defra_ruby_mocks 1.0.0 → 1.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: a51d8ad9a6aacfc79ec4354df4b6ac22a95e4d3e
-  data.tar.gz: f97be7da287ba2987204dea1cc6ae72b188aa454
+SHA256:
+  metadata.gz: 37b80527c008c3d05100caffb316ae36fd75050a7d5612db07a180f163e3e17a
+  data.tar.gz: 622dc9a174d7e0af97046b33a12164b37deec2d3574afebd42932b7c7b699171
 SHA512:
-  metadata.gz: 4251aedd24958f9cb6bac0f0fc6378f741f8fbf798e87f07e4cce3379c2c276bbd5ce28ec6a89b8d8cef378eb8a9182679c4f53d823763df38c0d7b49ed45b87
-  data.tar.gz: d9ea74e870ab67ad6cca27b328a41ac7ddb0e132f435c718a596b91f1f0f9161067364497fc43b546b2fbff94c8a59a25a597976d65385d9fb3e166d4b7a1e07
+  metadata.gz: ab9dec997252c0e656cb39c4364e9d2f28e28bfd707309178a3d0e17d3d3289241720cc4c78a1f542edef1545a5d30e43573aea389e6fc69ee33237e47414c95
+  data.tar.gz: e3f3707826e51e569703a04aaaaeb4593f99db011331ffd73018909c8548f702cf317ccefe0f30308047b3734107b4ce292c8ef740fb362e9647834b3eb79e4c

data/README.md

@@ -1,8 +1,8 @@
 # Defra Ruby Mocks
 
 [![Build Status](https://travis-ci.com/DEFRA/defra-ruby-mocks.svg?branch=master)](https://travis-ci.com/DEFRA/defra-ruby-mocks)
-[![Maintainability](https://api.codeclimate.com/v1/badges/8b14cc1e0e1c1d6a33cc/maintainability)](https://codeclimate.com/github/DEFRA/defra-ruby-mocks/maintainability)
-[![Test Coverage](https://api.codeclimate.com/v1/badges/8b14cc1e0e1c1d6a33cc/test_coverage)](https://codeclimate.com/github/DEFRA/defra-ruby-mocks/test_coverage)
+[![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=DEFRA_defra-ruby-mocks&metric=sqale_rating)](https://sonarcloud.io/dashboard?id=DEFRA_defra-ruby-mocks)
+[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=DEFRA_defra-ruby-mocks&metric=coverage)](https://sonarcloud.io/dashboard?id=DEFRA_defra-ruby-mocks)
 [![security](https://hakiri.io/github/DEFRA/defra-ruby-mocks/master.svg)](https://hakiri.io/github/DEFRA/defra-ruby-mocks/master)
 [![Licence](https://img.shields.io/badge/Licence-OGLv3-blue.svg)](http://www.nationalarchives.gov.uk/doc/open-government-licence/version/3)
 
@@ -104,6 +104,94 @@ The list of possible statuses was taken from
 - [Companies House API](https://developer.companieshouse.gov.uk/api/docs/company/company_number/companyProfile-resource.html)
 - [Companies House API enumerations](https://github.com/companieshouse/api-enumerations/blob/master/constants.yml)
 
