gocardless 0.1.1 → 0.1.2

data/.gitignore

@@ -8,3 +8,4 @@ gocardless*.gem
 .yardopts
 gocardless-*.gem
 gocardless-ruby.zip
+.rvmrc

data/.travis.yml

@@ -0,0 +1,16 @@
+script: "rake spec"
+rvm:
+  - 1.9.3
+  - 1.9.2
+  - 1.8.7
+  - jruby-18mode
+  - jruby-19mode
+  - rbx-18mode
+  - ruby-head
+  - jruby-head
+  - ree
+notifications:
+  email:
+    recipients:
+      - developers@gocardless.com
+

data/README.md

@@ -13,3 +13,5 @@ you want to support multiple merchant accounts, see the
 The full API reference is available at on
 [rubydoc.info](http://rubydoc.info/github/gocardless/gocardless-ruby/master/frames).
 
+[![Build Status](https://secure.travis-ci.org/gocardless/gocardless-ruby.png)](http://travis-ci.org/gocardless/gocardless-ruby)
+

data/Rakefile

@@ -1,6 +1,13 @@
 require 'yard'
+require 'rspec/core/rake_task'
 
+desc "Generate YARD documentation"
 YARD::Rake::YardocTask.new do |t|
   t.files = ['lib/**/*.rb'].reject { |f| f.match(/seed|example/) }
 end
 
+desc "Run the specs"
+RSpec::Core::RakeTask.new(:spec) do |t|
+  t.rspec_opts = %w[--color]
+end
+

data/gocardless.gemspec

@@ -2,14 +2,14 @@ require File.expand_path('../lib/gocardless/version', __FILE__)
 
 Gem::Specification.new do |gem|
   gem.add_runtime_dependency "oauth2", "~> 0.5.0.rc1"
-  gem.add_runtime_dependency "json", "~> 1.5.3"
+  gem.add_runtime_dependency "json", ">= 1.5.3"
 
   gem.add_development_dependency 'rspec', '~> 2.6'
   gem.add_development_dependency 'mocha', '~> 0.9.12'
   gem.add_development_dependency "yard", "~> 0.7.3"
-  gem.add_development_dependency "redcarpet", "~> 1.17.2"
+  gem.add_development_dependency "activesupport", "~> 3.1"
 
-  gem.authors = ["Harry Marr, Tom Blomfield"]
+  gem.authors = ["Harry Marr", "Tom Blomfield"]
   gem.description = %q{A Ruby wrapper for the GoCardless API}
   gem.email = ['developers@gocardless.com']
   gem.files = `git ls-files`.split("\n")

data/lib/gocardless.rb

@@ -20,7 +20,7 @@ module GoCardless
       @client = Client.new(details)
     end
 
-    %w(new_subscription_url new_pre_authorization_url new_bill_url confirm_resource).each do |name|
+    %w(new_subscription_url new_pre_authorization_url new_bill_url confirm_resource webhook_valid?).each do |name|
       class_eval <<-EOM
         def #{name}(*args)
           raise ClientError.new('Need to set account_details first') unless @client

data/lib/gocardless/bill.rb

@@ -36,6 +36,7 @@ module GoCardless
         :bill => {
           :pre_authorization_id => self.source_id,
           :amount => self.amount,
+          :name => self.name,
           :description => self.description,
         }
       })

data/lib/gocardless/client.rb

@@ -79,7 +79,7 @@ module GoCardless
     # @param [String] token a string with format <code>"#{token} #{scope}"</code>
     #   (as returned by {#access_token})
     def access_token=(token)
-      token, scope = token.split(' ', 2)
+      token, scope = token.sub(/^bearer\s+/i, '').split(' ', 2)
       if scope.nil?
         raise ArgumentError, ('Access token missing scope. Use format '
                               '<token> <scope>')
@@ -213,7 +213,9 @@ module GoCardless
     # @param [Hash] params the response parameters returned by the API server
     # @return [Resource] the confirmed resource object
     def confirm_resource(params)
-      params = Utils.symbolize_keys(params)
+      # Create a new hash in case is a HashWithIndifferentAccess (keys are
+      # always a String)
+      params = Utils.symbolize_keys(Hash[params])
       # Only pull out the relevant parameters, other won't be included in the
       # signature so will cause false negatives
       keys = [:resource_id, :resource_type, :resource_uri, :state, :signature]
@@ -244,23 +246,17 @@ module GoCardless
       end
     end
 
-  private
 
-    # Convert a hash into query-string style parameters
-    def encode_params(params, ns = nil)
-      params.map do |key,val|
-        key = ns ? "#{ns}[#{key.is_a?(Integer) ? '' : key.to_s}]" : key.to_s
-        case val
-        when Hash
-          encode_params(val, key)
-        when Array
-          encode_params(Hash[(1..val.length).zip(val)], key)
-        else
-          "#{CGI.escape(key)}=#{CGI.escape(val.to_s)}"
-        end
-      end.sort * '&'
+    # Validates the payload contents of a webhook request.
+    #
+    # @param [Hash] params the contents of payload of the webhook
+    # @return [boolean] true when valid, false otherwise
+    def webhook_valid?(params)
+      signature_valid?(params)
     end
 
+  private
+
     # Send a request to the GoCardless API servers
     #
     # @param [Symbol] method the HTTP method to use (e.g. +:get+, +:post+)
@@ -292,9 +288,7 @@ module GoCardless
     # @param [Hash] params the parameters to sign
     # @return [Hash] the parameters with the new +:signature+ key
     def sign_params(params)
-      msg = encode_params(params)
-      digest = OpenSSL::Digest::Digest.new('sha256')
-      params[:signature] = OpenSSL::HMAC.hexdigest(digest, @app_secret, msg)
+      params[:signature] = Utils.sign_params(params, @app_secret)
       params
     end
 
@@ -339,7 +333,7 @@ module GoCardless
 
       sign_params(params)
 
-      url.query = encode_params(params)
+      url.query = Utils.normalize_params(params)
       url.to_s
     end
 

data/lib/gocardless/utils.rb

@@ -1,35 +1,105 @@
+require 'uri'
 
 module GoCardless
   module Utils
-    class << self
+    extend self
 
-      # String Helpers
-      def camelize(str)
-        str.split('_').map(&:capitalize).join
-      end
+    # String Helpers
+    def camelize(str)
+      str.split('_').map(&:capitalize).join
+    end
 
-      def underscore(str)
-        str.gsub(/(.)([A-Z])/) { "#{$1}_#{$2.downcase}" }.downcase
-      end
+    def underscore(str)
+      str.gsub(/(.)([A-Z])/) { "#{$1}_#{$2.downcase}" }.downcase
+    end
 
-      def singularize(str)
-        # This should probably be a bit more robust
-        str.sub(/s$/, '').sub(/i$/, 'us')
-      end
+    def singularize(str)
+      # This should probably be a bit more robust
+      str.sub(/s$/, '').sub(/i$/, 'us')
+    end
+
+    # Hash Helpers
+    def symbolize_keys(hash)
+      symbolize_keys! hash.dup
+    end
 
-      # Hash Helpers
-      def symbolize_keys(hash)
-        symbolize_keys! hash.dup
+    def symbolize_keys!(hash)
+      hash.keys.each do |key|
+        sym_key = key.to_s.to_sym rescue key
+        hash[sym_key] = hash.delete(key) unless hash.key?(sym_key)
       end
+      hash
+    end
+
+    # Percent encode a string according to RFC 5849 (section 3.6)
+    #
+    # @param [String] str the string to encode
+    # @return [String] str the encoded string
+    def percent_encode(str)
+      URI.encode(str, /[^a-zA-Z0-9\-\.\_\~]/)
+    end
+
+    # Format a Time object according to ISO 8601, and convert to UTC.
+    #
+    # @param [Time] time the time object to format
+    # @return [String] the ISO-formatted time
+    def iso_format_time(time)
+      time.is_a?(Time) ? time.getutc.strftime('%Y-%m-%dT%H:%M:%SZ') : time
+    end
 
