floorplanner-adyen 0.2.2

data/.gitignore

@@ -0,0 +1,4 @@
+/tmp
+/pkg
+/doc
+adyen-*.gem

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2008 - 2009 Willem van Bergen and Michel Barbosa
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,39 @@
+= Adyen
+
+Package to simplify including the Adyen payments services into a Ruby on Rails application.
+
+Adyen integration relies on three modes of communication between Adyen, your server and
+your client/customer:
+
+* Client-to-Adyen communication using forms and redirects.
+* Adyen-to-server communications using notifications.
+* Server-to-Adyen communication using SOAP services.
+
+This library aims to ease the implementation of all these modes into your application.
+Moreover, it provides matchers, assertions and mocks to make it easier to implement an
+automated test suite to assert the integration is working correctly.
+
+== Installation
+
+Add the following line to your <tt>environment.rb</tt> and run <tt>rake gems:install</tt>
+to make the Adyen functionality available in your Rails project:
+
+    config.gem 'adyen', :source => 'http://gemcutter.org
+
+You can also install it as a Rails plugin (*deprecated*):
+
+    script/plugin install git://github.com/wvanbergen/adyen.git
+
+== Usage
+
+See the project wiki on http://wiki.github.com/wvanbergen/adyen to get started.
+
+* For more information about Adyen, see http://www.adyen.com
+* For more information about integrating Adyen, see their manuals at
+  http://support.adyen.com/links/documentation
+
+== About
+
+This package is written by Michel Barbosa and Willem van Bergen for Floorplanner.com, and
+made public under the MIT license (see LICENSE). It comes without warranty of any kind, so
+use at your own risk.

data/Rakefile

@@ -0,0 +1,5 @@
+Dir[File.dirname(__FILE__) + "/tasks/*.rake"].each { |file| load(file) }
+
+GithubGem::RakeTasks.new(:gem)
+
+task :default => "spec:specdoc"

data/adyen.gemspec

@@ -0,0 +1,30 @@
+Gem::Specification.new do |s|
+  s.name    = 'floorplanner-adyen'
+  s.version = "0.2.2"
+  s.date    = "2009-11-17"
+
+  s.summary = "Integrate Adyen payment services in you Ruby on Rails application."
+  s.description = <<-EOS
+    Package to simplify including the Adyen payments services into a Ruby on Rails application.
+    The package provides functionality to create payment forms, handling and storing notifications 
+    sent by Adyen and consuming the SOAP services provided by Adyen. Moreover, it contains helper
+    methods, mocks and matchers to simpify writing tests/specsfor your code.
+  EOS
+
+  s.authors  = ['Willem van Bergen', 'Michel Barbosa']
+  s.email    = ['willem@vanbergen.org', 'cicaboo@gmail.com']
+  s.homepage = 'http://wiki.github.com/wvanbergen/adyen'
+
+  s.add_development_dependency('rspec', '>= 1.1.4')
+  s.add_development_dependency('git', '>= 1.1.0')
+
+  s.requirements << 'Handsoap is required for accessing the SOAP services. See http://github.com/troelskn/handsoap.'
+  s.requirements << 'LibXML is required for using the RSpec matchers.'
+  s.requirements << 'ActiveRecord is required for storing the notifications in your database.'
+
+  s.rdoc_options << '--title' << s.name << '--main' << 'README.rdoc' << '--line-numbers' << '--inline-source'
+  s.extra_rdoc_files = ['README.rdoc']
+
+  s.files = %w(spec/spec_helper.rb lib/adyen/form.rb .gitignore LICENSE spec/soap_spec.rb spec/notification_spec.rb lib/adyen/soap.rb init.rb spec/adyen_spec.rb adyen.gemspec Rakefile tasks/github-gem.rake spec/form_spec.rb README.rdoc lib/adyen/notification.rb lib/adyen/matchers.rb lib/adyen/formatter.rb lib/adyen.rb lib/adyen/encoding.rb)
+  s.test_files = %w(spec/soap_spec.rb spec/notification_spec.rb spec/adyen_spec.rb spec/form_spec.rb)
+end

