.rb$})     { |m| "test/helpers/#{m[1]}_test.rb" }
+  # watch(%r{^app/models/(.*)\.rb$})      { |m| "test/unit/#{m[1]}_test.rb" }
+end

data/MIGRATION_GUIDE_0_2_0.md

@@ -0,0 +1,141 @@
+# Migration Guide from v0.1.x to v0.2.0
+
+Due to changes in the PlayStore API, Candy Check needed to introduce some breaking changes in version `0.2.0`.
+
+To adapt your old implementation to these changes, follow the steps below:
+
+## Authorization
+
+First we have to change, how our verifier authenticates against the Google API.
+
+Change code like this
+
+```ruby
+# < v0.2.0
+config = CandyCheck::PlayStore::Config.new(
+  application_name: 'YourApplication',
+  application_version: '1.0',
+  issuer: 'abcdefg@developer.gserviceaccount.com',
+  key_file: 'local/google.p12',
+  key_secret: 'notasecret',
+  cache_file: 'tmp/candy_check_play_store_cache'
+)
+verifier = CandyCheck::PlayStore::Verifier.new(config)
+verifier.boot!
+```
+
+to
+
+```ruby
+# v0.2.0
+authorization = CandyCheck::PlayStore.authorization("/path/to/key.json")
+verifier = CandyCheck::PlayStore::Verifier.new(authorization: authorization)
+```
+
+If you're not sure how to get a `.json` key file, follow this part of the [`README`](/README.md#getting-the-json-key-file).
+
+If you need other means of authentication follow this part of the [`README`](/README.md#building-an-authorization-object).
+
+## Verifying Purchases
+
+To be more descriptive and consistent with the PlayStore API, the verifier got a new signature and return values have been adapted accordingly.
+
+### Verifying Product Purchases
+
+Change all occurences of
+
+```ruby
+# < v0.2.0
+verifier.verify("my-package-name", "my product id", "my token")
+# => Receipt or VerificationFailure
+```
+
+to
+
+```ruby
+# v0.2.0
+verifier.verify_product_purchase(
+  package_name: "my-package-name",
+  product_id: "my product id",
+  token: "my token"
+)
+# => ProductPurchase or VerificationFailure
+```
+
+*NOTE:* Take a closer look at the possible return values: `CandyCheck::PlayStore::Receipt` was moved to `CandyCheck::PlayStore::ProductPurchases::ProductPurchase`. In case you're matching at the class name of the result, please adapt your code accordingly.
+
+#### Accessing Raw ProductPurchase Attributes
+
+CandyCheck `< 0.2.0` provided the raw `ProductPurchase` attributes given by the PlayStore API like this:
+
+```ruby
+# < v0.2.0
+result = verifier.verify("my-package-name", "my product id", "my token")
+result.attributes
+# => Hash
+```
+
+To get the same behaviour in CandyCheck `0.2.0`, change the code above to:
+
+```ruby
+# v0.2.0
+result = verifier.verify_product_purchase(
+  package_name: "my-package-name",
+  product_id: "my product id",
+  token: "my token"
+)
+result.product_purchase.to_h
+# => Hash
+```
+
+The hash key access must be changed from strings in `camelCase` to symbols in `snake_case`:
+
+```ruby
+# < 0.2.0
+result.attributes["purchaseState"]
+
+# 0.2.0
+result.product_purchase.to_h[:purchase_state]
+```
+
+## Verifying Subscription Purchases
+
+Change all occurences of
+
+```ruby
+# < v0.2.0
+verifier.verify_subscription("my-package-name", "my-subscription-id", "my-token")
+# => Subscription or VerificationFailure
+```
+
+to
+
+```ruby
+# v0.2.0
+verifier.verify_subscription_purchase(
+  package_name: "my-package-name",
+  subscription_id: "my-subscription-id",
+  token: "my-token"
+)
+# => SubscriptionPurchase or VerificationFailure
+```
+
+*NOTE:* Again take a closer look at the possible return values: `CandyCheck::PlayStore::Subscription` was moved to `CandyCheck::PlayStore::SubscriptionPurchases::SubscriptionPurchase`. In case you're matching at the class name of the result, please adapt your code accordingly.
+
+## Using the CLI
+
+The way the CandyCheck CLI gets used, needed to be changed too.
+
+The old PlayStore command:
+
+```bash
+# < v0.2.0
+$ candy_check play_store PACKAGE PRODUCT_ID TOKEN --issuer=ISSUER --key-file=KEY_FILE
+```
+
+was changed to
+
+```bash
+# v0.2.0
+$ candy_check play_store PACKAGE PRODUCT_ID TOKEN --json-key-file=/path/to/key.json
+```

