ibanity 1.9.1 → 1.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 69d8a3c866e929ec613b9b17c146269217889e0e498b7f5c9fe0a84c0db5b643
-  data.tar.gz: 68ccaee907f5082fa520acbaee93a4591fe888575f479a1b3c71e6432191cd48
+  metadata.gz: 55b04259d7e3e1f8cd8ee53b23d5b50fd4803d0a15822870b59b2e3bd78820a2
+  data.tar.gz: 79003b1d051b9e517ea786dab240b19dca82bfcbf8379784eacccdd15a7e8481
 SHA512:
-  metadata.gz: 8825787922d34faf6745621d921377e1e187d542eb26b487a6071075db654399d5f3f7d5110c2028bcb9720f29f28f219a73374fc019a217ba3eb812eaead62c
-  data.tar.gz: a43e981bcc792e9541bd17ce01290921ca1ae9b9676221e234cc574214537dca60bccd15b66b349dd392eb8dd1d9f878109b27a708b0e7d6e2637d2685c06752
+  metadata.gz: f11e1268e728697e6f75cdc0eb7a79358d8359ee4eada54ddf7e452ef7147b9f0c548724047a5d99454ca785840ab5e72c0b16448b587789d27f3b6ced89a47e
+  data.tar.gz: 96132c499b4e33ed9681f6998d1f7923e260d715078777a503dfd13c98a4979fcf03854fa96f217d3527a0e248cec994710fdfe74b3816afc92302d91ab60316

data/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+## 1.10
+
+* [Ponto Connect] Add support for payment activation requests
+
+* [Webhooks] Add support for webhook signature validation, keys endpoint, and events.
+
 ## 1.9
 
 * [Ponto Connect] Add account reauthorization requests

data/ibanity.gemspec

@@ -19,5 +19,6 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_dependency "rest-client", ">= 1.8.0"
+  spec.add_dependency "jose", ">= 1.1.3"
   spec.add_development_dependency "rspec", "3.9.0"
 end

data/lib/ibanity/api/flat_resource.rb

@@ -0,0 +1,20 @@
+module Ibanity
+  class FlatResource < OpenStruct
+    def self.list_by_uri(uri:, key:)
+      raw_response = Ibanity.client.get(uri: uri)
+      items = raw_response[key].map { |raw_item| new(raw_item) }
+      Ibanity::Collection.new(
+        klass:                  self,
+        items:                  items,
+        links:                  nil,
+        paging:                 nil,
+        synchronized_at:        nil,
+        latest_synchronization: nil
+      )
+    end
+
+    def initialize(raw)
+      super(raw)
+    end
+  end
+end

data/lib/ibanity/api/ponto_connect/payment_activation_request.rb

@@ -0,0 +1,10 @@
+module Ibanity
+  module PontoConnect
+    class PaymentActivationRequest < Ibanity::BaseResource
+      def self.create(access_token:, **attributes)
+        uri = Ibanity.ponto_connect_api_schema["paymentActivationRequests"]
+        create_by_uri(uri: uri, resource_type: "paymentActivationRequest", attributes: attributes, customer_access_token: access_token)
+      end
+    end
+  end
+end

data/lib/ibanity/api/webhooks/key.rb

@@ -0,0 +1,11 @@
+module Ibanity
+  module Webhooks
+    class Key < Ibanity::FlatResource
+      def self.list
+        path = Ibanity.webhooks_api_schema["keys"]
+        uri = Ibanity.client.build_uri(path)
+        list_by_uri(uri: uri, key: "keys")
+      end
+    end
+  end
+end

data/lib/ibanity/api/webhooks/ponto_connect.rb

@@ -0,0 +1,24 @@
+module Ibanity
+  module Webhooks
+    module PontoConnect
+      module Synchronization
+        class SucceededWithoutChange < Ibanity::BaseResource
+        end
+
+        class Failed < Ibanity::BaseResource
+        end
+      end
+
+      module Account
+        class DetailsUpdated < Ibanity::BaseResource
+        end
+
+        class TransactionsCreated < Ibanity::BaseResource
+        end
+
+        class TransactionsUpdated < Ibanity::BaseResource
+        end
+      end
+    end
+  end
+end