data/init.rb

@@ -0,0 +1 @@
+require 'adyen'

data/lib/adyen.rb

@@ -0,0 +1,31 @@
+module Adyen
+  LIVE_RAILS_ENVIRONMENTS = ['production']
+
+  # Setter voor the current Adyen environment.
+  # Must be either 'test' or 'live'
+  def self.environment=(env)
+    @environment = env
+  end
+
+  # Returns the current Adyen environment.
+  # Returns either 'test' or 'live'.
+  def self.environment(override = nil)
+    override || @environment || Adyen.autodetect_environment
+  end
+
+  # Autodetects the Adyen environment based on the RAILS_ENV constant
+  def self.autodetect_environment
+    (defined?(RAILS_ENV) && Adyen::LIVE_RAILS_ENVIRONMENTS.include?(RAILS_ENV.to_s.downcase)) ? 'live' : 'test'
+  end
+
+  # Loads submodules on demand, so that dependencies are not required.
+  def self.const_missing(sym)
+    require "adyen/#{sym.to_s.downcase}"
+    return Adyen.const_get(sym)
+  rescue
+    super(sym)
+  end
+end
+
+require 'adyen/encoding'
+require 'adyen/formatter'

data/lib/adyen/encoding.rb

@@ -0,0 +1,21 @@
+require 'base64'
+require 'openssl'
+require 'stringio'
+require 'zlib'
+
+module Adyen
+  module Encoding
+    def self.hmac_base64(hmac_key, message)
+      digest = OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new('sha1'), hmac_key, message)
+      Base64.encode64(digest).strip
+    end
+
+    def self.gzip_base64(message)
+      sio = StringIO.new
+      gz  = Zlib::GzipWriter.new(sio)
+      gz.write(message)
+      gz.close
+      Base64.encode64(sio.string).gsub("\n", "")
+    end
+  end
+end

data/lib/adyen/form.rb

@@ -0,0 +1,138 @@
+require 'action_view'
+
+module Adyen
+  module Form
+
+    extend ActionView::Helpers::TagHelper
+
+    ######################################################
+    # SKINS
+    ######################################################
+
+    def self.skins
+      @skins ||= {}
+    end
+    
+    def self.register_skin(name, skin_code, shared_secret)
+      self.skins[name] = {:name => name, :skin_code => skin_code, :shared_secret => shared_secret }
+    end
+
+    def self.skin_by_name(skin_name)
+      self.skins[skin_name]
+    end
+    
+    def self.skin_by_code(skin_code)
+      self.skins.detect { |(name, skin)| skin[:skin_code] == skin_code }.last rescue nil      
+    end
+    
+    def self.lookup_shared_secret(skin_code)
+      skin = skin_by_code(skin_code)[:shared_secret] rescue nil
+    end    
+    
+    ######################################################
+    # DEFAULT FORM / REDIRECT PARAMETERS
+    ######################################################    
+
+    def self.default_parameters
+      @default_arguments ||= {}
+    end
+    
+    def self.default_parameters=(hash)
+      @default_arguments = hash
+    end
+
+    ######################################################
+    # ADYEN FORM URL
+    ######################################################
+
+    ACTION_URL = "https://%s.adyen.com/hpp/select.shtml"
+
+    def self.url(environment = nil)
+      environment ||= Adyen.environment(environment)
+      Adyen::Form::ACTION_URL % environment.to_s
+    end
+
+
+    ######################################################
+    # POSTING/REDIRECTING TO ADYEN
+    ######################################################
+
+    def self.do_parameter_transformations!(parameters = {})
+      raise "YENs are not yet supported!" if parameters[:currency_code] == 'JPY' # TODO: fixme
+
+      parameters.replace(default_parameters.merge(parameters))
+      parameters[:recurring_contract] = 'DEFAULT' if parameters.delete(:recurring) == true
+      parameters[:order_data]         = Adyen::Encoding.gzip_base64(parameters.delete(:order_data_raw)) if parameters[:order_data_raw]
+      parameters[:ship_before_date]   = Adyen::Formatter::DateTime.fmt_date(parameters[:ship_before_date])
+      parameters[:session_validity]   = Adyen::Formatter::DateTime.fmt_time(parameters[:session_validity])
+      
+      if parameters[:skin]
+        skin = Adyen::Form.skin_by_name(parameters.delete(:skin))
+        parameters[:skin_code]     ||= skin[:skin_code]
+        parameters[:shared_secret] ||= skin[:shared_secret]
+      end
+    end
+
+    def self.payment_parameters(parameters = {})
+      do_parameter_transformations!(parameters)
+      
+      raise "Cannot generate form: :currency code attribute not found!"         unless parameters[:currency_code]
+      raise "Cannot generate form: :payment_amount code attribute not found!"   unless parameters[:payment_amount]
+      raise "Cannot generate form: :merchant_account attribute not found!"      unless parameters[:merchant_account]
+      raise "Cannot generate form: :skin_code attribute not found!"             unless parameters[:skin_code]
+      raise "Cannot generate form: :shared_secret signing secret not provided!" unless parameters[:shared_secret]
+
+      # Merchant signature
+      parameters[:merchant_sig] = calculate_signature(parameters)
+      return parameters      
+    end
+    
+    def self.redirect_url(parameters = {})
+      self.url + '?' + payment_parameters(parameters).map { |(k, v)| "#{k.to_s.camelize(:lower)}=#{CGI.escape(v.to_s)}" }.join('&')
+    end
+
+    def self.hidden_fields(parameters = {})
+      # Generate hidden input tags
+      payment_parameters(parameters).map { |key, value|
+        self.tag(:input, :type => 'hidden', :name => key.to_s.camelize(:lower), :value => value)
+      }.join("\n")
+    end
+    
+    ######################################################
+    # MERCHANT SIGNATURE CALCULATION
+    ######################################################
+
+    def self.calculate_signature_string(parameters)
+      merchant_sig_string = ""
+      merchant_sig_string << parameters[:payment_amount].to_s    << parameters[:currency_code].to_s      <<
+                             parameters[:ship_before_date].to_s  << parameters[:merchant_reference].to_s <<
+                             parameters[:skin_code].to_s         << parameters[:merchant_account].to_s   <<
+                             parameters[:session_validity].to_s  << parameters[:shopper_email].to_s      <<
+                             parameters[:shopper_reference].to_s << parameters[:recurring_contract].to_s <<
+                             parameters[:allowed_methods].to_s   << parameters[:blocked_methods].to_s    <<
+                             parameters[:shopper_statement].to_s << parameters[:billing_address_type].to_s
+    end
+
+    def self.calculate_signature(parameters)
+       Adyen::Encoding.hmac_base64(parameters.delete(:shared_secret), calculate_signature_string(parameters))
+    end
+
+    ######################################################
+    # REDIRECT SIGNATURE CHECKING
+    ######################################################
+
+    def self.redirect_signature_string(params)
+      params[:authResult].to_s + params[:pspReference].to_s + params[:merchantReference].to_s + params[:skinCode].to_s
+    end
+
+    def self.redirect_signature(params, shared_secret = nil)
+      shared_secret ||= lookup_shared_secret(params[:skinCode])
+      Adyen::Encoding.hmac_base64(shared_secret, redirect_signature_string(params))
+    end
+
+    def self.redirect_signature_check(params, shared_secret = nil)
+      params[:merchantSig] == redirect_signature(params, shared_secret)
+    end
+
+  end
+end

