candy_check 0.1.1 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 6f615841c7e717eea9ef742eda59d4feb24ad652
-  data.tar.gz: 93fd76119eb4bfdaede4f1f1367fd8c7af6f914d
+SHA256:
+  metadata.gz: 3880f9380c3e43460a14e5cdf213458159def3de2f406e3eb43c277de2504586
+  data.tar.gz: 3ca572324c579cf75c5c9f80d50681c1b3a374a87b2bdadb1fba9bebea659290
 SHA512:
-  metadata.gz: c93b86afaab15e059887f755bfcd1f60cdf0bd981aa2f67dc3b5d96f213686d6430fb22ff872698474a8caf4589cefe79fd1072eab06e8df25c9c36bfb08a9d7
-  data.tar.gz: f323f66ec300dc86e3a6b1a8cab5b6c2dda7f6d5234cc4f6925ef08350fcdf1e9a88b8b611500b17113a716ecdc02e0c88125234a2eca820e0facc9b890a1b7d
+  metadata.gz: 2ecf405edb1c05d625d3cf24f99dd5d4ab8e1dac032986a67243e40f1906eac0e45ed2cf2abc9bc23886b15fb27d003d134fa763b583826480128e81ba0eccca
+  data.tar.gz: 1f2eb8f806ce6fe2f07bd7326e408b1109c933cfc35e20db7acb349b1947e375caf98453c5675013a27c077db458cc832133aa9e4b7b9b54eca0dd9d88ac1976

data/.gitignore

@@ -2,4 +2,5 @@
 /pkg/
 /coverage/
 .yardoc
-doc
+doc
+vendor/bundle

data/.rubocop.yml

@@ -22,3 +22,9 @@ Metrics/BlockLength:
 Security/MarshalLoad:
   Exclude:
     - 'lib/candy_check/play_store/discovery_repository.rb'
+Style/DateTime:
+  Enabled: false
+Style/Encoding:
+  Enabled: false
+Style/ExpandPathArguments:
+  Enabled: false

data/.ruby-version

@@ -1 +1 @@
-2.4.1
+2.7.1

data/.travis.yml

@@ -2,20 +2,17 @@ language: ruby
 sudo: false
 cache: bundler
 rvm:
-  - 2.4.1
-  - 2.3.4
-  - 2.2
-  - 2.1
-  - 2.0
+  - 2.6.5
+  - 2.5.7
+  - 2.4.9
+  - jruby-9.2.9.0
   - ruby-head
-  - jruby-1.7.26
   - jruby-head
-env:
-  global:
-    - JRUBY_OPTS="--2.0"
 matrix:
   allow_failures:
     - rvm: ruby-head
     - rvm: jruby-head
   fast_finish: true
-before_install: gem install bundler -v 1.14.6
+before_install:
+  - gem update --system
+  - gem install bundler -v 2.0.2

data/Guardfile

@@ -0,0 +1,42 @@
+# A sample Guardfile
+# More info at https://github.com/guard/guard#readme
+
+## Uncomment and set this to only include directories you want to watch
+directories %w(lib spec) \
+  .select{|d| Dir.exist?(d) ? d : UI.warning("Directory #{d} does not exist")}
+
+## Note: if you are using the `directories` clause above and you are not
+## watching the project directory ('.'), then you will want to move
+## the Guardfile to a watched dir and symlink it back, e.g.
+#
+#  $ mkdir config
+#  $ mv Guardfile config/
+#  $ ln -s config/Guardfile .
+#
+# and, you'll have to watch "config/Guardfile" instead of "Guardfile"
+
+guard :minitest do
+  # with Minitest::Unit
+  # watch(%r{^test/(.*)\/?test_(.*)\.rb$})
+  # watch(%r{^lib/(.*/)?([^/]+)\.rb$})     { |m| "test/#{m[1]}test_#{m[2]}.rb" }
+  # watch(%r{^test/test_helper\.rb$})      { 'test' }
+
+  # with Minitest::Spec
+  watch(%r{^spec/(.*)_spec\.rb$})
+  watch(%r{^lib/(.+)\.rb$})         { |m| "spec/#{m[1]}_spec.rb" }
+  watch(%r{^spec/spec_helper\.rb$}) { 'spec' }
+
+  # Rails 4
+  # watch(%r{^app/(.+)\.rb$})                               { |m| "test/#{m[1]}_test.rb" }
+  # watch(%r{^app/controllers/application_controller\.rb$}) { 'test/controllers' }
+  # watch(%r{^app/controllers/(.+)_controller\.rb$})        { |m| "test/integration/#{m[1]}_test.rb" }
+  # watch(%r{^app/views/(.+)_mailer/.+})                    { |m| "test/mailers/#{m[1]}_mailer_test.rb" }
+  # watch(%r{^lib/(.+)\.rb$})                               { |m| "test/lib/#{m[1]}_test.rb" }
+  # watch(%r{^test/.+_test\.rb$})
+  # watch(%r{^test/test_helper\.rb$}) { 'test' }
+
+  # Rails < 4
+  # watch(%r{^app/controllers/(.*)\.rb$}) { |m| "test/functional/#{m[1]}_test.rb" }
+  # watch(%r{^app/helpers/(.*)\.rb$})     { |m| "test/helpers/#{m[1]}_test.rb" }
+  # watch(%r{^app/models/(.*)\.rb$})      { |m| "test/unit/#{m[1]}_test.rb" }
+end