-      def symbolize_keys!(hash)
-        hash.keys.each do |key|
-          sym_key = key.to_s.to_sym rescue key
-          hash[sym_key] = hash.delete(key) unless hash.key?(sym_key)
-        end
-        hash
+    # Flatten a hash containing nested hashes and arrays to a non-nested array
+    # of key-value pairs.
+    #
+    # Examples:
+    #
+    #   flatten_params(a: 'b')
+    #   # => [['a', 'b']]
+    #
+    #   flatten_params(a: ['b', 'c'])
+    #   # => [['a[]', 'b'], ['a[]', 'c']]
+    #
+    #   flatten_params(a: {b: 'c'})
+    #   # => [['a[b]', 'c']]
+    #
+    # @param [Hash] obj the hash to flatten
+    # @return [Array] an array of key-value pairs (arrays of two strings)
+    def flatten_params(obj, ns=nil)
+      case obj
+      when Hash
+        pairs = obj.map { |k,v| flatten_params(v, ns ? "#{ns}[#{k}]" : k) }
+        pairs.empty? ? [] : pairs.inject(&:+)
+      when Array
+        obj.map { |v| flatten_params(v, "#{ns}[]") }.inject(&:+)
+      when Time
+        [[ns.to_s, iso_format_time(obj)]]
+      else
+        [[ns.to_s, obj.to_s]]
       end
+    end
+
+    # Generate a percent-encoded query string from an object. The object may
+    # have nested arrays and objects as values. Ordinary top-level key-value
+    # pairs will be of the form "name=Bob", arrays will result in
+    # "cars[]=BMW&cars[]=Fiat", and nested objects will look like
+    # "user[name]=Bob&user[age]=50". All keys and values will be
+    # percent-encoded according to RFC5849 §3.6 and parameters will be
+    # normalised according to RFC5849 §3.4.1.3.2.
+    def normalize_params(params)
+      flatten_params(params).map do |pair|
+        pair.map { |item| percent_encode(item) } * '='
+      end.sort * '&'
+    end
 
+    # Given a Hash of parameters, normalize then (flatten and convert to a
+    # string), then generate the HMAC-SHA-256 signature using the provided key.
+    #
+    # @param [Hash] params the parameters to sign
+    # @param [String] key the key to sign the params with
+    # @return [String] the resulting signature
+    def sign_params(params, key)
+      msg = Utils.normalize_params(params)
+      digest = OpenSSL::Digest::Digest.new('sha256')
+      OpenSSL::HMAC.hexdigest(digest, key, msg)
     end
   end
 end

data/lib/gocardless/version.rb

@@ -1,3 +1,3 @@
 module GoCardless
-  VERSION = '0.1.1'.freeze
+  VERSION = '0.1.2'.freeze
 end

data/spec/client_spec.rb

@@ -117,6 +117,13 @@ describe GoCardless::Client do
       token.params['scope'].should == 'a:1 b:2'
     end
 
+    it "ignores 'bearer' if it is present at the start of the string" do
+      @client.access_token = 'Bearer TOKEN manage_merchant:123'
+      token = @client.instance_variable_get(:@access_token)
+      token.token.should == 'TOKEN'
+      token.params['scope'].should == 'manage_merchant:123'
+    end
+
     it "handles invalid values correctly" do
       token = 'TOKEN123'  # missing scope
       expect { @client.access_token = token }.to raise_exception ArgumentError
@@ -195,26 +202,6 @@ describe GoCardless::Client do
     end
   end
 
-  describe "#encode_params" do
-    it "correctly encodes hashes" do
-      params = {:a => {:b => :c}, :x => :y}
-      result = 'a%5Bb%5D=c&x=y'
-      @client.send(:encode_params, params).should == result
-    end
-
-    it "correctly encodes arrays" do
-      params = {:a => [1,2]}
-      result = 'a%5B%5D=1&a%5B%5D=2'
-      @client.send(:encode_params, params).should == result
-    end
-
-    it "sorts params by key" do
-      params = {:b => 1, :a => 2}
-      result = 'a=2&b=1'
-      @client.send(:encode_params, params).should == result
-    end
-  end
-
   it "#sign_params signs pararmeter hashes correctly" do
     @client.instance_variable_set(:@app_secret, 'testsecret')
     params = {:test => true}
@@ -252,6 +239,24 @@ describe GoCardless::Client do
       end
     end
 