+### Worldpay
+
+When mounted into an app you can simulate interacting with the Worldpay hosted pages service.
+
+#### Payments
+
+Making a payment with Worldpay essentially comes in 2 stages
+
+1. The app sends an XML request to Worldpay asking it to prepare for a new payment. Worldpay responds with a reference and a URL to redirect the user to
+2. The app redirects the user to the URL and adds to it query params that tell Worldpay where to redirect the user to when the payment is complete
+
+For more details check out [Making a payment with WorldPay](https://github.com/DEFRA/ruby-services-team/blob/master/services/wcr/payment_with_worldpay.md)
+
+This Worldpay mock replicates those 2 interactions with the following urls
+
+- `../worldpay/payments-service`
+- `../worldpay/dispatcher`
+
+##### Refused payments
+
+The engine has the ability to also mock Worldpay refusing a payment. To have the mock refuse payment just ensure the registration's company name includes the word `reject` (case doesn't matter).
+
+If it does the engine will redirect back to the failure url instead of the success url provided, plus set the payment status to `REFUSED`.
+
+This allows us to test how the application handles both successful and unsucessful Worldpay payments.
+
+##### Stuck payments
+
+The engine has the ability to also mock Worldpay not redirecting back to the service. This is the equivalent of a registration getting 'stuck at Worldpay'. To have the mock not respond just ensure the registration's company name includes the word `stuck` (case doesn't matter).
+
+If it does the engine will not redirect back to the service, but instead render a 'You're stuck!' page.
+
+This allows us to test how the application handles Worldpay not returning after we redirect a user to them.
+
+#### Refunds
+
+Requesting a refund from Worldpay is a single step process.
+
+1. The app sends an XML request to Worldpay with details of the order to be refunded and the amount. Worldpay returns an XML response confirming the request has been received
+
+Like payments, refund requests are also sent to the same url `../worldpay/payments-service`. The mock handles determining what request is being made and returns the appropriate response.
+
+#### Configuration
+
+In order to use the Worldpay mock you'll need to provide additional configuration details
+
+```ruby
+# config/initializers/defra_ruby_mocks.rb
+require "defra_ruby_mocks"
+
+DefraRubyMocks.configure do |config|
+  config.enable = true
+  config.delay = 1000
+
+  config.worldpay_admin_code = "admincode1"
+  config.worldpay_mac_secret = "macsecret1"
+  config.worldpay_merchant_code = "merchantcode1"
+  config.worldpay_domain = "http://localhost:3000/mocks"
+end
+```
+
+It's important that the admin code, mac secret and merchant code are the same as used by the apps calling the Worldpay mock. These values are used when generating the responses and are validated by the apps so it's important they match.
+
+The domain is used when generating the URL we tell the app to redirect users to. As this is just an engine and not a standalone service, we need to tell it what domain it is running from. For example, if the engine is mounted into the app like this
+
+```ruby
+mount DefraRubyMocks::Engine => "/mocks"
+```
+
+And the app is running at `http://localhost:3000`, this engine can then use that information to tell the app to redirect users to `http://localhost:3000/mocks/worldpay/dispatcher` as part of the `payments-service` response.
+
+#### Only for Waste Carriers
+
+At this time there is only one digital service built using Ruby on Rails that uses Worldpay; the [Waste Carriers Registration service](https://github.com/DEFRA/ruby-services-team/tree/master/services/wcr). So the Worldpay mock has been written with the assumption it will only be mounted into one of the Waste Carriers apps.
+
+A critical aspect of this is the expectation that the following classes will be loaded and available when the engine is mounted and the app is running
+
+- `WasteCarriersEngine::TransientRegistration`
+- `WasteCarriersEngine::Registration`
+
+We need these classes so we can use them to query the database for the registration the payment is being made against. We only get the registration reference in the request made to `/worldpay/dispatcher`, not the order code. As the response needs to include the order code we need access to these ActiveRecord models to locate the last order added.
+
+In the live Worldpay service this information (along with the amount to be paid) is saved after the initial request to `/payments-service`. The mock however isn't persisting anything to reduce complexity. So instead it needs to be able to query the database for the information it needs via ActiveRecord.
+
+#### Payment pages are not mocked
+
+The actual Worldpay service presents payment pages that display a form where users are able to enter their credit card details and confirm the payment is correct. This mock does **not** replicate the UI of Worldpay, only the API. Bear this in mind when building any automated acceptance tests.
+
 ## Installation
 
 You don't need to do this if you're just mounting the engine without making any changes.

data/Rakefile

@@ -25,7 +25,6 @@ Bundler::GemHelper.install_tasks
 # This is wrapped to prevent an error when rake is called in environments where
 # rspec may not be available, e.g. production. As such we don't need to handle
 # the error.
-# rubocop:disable Lint/HandleExceptions
 begin
   require "rspec/core/rake_task"
 
