candy_check 0.1.2 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8c40745adb3f17e7ad7d4d6b936f0435219aadb38717f9cc798c4f1442ee1a2c
-  data.tar.gz: 70776189d498d75e83783423f3cdde25eb3db1b2a1b98cf39157c53e8d281c7a
+  metadata.gz: f276e0409f0b3ee54bd5543e939d7635c95059dfc5ae77d9b071d5715d1e291f
+  data.tar.gz: 56858af56be773214faae7e848e4aa9ae5a30b8cba2da782aca8554da7895c94
 SHA512:
-  metadata.gz: 76e17fdedbd3ea65c210a1238f74b50e3ad24cf5bb31d3f0a84208e6c1bc0700b20445d91dd2c0204b5c99f4b7a3241a075e5e2e743ed868ae29a7d3ed810f98
-  data.tar.gz: d6d6054b8521d2425ea24354c5ac6a2e385bb4e32c793a4a6f005c0644fdb25cbe992ac3d8b02141117871d70abd3d0770c1e0bede750c46673e139f955879c2
+  metadata.gz: 6eb5506e96216125602b47994b99f8038aa20aecf17cf2515ba5ab7578f06415735301f793aa64786bddad59a4c0296bdf5f6f3545151ee0b1f104b7a5eef262
+  data.tar.gz: a6084226820a90997d852976659841930fbeaf5d79507fe392d8551447f0000a3016636f317f79f1af50cb9501f355905a96203751162153ac210ac97bcca519

data/.travis.yml

@@ -2,19 +2,12 @@ language: ruby
 sudo: false
 cache: bundler
 rvm:
-  - 2.5.1
-  - 2.4.4
-  - 2.4.1
-  - 2.3.7
-  - 2.2
-  - 2.1
-  - 2.0
+  - 2.6.5
+  - 2.5.7
+  - 2.4.9
+  - jruby-9.2.9.0
   - ruby-head
-  - jruby-1.7.26
   - jruby-head
-env:
-  global:
-    - JRUBY_OPTS="--2.0"
 matrix:
   allow_failures:
     - rvm: ruby-head
@@ -22,4 +15,4 @@ matrix:
   fast_finish: true
 before_install:
   - gem update --system
-  - gem install bundler -v 1.16.2
+  - gem install bundler -v 2.0.2

data/Guardfile

@@ -0,0 +1,42 @@
+# A sample Guardfile
+# More info at https://github.com/guard/guard#readme
+
+## Uncomment and set this to only include directories you want to watch
+directories %w(lib spec) \
+  .select{|d| Dir.exist?(d) ? d : UI.warning("Directory #{d} does not exist")}
+
+## Note: if you are using the `directories` clause above and you are not
+## watching the project directory ('.'), then you will want to move
+## the Guardfile to a watched dir and symlink it back, e.g.
+#
+#  $ mkdir config
+#  $ mv Guardfile config/
+#  $ ln -s config/Guardfile .
+#
+# and, you'll have to watch "config/Guardfile" instead of "Guardfile"
+
+guard :minitest do
+  # with Minitest::Unit
+  # watch(%r{^test/(.*)\/?test_(.*)\.rb$})
+  # watch(%r{^lib/(.*/)?([^/]+)\.rb$})     { |m| "test/#{m[1]}test_#{m[2]}.rb" }
+  # watch(%r{^test/test_helper\.rb$})      { 'test' }
+
+  # with Minitest::Spec
+  watch(%r{^spec/(.*)_spec\.rb$})
+  watch(%r{^lib/(.+)\.rb$})         { |m| "spec/#{m[1]}_spec.rb" }
+  watch(%r{^spec/spec_helper\.rb$}) { 'spec' }
+
+  # Rails 4
+  # watch(%r{^app/(.+)\.rb$})                               { |m| "test/#{m[1]}_test.rb" }
+  # watch(%r{^app/controllers/application_controller\.rb$}) { 'test/controllers' }
+  # watch(%r{^app/controllers/(.+)_controller\.rb$})        { |m| "test/integration/#{m[1]}_test.rb" }
+  # watch(%r{^app/views/(.+)_mailer/.+})                    { |m| "test/mailers/#{m[1]}_mailer_test.rb" }
+  # watch(%r{^lib/(.+)\.rb$})                               { |m| "test/lib/#{m[1]}_test.rb" }
+  # watch(%r{^test/.+_test\.rb$})
+  # watch(%r{^test/test_helper\.rb$}) { 'test' }
+
+  # Rails < 4
+  # watch(%r{^app/controllers/(.*)\.rb$}) { |m| "test/functional/#{m[1]}_test.rb" }
+  # watch(%r{^app/helpers/(.*)\.rb$})     { |m| "test/helpers/#{m[1]}_test.rb" }
+  # watch(%r{^app/models/(.*)\.rb$})      { |m| "test/unit/#{m[1]}_test.rb" }
+end

