minfraud 1.0.4 → 2.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 360e5c67027b7cac3bacd6715aa3afee61de8a75
-  data.tar.gz: cb6dd240c3436fe0c0c23e7aa6d5ad5c4bcfcae8
+SHA256:
+  metadata.gz: 14d6fda0782c4f12ecd3599b4d6f3887be93845fca267490bbc64ad6bf5e3518
+  data.tar.gz: 0dbcb74c203b066c41ad1d85b25e236a63c9e2904a87064bece9ce69a60eecc6
 SHA512:
-  metadata.gz: c3cb59ad5bde816f3b2f8be3cc1f0699ce18c1728a8267d7e827b28e8fecd0a20c638211f453a0f8dee2ea7c252096193293633ca5ecf4e3a640f632e5201dfb
-  data.tar.gz: 2b430855a1157e215891a09a1cf0aab79bad1a027e272359a536caf81db8958835e06f591393a9782b22c90655017b91475eff775208f964a4ae0ca44bb1dd43
+  metadata.gz: 74a6d172a649d417c89ca8a22a454407e54d70a19cea0583594165a2de23ac9df889478675fadad4becade61a84ac7fb39950ae890cd8d98c80e2dcdb6a2d38d
+  data.tar.gz: 7c9c52f1929869e043878b4f74c40d488fa5a44df587b63362a537b14b8f3602a4c78b51abeb18ab2404bf49ba2662b38919a5470de8270f2b53dc1ea2b80071

data/.github/dependabot.yml

@@ -0,0 +1,11 @@
+version: 2
+updates:
+- package-ecosystem: bundler
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+    interval: daily

data/.github/workflows/release.yml

@@ -0,0 +1,28 @@
+name: Release
+
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+    branches:
+      - main
+  release:
+    types:
+      - published
+
+jobs:
+  push:
+    if: github.event_name == 'release' && github.event.action == 'published'
+    runs-on: ubuntu-latest
+    environment: release
+    permissions:
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+          ruby-version: ruby
+
+      - uses: rubygems/release-gem@v1

data/.github/workflows/rubocop.yml

@@ -0,0 +1,18 @@
+name: Run rubocop
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: '4 0 * * SUN'
+
+jobs:
+  rubocop:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 3.3
+      - run: bundle install
+      - run: bundle exec rake -t rubocop

data/.github/workflows/test.yml

@@ -0,0 +1,36 @@
+name: Run tests
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: '4 1 * * SUN'
+
+jobs:
+  test:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+        version:
+          [
+            2.7,
+            '3.0',
+            3.1,
+            3.2,
+            3.3,
+            jruby,
+          ]
+        exclude:
+          - os: windows-latest
+            version: jruby
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.version }}
+      - run: bundle install
+      - run: bundle exec rake -t spec

data/.gitignore

@@ -1,7 +1,9 @@
+/coverage
 pkg
 .project
 Gemfile.lock
 .rvmrc
 *.rbc
+.yardoc
 *~
 .DS_Store

data/.rubocop.yml

@@ -0,0 +1,90 @@
+AllCops:
+    TargetRubyVersion: 2.7
+    NewCops: enable
+
+# Metrics.
+
+Metrics/BlockLength:
+  Enabled: false # Default is true, but mostly hit in tests.
+
+Metrics/AbcSize:
+  Enabled: false # To allow for pre-existing code.
+
+Metrics/ClassLength:
+  Enabled: false # To allow for pre-existing code.
+
+Metrics/CyclomaticComplexity:
+  Enabled: false # To allow for pre-existing code.
+
+Metrics/MethodLength:
+  Enabled: false # To allow for pre-existing code.
+
+Metrics/PerceivedComplexity:
+  Enabled: false # To allow for pre-existing code.
+
+# Layout.
+
+Layout/LineLength:
+  Max: 150 # Default is 120.
+
+Layout/HashAlignment:
+  EnforcedHashRocketStyle: table # Default is key.
+  EnforcedColonStyle:      table # Default is key.
+
+Layout/ExtraSpacing:
+  ForceEqualSignAlignment: true # Default is false.
+
+Layout/IndentationStyle:
+  IndentationWidth: 2 # Default is <none>.
+
+# Style.
+
+Style/HashSyntax:
+  EnforcedStyle: ruby19_no_mixed_keys # Default is ruby19. This one is better.
+
+Style/CollectionMethods:
+  Enabled: true # Default is false.
+
+Style/NumericLiterals:
+  MinDigits: 4 # Default is 5.
+
+Style/NegatedIf: # I disagree with this.
+  Enabled: false
+
+Style/IfUnlessModifier: # This doesn't always make sense.
+  Enabled: false
+
+# Trailing commas are often good.
+Style/TrailingCommaInArguments:
+  Enabled: false
+Style/TrailingCommaInArrayLiteral:
+  Enabled: false
+Style/TrailingCommaInHashLiteral:
+  Enabled: false
+
+# Default is both which is probably fine, but it changes code and I don't want
+# to investigate any possible behavior change right now.
+Style/EmptyElse:
+  EnforcedStyle: empty
+
+Style/ConditionalAssignment:
+  Enabled: false # This produces kind of strange results.
+
+Style/GuardClause:
+  Enabled: false # Doesn't always make sense.
+
+Style/FormatStringToken:
+  Enabled: false # Seems unnecessary.
+
+# Seems unnecessary. Asks us to call super in a bunch of places when there's no
+# need.
+Lint/MissingSuper:
+  Enabled: false
+
+# Naming.
+
+Naming/VariableNumber:
+  Enabled: false # Doesn't always make sense.
+
+Gemspec/DevelopmentDependencies:
+  Enabled: false