@@ -35,4 +34,3 @@ begin
 rescue LoadError
   # no rspec available
 end
-# rubocop:enable Lint/HandleExceptions

data/app/controllers/defra_ruby_mocks/company_controller.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module DefraRubyMocks
-  class CompanyController < ApplicationController
+  class CompanyController < ::DefraRubyMocks::ApplicationController
 
     before_action :set_default_response_format
 

data/app/controllers/defra_ruby_mocks/worldpay_controller.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+module DefraRubyMocks
+  class WorldpayController < ::DefraRubyMocks::ApplicationController
+
+    before_action :set_default_response_format
+
+    def payments_service
+      @values = WorldpayRequestHandlerService.run(convert_request_body_to_xml)
+
+      render_payment_response if @values[:request_type] == :payment
+      render_refund_response if @values[:request_type] == :refund
+    rescue StandardError
+      head 500
+    end
+
+    def dispatcher
+      @response = WorldpayResponseService.run(
+        success_url: params[:successURL],
+        failure_url: params[:failureURL]
+      )
+
+      if @response.status == :STUCK
+        render formats: :html, action: "stuck", layout: false
+      else
+        redirect_to @response.url
+      end
+    rescue StandardError
+      head 500
+    end
+
+    private
+
+    def set_default_response_format
+      request.format = :xml
+    end
+
+    def convert_request_body_to_xml
+      Nokogiri::XML(request.body.read)
+    end
+
+    def render_payment_response
+      render "defra_ruby_mocks/worldpay/payment_request"
+    end
+
+    def render_refund_response
+      render "defra_ruby_mocks/worldpay/refund_request"
+    end
+
+  end
+end

data/app/services/defra_ruby_mocks/worldpay_payment_service.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module DefraRubyMocks
+  class WorldpayPaymentService < BaseService
+    def run(merchant_code:, xml:)
+      check_config
+
+      @merchant_code = merchant_code
+      @order_code = extract_order_code(xml)
+
+      {
+        merchant_code: @merchant_code,
+        order_code: @order_code,
+        id: generate_id,
+        url: generate_url
+      }
+    end
+
+    private
+
+    def check_config
+      domain = DefraRubyMocks.configuration.worldpay_domain
+
+      raise InvalidConfigError, :worldpay_domain if domain.blank?
+    end
+
+    def extract_order_code(xml)
+      order = xml.at_xpath("//order")
+      order.attribute("orderCode").text
+    end
+
+    def generate_id
+      # Worldpay seems to generate 10 digit numbers for all its ID's. So we
+      # replicate that here with this.
+      # https://stackoverflow.com/a/31043825
+      rand(1e9...1e10).to_i.to_s
+    end
+
+    def generate_url
+      "#{base_url}?OrderKey=#{@merchant_code}%5E#{@order_code}"
+    end
+
+    def base_url
+      File.join(DefraRubyMocks.configuration.worldpay_domain, "/worldpay/dispatcher")
+    end
+  end
+end

data/app/services/defra_ruby_mocks/worldpay_refund_service.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module DefraRubyMocks
+  class WorldpayRefundService < BaseService
+    def run(merchant_code:, xml:)
+      {
+        merchant_code: merchant_code,
+        order_code: extract_order_code(xml),
+        refund_value: extract_refund_value(xml),
+        currency_code: extract_currency_code(xml),
+        exponent: extract_exponent(xml)
+      }
+    end
+
+    private
+
+    def extract_order_code(xml)
+      order_modification = xml.at_xpath("//orderModification")
+      order_modification.attribute("orderCode").text
+    end
+
+    def extract_refund_value(xml)
+      amount = xml.at_xpath("//amount")
+      amount.attribute("value").text
+    end
+
+    def extract_currency_code(xml)
+      amount = xml.at_xpath("//amount")
+      amount.attribute("currencyCode").text
+    end
+
+    def extract_exponent(xml)
+      amount = xml.at_xpath("//amount")
+      amount.attribute("exponent").text
+    end
+  end
+end

data/app/services/defra_ruby_mocks/worldpay_request_handler_service.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module DefraRubyMocks
+  class WorldpayRequestHandlerService < BaseService
+    def run(xml)
+      arguments = {
+        merchant_code: extract_merchant_code(xml),
+        xml: xml
+      }
+
+      generate_response(arguments)
+    end
+
+    private
+
+    def extract_merchant_code(xml)
+      payment_service = xml.at_xpath("//paymentService")
+      payment_service.attribute("merchantCode").text
+    end
+
+    def generate_response(arguments)
+      return WorldpayPaymentService.run(arguments).merge(request_type: :payment) if payment_request?(arguments[:xml])
+      return WorldpayRefundService.run(arguments).merge(request_type: :refund) if refund_request?(arguments[:xml])
+
+      raise UnrecognisedWorldpayRequestError
+    end
+
+    def payment_request?(xml)
+      submit = xml.at_xpath("//submit")
+
+      !submit.nil?
+    end
+
+    def refund_request?(xml)
+      modify = xml.at_xpath("//modify")
+
+      !modify.nil?
+    end
+  end
+end