data/lib/ibanity/api/webhooks/xs2a.rb

@@ -0,0 +1,24 @@
+module Ibanity
+  module Webhooks
+    module Xs2a
+      module Synchronization
+        class SucceededWithoutChange < Ibanity::BaseResource
+        end
+
+        class Failed < Ibanity::BaseResource
+        end
+      end
+
+      module Account
+        class DetailsUpdated < Ibanity::BaseResource
+        end
+
+        class TransactionsCreated < Ibanity::BaseResource
+        end
+
+        class TransactionsUpdated < Ibanity::BaseResource
+        end
+      end
+    end
+  end
+end

data/lib/ibanity/client.rb

@@ -1,7 +1,7 @@
 module Ibanity
   class Client
 
-    attr_reader :base_uri, :signature_certificate, :signature_key, :isabel_connect_client_id, :isabel_connect_client_secret, :ponto_connect_client_id, :ponto_connect_client_secret
+    attr_reader :base_uri, :signature_certificate, :signature_key, :isabel_connect_client_id, :isabel_connect_client_secret, :ponto_connect_client_id, :ponto_connect_client_secret, :application_id
 
     def initialize(
         certificate:,
@@ -13,12 +13,12 @@ module Ibanity
         signature_key_passphrase: nil,
         api_scheme: "https",
         api_host: "api.ibanity.com",
-        api_port: "443",
         ssl_ca_file: nil,
         isabel_connect_client_id: "valid_client_id",
         isabel_connect_client_secret: "valid_client_secret",
         ponto_connect_client_id: nil,
         ponto_connect_client_secret: nil,
+        application_id: nil,
         debug_http_requests: false)
       @isabel_connect_client_id     = isabel_connect_client_id
       @isabel_connect_client_secret = isabel_connect_client_secret
@@ -32,8 +32,9 @@ module Ibanity
         @signature_certificate_id = signature_certificate_id
         @signature_key            = OpenSSL::PKey::RSA.new(signature_key, signature_key_passphrase)
       end
-      @base_uri              = "#{api_scheme}://#{api_host}:#{api_port}"
+      @base_uri              = "#{api_scheme}://#{api_host}"
       @ssl_ca_file           = ssl_ca_file
+      @application_id        = application_id
     end
 
     def get(uri:, query_params: {}, customer_access_token: nil, headers: nil, json: true)

data/lib/ibanity/error.rb

@@ -22,6 +22,8 @@ module Ibanity
         formatted_errors.join("\n")
       elsif @errors.is_a?(Hash)
         "* #{@errors["error"]}: #{@errors["error_description"]}\n * Error hint: #{@errors["error_hint"]}\n * ibanity_request_id: #{@ibanity_request_id}"
+      elsif @errors.is_a?(String)
+        @errors
       else
         super
       end