data/MIGRATION_GUIDE_0_2_0.md

@@ -0,0 +1,141 @@
+# Migration Guide from v0.1.x to v0.2.0
+
+Due to changes in the PlayStore API, Candy Check needed to introduce some breaking changes in version `0.2.0`.
+
+To adapt your old implementation to these changes, follow the steps below:
+
+## Authorization
+
+First we have to change, how our verifier authenticates against the Google API.
+
+Change code like this
+
+```ruby
+# < v0.2.0
+config = CandyCheck::PlayStore::Config.new(
+  application_name: 'YourApplication',
+  application_version: '1.0',
+  issuer: 'abcdefg@developer.gserviceaccount.com',
+  key_file: 'local/google.p12',
+  key_secret: 'notasecret',
+  cache_file: 'tmp/candy_check_play_store_cache'
+)
+verifier = CandyCheck::PlayStore::Verifier.new(config)
+verifier.boot!
+```
+
+to
+
+```ruby
+# v0.2.0
+authorization = CandyCheck::PlayStore.authorization("/path/to/key.json")
+verifier = CandyCheck::PlayStore::Verifier.new(authorization: authorization)
+```
+
+If you're not sure how to get a `.json` key file, follow this part of the [`README`](/README.md#getting-the-json-key-file).
+
+If you need other means of authentication follow this part of the [`README`](/README.md#building-an-authorization-object).
+
+## Verifying Purchases
+
+To be more descriptive and consistent with the PlayStore API, the verifier got a new signature and return values have been adapted accordingly.
+
+### Verifying Product Purchases
+
+Change all occurences of
+
+```ruby
+# < v0.2.0
+verifier.verify("my-package-name", "my product id", "my token")
+# => Receipt or VerificationFailure
+```
+
+to
+
+```ruby
+# v0.2.0
+verifier.verify_product_purchase(
+  package_name: "my-package-name",
+  product_id: "my product id",
+  token: "my token"
+)
+# => ProductPurchase or VerificationFailure
+```
+
+*NOTE:* Take a closer look at the possible return values: `CandyCheck::PlayStore::Receipt` was moved to `CandyCheck::PlayStore::ProductPurchases::ProductPurchase`. In case you're matching at the class name of the result, please adapt your code accordingly.
+
+#### Accessing Raw ProductPurchase Attributes
+
+CandyCheck `< 0.2.0` provided the raw `ProductPurchase` attributes given by the PlayStore API like this:
+
+```ruby
+# < v0.2.0
+result = verifier.verify("my-package-name", "my product id", "my token")
+result.attributes
+# => Hash
+```
+
+To get the same behaviour in CandyCheck `0.2.0`, change the code above to:
+
+```ruby
+# v0.2.0
+result = verifier.verify_product_purchase(
+  package_name: "my-package-name",
+  product_id: "my product id",
+  token: "my token"
+)
+result.product_purchase.to_h
+# => Hash
+```
+
+The hash key access must be changed from strings in `camelCase` to symbols in `snake_case`:
+
+```ruby
+# < 0.2.0
+result.attributes["purchaseState"]
+
+# 0.2.0
+result.product_purchase.to_h[:purchase_state]
+```
+
+## Verifying Subscription Purchases
+
+Change all occurences of
+
+```ruby
+# < v0.2.0
+verifier.verify_subscription("my-package-name", "my-subscription-id", "my-token")
+# => Subscription or VerificationFailure
+```
+
+to
+
+```ruby
+# v0.2.0
+verifier.verify_subscription_purchase(
+  package_name: "my-package-name",
+  subscription_id: "my-subscription-id",
+  token: "my-token"
+)
+# => SubscriptionPurchase or VerificationFailure
+```
+
+*NOTE:* Again take a closer look at the possible return values: `CandyCheck::PlayStore::Subscription` was moved to `CandyCheck::PlayStore::SubscriptionPurchases::SubscriptionPurchase`. In case you're matching at the class name of the result, please adapt your code accordingly.
+
+## Using the CLI
+
+The way the CandyCheck CLI gets used, needed to be changed too.
+
+The old PlayStore command:
+
+```bash
+# < v0.2.0
+$ candy_check play_store PACKAGE PRODUCT_ID TOKEN --issuer=ISSUER --key-file=KEY_FILE
+```
+
+was changed to
+
+```bash
+# v0.2.0
+$ candy_check play_store PACKAGE PRODUCT_ID TOKEN --json-key-file=/path/to/key.json
+```