data/README.md

@@ -4,7 +4,6 @@
 [![Build Status](https://travis-ci.org/jnbt/candy_check.svg?branch=master)](https://travis-ci.org/jnbt/candy_check)
 [![Coverage Status](https://coveralls.io/repos/jnbt/candy_check/badge.svg?branch=master)](https://coveralls.io/r/jnbt/candy_check?branch=master)
 [![Code Climate](https://codeclimate.com/github/jnbt/candy_check/badges/gpa.svg)](https://codeclimate.com/github/jnbt/candy_check)
-[![Gemnasium](https://img.shields.io/gemnasium/jnbt/candy_check.svg?style=flat)](https://gemnasium.com/jnbt/candy_check)
 [![Inline docs](http://inch-ci.org/github/jnbt/candy_check.svg?branch=master)](http://inch-ci.org/github/jnbt/candy_check)
 [![Yard Docs](http://img.shields.io/badge/yard-docs-blue.svg?style=flat)](http://www.rubydoc.info/github/jnbt/candy_check/master)
 
@@ -43,12 +42,7 @@ called "[service account](https://developers.google.com/accounts/docs/OAuth2Serv
 new account by yourself, export the generated certificate file and grant the correct permissions to the account for
 your app using the [Google Developer Console](https://console.developers.google.com).
 
-Further more this gem uses the [official Ruby SDK](https://github.com/google/google-api-ruby-client) for the API interactions
-which suggest to use a locally cached service discovery. If you don't omit the `cache_file` configuration this is done
-automatically.
-
-If you have set up the Android app correctly you should get a [`purchaseToken`](http://developer.android.com/google/play/billing/billing_reference.html#getBuyIntent) per purchased item. You should use this string in combination with `packageName` and `productId`
-to verify the purchase.
+If you have set up the Android app correctly you should get a [`purchaseToken`](http://developer.android.com/google/play/billing/billing_reference.html#getBuyIntent) per purchased item. You should use this string in combination with `packageName` and `productId` to verify the purchase.
 
 ## Usage
 
@@ -81,42 +75,108 @@ For **subscription verification**, Apple also returns a list of the user's purch
 verifier.verify_subscription(your_receipt_data, your_secret) # => ReceiptCollection or VerificationFailure
 ```
 
+If you want to restrict the subscription verification to some specific products, pass their ids as an array:
+
+```ruby
+# ... create your verifier as above
+product_ids = ['sk_product_id_1', 'sk_product_id_2'...]
+verifier.verify_subscription(your_receipt_data, your_secret, product_ids) # => ReceiptCollection or VerificationFailure
+```
+
 Please see the class documentation for [`CandyCheck::AppStore::ReceiptCollection`](http://www.rubydoc.info/github/jnbt/candy_check/master/CandyCheck/AppStore/ReceiptCollection) for further details.
 
 ### PlayStore
 
-First initialize and **boot** a verifier instance for your application. This loads the API discovery and
-fetches the needed OAuth access token. When configuring a `cache_file` the discovery is loaded (or dumped) to
-this file:
+> :warning: Version `0.2.0` of `CandyCheck` introduced some breaking changes to the PlayStore functionality to adapt to changes in the Google API. If you're upgrading from a `CandyCheck` version `< 0.2.0` see the [migration guide](/MIGRATION_GUIDE_0_2_0.md) for more.
+
+#### Authorization
+
+##### Getting the JSON Key File
+
+First we have to get a `.json` key file, that gives access to the Google API.
+
+This `.json` key file can be generated under the following URL (make sure to adapt the `project=my-project-name` parameter accordingly):
+
+[https://console.developers.google.com/apis/credentials/serviceaccountkey?project=my-project-name](https://console.developers.google.com/apis/credentials/serviceaccountkey?project=my-project-name)
+
+##### Building an Authorization Object
+
+With the `.json` key file downloaded, we can build an authorization object:
 