data/lib/ibanity/version.rb

@@ -1,3 +1,3 @@
 module Ibanity
-  VERSION = "1.9.1"
+  VERSION = "1.10.0"
 end

data/lib/ibanity/webhook.rb

@@ -0,0 +1,94 @@
+module Ibanity
+  module Webhook
+    DEFAULT_TOLERANCE = 30
+    SIGNING_ALGORITHM = "RS512"
+
+    # Initializes an Ibanity Webhooks event object from a JSON payload.
+    #
+    # This may raise JSON::ParserError if the payload is not valid JSON, or
+    # Ibanity::Error if the signature verification fails.
+    def self.construct_event!(payload, signature_header, tolerance: DEFAULT_TOLERANCE)
+      Signature.verify!(payload, signature_header, tolerance)
+
+      raw_item = JSON.parse(payload)
+      klass = raw_item["data"]["type"].split(".").map{|klass| klass.sub(/\S/, &:upcase)}.join("::")
+      Ibanity::Webhooks.const_get(klass).new(raw_item["data"])
+    end
+
+    module Signature
+      # Verifies the signature header for a given payload.
+      #
+      # Raises an Ibanity::Error in the following cases:
+      # - the header does not match the expected format
+      # - the digest does not match the payload
+      # - the issued at or expiration timestamp is not within the tolerance
+      # - the audience or issuer does not match the application config
+      #
+      # Returns true otherwise
+      def self.verify!(payload, signature_header, tolerance)
+        begin
+          key_details = JOSE::JWT.peek_protected(signature_header).to_hash
+          raise unless key_details["alg"] == SIGNING_ALGORITHM && key_details["kid"]
+        rescue
+          raise Ibanity::Error.new("Key details could not be parsed from the header", nil)
+        end
+
+        key = Ibanity.webhook_keys.find { |key| key.kid == key_details["kid"] }
+
+        if key.nil?
+          raise Ibanity::Error.new("The key id from the header didn't match an available signing key", nil)
+        end
+        signer = JOSE::JWK.from(key.to_h {|key, value| [key.to_s, value] })
+        verified, claims_string, _jws = JOSE::JWT.verify_strict(signer, [SIGNING_ALGORITHM], signature_header)
+
+        raise Ibanity::Error.new("The signature verification failed", nil) unless verified
+
+        jwt = JOSE::JWT.from(claims_string)
+
+        validate_digest!(jwt, payload)
+        validate_issued_at!(jwt, tolerance)
+        validate_expiration!(jwt, tolerance)
+        validate_issuer!(jwt)
+        validate_audience!(jwt)
+
+        true
+      end
+
+      private
+
+      def self.validate_digest!(jwt, payload)
+        unless Digest::SHA512.base64digest(payload) == jwt.fields["digest"]
+          raise_invalid_signature_error!("digest")
+        end
+      end
+
+      def self.validate_issued_at!(jwt, tolerance)
+        unless jwt.fields["iat"] <= Time.now.to_i + tolerance
+          raise_invalid_signature_error!("iat")
+        end
+      end
+
+      def self.validate_expiration!(jwt, tolerance)
+        unless jwt.fields["exp"] >= Time.now.to_i - tolerance
+          raise_invalid_signature_error!("exp")
+        end
+      end
+
+      def self.validate_issuer!(jwt)
+        unless jwt.fields["iss"] == Ibanity.client.base_uri
+          raise_invalid_signature_error!("iss")
+        end
+      end
+
+      def self.validate_audience!(jwt)
+        unless jwt.fields["aud"] == Ibanity.client.application_id
+          raise_invalid_signature_error!("aud")
+        end
+      end
+
+      def self.raise_invalid_signature_error!(field)
+        raise Ibanity::Error.new("The signature #{field} is invalid", nil)
+      end
+    end
+  end
+end

data/lib/ibanity.rb

@@ -4,6 +4,7 @@ require "uri"
 require "rest_client"
 require "json"
 require "securerandom"
+require "jose"
 
 require_relative "ibanity/util"
 require_relative "ibanity/error"
@@ -11,6 +12,8 @@ require_relative "ibanity/collection"
 require_relative "ibanity/client"
 require_relative "ibanity/http_signature"
 require_relative "ibanity/api/base_resource"
+require_relative "ibanity/api/flat_resource"
+require_relative "ibanity/webhook"
 require_relative "ibanity/api/xs2a/account"
 require_relative "ibanity/api/xs2a/transaction"
 require_relative "ibanity/api/xs2a/holding"
@@ -55,6 +58,10 @@ require_relative "ibanity/api/ponto_connect/sandbox/financial_institution_accoun
 require_relative "ibanity/api/ponto_connect/sandbox/financial_institution_transaction"
 require_relative "ibanity/api/ponto_connect/onboarding_details"
 require_relative "ibanity/api/ponto_connect/reauthorization_request"
+require_relative "ibanity/api/ponto_connect/payment_activation_request"
+require_relative "ibanity/api/webhooks/key"
+require_relative "ibanity/api/webhooks/xs2a"
+require_relative "ibanity/api/webhooks/ponto_connect"
 