data/lib/adyen/formatter.rb

@@ -0,0 +1,37 @@
+module Adyen
+  module Formatter
+    module DateTime
+      # Returns a valid Adyen string representation for a date
+      def self.fmt_date(date)
+        case date
+        when Date, DateTime, Time
+          date.strftime('%Y-%m-%d')
+        else
+          raise "Invalid date notation: #{date.inspect}!" unless /^\d{4}-\d{2}-\d{2}$/ =~ date
+          date
+        end
+      end
+
+      # Returns a valid Adyen string representation for a timestamp
+      def self.fmt_time(time)
+        case time
+        when Date, DateTime, Time
+          time.strftime('%Y-%m-%dT%H:%M:%SZ')
+        else
+          raise "Invalid timestamp notation: #{time.inspect}!" unless /^\d{4}-\d{2}-\d{2}T\d{2}\:\d{2}\:\d{2}Z$/ =~ time
+          time
+        end
+      end
+    end
+
+    module Price
+      def self.in_cents(price)
+        ((price * 100).round).to_i
+      end
+
+      def self.from_cents(price)
+        BigDecimal.new(price.to_s) / 100
+      end
+    end
+  end
+end

data/lib/adyen/matchers.rb

@@ -0,0 +1,105 @@
+require 'xml'
+
+module Adyen
+  module Matchers
+
+    module XPathPaymentFormCheck
+
+      def self.build_xpath_query(checks)
+        # Start by finding the check for the Adyen form tag
+        xpath_query =  "//form[@action='#{Adyen::Form.url}']"
+
+        # Add recurring/single check if specified
+        recurring =  checks.delete(:recurring)
+        unless recurring.nil?
+          if recurring
+            xpath_query << "[descendant::input[@type='hidden'][@name='recurringContract']]"
+          else
+            xpath_query << "[not(descendant::input[@type='hidden'][@name='recurringContract'])]"
+          end
+        end
+
+        # Add a check for all the other fields specified
+        checks.each do |key, value|
+          condition  = "descendant::input[@type='hidden'][@name='#{key.to_s.camelize(:lower)}']"
+          condition << "[@value='#{value}']" unless value == :anything
+          xpath_query << "[#{condition}]"
+        end
+
+        return xpath_query
+      end
+
+      def self.document(subject)
+        if String === subject
+          XML::HTMLParser.string(subject).parse
+        elsif subject.respond_to?(:body)
+          XML::HTMLParser.string(subject.body).parse
+        elsif XML::Node === subject
+          subject
+        elsif XML::Document === subject
+          subject
+        else
+          raise "Cannot handle this XML input type"
+        end
+      end
+
+      def self.check(subject, checks = {})
+        document(subject).find_first(build_xpath_query(checks))
+      end
+    end
+
+    class HaveAdyenPaymentForm
+
+      def initialize(checks)
+        @checks = checks
+      end
+
+      def matches?(document)
+        Adyen::Matchers::XPathPaymentFormCheck.check(document, @checks)
+      end
+
+      def description
+        "have an adyen payment form"
+      end
+
+      def failure_message
+        "expected to find a valid Adyen form on this page"
+      end
+
+      def negative_failure_message
+        "expected not to find a valid Adyen form on this page"
+      end
+    end
+
+    def have_adyen_payment_form(checks = {})
+      default_checks = {:merchant_sig => :anything, :payment_amount => :anything, :currency_code => :anything, :skin_code => :anything }
+      HaveAdyenPaymentForm.new(default_checks.merge(checks))
+    end
+
+    def have_adyen_recurring_payment_form(checks = {})
+      recurring_checks = { :recurring => true, :shopper_email => :anything, :shopper_reference => :anything }
+      have_adyen_payment_form(recurring_checks.merge(checks))
+    end
+
+    def have_adyen_single_payment_form(checks = {})
+      recurring_checks = { :recurring => false }
+      have_adyen_payment_form(recurring_checks.merge(checks))
+    end
+
+    def assert_adyen_payment_form(subject, checks = {})
+      default_checks = {:merchant_sig => :anything, :payment_amount => :anything, :currency_code => :anything, :skin_code => :anything }
+      assert Adyen::Matchers::XPathPaymentFormCheck.check(subject, default_checks.merge(checks)), 'No Adyen payment form found'
+    end
+
+    def assert_adyen_recurring_payment_form(subject, checks = {})
+      recurring_checks = { :recurring => true, :shopper_email => :anything, :shopper_reference => :anything }
+      assert_adyen_payment_form(subject, recurring_checks.merge(checks))
+    end
+
+    def assert_adyen_single_payment_form(subject, checks = {})
+      recurring_checks = { :recurring => false }
+      assert_adyen_payment_form(subject, recurring_checks.merge(checks))
+    end
+
+  end
+end