data/CHANGELOG.md

@@ -1,14 +1,207 @@
-# Minfraud Changelog
+# Changelog
 
-## v1.0.4
+## v2.4.0 (2024-01-12)
+
+* Ruby 2.7+ is now required. If you're using Ruby 2.5 or 2.6, please use
+  version 2.3.0 of this gem.
+* Added the processors `:pxp_financial` and `:trustpay` to
+  `Minfraud::Components::Payment`.
+
+## v2.3.0 (2023-12-04)
+
+* Added the processor `:shopify_payments` to `Minfraud::Components::Payment`.
+* Added the processor `:google_pay` to `Minfraud::Components::Payment`.
+* Added the processor `:placetopay` to `Minfraud::Components::Payment`.
+* In addition to the minfraud gem version, the User-Agent now includes the
+  version of Ruby and the version of the HTTP client in all HTTP requests.
+* Updated `maxmind-geoip2` to version that includes the `anycast?` method
+  on `MaxMind::GeoIP2::Record::Traits`. This returns `true` if the IP
+  address belongs to an [anycast
+  network](https://en.wikipedia.org/wiki/Anycast). This is available in
+  minFraud Insights and Factors.
+
+## v2.2.0 (2022-03-28)
+
+* Added the input `/credit_card/country`. This is the country where the
+  issuer of the card is located. This may be passed instead of the
+  `/credit_card/issuer_id_number` if you do not wish to pass partial
+  account numbers or if your payment processor does not provide them. You
+  may provide this using the `country` attribute on
+  `Minfraud::Components::CreditCard`.
+
+## v2.1.0 (2022-01-25)
+
+* Adds the following new processor to `Minfraud::Components::Payment`:
+  * `:windcave`
+* The `last_4_digits` input to `Minfraud::Components::CreditCard` has been
+  deprecated in favor of `last_digits` and will be removed in a future
+  release. `last_digits`/`last_4_digits` also now supports two digit values
+  in addition to the previous four digit values.
+* Eight digit `issuer_id_number` inputs are now supported by
+  `Minfraud::Components::CreditCard` in addition to the previously accepted
+  six digit `issuer_id_number`. In most cases, you should send the last four
+  digits for `last_digits`. If you send an `issuer_id_number` that contains
+  an eight digit IIN, and if the credit card brand is not one of the
+  following, you should send the last two digits for `last_digits`:
+  * `Discover`
+  * `JCB`
+  * `Mastercard`
+  * `UnionPay`
+  * `Visa`
+
+## v2.0.0 (2021-12-06)
+
+* Breaking change from 1.x: Removed deprecated methods
+  `is_in_european_union`, `is_anonymous`, `is_anonymous_vpn`,
+  `is_hosting_provider`, `is_public_proxy`, and `is_tor_exit_node`. The
+  non-deprecated equivalents are `in_european_union?`, `anonymous?`,
+  `anonymous_vpn?`, `hosting_provider?`, `public_proxy?`, and
+  `tor_exit_node?`.
+* Breaking change from 1.x: Removed deprecated methods for deprecated
+  subscores: `email_tenure` and `ip_tenure`. For `email_tenure`, please use
+  the `email_address` subscore instead. For `ip_tenure`, please use
+  `risk_score` instead.
+* Breaking change from 1.x: Removed deprecated method for deprecated
+  attribute `ip_address.country.is_high_risk`.
+* Breaking change from 1.x: Switches HTTP client from faraday to http.rb.
+  There should be no behavior change for most users, but this is
+  technically a breaking change from the perspective of semver. Most users
+  should not be affected as the changes are limited to attributes and
+  classes that would not normally be accessed outside the gem.
+* Breaking change from 1.x: `user_id` is no longer supported as a way to
+  configure your MaxMind account ID. Use `account_id` instead.
+* Breaking change from 1.x: Removed the `Minfraud.configuration` method.
+* Breaking change from 1.x: Localized names are no longer exposed via
+  methods on `names` objects, only as hash keys. For example, use
+  `response.ip_address.country.names['en']` instead of
+  `response.ip_address.country.names.en`. The latter was deprecated.
+* Adds mobile country code (MCC) and mobile network code (MNC) to minFraud
+  Insights and Factors responses. These are available at
+  `response.ip_address.traits.mobile_country_code` and
+  `response.ip_address.traits.mobile_network_code`. We expect this data to
+  be available by late January, 2022.
+* Adds the following new processors to `Minfraud::Components::Payment`:
+  * `:boacompra`
+  * `:boku`
+  * `:coregateway`
+  * `:fiserv`
+  * `:neopay`
+  * `:neosurf`
+  * `:openbucks`
+  * `:paysera`
+  * `:payvision`
+  * `:trustly`
+* Depend on the `maxmind-geoip2` gem. This allows us to delete classes from
+  that gem that we previously had included in this gem. There is no
+  functional difference.
+
+## v1.6.0 (2021-08-19)
+
+* Adds new processor to `Minfraud::Components::Payment`: `:cardknox`,
