minfraud 1.4.0 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1b1e4e92365857b6d5d5be13e1d31a863b4c89bc9b845df4e54faebd0ffd4104
-  data.tar.gz: 0d320caef5e7ce0bbb751c1d5a7e1ec60c6c0d97d4d683649c19c84e16b2b733
+  metadata.gz: 4e3c2e76357a683ceda7350bde7dc4c89cc6055d473b771ee74041d4371f05f7
+  data.tar.gz: 60aacbf2435a51f65c9d9702e209ddab469d21dd672ba8d5baf34dae807deb2f
 SHA512:
-  metadata.gz: 2fd31f60de5693ec4248852f4bbd8c73d5e5e86cadc6648028b3fcac794c4e66fd4b1a002eef8e24bffdc4a3100cd14965a093f9e1c0bfaacfd220611087708f
-  data.tar.gz: c183a0bd27ad2710f34e04b33f3a0e46f8abfbd573faafdbbcdbc8533a634a59e111d59fc14b23c7984da4ee5af1911b6a4c7f70a103ae8a7bc9448ca3f162de
+  metadata.gz: ebdccdbdb2d97665faabbf8486cdeb029e1a1d372a09a1ffeff226f5f900d99887e6e370e01515543983c46f86d4083fa347e557d82c5dde265b079e055adddc
+  data.tar.gz: 61f65f9cc64dd1e0c205c5c2f8df5acfb621dc1ae80b828d5df27e0616964ac0c0a1315b609a4a3228b1f9ecce78dd31411b66513c25eb4311532b3b9f71d775

data/.github/dependabot.yml

@@ -0,0 +1,7 @@
+version: 2
+updates:
+- package-ecosystem: bundler
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10

data/.github/workflows/rubocop.yml

@@ -7,6 +7,6 @@ jobs:
       - uses: actions/checkout@v2
       - uses: ruby/setup-ruby@v1
         with:
-          ruby-version: 2.7
+          ruby-version: '3.0'
       - run: bundle install
       - run: bundle exec rake -t rubocop

data/.github/workflows/test.yml

@@ -9,13 +9,10 @@ jobs:
         os: [ubuntu-latest, windows-latest, macos-latest]
         version:
           [
-            2.1,
-            2.2,
-            2.3,
-            2.4,
             2.5,
             2.6,
             2.7,
+            '3.0',
             jruby,
           ]
         exclude:

data/.rubocop.yml

@@ -1,5 +1,6 @@
-Gemspec/RequiredRubyVersion:
-  Enabled: false # We support 2.1+, but rubocop supports 2.4+.
+AllCops:
+    TargetRubyVersion: 2.5
+    NewCops: enable
 
 # Metrics.
 
@@ -39,7 +40,7 @@ Layout/IndentationStyle:
 # Style.
 
 Style/HashSyntax:
-  EnforcedStyle: ruby19_no_mixed_keys # Default is ruby19.
+  EnforcedStyle: ruby19_no_mixed_keys # Default is ruby19. This one is better.
 
 Style/CollectionMethods:
   Enabled: true # Default is false.
@@ -53,9 +54,6 @@ Style/NegatedIf: # I disagree with this.
 Style/IfUnlessModifier: # This doesn't always make sense.
   Enabled: false
 
-Style/SymbolArray:
-  EnforcedStyle: brackets # Default is percent, but 1.9 doesn't support that.
-
 # Trailing commas are often good.
 Style/TrailingCommaInArguments:
   Enabled: false
@@ -64,9 +62,6 @@ Style/TrailingCommaInArrayLiteral:
 Style/TrailingCommaInHashLiteral:
   Enabled: false
 
-Style/SafeNavigation:
-  Enabled: false # Default is true, but this 1.9 doesn't support it.
-
 # Default is both which is probably fine, but it changes code and I don't want
 # to investigate any possible behavior change right now.
 Style/EmptyElse:
@@ -75,25 +70,12 @@ Style/EmptyElse:
 Style/ConditionalAssignment:
   Enabled: false # This produces kind of strange results.
 