 module Ibanity
   class << self
@@ -69,6 +76,7 @@ module Ibanity
       @isabel_connect_api_schema = nil
       @consent_api_schema        = nil
       @ponto_connect_api_schema  = nil
+      @webhooks_api_schema       = nil
       @sandbox_api_schema        = nil
       @configuration             = nil
       yield configuration
@@ -89,8 +97,8 @@ module Ibanity
         :ponto_connect_client_secret,
         :api_scheme,
         :api_host,
-        :api_port,
         :ssl_ca_file,
+        :application_id,
         :debug_http_requests
       ).new
     end
@@ -115,6 +123,14 @@ module Ibanity
       @consent_api_schema ||= client.get(uri: "#{client.base_uri}/consent")["links"]
     end
 
+    def webhooks_api_schema
+      @webhooks_api_schema ||= client.get(uri: "#{client.base_uri}/webhooks")["links"]
+    end
+
+    def webhook_keys
+      @webhook_keys ||= Ibanity::Webhooks::Key.list
+    end
+
     def respond_to_missing?(method_name, include_private = false)
       client.respond_to?(method_name, include_private)
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ibanity
 version: !ruby/object:Gem::Version
-  version: 1.9.1
+  version: 1.10.0
 platform: ruby
 authors:
 - Ibanity
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-11-30 00:00:00.000000000 Z
+date: 2022-01-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rest-client
@@ -24,6 +24,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.8.0
+- !ruby/object:Gem::Dependency
+  name: jose
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.1.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.1.3
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -60,6 +74,7 @@ files:
 - lib/ibanity/api/base_resource.rb
 - lib/ibanity/api/consent/consent.rb
 - lib/ibanity/api/consent/processing_operation.rb
+- lib/ibanity/api/flat_resource.rb
 - lib/ibanity/api/isabel_connect/access_token.rb
 - lib/ibanity/api/isabel_connect/account.rb
 - lib/ibanity/api/isabel_connect/account_report.rb
@@ -76,6 +91,7 @@ files:
 - lib/ibanity/api/ponto_connect/integration.rb
 - lib/ibanity/api/ponto_connect/onboarding_details.rb
 - lib/ibanity/api/ponto_connect/payment.rb
+- lib/ibanity/api/ponto_connect/payment_activation_request.rb
 - lib/ibanity/api/ponto_connect/reauthorization_request.rb
 - lib/ibanity/api/ponto_connect/sandbox/financial_institution_account.rb
 - lib/ibanity/api/ponto_connect/sandbox/financial_institution_transaction.rb
@@ -88,6 +104,9 @@ files:
 - lib/ibanity/api/sandbox/financial_institution_holding.rb
 - lib/ibanity/api/sandbox/financial_institution_transaction.rb
 - lib/ibanity/api/sandbox/financial_institution_user.rb
+- lib/ibanity/api/webhooks/key.rb
+- lib/ibanity/api/webhooks/ponto_connect.rb
+- lib/ibanity/api/webhooks/xs2a.rb
 - lib/ibanity/api/xs2a/account.rb
 - lib/ibanity/api/xs2a/account_information_access_request.rb
 - lib/ibanity/api/xs2a/account_information_access_request_authorization.rb
@@ -108,6 +127,7 @@ files:
 - lib/ibanity/http_signature.rb
 - lib/ibanity/util.rb
 - lib/ibanity/version.rb
+- lib/ibanity/webhook.rb
 - spec/lib/ibanity/base_resource_spec.rb
 - spec/lib/ibanity/http_signature_spec.rb
 - spec/lib/ibanity/util_spec.rb