data/app/services/defra_ruby_mocks/worldpay_resource_service.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+module DefraRubyMocks
+  class WorldpayResourceService < BaseService
+
+    def run(reference:)
+      @reference = reference
+
+      raise(MissingResourceError, @reference) if resource.nil?
+
+      WorldpayResource.new(resource, order, company_name)
+    end
+
+    private
+
+    WorldpayResource = Struct.new(:resource, :order, :company_name)
+
+    def resource
+      @_resource ||= locate_transient_registration || locate_completed_registration
+    end
+
+    def locate_transient_registration
+      "WasteCarriersEngine::TransientRegistration"
+        .constantize
+        .where(token: @reference)
+        .first
+    end
+
+    def locate_completed_registration
+      "WasteCarriersEngine::Registration"
+        .constantize
+        .where(reg_uuid: @reference)
+        .first
+    end
+
+    def locate_original_registration(reg_identifier)
+      "WasteCarriersEngine::Registration"
+        .constantize
+        .where(reg_identifier: reg_identifier)
+        .first
+    end
+
+    def order
+      @_order ||= resource.finance_details&.orders&.order_by(dateCreated: :desc)&.first
+    end
+
+    def company_name
+      if resource.class.to_s == "WasteCarriersEngine::OrderCopyCardsRegistration"
+        locate_original_registration(resource.reg_identifier).company_name.downcase
+      else
+        resource.company_name.downcase
+      end
+    end
+  end
+end

data/app/services/defra_ruby_mocks/worldpay_response_service.rb

@@ -0,0 +1,92 @@
+# frozen_string_literal: true
+
+module DefraRubyMocks
+  class WorldpayResponseService < BaseService
+
+    def run(success_url:, failure_url:)
+      parse_reference(success_url)
+      @resource = WorldpayResourceService.run(reference: @reference)
+
+      generate_response(success_url, failure_url)
+    end
+
+    private
+
+    WorldpayResponse = Struct.new(:supplied_url, :separator, :order_key, :mac, :value, :status, :reference) do
+      def url
+        [supplied_url, separator, params].join
+      end
+
+      def params
+        [
+          "orderKey=#{order_key}",
+          "paymentStatus=#{status}",
+          "paymentAmount=#{value}",
+          "paymentCurrency=GBP",
+          "mac=#{mac}",
+          "source=WP"
+        ].join("&")
+      end
+    end
+
+    def parse_reference(url)
+      path = URI.parse(url).path
+      parts = path.split("/")
+
+      if parts[1].downcase == "your-registration"
+        # ["", "your-registration", "xP2zj9nqWYI0SAsMtGZn6w", "worldpay", "success", "1577812071", "NEWREG"]
+        @reference = parts[-5]
+        @url_format = :old
+      else
+        # ["", "fo", "jq6sTt2RQguAu4ZyKFfRg9zm", "worldpay", "success"]
+        @reference = parts[-3]
+        @url_format = :new
+      end
+    end
+
+    def order_key
+      [
+        DefraRubyMocks.configuration.worldpay_admin_code,
+        DefraRubyMocks.configuration.worldpay_merchant_code,
+        @resource.order.order_code
+      ].join("^")
+    end
+
+    def order_value
+      @resource.order.total_amount.to_s
+    end
+
+    def payment_status
+      return :REFUSED if @resource.company_name.include?("reject")
+      return :STUCK if @resource.company_name.include?("stuck")
+
+      :AUTHORISED
+    end
+
+    def generate_mac(status)
+      data = [
+        order_key,
+        order_value,
+        "GBP",
+        status,
+        DefraRubyMocks.configuration.worldpay_mac_secret
+      ]
+
+      Digest::MD5.hexdigest(data.join).to_s
+    end
+
+    def generate_response(success_url, failure_url)
+      status = payment_status
+
+      WorldpayResponse.new(
+        status == :AUTHORISED ? success_url : failure_url,
+        @url_format == :new ? "?" : "&",
+        order_key,
+        generate_mac(status),
+        order_value,
+        status,
+        @reference
+      )
+    end
+  end
+end