-Style/Dir:
-  Enabled: false # This is good, but not supported on 1.9.
-
-Style/ExpandPathArguments:
-  Enabled: false # This causes us to use __dir__ which 1.9 doesn't support.
-
 Style/GuardClause:
   Enabled: false # Doesn't always make sense.
 
-Style/Documentation:
-  Enabled: false # We should enable this, but allow for pre-existing code.
-
 Style/FormatStringToken:
   Enabled: false # Seems unnecessary.
 
-# Asks to use x.negative? instead of x < 0. But this isn't available until 2.3.
-Style/NumericPredicate:
-  Enabled: false
-
 # Seems unnecessary. Asks us to call super in a bunch of places when there's no
 # need.
 Lint/MissingSuper:
@@ -103,6 +85,3 @@ Lint/MissingSuper:
 
 Naming/VariableNumber:
   Enabled: false # Doesn't always make sense.
-
-AllCops:
-  NewCops: enable

data/CHANGELOG.md

@@ -1,4 +1,84 @@
-# Minfraud Changelog
+# Changelog
+
+## v2.0.0 (2021-12-06)
+
+* Breaking change from 1.x: Removed deprecated methods
+  `is_in_european_union`, `is_anonymous`, `is_anonymous_vpn`,
+  `is_hosting_provider`, `is_public_proxy`, and `is_tor_exit_node`. The
+  non-deprecated equivalents are `in_european_union?`, `anonymous?`,
+  `anonymous_vpn?`, `hosting_provider?`, `public_proxy?`, and
+  `tor_exit_node?`.
+* Breaking change from 1.x: Removed deprecated methods for deprecated
+  subscores: `email_tenure` and `ip_tenure`. For `email_tenure`, please use
+  the `email_address` subscore instead. For `ip_tenure`, please use
+  `risk_score` instead.
+* Breaking change from 1.x: Removed deprecated method for deprecated
+  attribute `ip_address.country.is_high_risk`.
+* Breaking change from 1.x: Switches HTTP client from faraday to http.rb.
+  There should be no behavior change for most users, but this is
+  technically a breaking change from the perspective of semver. Most users
+  should not be affected as the changes are limited to attributes and
+  classes that would not normally be accessed outside the gem.
+* Breaking change from 1.x: `user_id` is no longer supported as a way to
+  configure your MaxMind account ID. Use `account_id` instead.
+* Breaking change from 1.x: Removed the `Minfraud.configuration` method.
+* Breaking change from 1.x: Localized names are no longer exposed via
+  methods on `names` objects, only as hash keys. For example, use
+  `response.ip_address.country.names['en']` instead of
+  `response.ip_address.country.names.en`. The latter was deprecated.
+* Adds mobile country code (MCC) and mobile network code (MNC) to minFraud
+  Insights and Factors responses. These are available at
+  `response.ip_address.traits.mobile_country_code` and
+  `response.ip_address.traits.mobile_network_code`. We expect this data to
+  be available by late January, 2022.
+* Adds the following new processors to `Minfraud::Components::Payment`:
+  * `:boacompra`
+  * `:boku`
+  * `:coregateway`
+  * `:fiserv`
+  * `:neopay`
+  * `:neosurf`
+  * `:openbucks`
+  * `:paysera`
+  * `:payvision`
+  * `:trustly`
+* Depend on the `maxmind-geoip2` gem. This allows us to delete classes from
+  that gem that we previously had included in this gem. There is no
+  functional difference.
+
+## v1.6.0 (2021-08-19)
+
+* Adds new processor to `Minfraud::Components::Payment`: `:cardknox`,
+  `:creditguard`, `:credorax`, `:datacap`, `:dlocal`, `:onpay`, and
+  `:safecharge`.
+* Adds `rule_label` to minFraud output `/disposition`.
+* Adds support for the `/credit_card/was_3d_secure_successful` input. This is
+  available by setting the `was_3d_secure_successful` attribute on
+  `Minfraud::Components::CreditCard`.
+* Ruby 2.5+ is now required. If you're using Ruby 2.1, 2.2, 2.3, or 2.4,
+  please use version 1.5.0 of this gem.
+
+## v1.5.0 (2021-02-02)
+
+* Add the `hash_address` attribute to `Minfraud::Components::Email`. If
+  this is `true`, the MD5 hash of the `address` will be sent instead of the
+  plain text `address`. Use this if you prefer to send the hash of the
+  `address` rather than the plain text. Note that this normalizes the
+  `address`, so we recommend using it as opposed to hashing the `address`
+  manually.
+* The email `domain` input is now automatically set if the email `address`
+  input is set but the `domain` is not.
+* Adds new payment processors `:apple_pay` and `:aps_payments` to
+  `Minfraud::Components::Payment`.
+* Added support for the IP address risk reasons in the minFraud Insights
+  and Factors responses. This is available at `.ip_address.risk_reasons`.
+  It is an array of `IPRiskReason` objects.
+
+## v1.4.1 (2020-12-01)
+
+* Do not throw an exception if the response does not include IP address
+  information. Previously we would incorrectly try to retrieve fields from
+  `nil`, leading to a `NoMethodError`.
 
