minfraud 1.4.1 → 1.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: aa255a8f579aa729b4ceeb84db99f283bafdc2276fc6eba3d52e6133a8e2d4ea
-  data.tar.gz: 1d9717004f0f07eadf3d986f4f697f4d2c41ef7c08c21b9b1f3b7e6291c36286
+  metadata.gz: af8e0a313e978adbd8ccfdf6fccad4652ad0b5c4df5f7812da097f2be4d5390e
+  data.tar.gz: 8d766ee43c166bc26a8c8643cded1d7a43a27cf6cc531e9fddaf66028ab0ebde
 SHA512:
-  metadata.gz: a57eac0733d6c1d64319c80f458f00585897030433414ab0b4888606fedafac833e5fd1298fe608f8a343b87536ad2974bc794bba9317a5043980aa689c2e0cd
-  data.tar.gz: 0ef9a279e2ed6d9a08b3f972338f7ade34ecf1f2c409e6777333c9a6afcf1dbab3c03927b8e6a350c54ed4dd2c86bdd64672a36f51caa2087bfb8e53ab824b2a
+  metadata.gz: 497a1c19029b36879b1b2f1b42f7037cfa205b24b199d71c84564a1cf26136de41f6b7fc8fdb9c9ffa163d3f82b8283d159f017d887aaa9709dfd059f1333625
+  data.tar.gz: 72f3fd755450dd1f68b3f675fc181e3a326574bcde905ee7e1b3e64951c2c009788124b2e063e99ed6d080430d7f3d093bf64b8f8dfb78c452436de3937e5cbd

data/.github/workflows/rubocop.yml

@@ -7,6 +7,6 @@ jobs:
       - uses: actions/checkout@v2
       - uses: ruby/setup-ruby@v1
         with:
-          ruby-version: 2.7
+          ruby-version: '3.0'
       - run: bundle install
       - run: bundle exec rake -t rubocop

data/.github/workflows/test.yml

@@ -16,6 +16,7 @@ jobs:
             2.5,
             2.6,
             2.7,
+            '3.0',
             jruby,
           ]
         exclude:

data/CHANGELOG.md

@@ -1,5 +1,21 @@
 # Minfraud Changelog
 
+## v1.5.0 (2021-02-02)
+
+* Add the `hash_address` attribute to `Minfraud::Components::Email`. If
+  this is `true`, the MD5 hash of the `address` will be sent instead of the
+  plain text `address`. Use this if you prefer to send the hash of the
+  `address` rather than the plain text. Note that this normalizes the
+  `address`, so we recommend using it as opposed to hashing the `address`
+  manually.
+* The email `domain` input is now automatically set if the email `address`
+  input is set but the `domain` is not.
+* Adds new payment processors `:apple_pay` and `:aps_payments` to
+  `Minfraud::Components::Payment`.
+* Added support for the IP address risk reasons in the minFraud Insights
+  and Factors responses. This is available at `.ip_address.risk_reasons`.
+  It is an array of `IPRiskReason` objects.
+
 ## v1.4.1 (2020-12-01)
 
 * Do not throw an exception if the response does not include IP address

data/README.dev.md

@@ -1,4 +1,4 @@
 # How to release
 
 See
-[here](https://github.com/maxmind/MaxMind-DB-Reader-ruby/blob/master/README.dev.md).
+[here](https://github.com/maxmind/MaxMind-DB-Reader-ruby/blob/main/README.dev.md).

data/lib/minfraud/components/email.rb

@@ -1,5 +1,8 @@
 # frozen_string_literal: true
 
+require 'digest/md5'
+require 'simpleidn'
+
 module Minfraud
   module Components
     # Email corresponds to the email object of a minFraud request.
@@ -11,7 +14,8 @@ module Minfraud
       # This field must be either be a valid email address or an MD5 of the
       # lowercased email used in the transaction. Important: if using the MD5
       # hash, please be sure to convert the email address to lowercase before
-      # calculating its MD5 hash.
+      # calculating its MD5 hash. Instead of converting an address to an MD5
+      # hash yourself, please use the hash_address attribute in this class.
       #
       # @return [String, nil]
       attr_accessor :address
@@ -21,15 +25,46 @@ module Minfraud
       # @return [String, nil]
       attr_accessor :domain
 