data/README.md

@@ -4,7 +4,6 @@
 [![Build Status](https://travis-ci.org/jnbt/candy_check.svg?branch=master)](https://travis-ci.org/jnbt/candy_check)
 [![Coverage Status](https://coveralls.io/repos/jnbt/candy_check/badge.svg?branch=master)](https://coveralls.io/r/jnbt/candy_check?branch=master)
 [![Code Climate](https://codeclimate.com/github/jnbt/candy_check/badges/gpa.svg)](https://codeclimate.com/github/jnbt/candy_check)
-[![Gemnasium](https://img.shields.io/gemnasium/jnbt/candy_check.svg?style=flat)](https://gemnasium.com/jnbt/candy_check)
 [![Inline docs](http://inch-ci.org/github/jnbt/candy_check.svg?branch=master)](http://inch-ci.org/github/jnbt/candy_check)
 [![Yard Docs](http://img.shields.io/badge/yard-docs-blue.svg?style=flat)](http://www.rubydoc.info/github/jnbt/candy_check/master)
 
@@ -43,12 +42,7 @@ called "[service account](https://developers.google.com/accounts/docs/OAuth2Serv
 new account by yourself, export the generated certificate file and grant the correct permissions to the account for
 your app using the [Google Developer Console](https://console.developers.google.com).
 
-Further more this gem uses the [official Ruby SDK](https://github.com/google/google-api-ruby-client) for the API interactions
-which suggest to use a locally cached service discovery. If you don't omit the `cache_file` configuration this is done
-automatically.
-
-If you have set up the Android app correctly you should get a [`purchaseToken`](http://developer.android.com/google/play/billing/billing_reference.html#getBuyIntent) per purchased item. You should use this string in combination with `packageName` and `productId`
-to verify the purchase.
+If you have set up the Android app correctly you should get a [`purchaseToken`](http://developer.android.com/google/play/billing/billing_reference.html#getBuyIntent) per purchased item. You should use this string in combination with `packageName` and `productId` to verify the purchase.
 
 ## Usage
 
@@ -81,44 +75,108 @@ For **subscription verification**, Apple also returns a list of the user's purch
 verifier.verify_subscription(your_receipt_data, your_secret) # => ReceiptCollection or VerificationFailure
 ```
 
+If you want to restrict the subscription verification to some specific products, pass their ids as an array:
+
+```ruby
+# ... create your verifier as above
+product_ids = ['sk_product_id_1', 'sk_product_id_2'...]
+verifier.verify_subscription(your_receipt_data, your_secret, product_ids) # => ReceiptCollection or VerificationFailure
+```
+
 Please see the class documentation for [`CandyCheck::AppStore::ReceiptCollection`](http://www.rubydoc.info/github/jnbt/candy_check/master/CandyCheck/AppStore/ReceiptCollection) for further details.
 
 ### PlayStore
 
-First initialize and **boot** a verifier instance for your application. This loads the API discovery and
-fetches the needed OAuth access token. When configuring a `cache_file` the discovery is loaded (or dumped) to
-this file.
+> :warning: Version `0.2.0` of `CandyCheck` introduced some breaking changes to the PlayStore functionality to adapt to changes in the Google API. If you're upgrading from a `CandyCheck` version `< 0.2.0` see the [migration guide](/MIGRATION_GUIDE_0_2_0.md) for more.
+
+#### Authorization
+
+##### Getting the JSON Key File
+
+First we have to get a `.json` key file, that gives access to the Google API.
+
+This `.json` key file can be generated under the following URL (make sure to adapt the `project=my-project-name` parameter accordingly):
 
-> **Remarks:** Both `application_name` and `application_version` represent *your* application against Google's APIs. You may use any values here, but I suggest to refelect the name of the used service account here.
+[https://console.developers.google.com/apis/credentials/serviceaccountkey?project=my-project-name](https://console.developers.google.com/apis/credentials/serviceaccountkey?project=my-project-name)
+
+##### Building an Authorization Object
+
+With the `.json` key file downloaded, we can build an authorization object:
 