+  `:creditguard`, `:credorax`, `:datacap`, `:dlocal`, `:onpay`, and
+  `:safecharge`.
+* Adds `rule_label` to minFraud output `/disposition`.
+* Adds support for the `/credit_card/was_3d_secure_successful` input. This is
+  available by setting the `was_3d_secure_successful` attribute on
+  `Minfraud::Components::CreditCard`.
+* Ruby 2.5+ is now required. If you're using Ruby 2.1, 2.2, 2.3, or 2.4,
+  please use version 1.5.0 of this gem.
+
+## v1.5.0 (2021-02-02)
+
+* Adds the `hash_address` attribute to `Minfraud::Components::Email`. If
+  this is `true`, the MD5 hash of the `address` will be sent instead of the
+  plain text `address`. Use this if you prefer to send the hash of the
+  `address` rather than the plain text. Note that this normalizes the
+  `address`, so we recommend using it as opposed to hashing the `address`
+  manually.
+* The email `domain` input is now automatically set if the email `address`
+  input is set but the `domain` is not.
+* Adds new payment processors `:apple_pay` and `:aps_payments` to
+  `Minfraud::Components::Payment`.
+* Adds support for the IP address risk reasons in the minFraud Insights
+  and Factors responses. This is available at `.ip_address.risk_reasons`.
+  It is an array of `IPRiskReason` objects.
+
+## v1.4.1 (2020-12-01)
+
+* Do not throw an exception if the response does not include IP address
+  information. Previously we would incorrectly try to retrieve fields from
+  `nil`, leading to a `NoMethodError`.
+
+## v1.4.0 (2020-10-13)
+
+* IMPORTANT: Ruby 2.0 is no longer supported. If you're using Ruby 2.0,
+  please use version 1.3.0.
+* Adds handling for the `REQUEST_INVALID` error code.
+* The IP address is no longer a required input.
+* Adds new payment processor `:tsys` to `Minfraud::Components::Payment`.
+
+## v1.3.0 (2020-09-25)
+
+* Adds support for persistent HTTP connections. Connections persist
+  automatically.
+* IMPORTANT: Ruby 1.9 is no longer supported. If you're using Ruby 1.9,
+  please use version 1.2.0 or older.
+* Adds support for client side validation of inputs. An `InvalidInputError`
+  exception will be raised if an input is invalid. This can be enabled by
+  setting `enable_validation` to `true` when configuring `Minfraud`. It is
+  disabled by default.
+* Adds the `residential_proxy?` method to `MaxMind::GeoIP2::Record::Traits`
+  for use with minFraud Insights and Factors.
+
+## v1.2.0 (2020-07-15)
+
+* Adds new processor types to `Minfraud::Components::Payment`: `:cashfree`,
+  `:first_atlantic_commerce`, `:komoju`, `:paytm`, `:razorpay`, and
+  `:systempay`.
+* Adds support for three new Factors outputs: `/subscores/device` (the risk
+  associated with the device), `/subscores/email_local_part` (the risk
+  associated with the part of the email address before the @ symbol) and
+  `/subscores/shipping_address` (the risk associated with the shipping
+  address).
+* Adds support for providing your MaxMind account ID using the `account_id`
+  attribute instead of the `user_id` attribute. In a future release,
+  support for the `user_id` attribute will be removed.
+
+## v1.1.0 (2020-06-19)
+
+* Adds support for the minFraud Report Transaction API. Reporting
+  transactions to MaxMind helps us detect about 10-50% more fraud and
+  reduce false positives for you.
+* Adds support for the new credit card output `/credit_card/is_business`.
+  This indicates whether the card is a business card. It may be accessed
+  via `response.credit_credit.is_business` on the minFraud Insights and
+  Factors response objects.
+* Adds support for the new email domain output `/email/domain/first_seen`.
+  This may be accessed via `response.email.domain.first_seen` on the
+  minFraud Insights and Factors response objects.
+* Rename `ErrorHandler#inspect` to `ErrorHandler#examine` in order not to
+  break LSP.
+* Adds classes for the Score, Insights, and Factors responses. This allows
+  us to provide API documentation for the various response attributes.
+* Removes `hashie` as a required dependency.
+* Adds new processor types to `Minfraud::Components::Payment`: `:affirm`,
+  `:afterpay`, `:cardpay`, `:ccavenue`, `:cetelem`, `:ct_payments`,
+  `:dalenys`, `:datacash`, `:dotpay`, `:ecommpay`, `:epx`, `:g2a_pay`,
+  `:gocardless`, `:interac`, `:klarna`, `:mercanet`, `:oney`, `:payeezy`,
+  `:paylike`, `:payment_express`, `:paysafecard`, `:posconnect`,
+  `:smartdebit`, `:synapsefi`, and others.
+* Adds support for passing custom inputs to minFraud. GitHub #6.
+* Adds `:email_change`, `:password_reset`, and `:payout_change` as types to
+  `Minfraud::Components::Event`.
+* Adds support for the `session_id` and `session_age` inputs.
+
+## v1.0.4 (2016-12-23)
 