 ## v1.4.0 (2020-10-13)
 
@@ -69,6 +149,7 @@
 * Adds `amount` attribute to the `Minfraud::Components::Order` instances
 
 ## v1.0.3 (2016-11-24)
+
 * Adds `token` attribute to the `Minfraud::Components::CreditCard` instances
 according to the MinFraud Release Notes introduced on November 17, 2016
 

data/Gemfile

@@ -2,13 +2,4 @@
 
 source 'https://rubygems.org'
 
-# coveralls fails on Ruby 1.9. My understanding is we don't need to run this on
-# more than one version anyway, so restrict to the current latest.
-version_pieces = RUBY_VERSION.split('.')
-major_version  = version_pieces[0]
-minor_version  = version_pieces[1]
-if major_version == '2' && minor_version == '7'
-  gem 'coveralls', require: false
-end
-
 gemspec

data/LICENSE.txt

@@ -1,7 +1,7 @@
 The MIT License (MIT)
 
 Copyright (c) 2016-2020 kushnir.yb
-Copyright (c) 2020 MaxMind, Inc.
+Copyright (c) 2020-2021 MaxMind, Inc.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.dev.md

@@ -1,4 +1,4 @@
 # How to release
 
 See
-[here](https://github.com/maxmind/MaxMind-DB-Reader-ruby/blob/master/README.dev.md).
+[here](https://github.com/maxmind/MaxMind-DB-Reader-ruby/blob/main/README.dev.md).

data/README.md

@@ -3,9 +3,9 @@
 ## Description
 
 This package provides an API for the [MaxMind minFraud web
-services](https://dev.maxmind.com/minfraud/). This includes minFraud Score,
+services](https://dev.maxmind.com/minfraud?lang=en). This includes minFraud Score,
 Insights, and Factors. It also includes our [minFraud Report Transaction
-API](https://dev.maxmind.com/minfraud/report-transaction/).
+API](https://dev.maxmind.com/minfraud/report-a-transaction?lang=en).
 
 The legacy minFraud Standard and Premium services are not supported by this
 API.
@@ -122,14 +122,15 @@ assessment = Minfraud::Assessments.new(
     decline_code:   'invalid number',
   },
   credit_card: {
-    issuer_id_number:        '411111',
-    last_4_digits:           '7643',
-    bank_name:               'Bank of No Hope',
-    bank_phone_country_code: '1',
-    bank_phone_number:       '123-456-1234',
-    token:                   'abcd',
-    avs_result:              'Y',
-    cvv_result:              'N',
+    issuer_id_number:         '411111',
+    last_4_digits:            '7643',
+    bank_name:                'Bank of No Hope',
+    bank_phone_country_code:  '1',
+    bank_phone_number:        '123-456-1234',
+    token:                    'abcd',
+    avs_result:               'Y',
+    cvv_result:               'N',
+    was_3d_secure_successful: true,
   },
   order: {
     amount:           323.21,
@@ -264,7 +265,7 @@ to the client API, please see
 
 ## Requirements
 
-This gem works with Ruby 2.1 and above.
+This gem works with Ruby 2.5 and above.
 
 ## Contributing
 
@@ -282,7 +283,7 @@ This API uses [Semantic Versioning](https://semver.org/).
 