+    it "does not fail when keys are strings in a HashWithIndiferentAccess" do
+      params = {'resource_id' => 1,
+                'resource_uri' => 'a',
+                'resource_type' => 'subscription',
+                'signature' => 'foo'}
+      params_indifferent_access = HashWithIndifferentAccess.new(params)
+      expect { @client.confirm_resource params_indifferent_access }.to_not raise_exception ArgumentError
+    end
+
+    it "rejects other params not required for the signature" do
+      @client.stubs(:request).returns(stub(:parsed => {}))
+      @client.expects(:signature_valid?).returns(true).with(hash) do |hash|
+        !hash.keys.include?(:foo) && !hash.keys.include?('foo')
+      end
+
+      @client.confirm_resource(@client.send(:sign_params, @params).merge('foo' => 'bar'))
+    end
+
     it "doesn't confirm the resource when the signature is invalid" do
       @client.expects(:request).never
       @client.confirm_resource({:signature => 'xxx'}.merge(@params)) rescue nil
@@ -385,4 +390,17 @@ describe GoCardless::Client do
       end.to raise_exception GoCardless::ClientError
     end
   end
+
+  describe "#webhook_valid?" do
+    it "returns false when the webhook signature is invalid" do
+      @client.webhook_valid?({:some => 'stuff', :signature => 'invalid'}).
+        should be_false
+    end
+
+    it "returns true when the webhook signature is valid" do
+      valid_signature = '175e814f0f64e5e86d41fb8fe06a857cedda715a96d3dc3d885e6d97dbeb7e49'
+      @client.webhook_valid?({:some => 'stuff', :signature => valid_signature}).
+        should be_true
+    end
+  end
 end

data/spec/gocardless_spec.rb

@@ -22,7 +22,7 @@ describe GoCardless do
 
 
   describe "delegated methods" do
-    %w(new_subscription_url new_pre_authorization_url new_bill_url confirm_resource).each do |name|
+    %w(new_subscription_url new_pre_authorization_url new_bill_url confirm_resource webhook_valid?).each do |name|
       it "#{name} delegates to @client" do
         subject.account_details = @details
         subject.instance_variable_get(:@client).expects(name.to_sym)

data/spec/spec_helper.rb

@@ -1,5 +1,6 @@
 require 'mocha'
 require 'json'
+require 'active_support/hash_with_indifferent_access'
 require 'gocardless'
 
 RSpec.configure do |config|

data/spec/utils_spec.rb

@@ -1,3 +1,5 @@
+# coding: utf-8
+
 require 'spec_helper'
 
 describe GoCardless::Utils do
@@ -64,4 +66,144 @@ describe GoCardless::Utils do
     end
   end
 
+  describe "signature helpers" do
+    describe ".percent_encode" do
+      subject { GoCardless::Utils.method(:percent_encode) }
+
+      it "works with empty strings" do
+        subject[""].should == ""
+      end
+
+      it "doesn't encode lowercase alpha characters" do
+        subject["abcxyz"].should == "abcxyz"
+      end
+
+      it "doesn't encode uppercase alpha characters" do
+        subject["ABCXYZ"].should == "ABCXYZ"
+      end
+
+      it "doesn't encode digits" do
+        subject["1234567890"].should == "1234567890"
+      end
+
+      it "doesn't encode unreserved non-alphanumeric characters" do
+        subject["-._~"].should == "-._~"
+      end
+
+      it "encodes non-ascii alpha characters" do
+        subject["å"].should == "%C3%A5"
+      end
+
+      it "encodes reserved ascii characters" do
+        subject[" !\"\#$%&'()"].should == "%20%21%22%23%24%25%26%27%28%29"
+        subject["*+,/{|}:;"].should == "%2A%2B%2C%2F%7B%7C%7D%3A%3B"
+        subject["<=>?@[\\]^`"].should == "%3C%3D%3E%3F%40%5B%5C%5D%5E%60"
+      end
+
+      it "encodes other non-ascii characters" do
+        subject["支払い"].should == "%E6%94%AF%E6%89%95%E3%81%84"
+      end
+    end
+
+    describe ".iso_format_time" do
+      it "should work with a Time object" do
+        d = GoCardless::Utils.iso_format_time(Time.parse("1st January 2012"))
+        d.should == "2012-01-01T00:00:00Z"
+      end
+
+      it "should leave a string untouched" do
+        date = "1st January 2012"
+        GoCardless::Utils.iso_format_time(date).should == date
+      end
+    end
+
+    describe ".flatten_params" do
+      subject { GoCardless::Utils.method(:flatten_params) }
+
+      it "returns an empty array when provided with an empty hash" do
+        subject[{}].should == []
+      end
+
+      it "converts hashes to key-value arrays" do
+        subject['a' => 'b'].should == [['a', 'b']]
+      end
+
+      it "works with integer keys and values" do
+        subject[123 => 456].should == [['123', '456']]
+      end
+
+      it "converts DateTime objects to ISO8601-fomatted strings" do
+        date = '2001-02-03T12:23:45Z'
+        subject[:date => Time.parse(date)][0][1].should == date
+      end
+
+      it "works with symbol keys and values" do
+        subject[:a => :b].should == [['a', 'b']]
+      end
+
+      it "uses empty-bracket syntax for arrays" do
+        subject['a' => ['b']].should == [['a[]', 'b']]
+      end
+
+      it "includes all array values separately" do
+        result = subject['a' => ['b', 'c']]
+        result.should include ['a[]', 'b']
+        result.should include ['a[]', 'c']
+        result.length.should == 2
+      end
+
+      it "flattens nested arrays" do
+        subject['a' => [['b']]].should == [['a[][]', 'b']]
+      end
+
+      it "uses the bracket-syntax for hashes" do
+        subject['a' => {'b' => 'c'}].should == [['a[b]', 'c']]
+      end
+
+      it "includes all hash k/v pairs separately" do
+        result = subject['a' => {'b' => 'c', 'd' => 'e'}]
+        result.should include ['a[b]', 'c']
+        result.should include ['a[d]', 'e']
+        result.length.should == 2
+      end
+
+      it "flattens nested hashes" do
+        subject['a' => {'b' => {'c' => 'd'}}].should == [['a[b][c]', 'd']]
+      end
+
+      it "works with arrays inside hashes" do
+        subject['a' => {'b' => ['c']}].should == [['a[b][]', 'c']]
+      end
+
+      it "works with hashes inside arrays" do
+        subject['a' => [{'b' => 'c'}]].should == [['a[][b]', 'c']]
+      end
+    end
+
+    describe ".normalize_params" do
+      subject { GoCardless::Utils.method(:normalize_params) }
+
+      it "percent encodes keys and values" do
+        subject['!' => '+'].split('=').should == ['%21', '%2B']
+      end
+
+      it "joins items by '=' signs" do
+        subject['a' => 'b'].should == 'a=b'
+      end
+
+      it "joins pairs by '&' signs" do
+        subject['a' => 'b', 'c' => 'd'].should == 'a=b&c=d'
+      end
+    end
+
+    describe ".sign_params" do
+      it "produces the correct hash for the given params and key" do
+        key = 'testsecret'
+        params = {:test => true}
+        sig = '6e4613b729ce15c288f70e72463739feeb05fc0b89b55d248d7f259b5367148b'
+        GoCardless::Utils.sign_params(params, key).should == sig
+      end
+    end
+  end
+
 end