+      # By default, the address will be sent in plain text. If this is set
+      # true, the address will instead be sent as an MD5 hash.
+      #
+      # @return [Boolean, nil]
+      attr_accessor :hash_address
+
       # @param params [Hash] Hash of parameters. Each key/value should
       #   correspond to one of the available attributes.
       def initialize(params = {})
-        @address = params[:address]
-        @domain  = params[:domain]
+        @address      = params[:address]
+        @domain       = params[:domain]
+        @hash_address = params[:hash_address]
 
         validate
       end
 
+      # A JSON representation of Minfraud::Components::Email.
+      #
+      # @return [Hash]
+      def to_json(*_args)
+        json = super
+
+        if json['address'] && !json['domain']
+          _, domain = address.split('@', 2)
+          if domain
+            domain         = clean_domain(domain)
+            json['domain'] = domain if domain
+          end
+        end
+
+        if json.delete('hash_address') && json['address']
+          hash = hash_email_address(json['address'])
+
+          # We could consider clearing the key if !hash.
+          json['address'] = hash if hash
+        end
+
+        json
+      end
+
       private
 
       def validate
@@ -38,6 +73,60 @@ module Minfraud
         validate_email('email', @address)
         validate_string('domain', 255, @domain)
       end
+
+      def hash_email_address(address)
+        address = clean_email_address(address)
+        return nil if !address
+
+        Digest::MD5.hexdigest(address)
+      end
+
+      def clean_email_address(address)
+        address = address.strip
+        address.downcase!
+
+        local_part, domain = address.split('@', 2)
+        return nil if !local_part || !domain
+
+        domain = clean_domain(domain)
+
+        if domain == 'yahoo.com'
+          local_part.sub!(/\A([^-]+)-.*\z/, '\1')
+        else
+          local_part.sub!(/\A([^+]+)\+.*\z/, '\1')
+        end
+
+        "#{local_part}@#{domain}"
+      end
+
+      TYPO_DOMAINS = {
+        # gmail.com
+        '35gmai.com'     => 'gmail.com',
+        '636gmail.com'   => 'gmail.com',
+        'gamil.com'      => 'gmail.com',
+        'gmail.comu'     => 'gmail.com',
+        'gmial.com'      => 'gmail.com',
+        'gmil.com'       => 'gmail.com',
+        'yahoogmail.com' => 'gmail.com',
+        # outlook.com
+        'putlook.com'    => 'outlook.com',
+      }.freeze
+      private_constant :TYPO_DOMAINS
+
+      def clean_domain(domain)
+        domain = domain.strip
+
+        # We could use delete_suffix!, but that is in Ruby 2.5+ only.
+        domain.sub!(/\.\z/, '')
+
+        domain = SimpleIDN.to_ascii(domain)
+
+        if TYPO_DOMAINS.key?(domain)
+          domain = TYPO_DOMAINS[domain]
+        end
+
+        domain
+      end
     end
   end
 end

data/lib/minfraud/components/payment.rb

@@ -22,6 +22,8 @@ module Minfraud
         :altapay,
         :amazon_payments,
         :american_express_payment_gateway,
+        :apple_pay,
+        :aps_payments,
         :authorizenet,
         :balanced,
         :beanstream,

data/lib/minfraud/components/shopping_cart.rb

@@ -13,7 +13,7 @@ module Minfraud
       attr_accessor :items
 
       # @param params [Array] Array of shopping cart items. You may provide
-      #   each item as either as Hash where each key is a symbol corresponding
+      #   each item as either a Hash where each key is a symbol corresponding
       #   to an item's field, or as a Minfraud:::Components::ShoppingCartItem
       #   object.
       def initialize(params = [])

data/lib/minfraud/model/ip_address.rb

@@ -2,6 +2,7 @@
 
 require 'maxmind/geoip2/model/insights'
 require 'minfraud/model/geoip2_location'
+require 'minfraud/model/ip_risk_reason'
 
 module Minfraud
   module Model
@@ -13,6 +14,13 @@ module Minfraud
       # @return [Float]
       attr_reader :risk
 