data/MIGRATION_GUIDE_0_2_0.md

@@ -0,0 +1,141 @@
+# Migration Guide from v0.1.x to v0.2.0
+
+Due to changes in the PlayStore API, Candy Check needed to introduce some breaking changes in version `0.2.0`.
+
+To adapt your old implementation to these changes, follow the steps below:
+
+## Authorization
+
+First we have to change, how our verifier authenticates against the Google API.
+
+Change code like this
+
+```ruby
+# < v0.2.0
+config = CandyCheck::PlayStore::Config.new(
+  application_name: 'YourApplication',
+  application_version: '1.0',
+  issuer: 'abcdefg@developer.gserviceaccount.com',
+  key_file: 'local/google.p12',
+  key_secret: 'notasecret',
+  cache_file: 'tmp/candy_check_play_store_cache'
+)
+verifier = CandyCheck::PlayStore::Verifier.new(config)
+verifier.boot!
+```
+
+to
+
+```ruby
+# v0.2.0
+authorization = CandyCheck::PlayStore.authorization("/path/to/key.json")
+verifier = CandyCheck::PlayStore::Verifier.new(authorization: authorization)
+```
+
+If you're not sure how to get a `.json` key file, follow this part of the [`README`](/README.md#getting-the-json-key-file).
+
+If you need other means of authentication follow this part of the [`README`](/README.md#building-an-authorization-object).
+
+## Verifying Purchases
+
+To be more descriptive and consistent with the PlayStore API, the verifier got a new signature and return values have been adapted accordingly.
+
+### Verifying Product Purchases
+
+Change all occurences of
+
+```ruby
+# < v0.2.0
+verifier.verify("my-package-name", "my product id", "my token")
+# => Receipt or VerificationFailure
+```
+
+to
+
+```ruby
+# v0.2.0
+verifier.verify_product_purchase(
+  package_name: "my-package-name",
+  product_id: "my product id",
+  token: "my token"
+)
+# => ProductPurchase or VerificationFailure
+```
+
+*NOTE:* Take a closer look at the possible return values: `CandyCheck::PlayStore::Receipt` was moved to `CandyCheck::PlayStore::ProductPurchases::ProductPurchase`. In case you're matching at the class name of the result, please adapt your code accordingly.
+
+#### Accessing Raw ProductPurchase Attributes
+
+CandyCheck `< 0.2.0` provided the raw `ProductPurchase` attributes given by the PlayStore API like this:
+
+```ruby
+# < v0.2.0
+result = verifier.verify("my-package-name", "my product id", "my token")
+result.attributes
+# => Hash
+```
+
+To get the same behaviour in CandyCheck `0.2.0`, change the code above to:
+
+```ruby
+# v0.2.0
+result = verifier.verify_product_purchase(
+  package_name: "my-package-name",
+  product_id: "my product id",
+  token: "my token"
+)
+result.product_purchase.to_h
+# => Hash
+```
+
+The hash key access must be changed from strings in `camelCase` to symbols in `snake_case`:
+
+```ruby
+# < 0.2.0
+result.attributes["purchaseState"]
+
+# 0.2.0
+result.product_purchase.to_h[:purchase_state]
+```
+
+## Verifying Subscription Purchases
+
+Change all occurences of
+
+```ruby
+# < v0.2.0
+verifier.verify_subscription("my-package-name", "my-subscription-id", "my-token")
+# => Subscription or VerificationFailure
+```
+
+to
+
+```ruby
+# v0.2.0
+verifier.verify_subscription_purchase(
+  package_name: "my-package-name",
+  subscription_id: "my-subscription-id",
+  token: "my-token"
+)
+# => SubscriptionPurchase or VerificationFailure
+```
+
+*NOTE:* Again take a closer look at the possible return values: `CandyCheck::PlayStore::Subscription` was moved to `CandyCheck::PlayStore::SubscriptionPurchases::SubscriptionPurchase`. In case you're matching at the class name of the result, please adapt your code accordingly.
+
+## Using the CLI
+
+The way the CandyCheck CLI gets used, needed to be changed too.
+
+The old PlayStore command:
+
+```bash
+# < v0.2.0
+$ candy_check play_store PACKAGE PRODUCT_ID TOKEN --issuer=ISSUER --key-file=KEY_FILE
+```
+
+was changed to
+
+```bash
+# v0.2.0
+$ candy_check play_store PACKAGE PRODUCT_ID TOKEN --json-key-file=/path/to/key.json
+```

data/README.md

@@ -43,12 +43,7 @@ called "[service account](https://developers.google.com/accounts/docs/OAuth2Serv
 new account by yourself, export the generated certificate file and grant the correct permissions to the account for
 your app using the [Google Developer Console](https://console.developers.google.com).
 
-Further more this gem uses the [official Ruby SDK](https://github.com/google/google-api-ruby-client) for the API interactions
-which suggest to use a locally cached service discovery. If you don't omit the `cache_file` configuration this is done
-automatically.
-
-If you have set up the Android app correctly you should get a [`purchaseToken`](http://developer.android.com/google/play/billing/billing_reference.html#getBuyIntent) per purchased item. You should use this string in combination with `packageName` and `productId`
-to verify the purchase.
+If you have set up the Android app correctly you should get a [`purchaseToken`](http://developer.android.com/google/play/billing/billing_reference.html#getBuyIntent) per purchased item. You should use this string in combination with `packageName` and `productId` to verify the purchase.
 
 ## Usage
 
@@ -85,40 +80,68 @@ Please see the class documentation for [`CandyCheck::AppStore::ReceiptCollection
 
 ### PlayStore
 
-First initialize and **boot** a verifier instance for your application. This loads the API discovery and
-fetches the needed OAuth access token. When configuring a `cache_file` the discovery is loaded (or dumped) to
-this file.
+> :warning: Version `0.2.0` of `CandyCheck` introduced some breaking changes to the PlayStore functionality to adapt to changes in the Google API. If you're upgrading from a `CandyCheck` version `< 0.2.0` see the [migration guide](/MIGRATION_GUIDE_0_2_0.md) for more.
+
+#### Authorization
+
+##### Getting the JSON Key File
+
+First we have to get a `.json` key file, that gives access to the Google API.
+
+This `.json` key file can be generated under the following URL (make sure to adapt the `project=my-project-name` parameter accordingly):
 
-> **Remarks:** Both `application_name` and `application_version` represent *your* application against Google's APIs. You may use any values here, but I suggest to refelect the name of the used service account here.
+[https://console.developers.google.com/apis/credentials/serviceaccountkey?project=my-project-name](https://console.developers.google.com/apis/credentials/serviceaccountkey?project=my-project-name)
+
+##### Building an Authorization Object
+
+With the `.json` key file downloaded, we can build an authorization object:
 
 ```ruby
-config = CandyCheck::PlayStore::Config.new(
-  application_name: 'YourApplication',
-  application_version: '1.0',
-  issuer: 'abcdefg@developer.gserviceaccount.com',
-  key_file: 'local/google.p12',
-  key_secret: 'notasecret',
-  cache_file: 'tmp/candy_check_play_store_cache'
-)
-verifier = CandyCheck::PlayStore::Verifier.new(config)
-verifier.boot!
+authorization = CandyCheck::PlayStore.authorization("/path/to/key.json")
 ```
 
-For the PlayStore your client should deliver the purchases token, package name and product id:
+> **Note:** `CandyCheck` provides the `CandyCheck::PlayStore.authorization` method as convenience to build an authorization object. In case you need more control over your authorization object, refer to the [`google-auth-library-ruby`](https://github.com/googleapis/google-auth-library-ruby) docs, which describes building authorization objects in detail.
+
+##### Building a verifier
+
+With the `authorization` object in place, we can build a verifier:
 
 ```ruby
-verifier.verify(package, product_id, token) # => Receipt or VerificationFailure
+verifier = CandyCheck::PlayStore::Verifier.new(authorization: authorization)
 ```
 
-Please see the class documenations [`CandyCheck::PlayStore::Receipt`](http://www.rubydoc.info/github/jnbt/candy_check/master/CandyCheck/PlayStore/Receipt) and [`CandyCheck::PlayStore::VerificationFailure`](http://www.rubydoc.info/github/jnbt/candy_check/master/CandyCheck/PlayStore/VerificationFailure) for further details about the responses.
+> **Note:** If you need to verify against multiple Google Service Accounts, just instantiate a new verifier with another authorization object that got build with a different `.json` key file.
+
+#### Verifying product purchases
+
+This `verifier` can be used to verify product purchases in the PlayStore, all you need to do is to pass the `package_name`, `product_id` and `token` of the product purchase you want to verify:
+
+```ruby
+result = verifier.verify_product_purchase(
+  package_name: "my-package-name",
+  product_id: "my product id",
+  token: "my token"
+)
+# => ProductPurchase or VerificationFailure
+```
+
+On success this will return an instance of `CandyCheck::Playstore::ProductPurchases::ProductPurchase`, which is a wrapper for the raw [google-api-ruby-client](https://github.com/googleapis/google-api-ruby-client) data, but additionally provides some handy convenience methods.
+Please see the class documentations [`CandyCheck::PlayStore::ProductPurchases::ProductPurchase`](http://www.rubydoc.info/github/jnbt/candy_check/master/CandyCheck/PlayStore/ProductPurchases/ProductPurchase) and [`CandyCheck::PlayStore::VerificationFailure`](http://www.rubydoc.info/github/jnbt/candy_check/master/CandyCheck/PlayStore/VerificationFailure) for further details about the responses.
+
+#### Verifying subscriptions
 
 In order to **verify a subscription** from the Play Store, do the following:
 
 ```ruby
-verifier.verify_subscription(package, subscription_id, token) # => Subscription or VerificationFailure
+result = verifier.verify_subscription_purchase(
+  package_name: "my-package-name",
+  subscription_id: "my-subscription-id",
+  token: "my-token"
+)
+# => SubscriptionPurchase or VerificationFailure
 ```
 
-Please see documenation for [`CandyCheck::PlayStore::Subscription`](http://www.rubydoc.info/github/jnbt/candy_check/master/CandyCheck/PlayStore/Subscription) for further details.
+Please see documenation for [`CandyCheck::PlayStore::SubscriptionPurchases::SubscriptionPurchase`](http://www.rubydoc.info/github/jnbt/candy_check/master/CandyCheck/PlayStore/SubscriptionPurchases/SubscriptionPurchase) for further details.
 
 ## CLI
 
@@ -144,7 +167,7 @@ For the PlayStore you need to specify at least the issuer, the key file, your pa
 purchase token:
 
 ```bash
-$ candy_check play_store PACKAGE PRODUCT_ID TOKEN --issuer=ISSUER --key-file=KEY_FILE
+$ candy_check play_store PACKAGE_NAME PRODUCT_ID TOKEN --json-key-file=/path/to/key.json
 ```
 
 See all options:

data/candy_check.gemspec

@@ -1,36 +1,42 @@
 # coding: utf-8
 
-lib = File.expand_path('../lib', __FILE__)
+lib = File.expand_path("../lib", __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'candy_check/version'
+require "candy_check/version"
 
 Gem::Specification.new do |spec|
-  spec.name          = 'candy_check'
-  spec.version       = CandyCheck::VERSION
-  spec.authors       = ['Jonas Thiel']
-  spec.email         = ['jonas@thiel.io']
-  spec.summary       = 'Check and verify in-app receipts'
-  spec.homepage      = 'https://github.com/jnbt/candy_check'
-  spec.license       = 'MIT'
+  spec.name = "candy_check"
+  spec.version = CandyCheck::VERSION
+  spec.authors = ["Jonas Thiel", "Christoph Weegen"]
+  spec.email = ["jonas@thiel.io"]
+  spec.summary = "Check and verify in-app receipts"
+  spec.homepage = "https://github.com/jnbt/candy_check"
+  spec.license = "MIT"
 
-  spec.files         = `git ls-files -z`.split("\x0")
-  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
-  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
-  spec.require_paths = ['lib']
+  spec.files = `git ls-files -z`.split("\x0")
+  spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
 
-  spec.required_ruby_version = Gem::Requirement.new('>= 2.0')
+  spec.required_ruby_version = Gem::Requirement.new(">= 2.4")
 