data/lib/adyen/notification.rb

@@ -0,0 +1,99 @@
+require 'activerecord'
+
+module Adyen
+  class Notification < ActiveRecord::Base
+
+    DEFAULT_TABLE_NAME = :adyen_notifications
+    set_table_name(DEFAULT_TABLE_NAME)
+
+    validates_presence_of :event_code
+    validates_presence_of :psp_reference
+    validates_uniqueness_of :success, :scope => [:psp_reference, :event_code]
+
+    # Make sure we don't end up with an original_reference with an empty string
+    before_validation { |notification| notification.original_reference = nil if notification.original_reference.blank? }
+
+    def self.log(params)
+      converted_params = {}
+      # Convert each attribute from CamelCase notation to under_score notation
+      # For example, merchantReference will be converted to merchant_reference
+      params.each do |key, value|
+        field_name                   = key.to_s.underscore
+        converted_params[field_name] = value if self.column_names.include?(field_name)
+      end
+      self.create!(converted_params)
+    end
+
+    def authorisation?
+      event_code == 'AUTHORISATION'
+    end
+
+    alias :authorization? :authorisation?
+
+    def successful_authorisation?
+      event_code == 'AUTHORISATION' && success?
+    end
+
+    def collect_payment_for_recurring_contract!(options)
+      # Make sure we convert the value to cents
+      options[:value] = Adyen::Formatter::Price.in_cents(options[:value])
+      raise "This is not a recurring contract!" unless event_code == 'RECURRING_CONTRACT'
+      Adyen::SOAP::RecurringService.submit(options.merge(:recurring_reference => self.psp_reference))
+    end
+
+    def deactivate_recurring_contract!(options)
+      raise "This is not a recurring contract!" unless event_code == 'RECURRING_CONTRACT'
+      Adyen::SOAP::RecurringService.deactivate(options.merge(:recurring_reference => self.psp_reference))
+    end
+
+    alias :successful_authorization? :successful_authorisation?
+
+    class HttpPost < Notification
+
+      def self.log(request)
+        super(request.params)
+      end
+
+      def live=(value)
+        self.write_attribute(:live, [true, 1, '1', 'true'].include?(value))
+      end
+
+      def success=(value)
+        self.write_attribute(:success, [true, 1, '1', 'true'].include?(value))
+      end
+
+      def value=(value)
+        self.write_attribute(:value, Adyen::Formatter::Price.from_cents(value)) unless value.blank?
+      end
+    end
+
+    class Migration < ActiveRecord::Migration
+
+      def self.up(table_name = Adyen::Notification::DEFAULT_TABLE_NAME)
+        create_table(table_name) do |t|
+          t.boolean  :live,                  :null => false, :default => false
+          t.string   :event_code,            :null => false
+          t.string   :psp_reference,         :null => false
+          t.string   :original_reference,    :null => true
+          t.string   :merchant_reference,    :null => false
+          t.string   :merchant_account_code, :null => false
+          t.datetime :event_date,            :null => false
+          t.boolean  :success,               :null => false, :default => false
+          t.string   :payment_method,        :null => true
+          t.string   :operations,            :null => true
+          t.text     :reason
+          t.string   :currency,              :null => false, :limit => 3
+          t.decimal  :value,                 :null => true, :precision => 9, :scale => 2
+          t.boolean  :processed,             :null => false, :default => false
+          t.timestamps
+        end
+        add_index table_name, [:psp_reference, :event_code, :success], :unique => true, :name => 'adyen_notification_uniqueness'
+      end
+
+      def self.down(table_name = Adyen::Notification::DEFAULT_TABLE_NAME)
+        remove_index(table_name, :name => 'adyen_notification_uniqueness')
+        drop_table(table_name)
+      end
+    end
+  end
+end