+      # This field contains IPRiskReason objects identifying the reasons why
+      # the IP address received the associated risk. This will be an empty
+      # array if there are no reasons.
+      #
+      # @return [Array<Minfraud::Model::IPRiskReason>]
+      attr_reader :risk_reasons
+
       # @!visibility private
       def initialize(record, locales)
         if record
@@ -32,6 +40,13 @@ module Minfraud
           @risk = nil
         end
 
+        @risk_reasons = []
+        if record && record.key?('risk_reasons')
+          record['risk_reasons'].each do |r|
+            @risk_reasons << Minfraud::Model::IPRiskReason.new(r)
+          end
+        end
+
         # Decorate objects with deprecated attributes and names for backwards
         # compatibility. Do this here rather than with the overhead of
         # subclasses/modules for them in the hope that one day we can delete

data/lib/minfraud/model/ip_risk_reason.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+require 'minfraud/model/abstract'
+
+module Minfraud
+  module Model
+    # Reason for the IP risk.
+    #
+    # This class provides both a machine-readable code and a human-readable
+    # explanation of the reason for the IP risk score.
+    #
+    # Although more codes may be added in the future, the current codes are:
+    #
+    # * ANONYMOUS_IP - The IP address belongs to an anonymous network. See the
+    #   object at ip_address.traits for more details.
+    # * BILLING_POSTAL_VELOCITY - Many different billing postal codes have been
+    #   seen on this IP address.
+    # * EMAIL_VELOCITY - Many different email addresses have been seen on this
+    #   IP address.
+    # * HIGH_RISK_DEVICE - A high risk device was seen on this IP address.
+    # * HIGH_RISK_EMAIL - A high risk email address was seen on this IP address
+    #   in your past transactions.
+    # * ISSUER_ID_NUMBER_VELOCITY - Many different issuer ID numbers have been
+    #   seen on this IP address.
+    # * MINFRAUD_NETWORK_ACTIVITY - Suspicious activity has been seen on this
+    #   IP address across minFraud customers.
+    class IPRiskReason < Abstract
+      # This value is a machine-readable code identifying the reason.
+      #
+      # @return [String, nil]
+      attr_reader :code
+
+      # This field provides a human-readable explanation of the reason. The
+      # text may change at any time and should not be matched against.
+      #
+      # @return [String, nil]
+      attr_reader :reason
+
+      # @!visibility private
+      def initialize(record)
+        super(record)
+
+        @code   = get('code')
+        @reason = get('reason')
+      end
+    end
+  end
+end

data/lib/minfraud/version.rb

@@ -2,5 +2,5 @@
 
 module Minfraud
   # The Gem version.
-  VERSION = '1.4.1'
+  VERSION = '1.5.0'
 end

data/minfraud.gemspec

@@ -25,6 +25,7 @@ Gem::Specification.new do |spec|
   spec.add_runtime_dependency 'faraday', '>= 0.9.1', '< 2.0'
   spec.add_runtime_dependency 'faraday_middleware', '>= 0.9.1', '< 2.0'
   spec.add_runtime_dependency 'net-http-persistent', '>= 2.0.0', '< 5.0'
+  spec.add_runtime_dependency 'simpleidn', '>= 0.1.1'
 
   spec.add_development_dependency 'bundler', '>= 1.16'
   spec.add_development_dependency 'rake'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: minfraud
 version: !ruby/object:Gem::Version
-  version: 1.4.1
+  version: 1.5.0
 platform: ruby
 authors:
 - kushnir.yb
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-12-01 00:00:00.000000000 Z
+date: 2021-02-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -70,6 +70,20 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: simpleidn
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.1.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.1.1
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -211,6 +225,7 @@ files:
 - lib/minfraud/model/geoip2_location.rb
 - lib/minfraud/model/insights.rb
 - lib/minfraud/model/ip_address.rb
+- lib/minfraud/model/ip_risk_reason.rb
 - lib/minfraud/model/issuer.rb
 - lib/minfraud/model/score.rb
 - lib/minfraud/model/score_ip_address.rb