 ```ruby
-config = CandyCheck::PlayStore::Config.new(
-  application_name: 'YourApplication',
-  application_version: '1.0',
-  issuer: 'abcdefg@developer.gserviceaccount.com',
-  key_file: 'local/google.p12',
-  key_secret: 'notasecret',
-  cache_file: 'tmp/candy_check_play_store_cache'
-)
-verifier = CandyCheck::PlayStore::Verifier.new(config)
-verifier.boot!
+authorization = CandyCheck::PlayStore.authorization("/path/to/key.json")
 ```
 
-For the PlayStore your client should deliver the purchases token, package name and product id:
+> **Note:** `CandyCheck` provides the `CandyCheck::PlayStore.authorization` method as convenience to build an authorization object. In case you need more control over your authorization object, refer to the [`google-auth-library-ruby`](https://github.com/googleapis/google-auth-library-ruby) docs, which describes building authorization objects in detail.
+
+##### Building a verifier
+
+With the `authorization` object in place, we can build a verifier:
 
 ```ruby
-verifier.verify(package, product_id, token) # => Receipt or VerificationFailure
+verifier = CandyCheck::PlayStore::Verifier.new(authorization: authorization)
 ```
 
-Please see the class documenations [`CandyCheck::PlayStore::Receipt`](http://www.rubydoc.info/github/jnbt/candy_check/master/CandyCheck/PlayStore/Receipt) and [`CandyCheck::PlayStore::VerificationFailure`](http://www.rubydoc.info/github/jnbt/candy_check/master/CandyCheck/PlayStore/VerificationFailure) for further details about the responses.
+> **Note:** If you need to verify against multiple Google Service Accounts, just instantiate a new verifier with another authorization object that got build with a different `.json` key file.
+
+#### Verifying product purchases
+
+This `verifier` can be used to verify product purchases in the PlayStore, all you need to do is to pass the `package_name`, `product_id` and `token` of the product purchase you want to verify:
+
+```ruby
+result = verifier.verify_product_purchase(
+  package_name: "my-package-name",
+  product_id: "my product id",
+  token: "my token"
+)
+# => ProductPurchase or VerificationFailure
+```
+
+On success this will return an instance of `CandyCheck::Playstore::ProductPurchases::ProductPurchase`, which is a wrapper for the raw [google-api-ruby-client](https://github.com/googleapis/google-api-ruby-client) data, but additionally provides some handy convenience methods.
+Please see the class documentations [`CandyCheck::PlayStore::ProductPurchases::ProductPurchase`](http://www.rubydoc.info/github/jnbt/candy_check/master/CandyCheck/PlayStore/ProductPurchases/ProductPurchase) and [`CandyCheck::PlayStore::VerificationFailure`](http://www.rubydoc.info/github/jnbt/candy_check/master/CandyCheck/PlayStore/VerificationFailure) for further details about the responses.
+
+#### Verifying subscriptions
 
 In order to **verify a subscription** from the Play Store, do the following:
 
 ```ruby
-verifier.verify_subscription(package, subscription_id, token) # => Subscription or VerificationFailure
+result = verifier.verify_subscription_purchase(
+  package_name: "my-package-name",
+  subscription_id: "my-subscription-id",
+  token: "my-token"
+)
+# => SubscriptionPurchase or VerificationFailure
 ```
 
-Please see documenation for [`CandyCheck::PlayStore::Subscription`](http://www.rubydoc.info/github/jnbt/candy_check/master/CandyCheck/PlayStore/Subscription) for further details.
+Please see documenation for [`CandyCheck::PlayStore::SubscriptionPurchases::SubscriptionPurchase`](http://www.rubydoc.info/github/jnbt/candy_check/master/CandyCheck/PlayStore/SubscriptionPurchases/SubscriptionPurchase) for further details.
+
+
+##### Building an acknowledger
+
+With the `authorization` object in place, we can build an acknowledger:
+
+```ruby
+acknowledger = CandyCheck::PlayStore::Acknowledger.new(authorization: authorization)
+```
+
+> **Note:** If you need to acknowledge against multiple Google Service Accounts, just instantiate a new acknowledger with another authorization object that got build with a different `.json` key file.
+
+#### Acknowledging the purchase
+Google Play purchases if not acknowledged are automatically refunded. The acknowledgement can be done client-side or server-side. If server-side validation is being used we recommend to proceed with the acknowledgement afterwards, since it is the only save way to ensure the users received what they have paid for.
+
+```ruby
+result = acknowledger.acknowledge_product_purchase(
+  package_name: "my-package-name",
+  product_id: "my-subscription-id",
+  token: "my-token"
+)
+# => ProductAcknowledgements::Response
+```
+
+The acknowledger response has 2 methods:
+
+- `#acknowledged?` returns a boolean. It returns true only if it has been acknowledged at this moment (that's Google Play behaviour).
+- `#error` returns a hash with `status_code` and `body` keys.
 
 ## CLI
 
@@ -142,7 +202,7 @@ For the PlayStore you need to specify at least the issuer, the key file, your pa
 purchase token:
 