 Copyright (c) 2016-2020 kushnir.yb.
 
-Copyright (c) 2020 MaxMind, Inc.
+Copyright (c) 2020-2021 MaxMind, Inc.
 
 The gem is available as open source under the terms of the [MIT
 License](https://opensource.org/licenses/MIT).

data/lib/minfraud/assessments.rb

@@ -4,9 +4,8 @@ module Minfraud
   # Assessments is used to perform minFraud Score, Insights, and Factors
   # requests.
   #
-  # @see https://dev.maxmind.com/minfraud/
+  # @see https://dev.maxmind.com/minfraud?lang=en
   class Assessments
-    include ::Minfraud::HTTPService
     include ::Minfraud::Resolver
 
     # The Account component.
@@ -82,6 +81,8 @@ module Minfraud
     #
     # @return [Minfraud::HTTPService::Response]
     #
+    # @raise [JSON::ParserError] if there was invalid JSON in the response.
+    #
     # @raise [Minfraud::AuthorizationError] If there was an authentication
     #   problem.
     #
@@ -98,6 +99,8 @@ module Minfraud
     #
     # @return [Minfraud::HTTPService::Response]
     #
+    # @raise [JSON::ParserError] if there was invalid JSON in the response.
+    #
     # @raise [Minfraud::AuthorizationError] If there was an authentication
     #   problem.
     #
@@ -114,6 +117,8 @@ module Minfraud
     #
     # @return [Minfraud::HTTPService::Response]
     #
+    # @raise [JSON::ParserError] if there was invalid JSON in the response.
+    #
     # @raise [Minfraud::AuthorizationError] If there was an authentication
     #   problem.
     #
@@ -129,18 +134,22 @@ module Minfraud
     private
 
     def perform_request(endpoint)
-      raw = request.perform(
-        verb:     :post,
-        endpoint: endpoint.to_s,
-        body:     request_body,
-      )
+      response = nil
+      body     = nil
+      Minfraud.connection_pool.with do |client|
+        response = client.post(
+          "/minfraud/v2.0/#{endpoint}",
+          json: request_body,
+        )
+
+        body = response.to_s
+      end
 
       response = ::Minfraud::HTTPService::Response.new(
-        endpoint: endpoint,
-        locales:  @locales,
-        status:   raw.status.to_i,
-        body:     raw.body,
-        headers:  raw.headers
+        endpoint,
+        @locales,
+        response,
+        body,
       )
 
       ::Minfraud::ErrorHandler.examine(response)
@@ -153,9 +162,5 @@ module Minfraud
         mem.merge!(e.to_s => value.to_json)
       end
     end
-
-    def request
-      @request ||= Request.new(::Minfraud::HTTPService.configuration)
-    end
   end
 end

data/lib/minfraud/components/account.rb

@@ -4,7 +4,7 @@ module Minfraud
   module Components
     # Account corresponds to the account object of a minFraud request.
     #
-    # @see https://dev.maxmind.com/minfraud/#Account_(/account)
+    # @see https://dev.maxmind.com/minfraud/api-documentation/requests?lang=en#schema--request--account
     class Account < Base
       include Minfraud::Validates
 

data/lib/minfraud/components/billing.rb

@@ -4,7 +4,7 @@ module Minfraud
   module Components
     # Billing corresponds to the billing object of a minFraud request.
     #
-    # @see https://dev.maxmind.com/minfraud/#Billing_(/billing)
+    # @see https://dev.maxmind.com/minfraud/api-documentation/requests?lang=en#schema--request--billing
     class Billing < Addressable; end
   end
 end

data/lib/minfraud/components/credit_card.rb

@@ -4,7 +4,7 @@ module Minfraud
   module Components
     # CreditCard corresponds to the credit_card object of a minFraud request.
     #
-    # @see https://dev.maxmind.com/minfraud/#Credit_Card_(/creditcard)
+    # @see https://dev.maxmind.com/minfraud/api-documentation/requests?lang=en#schema--request--credit-card
     class CreditCard < Base
       include Minfraud::Validates
 
@@ -62,17 +62,28 @@ module Minfraud
       # @return [String, nil]
       attr_accessor :cvv_result
 
+      # Whether the outcome of 3-D Secure verification (e.g. Safekey,
+      # SecureCode, Verified by Visa) was successful. +true+ if customer
+      # verification was successful, or +false+ if the customer failed
+      # verification. If 3-D Secure verification was not used, was unavailable,
+      # or resulted in an outcome other than success or failure, do not
+      # include this field.
+      #
+      # @return [Boolean, nil]
+      attr_accessor :was_3d_secure_successful
+
       # @param params [Hash] Hash of parameters. Each key/value should
       #   correspond to one of the available attributes.
       def initialize(params = {})
-        @bank_phone_country_code = params[:bank_phone_country_code]
-        @issuer_id_number        = params[:issuer_id_number]
-        @last_4_digits           = params[:last_4_digits]
-        @bank_name               = params[:bank_name]
-        @bank_phone_number       = params[:bank_phone_number]
-        @avs_result              = params[:avs_result]
-        @cvv_result              = params[:cvv_result]
-        @token                   = params[:token]
+        @bank_phone_country_code  = params[:bank_phone_country_code]
+        @issuer_id_number         = params[:issuer_id_number]
+        @last_4_digits            = params[:last_4_digits]
+        @bank_name                = params[:bank_name]
+        @bank_phone_number        = params[:bank_phone_number]
+        @avs_result               = params[:avs_result]
+        @cvv_result               = params[:cvv_result]
+        @token                    = params[:token]
+        @was_3d_secure_successful = params[:was_3d_secure_successful]
 
         validate
       end
@@ -90,6 +101,7 @@ module Minfraud
         validate_string('avs_result', 1, @avs_result)
         validate_string('cvv_result', 1, @cvv_result)
         validate_credit_card_token('token', @token)
+        validate_boolean('was_3d_secure_successful', @was_3d_secure_successful)
       end
     end
   end

data/lib/minfraud/components/custom_inputs.rb

@@ -5,7 +5,7 @@ module Minfraud
     # CustomInputs corresponds to the custom_inputs object of a minFraud
     # request.
     #
-    # @see https://dev.maxmind.com/minfraud/#Custom_Inputs_(/custominputs)
+    # @see https://dev.maxmind.com/minfraud/api-documentation/requests?lang=en#schema--request--custom-inputs
     class CustomInputs < Base
       include Minfraud::Validates
 

data/lib/minfraud/components/device.rb

@@ -4,7 +4,7 @@ module Minfraud
   module Components
     # Device corresponds to the device object of a minFraud request.
     #
-    # @see https://dev.maxmind.com/minfraud/#Device_(/device)
+    # @see https://dev.maxmind.com/minfraud/api-documentation/requests?lang=en#schema--request--device
     class Device < Base
       include Minfraud::Validates
 

data/lib/minfraud/components/email.rb

@@ -1,17 +1,21 @@
 # frozen_string_literal: true
 
+require 'digest/md5'
+require 'simpleidn'
+
 module Minfraud
   module Components
     # Email corresponds to the email object of a minFraud request.
     #
-    # @see https://dev.maxmind.com/minfraud/#Email_(/email)
+    # @see https://dev.maxmind.com/minfraud/api-documentation/requests?lang=en#schema--request--email
     class Email < Base
       include Minfraud::Validates
 
       # This field must be either be a valid email address or an MD5 of the
       # lowercased email used in the transaction. Important: if using the MD5
       # hash, please be sure to convert the email address to lowercase before
-      # calculating its MD5 hash.
+      # calculating its MD5 hash. Instead of converting an address to an MD5
+      # hash yourself, please use the hash_address attribute in this class.
       #
       # @return [String, nil]
       attr_accessor :address
@@ -21,15 +25,46 @@ module Minfraud
       # @return [String, nil]
       attr_accessor :domain
 
+      # By default, the address will be sent in plain text. If this is set
+      # true, the address will instead be sent as an MD5 hash.
+      #
+      # @return [Boolean, nil]
+      attr_accessor :hash_address
+
       # @param params [Hash] Hash of parameters. Each key/value should
       #   correspond to one of the available attributes.
       def initialize(params = {})
-        @address = params[:address]
-        @domain  = params[:domain]
+        @address      = params[:address]
+        @domain       = params[:domain]
+        @hash_address = params[:hash_address]
 
         validate
       end
 
+      # A JSON representation of Minfraud::Components::Email.
+      #
+      # @return [Hash]
+      def to_json(*_args)
+        json = super
+
+        if json['address'] && !json['domain']
+          _, domain = address.split('@', 2)
+          if domain
+            domain         = clean_domain(domain)
+            json['domain'] = domain if domain
+          end
+        end
+
+        if json.delete('hash_address') && json['address']
+          hash = hash_email_address(json['address'])
+
+          # We could consider clearing the key if !hash.
+          json['address'] = hash if hash
+        end
+
+        json
+      end
+
       private
 
       def validate
@@ -38,6 +73,60 @@ module Minfraud
         validate_email('email', @address)
         validate_string('domain', 255, @domain)
       end
+
+      def hash_email_address(address)
+        address = clean_email_address(address)
+        return nil if !address
+
+        Digest::MD5.hexdigest(address)
+      end
+
+      def clean_email_address(address)
+        address = address.strip
+        address.downcase!
+
+        local_part, domain = address.split('@', 2)
+        return nil if !local_part || !domain
+
+        domain = clean_domain(domain)
+
+        if domain == 'yahoo.com'
+          local_part.sub!(/\A([^-]+)-.*\z/, '\1')
+        else
+          local_part.sub!(/\A([^+]+)\+.*\z/, '\1')
+        end
+
+        "#{local_part}@#{domain}"
+      end
+
+      TYPO_DOMAINS = {
+        # gmail.com
+        '35gmai.com'     => 'gmail.com',
+        '636gmail.com'   => 'gmail.com',
+        'gamil.com'      => 'gmail.com',
+        'gmail.comu'     => 'gmail.com',
+        'gmial.com'      => 'gmail.com',
+        'gmil.com'       => 'gmail.com',
+        'yahoogmail.com' => 'gmail.com',
+        # outlook.com
+        'putlook.com'    => 'outlook.com',
+      }.freeze
+      private_constant :TYPO_DOMAINS
+
+      def clean_domain(domain)
+        domain = domain.strip
+
+        # We could use delete_suffix!, but that is in Ruby 2.5+ only.
+        domain.sub!(/\.\z/, '')
+
+        domain = SimpleIDN.to_ascii(domain)
+
+        if TYPO_DOMAINS.key?(domain)
+          domain = TYPO_DOMAINS[domain]
+        end
+
+        domain
+      end
     end
   end
 end

data/lib/minfraud/components/event.rb

@@ -4,7 +4,7 @@ module Minfraud
   module Components
     # Event corresponds to the event object of a minFraud request.
     #
-    # @see https://dev.maxmind.com/minfraud/#Event_(/event)
+    # @see https://dev.maxmind.com/minfraud/api-documentation/requests?lang=en#schema--request--event
     class Event < Base
       include ::Minfraud::Enum
       include Minfraud::Validates
@@ -43,16 +43,16 @@ module Minfraud
       #
       # @return [Symbol, nil]
       enum_accessor :type,
-                    [
-                      :account_creation,
-                      :account_login,
-                      :email_change,
-                      :password_reset,
-                      :payout_change,
-                      :purchase,
-                      :recurring_purchase,
-                      :referral,
-                      :survey,
+                    %i[
+                      account_creation
+                      account_login
+                      email_change
+                      password_reset
+                      payout_change
+                      purchase
+                      recurring_purchase
+                      referral
+                      survey
                     ]
 
       # @param params [Hash] Hash of parameters. Each key/value should

data/lib/minfraud/components/order.rb

@@ -4,7 +4,7 @@ module Minfraud
   module Components
     # Order corresponds to the order object of a minFraud request.
     #
-    # @see https://dev.maxmind.com/minfraud/#Order_(/order)
+    # @see https://dev.maxmind.com/minfraud/api-documentation/requests?lang=en#schema--request--order
     class Order < Base
       include Minfraud::Validates