 ```ruby
-config = CandyCheck::PlayStore::Config.new(
-  application_name: 'YourApplication',
-  application_version: '1.0',
-  issuer: 'abcdefg@developer.gserviceaccount.com',
-  key_file: 'local/google.p12',
-  key_secret: 'notasecret',
-  cache_file: 'tmp/candy_check_play_store_cache'
-)
-verifier = CandyCheck::PlayStore::Verifier.new(config)
-verifier.boot!
+authorization = CandyCheck::PlayStore.authorization("/path/to/key.json")
+```
+
+> **Note:** `CandyCheck` provides the `CandyCheck::PlayStore.authorization` method as convenience to build an authorization object. In case you need more control over your authorization object, refer to the [`google-auth-library-ruby`](https://github.com/googleapis/google-auth-library-ruby) docs, which describes building authorization objects in detail.
+
+##### Building a verifier
+
+With the `authorization` object in place, we can build a verifier:
+
+```ruby
+verifier = CandyCheck::PlayStore::Verifier.new(authorization: authorization)
 ```
 
-For the PlayStore your client should deliver the purchases token, package name and product id:
+> **Note:** If you need to verify against multiple Google Service Accounts, just instantiate a new verifier with another authorization object that got build with a different `.json` key file.
+
+#### Verifying product purchases
+
+This `verifier` can be used to verify product purchases in the PlayStore, all you need to do is to pass the `package_name`, `product_id` and `token` of the product purchase you want to verify:
 
 ```ruby
-verifier.verify(package, product_id, token) # => Receipt or VerificationFailure
+result = verifier.verify_product_purchase(
+  package_name: "my-package-name",
+  product_id: "my product id",
+  token: "my token"
+)
+# => ProductPurchase or VerificationFailure
 ```
 
-Please see the class documenations [`CandyCheck::PlayStore::Receipt`](http://www.rubydoc.info/github/jnbt/candy_check/master/CandyCheck/PlayStore/Receipt) and [`CandyCheck::PlayStore::VerificationFailure`](http://www.rubydoc.info/github/jnbt/candy_check/master/CandyCheck/PlayStore/VerificationFailure) for further details about the responses.
+On success this will return an instance of `CandyCheck::Playstore::ProductPurchases::ProductPurchase`, which is a wrapper for the raw [google-api-ruby-client](https://github.com/googleapis/google-api-ruby-client) data, but additionally provides some handy convenience methods.
+Please see the class documentations [`CandyCheck::PlayStore::ProductPurchases::ProductPurchase`](http://www.rubydoc.info/github/jnbt/candy_check/master/CandyCheck/PlayStore/ProductPurchases/ProductPurchase) and [`CandyCheck::PlayStore::VerificationFailure`](http://www.rubydoc.info/github/jnbt/candy_check/master/CandyCheck/PlayStore/VerificationFailure) for further details about the responses.
+
+#### Verifying subscriptions
 
 In order to **verify a subscription** from the Play Store, do the following:
 
 ```ruby
-verifier.verify_subscription(package, subscription_id, token) # => Subscription or VerificationFailure
+result = verifier.verify_subscription_purchase(
+  package_name: "my-package-name",
+  subscription_id: "my-subscription-id",
+  token: "my-token"
+)
+# => SubscriptionPurchase or VerificationFailure
 ```
 
-Please see documenation for [`CandyCheck::PlayStore::Subscription`](http://www.rubydoc.info/github/jnbt/candy_check/master/CandyCheck/PlayStore/Subscription) for further details.
+Please see documenation for [`CandyCheck::PlayStore::SubscriptionPurchases::SubscriptionPurchase`](http://www.rubydoc.info/github/jnbt/candy_check/master/CandyCheck/PlayStore/SubscriptionPurchases/SubscriptionPurchase) for further details.
+
+
+##### Building an acknowledger
+
+With the `authorization` object in place, we can build an acknowledger:
+
+```ruby
+acknowledger = CandyCheck::PlayStore::Acknowledger.new(authorization: authorization)
+```
+
+> **Note:** If you need to acknowledge against multiple Google Service Accounts, just instantiate a new acknowledger with another authorization object that got build with a different `.json` key file.
+
+#### Acknowledging the purchase
+Google Play purchases if not acknowledged are automatically refunded. The acknowledgement can be done client-side or server-side. If server-side validation is being used we recommend to proceed with the acknowledgement afterwards, since it is the only save way to ensure the users received what they have paid for.
+
+```ruby
+result = acknowledger.acknowledge_product_purchase(
+  package_name: "my-package-name",
+  product_id: "my-subscription-id",
+  token: "my-token"
+)
+# => ProductAcknowledgements::Response
+```
+
+The acknowledger response has 2 methods:
+
+- `#acknowledged?` returns a boolean. It returns true only if it has been acknowledged at this moment (that's Google Play behaviour).
+- `#error` returns a hash with `status_code` and `body` keys.
 
 ## CLI
 
@@ -144,7 +202,7 @@ For the PlayStore you need to specify at least the issuer, the key file, your pa
 purchase token:
 
 ```bash
-$ candy_check play_store PACKAGE PRODUCT_ID TOKEN --issuer=ISSUER --key-file=KEY_FILE
+$ candy_check play_store PACKAGE_NAME PRODUCT_ID TOKEN --json-key-file=/path/to/key.json
 ```
 
 See all options:

data/Rakefile

@@ -12,4 +12,4 @@ end
 
 RuboCop::RakeTask.new
 
-task default: %i(spec rubocop)
+task default: %i(spec)

data/candy_check.gemspec

@@ -1,36 +1,42 @@
 # coding: utf-8
 
-lib = File.expand_path('../lib', __FILE__)
+lib = File.expand_path("../lib", __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'candy_check/version'
+require "candy_check/version"
 
 Gem::Specification.new do |spec|
-  spec.name          = 'candy_check'
-  spec.version       = CandyCheck::VERSION
-  spec.authors       = ['Jonas Thiel']
-  spec.email         = ['jonas@thiel.io']
-  spec.summary       = 'Check and verify in-app receipts'
-  spec.homepage      = 'https://github.com/jnbt/candy_check'
-  spec.license       = 'MIT'
+  spec.name = "candy_check"
+  spec.version = CandyCheck::VERSION
+  spec.authors = ["Jonas Thiel", "Christoph Weegen"]
+  spec.email = ["jonas@thiel.io"]
+  spec.summary = "Check and verify in-app receipts"
+  spec.homepage = "https://github.com/jnbt/candy_check"
+  spec.license = "MIT"
 
-  spec.files         = `git ls-files -z`.split("\x0")
-  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
-  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
-  spec.require_paths = ['lib']
+  spec.files = `git ls-files -z`.split("\x0")
+  spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
 
-  spec.required_ruby_version = Gem::Requirement.new('>= 2.0')
+  spec.required_ruby_version = Gem::Requirement.new(">= 2.4")
 
-  spec.add_dependency 'multi_json',        '~> 1.10'
-  spec.add_dependency 'google-api-client', '~> 0.8.6'
-  spec.add_dependency 'thor',              '~> 0.19'
+  spec.add_dependency "google-api-client", "~> 0.43.0"
+  spec.add_dependency "multi_json", "~> 1.10"
+  spec.add_dependency "thor", "< 2.0"
 
-  spec.add_development_dependency 'rubocop',         '~> 0.48'
-  spec.add_development_dependency 'inch',            '~> 0.7'
-  spec.add_development_dependency 'bundler',         '~> 1.14'
-  spec.add_development_dependency 'rake',            '~> 12.0'
-  spec.add_development_dependency 'coveralls',       '~> 0.8'
-  spec.add_development_dependency 'minitest',        '~> 5.10'
-  spec.add_development_dependency 'minitest-around', '~> 0.4'
-  spec.add_development_dependency 'webmock',         '~> 3.0'
-  spec.add_development_dependency 'timecop',         '~> 0.8'
+  spec.add_development_dependency "bundler", "~> 2.0"
+  spec.add_development_dependency "coveralls", "~> 0.8"
+  spec.add_development_dependency "inch", "~> 0.7"
+  spec.add_development_dependency "minitest", "~> 5.10"
+  spec.add_development_dependency "minitest-around", "~> 0.4"
+  spec.add_development_dependency "minitest-focus"
+  spec.add_development_dependency "rake", "~> 12.0"
+  spec.add_development_dependency "rubocop", "~> 0.48"
+  spec.add_development_dependency "timecop", "~> 0.8"
+  spec.add_development_dependency "webmock", "~> 3.0"
+  spec.add_development_dependency "vcr"
+  spec.add_development_dependency "pry"
+  spec.add_development_dependency "awesome_print"
+  spec.add_development_dependency "guard"
+  spec.add_development_dependency "guard-minitest"
 end