integral-yandex-money-notification_validator 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 82bd2764d93ebfa9dfbcfce38e1cd897bf322f491f347256997301e35773500a
|
4
|
+
data.tar.gz: 3762c7d5d44c1195dcf6cf9d218182fe9e9cf8f3f35721b47d24f9e8d944e1b0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: af4e829fcd93024a55418a8cba369b4cbff9d2b3d7eedc9448354b49de18f35d44ed0cb6639d4a90038c28dd9d12f9f02092c4e425d1d5da55777f067a37e896
|
7
|
+
data.tar.gz: e559498a1b6dcedb5a8e4a1885839c488683f5f56c1bf229e66a98b46283396b1c28bd85fef858a3bfacb303de2051feb67c220cc04cbe2dc80885325cc9b5ae
|
data/README.md
CHANGED
@@ -3,6 +3,7 @@
|
|
3
3
|
[![Gem Version](https://badge.fury.io/rb/integral-yandex-money-notification_validator.svg)](http://badge.fury.io/rb/integral-yandex-money-notification_validator)
|
4
4
|
[![Maintainability](https://api.codeclimate.com/v1/badges/5b7ba150248e751ccbc9/maintainability)](https://codeclimate.com/github/sergeypedan/integral-yandex-money-notification_validator/maintainability)
|
5
5
|
[![Test Coverage](https://api.codeclimate.com/v1/badges/5b7ba150248e751ccbc9/test_coverage)](https://codeclimate.com/github/sergeypedan/integral-yandex-money-notification_validator/test_coverage)
|
6
|
+
[![Build Status](https://travis-ci.org/sergeypedan/integral-yandex-money-notification_validator.svg?branch=master)](https://travis-ci.org/sergeypedan/integral-yandex-money-notification_validator)
|
6
7
|
|
7
8
|
<!-- Tocer[start]: Auto-generated, don't remove. -->
|
8
9
|
|
@@ -25,7 +26,10 @@ Here are the official docs for the [notification service](https://tech.yandex.ru
|
|
25
26
|
|
26
27
|
## Requirements
|
27
28
|
|
28
|
-
[Ruby 2.5.0](https://www.ruby-lang.org) or higher.
|
29
|
+
- [Ruby 2.5.0](https://www.ruby-lang.org) or higher.
|
30
|
+
- An account in [Yandex.Money](https://money.yandex.ru)
|
31
|
+
- A notifications secret key (obtained from Yandex.Money [somewehre in the settings](https://money.yandex.ru/myservices/online.xml))
|
32
|
+
- Rails is assumed but not required
|
29
33
|
|
30
34
|
## Setup
|
31
35
|
|
@@ -60,7 +64,7 @@ end
|
|
60
64
|
|
61
65
|
`validator.errors` returns an Array of message strings — most often only 1 message, but who knows.
|
62
66
|
|
63
|
-
`secret` is
|
67
|
+
`secret` is recommended to be kept in an ENV variable, Rails credentials or elsewhere secure.
|
64
68
|
|
65
69
|
## Tests
|
66
70
|
|
@@ -1,7 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
|
4
|
-
|
3
|
+
require_relative "notification_validator/identity"
|
4
|
+
require_relative "notification_validator/helpers"
|
5
5
|
|
6
6
|
module Integral
|
7
7
|
module Yandex
|
@@ -10,15 +10,15 @@ module Integral
|
|
10
10
|
# Validation is documented here: https://tech.yandex.ru/money/doc/dg/reference/notification-p2p-incoming-docpage/#notification-p2p-incoming__verify-notification
|
11
11
|
class NotificationValidator
|
12
12
|
|
13
|
-
|
14
|
-
KEYS_FOR_DIGEST = %w[notification_type operation_id amount currency datetime sender codepro notification_secret label].freeze
|
15
|
-
PERMITTED_HASH_TYPES = ["ActionController::Parameters", "Hash"].freeze
|
16
|
-
REQUIRED_KEYS = %w[amount codepro datetime notification_type operation_id sender].freeze
|
13
|
+
include Helpers
|
17
14
|
|
15
|
+
# Order is crucial for `KEYS_FOR_DIGEST`
|
16
|
+
KEYS_FOR_DIGEST = %w[notification_type operation_id amount currency datetime sender codepro notification_secret label].freeze
|
17
|
+
REQUIRED_KEYS = %w[amount codepro datetime notification_type operation_id sender].freeze
|
18
18
|
|
19
19
|
def initialize params:, secret:
|
20
20
|
fail ArgumentError, "Yandex.Money notifications secret is required" if secret.to_s == ""
|
21
|
-
|
21
|
+
validate_argument_type! argument: params, permitted_types: ["ActionController::Parameters", "Hash"]
|
22
22
|
@secret = secret
|
23
23
|
@params = params
|
24
24
|
@errors = []
|
@@ -26,51 +26,33 @@ module Integral
|
|
26
26
|
|
27
27
|
attr_reader :errors
|
28
28
|
|
29
|
-
|
30
29
|
def valid?
|
31
30
|
return false unless all_param_values_present?
|
32
31
|
return false unless integrity_correct?
|
33
32
|
true
|
34
33
|
end
|
35
34
|
|
36
|
-
|
37
35
|
private
|
38
36
|
|
39
37
|
def all_param_values_present?
|
40
|
-
missing_keys = REQUIRED_KEYS
|
38
|
+
missing_keys = find_missing_hash_values required_keys: REQUIRED_KEYS, hash: @params
|
41
39
|
return true if missing_keys.empty?
|
42
40
|
(@errors << "Required `params` keys missing: #{missing_keys.uniq.join(", ")}") and return false
|
43
41
|
end
|
44
42
|
|
45
|
-
|
46
|
-
def encode_sha string
|
47
|
-
Digest::SHA1.hexdigest string
|
48
|
-
end
|
49
|
-
|
50
|
-
|
51
43
|
def integrity_correct?
|
52
|
-
stringified_params = stringify_params params_with_secret(@params)
|
53
44
|
return true if @params["sha1_hash"] == encode_sha(stringified_params)
|
54
45
|
(@errors << "SHA hashes do not match") and return false
|
55
46
|
end
|
56
47
|
|
57
|
-
|
58
|
-
|
59
|
-
params.merge("notification_secret" => @secret)
|
48
|
+
def params_with_secret
|
49
|
+
@params.merge("notification_secret" => @secret)
|
60
50
|
end
|
61
51
|
|
62
|
-
|
63
|
-
|
64
|
-
KEYS_FOR_DIGEST.map { |key| params[key] }.join("&")
|
65
|
-
# this way and not just `.to_s` is to enforce required order of params
|
52
|
+
def stringified_params
|
53
|
+
stringify_params_with_order KEYS_FOR_DIGEST, params_with_secret
|
66
54
|
end
|
67
55
|
|
68
|
-
|
69
|
-
def validate_params_hash! params
|
70
|
-
names = PERMITTED_HASH_TYPES.map { |name| "`#{name}`" }.join(" or ")
|
71
|
-
valid = PERMITTED_HASH_TYPES.include? params.class.to_s
|
72
|
-
fail ArgumentError, "`params` must be a #{names}, you passed #{params.inspect}" unless valid
|
73
|
-
end
|
74
56
|
end
|
75
57
|
end
|
76
58
|
end
|
@@ -0,0 +1,35 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "digest"
|
4
|
+
|
5
|
+
module Integral
|
6
|
+
module Yandex
|
7
|
+
module Money
|
8
|
+
|
9
|
+
module Helpers
|
10
|
+
|
11
|
+
module_function
|
12
|
+
|
13
|
+
def encode_sha string
|
14
|
+
Digest::SHA1.hexdigest string
|
15
|
+
end
|
16
|
+
|
17
|
+
def find_missing_hash_values required_keys:, hash:
|
18
|
+
required_keys.select { |key| hash[key].to_s == "" }
|
19
|
+
end
|
20
|
+
|
21
|
+
def stringify_params_with_order keys, params
|
22
|
+
keys.map { |key| params[key] }.join("&")
|
23
|
+
# this way and not just `.to_s` is to enforce required order of params
|
24
|
+
end
|
25
|
+
|
26
|
+
def validate_argument_type! argument:, permitted_types:
|
27
|
+
names = permitted_types.map { |name| "`#{name}`" }.join(" or ")
|
28
|
+
valid = permitted_types.include? argument.class.to_s
|
29
|
+
fail ArgumentError, "`argument` must be a #{names}, you passed #{argument.inspect}" unless valid
|
30
|
+
end
|
31
|
+
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: integral-yandex-money-notification_validator
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sergey Pedan
|
@@ -162,13 +162,15 @@ files:
|
|
162
162
|
- LICENSE.md
|
163
163
|
- README.md
|
164
164
|
- lib/integral/yandex/money/notification_validator.rb
|
165
|
+
- lib/integral/yandex/money/notification_validator/helpers.rb
|
165
166
|
- lib/integral/yandex/money/notification_validator/identity.rb
|
166
167
|
homepage: https://github.com/sergeypedan/integral-yandex-money-notification_validator
|
167
168
|
licenses:
|
168
169
|
- MIT
|
169
170
|
metadata:
|
170
|
-
source_code_uri: https://github.com/sergeypedan/integral-yandex-money-notification_validator
|
171
|
+
source_code_uri: https://github.com/sergeypedan/integral-yandex-money-notification_validator/blob/master/lib/integral/yandex/money/notification_validator.rb
|
171
172
|
changelog_uri: https://github.com/sergeypedan/integral-yandex-money-notification_validator/blob/master/CHANGES.md
|
173
|
+
bug_tracker_uri: https://github.com/sergeypedan/integral-yandex-money-notification_validator/issues
|
172
174
|
post_install_message:
|
173
175
|
rdoc_options: []
|
174
176
|
require_paths:
|