-  spec.add_dependency 'google-api-client', '~> 0.8.6'
-  spec.add_dependency 'multi_json',        '~> 1.10'
-  spec.add_dependency 'thor',              '~> 0.19'
+  spec.add_dependency "google-api-client", "~> 0.34.0"
+  spec.add_dependency "multi_json", "~> 1.10"
+  spec.add_dependency "thor", "~> 0.19"
 
-  spec.add_development_dependency 'bundler',         '~> 1.14'
-  spec.add_development_dependency 'coveralls',       '~> 0.8'
-  spec.add_development_dependency 'inch',            '~> 0.7'
-  spec.add_development_dependency 'minitest',        '~> 5.10'
-  spec.add_development_dependency 'minitest-around', '~> 0.4'
-  spec.add_development_dependency 'rake',            '~> 12.0'
-  spec.add_development_dependency 'rubocop',         '~> 0.48'
-  spec.add_development_dependency 'timecop',         '~> 0.8'
-  spec.add_development_dependency 'webmock',         '~> 3.0'
+  spec.add_development_dependency "bundler", "~> 2.0"
+  spec.add_development_dependency "coveralls", "~> 0.8"
+  spec.add_development_dependency "inch", "~> 0.7"
+  spec.add_development_dependency "minitest", "~> 5.10"
+  spec.add_development_dependency "minitest-around", "~> 0.4"
+  spec.add_development_dependency "minitest-focus"
+  spec.add_development_dependency "rake", "~> 12.0"
+  spec.add_development_dependency "rubocop", "~> 0.48"
+  spec.add_development_dependency "timecop", "~> 0.8"
+  spec.add_development_dependency "webmock", "~> 3.0"
+  spec.add_development_dependency "vcr"
+  spec.add_development_dependency "pry"
+  spec.add_development_dependency "awesome_print"
+  spec.add_development_dependency "guard"
+  spec.add_development_dependency "guard-minitest"
 end

data/lib/candy_check/cli/app.rb

@@ -1,4 +1,4 @@
-require 'thor'
+require "thor"
 
 module CandyCheck
   module CLI
@@ -6,54 +6,37 @@ module CandyCheck
     # @example
     #   $> candy_check help
     class App < Thor
-      package_name 'CandyCheck'
+      package_name "CandyCheck"
 
-      desc 'app_store RECEIPT_DATA', 'Verify a base64 encoded AppStore receipt'
+      desc "app_store RECEIPT_DATA", "Verify a base64 encoded AppStore receipt"
       method_option :environment,
-                    default: 'production',
+                    default: "production",
                     type: :string,
                     enum: %w(production sandbox),
-                    aliases: '-e',
-                    desc: 'The environment to use for verfication'
+                    aliases: "-e",
+                    desc: "The environment to use for verfication"
       method_option :secret,
-                    aliases: '-s',
+                    aliases: "-s",
                     type: :string,
-                    desc: 'The shared secret for auto-renewable subscriptions'
+                    desc: "The shared secret for auto-renewable subscriptions"
+
       def app_store(receipt)
         Commands::AppStore.run(receipt, options)
       end
 
-      desc 'play_store PACKAGE PRODUCT_ID TOKEN', 'Verify PlayStore purchase'
-      method_option :issuer,
-                    required: true,
-                    type: :string,
-                    aliases: '-i',
-                    desc: 'The issuer\'s email address for the API call'
-      method_option :key_file,
+      desc "play_store PACKAGE PRODUCT_ID TOKEN", "Verify PlayStore purchase"
+      method_option :json_key_file,
                     required: true,
                     type: :string,
-                    aliases: '-k',
-                    desc: 'The key file to use for API authentication'
-      method_option :key_secret,
-                    default: 'notasecret',
-                    type: :string,
-                    aliases: '-s',
-                    desc: 'The secret to decrypt the key_file'
-      method_option :application_name,
-                    default: 'CandyCheck',
-                    type: :string,
-                    aliases: '-a',
-                    desc: 'Your application\'s name'
-      method_option :application_version,
-                    default: CandyCheck::VERSION,
-                    type: :string,
-                    aliases: '-v',
-                    desc: 'Your application\'s version'
+                    aliases: "-k",
+                    desc: "The json key file to use for API authentication"
+
       def play_store(package, product_id, token)
         Commands::PlayStore.run(package, product_id, token, options)
       end
 
-      desc 'version', 'Print the gem\'s version'
+      desc "version", 'Print the gem\'s version'
+
       def version
         Commands::Version.run
       end