 ```bash
-$ candy_check play_store PACKAGE PRODUCT_ID TOKEN --issuer=ISSUER --key-file=KEY_FILE
+$ candy_check play_store PACKAGE_NAME PRODUCT_ID TOKEN --json-key-file=/path/to/key.json
 ```
 
 See all options:

data/Rakefile

@@ -12,4 +12,4 @@ end
 
 RuboCop::RakeTask.new
 
-task default: [:spec, :rubocop]
+task default: %i(spec)

data/candy_check.gemspec

@@ -1,34 +1,42 @@
 # coding: utf-8
-lib = File.expand_path('../lib', __FILE__)
+
+lib = File.expand_path("../lib", __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'candy_check/version'
+require "candy_check/version"
 
 Gem::Specification.new do |spec|
-  spec.name          = 'candy_check'
-  spec.version       = CandyCheck::VERSION
-  spec.authors       = ['Jonas Thiel']
-  spec.email         = ['jonas@thiel.io']
-  spec.summary       = 'Check and verify in-app receipts'
-  spec.homepage      = 'https://github.com/jnbt/candy_check'
-  spec.license       = 'MIT'
+  spec.name = "candy_check"
+  spec.version = CandyCheck::VERSION
+  spec.authors = ["Jonas Thiel", "Christoph Weegen"]
+  spec.email = ["jonas@thiel.io"]
+  spec.summary = "Check and verify in-app receipts"
+  spec.homepage = "https://github.com/jnbt/candy_check"
+  spec.license = "MIT"
 
-  spec.files         = `git ls-files -z`.split("\x0")
-  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
-  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
-  spec.require_paths = ['lib']
+  spec.files = `git ls-files -z`.split("\x0")
+  spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
 
-  spec.required_ruby_version = Gem::Requirement.new('>= 2.0')
+  spec.required_ruby_version = Gem::Requirement.new(">= 2.4")
 
-  spec.add_dependency 'multi_json',        '~> 1.10'
-  spec.add_dependency 'google-api-client', '~> 0.8.6'
-  spec.add_dependency 'thor',              '~> 0.19'
+  spec.add_dependency "google-api-client", "~> 0.43.0"
+  spec.add_dependency "multi_json", "~> 1.10"
+  spec.add_dependency "thor", "~> 0.19"
 
-  spec.add_development_dependency 'rubocop',         '~> 0.39'
-  spec.add_development_dependency 'inch',            '~> 0.5'
-  spec.add_development_dependency 'bundler',         '~> 1.7'
-  spec.add_development_dependency 'rake',            '~> 11.1'
-  spec.add_development_dependency 'coveralls',       '~> 0.8'
-  spec.add_development_dependency 'minitest',        '~> 5.9'
-  spec.add_development_dependency 'minitest-around', '~> 0.3'
-  spec.add_development_dependency 'webmock',         '~> 2.1'
+  spec.add_development_dependency "bundler", "~> 2.0"
+  spec.add_development_dependency "coveralls", "~> 0.8"
+  spec.add_development_dependency "inch", "~> 0.7"
+  spec.add_development_dependency "minitest", "~> 5.10"
+  spec.add_development_dependency "minitest-around", "~> 0.4"
+  spec.add_development_dependency "minitest-focus"
+  spec.add_development_dependency "rake", "~> 12.0"
+  spec.add_development_dependency "rubocop", "~> 0.48"
+  spec.add_development_dependency "timecop", "~> 0.8"
+  spec.add_development_dependency "webmock", "~> 3.0"
+  spec.add_development_dependency "vcr"
+  spec.add_development_dependency "pry"
+  spec.add_development_dependency "awesome_print"
+  spec.add_development_dependency "guard"
+  spec.add_development_dependency "guard-minitest"
 end