 * Prevents boolean value conversion to string to avoid warnings
 * Adds `amount` attribute to the `Minfraud::Components::Order` instances
 
-## v1.0.3
+## v1.0.3 (2016-11-24)
+
 * Adds `token` attribute to the `Minfraud::Components::CreditCard` instances
 according to the MinFraud Release Notes introduced on November 17, 2016
 
-## v1.0.2
+## v1.0.2 (2016-10-11)
 
 * Adds support for Ruby >= 1.9

data/CODE_OF_CONDUCT.md

@@ -35,7 +35,7 @@ This code of conduct applies both within project spaces and in public spaces
 when an individual is representing the project or its community.
 
 Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported by contacting a project maintainer at kushnir.yb@gmail.com. All
+reported by contacting a project maintainer at support@maxmind.com. All
 complaints will be reviewed and investigated and will result in a response that
 is deemed necessary and appropriate to the circumstances. Maintainers are
 obligated to maintain confidentiality with regard to the reporter of an
@@ -43,7 +43,7 @@ incident.
 
 This Code of Conduct is adapted from the [Contributor Covenant][homepage],
 version 1.3.0, available at
-[http://contributor-covenant.org/version/1/3/0/][version]
+[https://contributor-covenant.org/version/1/3/0/][version]
 
-[homepage]: http://contributor-covenant.org
-[version]: http://contributor-covenant.org/version/1/3/0/
+[homepage]: https://contributor-covenant.org
+[version]: https://contributor-covenant.org/version/1/3/0/

data/Gemfile

@@ -1,5 +1,5 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 
-# Specify your gem's dependencies in minfraud.gemspec
-gem 'coveralls', require: false
 gemspec

data/LICENSE.txt

@@ -1,6 +1,7 @@
 The MIT License (MIT)
 
-Copyright (c) 2016 kushnir.yb
+Copyright (c) 2016-2020 kushnir.yb
+Copyright (c) 2020-2024 MaxMind, Inc.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.dev.md

@@ -0,0 +1,4 @@
+# How to release
+
+See
+[here](https://github.com/maxmind/MaxMind-DB-Reader-ruby/blob/main/README.dev.md).