metadata

@@ -1,21 +1,23 @@
 --- !ruby/object:Gem::Specification 
 name: gocardless
 version: !ruby/object:Gem::Version 
-  hash: 25
+  hash: 31
   prerelease: 
   segments: 
   - 0
   - 1
-  - 1
-  version: 0.1.1
+  - 2
+  version: 0.1.2
 platform: ruby
 authors: 
-- Harry Marr, Tom Blomfield
+- Harry Marr
+- Tom Blomfield
 autorequire: 
 bindir: bin
 cert_chain: []
 
-date: 2012-01-12 00:00:00 Z
+date: 2012-02-02 00:00:00 +00:00
+default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: oauth2
@@ -41,7 +43,7 @@ dependencies:
   requirement: &id002 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version 
         hash: 5
         segments: 
@@ -99,19 +101,18 @@ dependencies:
   type: :development
   version_requirements: *id005
 - !ruby/object:Gem::Dependency 
-  name: redcarpet
+  name: activesupport
   prerelease: false
   requirement: &id006 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        hash: 87
+        hash: 5
         segments: 
+        - 3
         - 1
-        - 17
-        - 2
-        version: 1.17.2
+        version: "3.1"
   type: :development
   version_requirements: *id006
 description: A Ruby wrapper for the GoCardless API
@@ -126,6 +127,7 @@ extra_rdoc_files: []
 files: 
 - .gitignore
 - .rspec
+- .travis.yml
 - Gemfile
 - Guardfile
 - LICENSE
@@ -151,6 +153,7 @@ files:
 - spec/resource_spec.rb
 - spec/spec_helper.rb
 - spec/utils_spec.rb
+has_rdoc: true
 homepage: https://github.com/gocardless/gocardless-ruby
 licenses: []
 
@@ -180,7 +183,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.8.10
+rubygems_version: 1.6.2
 signing_key: 
 specification_version: 3
 summary: Ruby wrapper for the GoCardless API
@@ -192,4 +195,3 @@ test_files:
 - spec/resource_spec.rb
 - spec/spec_helper.rb
 - spec/utils_spec.rb
-has_rdoc: