integral-yandex-money-notification_validator 0.1.0 → 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +6 -2
  3. data/lib/integral/yandex/money/notification_validator.rb +12 -30
  4. data/lib/integral/yandex/money/notification_validator/helpers.rb +35 -0
  5. data/lib/integral/yandex/money/notification_validator/identity.rb +1 -1
  6. metadata +4 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e238282eda4f0f0fc91bc297336234aebf561fd734536fbe0860e71ad41a2fb2
4
- data.tar.gz: be0f816d1e311364d19f8b0bc02e7a724eb98a0a49dcf27297795128e29481f8
3
+ metadata.gz: 82bd2764d93ebfa9dfbcfce38e1cd897bf322f491f347256997301e35773500a
4
+ data.tar.gz: 3762c7d5d44c1195dcf6cf9d218182fe9e9cf8f3f35721b47d24f9e8d944e1b0
5
5
  SHA512:
6
- metadata.gz: 23e1e258224cd3e91bb52422dcea93ec90917e7a35e191b0ad3d21f1ceffd1fef6590289998955ae91244f4f74dcc742b320a75bf61ced542d7834d544bc562f
7
- data.tar.gz: d9dd652e80ccc2a156e7272adb7aaa9c333aeac3f6884cead87e10e52372fc4582e1ac50bb079029c6e7126c10114957f489ab7f903ec0abaad127529bf78f95
6
+ metadata.gz: af4e829fcd93024a55418a8cba369b4cbff9d2b3d7eedc9448354b49de18f35d44ed0cb6639d4a90038c28dd9d12f9f02092c4e425d1d5da55777f067a37e896
7
+ data.tar.gz: e559498a1b6dcedb5a8e4a1885839c488683f5f56c1bf229e66a98b46283396b1c28bd85fef858a3bfacb303de2051feb67c220cc04cbe2dc80885325cc9b5ae
data/README.md CHANGED
@@ -3,6 +3,7 @@
3
3
  [![Gem Version](https://badge.fury.io/rb/integral-yandex-money-notification_validator.svg)](http://badge.fury.io/rb/integral-yandex-money-notification_validator)
4
4
  [![Maintainability](https://api.codeclimate.com/v1/badges/5b7ba150248e751ccbc9/maintainability)](https://codeclimate.com/github/sergeypedan/integral-yandex-money-notification_validator/maintainability)
5
5
  [![Test Coverage](https://api.codeclimate.com/v1/badges/5b7ba150248e751ccbc9/test_coverage)](https://codeclimate.com/github/sergeypedan/integral-yandex-money-notification_validator/test_coverage)
6
+ [![Build Status](https://travis-ci.org/sergeypedan/integral-yandex-money-notification_validator.svg?branch=master)](https://travis-ci.org/sergeypedan/integral-yandex-money-notification_validator)
6
7
 
7
8
  <!-- Tocer[start]: Auto-generated, don't remove. -->
8
9
 
@@ -25,7 +26,10 @@ Here are the official docs for the [notification service](https://tech.yandex.ru
25
26
 
26
27
  ## Requirements
27
28
 
28
- [Ruby 2.5.0](https://www.ruby-lang.org) or higher.
29
+ - [Ruby 2.5.0](https://www.ruby-lang.org) or higher.
30
+ - An account in [Yandex.Money](https://money.yandex.ru)
31
+ - A notifications secret key (obtained from Yandex.Money [somewehre in the settings](https://money.yandex.ru/myservices/online.xml))
32
+ - Rails is assumed but not required
29
33
 
30
34
  ## Setup
31
35
 
@@ -60,7 +64,7 @@ end
60
64
 
61
65
  `validator.errors` returns an Array of message strings — most often only 1 message, but who knows.
62
66
 
63
- `secret` is obtained from Yandex.Money [somewehre in the settings](https://money.yandex.ru/myservices/online.xml). Recommended to keep in Rails credentials, ENV variable or elsewhere secure.
67
+ `secret` is recommended to be kept in an ENV variable, Rails credentials or elsewhere secure.
64
68
 
65
69
  ## Tests
66
70
 
data/lib/integral/yandex/money/notification_validator.rb CHANGED
@@ -1,7 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "digest"
4
- require "integral/yandex/money/notification_validator/identity"
3
+ require_relative "notification_validator/identity"
4
+ require_relative "notification_validator/helpers"
5
5
 
6
6
  module Integral
7
7
  module Yandex
@@ -10,15 +10,15 @@ module Integral
10
10
  # Validation is documented here: https://tech.yandex.ru/money/doc/dg/reference/notification-p2p-incoming-docpage/#notification-p2p-incoming__verify-notification
11
11
  class NotificationValidator
12
12
 
13
- # Order is crucial for `KEYS_FOR_DIGEST`
14
- KEYS_FOR_DIGEST = %w[notification_type operation_id amount currency datetime sender codepro notification_secret label].freeze
15
- PERMITTED_HASH_TYPES = ["ActionController::Parameters", "Hash"].freeze
16
- REQUIRED_KEYS = %w[amount codepro datetime notification_type operation_id sender].freeze
13
+ include Helpers
17
14
 
15
+ # Order is crucial for `KEYS_FOR_DIGEST`
16
+ KEYS_FOR_DIGEST = %w[notification_type operation_id amount currency datetime sender codepro notification_secret label].freeze
17
+ REQUIRED_KEYS = %w[amount codepro datetime notification_type operation_id sender].freeze
18
18
 
19
19
  def initialize params:, secret:
20
20
  fail ArgumentError, "Yandex.Money notifications secret is required" if secret.to_s == ""
21
- validate_params_hash!(params)
21
+ validate_argument_type! argument: params, permitted_types: ["ActionController::Parameters", "Hash"]
22
22
  @secret = secret
23
23
  @params = params
24
24
  @errors = []
@@ -26,51 +26,33 @@ module Integral
26
26
 
27
27
  attr_reader :errors
28
28
 
29
-
30
29
  def valid?
31
30
  return false unless all_param_values_present?
32
31
  return false unless integrity_correct?
33
32
  true
34
33
  end
35
34
 
36
-
37
35
  private
38
36
 
39
37
  def all_param_values_present?
40
- missing_keys = REQUIRED_KEYS.select { |key| @params[key].to_s == "" }
38
+ missing_keys = find_missing_hash_values required_keys: REQUIRED_KEYS, hash: @params
41
39
  return true if missing_keys.empty?
42
40
  (@errors << "Required `params` keys missing: #{missing_keys.uniq.join(", ")}") and return false
43
41
  end
44
42
 
45
-
46
- def encode_sha string
47
- Digest::SHA1.hexdigest string
48
- end
49
-
50
-
51
43
  def integrity_correct?
52
- stringified_params = stringify_params params_with_secret(@params)
53
44
  return true if @params["sha1_hash"] == encode_sha(stringified_params)
54
45
  (@errors << "SHA hashes do not match") and return false
55
46
  end
56
47
 
57
-
58
- def params_with_secret params
59
- params.merge("notification_secret" => @secret)
48
+ def params_with_secret
49
+ @params.merge("notification_secret" => @secret)
60
50
  end
61
51
 
62
-
63
- def stringify_params params
64
- KEYS_FOR_DIGEST.map { |key| params[key] }.join("&")
65
- # this way and not just `.to_s` is to enforce required order of params
52
+ def stringified_params
53
+ stringify_params_with_order KEYS_FOR_DIGEST, params_with_secret
66
54
  end
67
55
 
68
-
69
- def validate_params_hash! params
70
- names = PERMITTED_HASH_TYPES.map { |name| "`#{name}`" }.join(" or ")
71
- valid = PERMITTED_HASH_TYPES.include? params.class.to_s
72
- fail ArgumentError, "`params` must be a #{names}, you passed #{params.inspect}" unless valid
73
- end
74
56
  end
75
57
  end
76
58
  end
data/lib/integral/yandex/money/notification_validator/helpers.rb ADDED
@@ -0,0 +1,35 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "digest"
4
+
5
+ module Integral
6
+ module Yandex
7
+ module Money
8
+
9
+ module Helpers
10
+
11
+ module_function
12
+
13
+ def encode_sha string
14
+ Digest::SHA1.hexdigest string
15
+ end
16
+
17
+ def find_missing_hash_values required_keys:, hash:
18
+ required_keys.select { |key| hash[key].to_s == "" }
19
+ end
20
+
21
+ def stringify_params_with_order keys, params
22
+ keys.map { |key| params[key] }.join("&")
23
+ # this way and not just `.to_s` is to enforce required order of params
24
+ end
25
+
26
+ def validate_argument_type! argument:, permitted_types:
27
+ names = permitted_types.map { |name| "`#{name}`" }.join(" or ")
28
+ valid = permitted_types.include? argument.class.to_s
29
+ fail ArgumentError, "`argument` must be a #{names}, you passed #{argument.inspect}" unless valid
30
+ end
31
+
32
+ end
33
+ end
34
+ end
35
+ end
data/lib/integral/yandex/money/notification_validator/identity.rb CHANGED
@@ -15,7 +15,7 @@ module Integral
15
15
  end
16
16
 
17
17
  def self.version
18
- "0.1.0"
18
+ "0.1.1"
19
19
  end
20
20
 
21
21
  def self.version_label
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: integral-yandex-money-notification_validator
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sergey Pedan
@@ -162,13 +162,15 @@ files:
162
162
  - LICENSE.md
163
163
  - README.md
164
164
  - lib/integral/yandex/money/notification_validator.rb
165
+ - lib/integral/yandex/money/notification_validator/helpers.rb
165
166
  - lib/integral/yandex/money/notification_validator/identity.rb
166
167
  homepage: https://github.com/sergeypedan/integral-yandex-money-notification_validator
167
168
  licenses:
168
169
  - MIT
169
170
  metadata:
170
- source_code_uri: https://github.com/sergeypedan/integral-yandex-money-notification_validator
171
+ source_code_uri: https://github.com/sergeypedan/integral-yandex-money-notification_validator/blob/master/lib/integral/yandex/money/notification_validator.rb
171
172
  changelog_uri: https://github.com/sergeypedan/integral-yandex-money-notification_validator/blob/master/CHANGES.md
173
+ bug_tracker_uri: https://github.com/sergeypedan/integral-yandex-money-notification_validator/issues
172
174
  post_install_message:
173
175
  rdoc_options: []
174
176
  require_paths: