money_mover 0.0.3 → 0.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f9f28c16cd835ccdab226255564ecb0bcaf9e5d4
-  data.tar.gz: 73a7dfbfa1c0603072668b09d37547a918586b30
+  metadata.gz: 539a311851902d5ab85946c0722879850cd5c8b7
+  data.tar.gz: c6147bebb234f5b70abc1c5b276c1c22eadbc5d2
 SHA512:
-  metadata.gz: 5d69bd6eafd2db81ca96f2b7fc419ecd8d4ab54b48c10e949f5054432d65c42e64db0a6c8db98ea748af6768536dff3589c0c7267834dba4a47bf2646c5bd07c
-  data.tar.gz: f6e6a950ed63bb3a46fbd3c3f0cfef703fa7d1704eb3879908fbb873f52154c2fd4e08faf701f4454cd06692b564e39e4092bc33f1a7372a07ae6fb0fa9c39ef
+  metadata.gz: 204cb3879e4d423c4d65717c0ec4a40de1038b5f76daa6f7c64d88757270386221b35eaa69a6ee99222ad8f7c9f02fb8decc8be45e53fdf14d1c68f666d1e603
+  data.tar.gz: cc3a3b581cfe26aa293bbd06de1d30d36c3fd7350b9646c995051d0d921384f73ec0a4f705798f7cd9cdb271352ce54ddfa1511afdf6f9ba1da092320a24d281

data/Gemfile

@@ -1,17 +1,3 @@
 source "https://rubygems.org"
 
 gemspec
-
-group :development do
-  gem 'rake'
-  gem 'rspec'
-  gem 'webmock'
-  gem 'shoulda-matchers'
-  gem 'activesupport'
-
-  gem 'activemodel'
-  gem 'faraday'
-  gem 'faraday_middleware'
-
-  gem "rack-test"
-end

data/Gemfile.lock

@@ -1,11 +1,12 @@
 PATH
   remote: .
   specs:
-    money_mover (0.0.1)
-      activemodel (~> 4.2, >= 4.2.6)
-      activesupport (~> 4.2, >= 4.2.6)
-      faraday (~> 0.9, >= 0.9.0)
-      faraday_middleware (~> 0.9, >= 0.9.0)
+    money_mover (0.0.3)
+      activemodel (>= 4.0, < 5.1)
+      activesupport (>= 4.0, < 5.1)
+      faraday (~> 0.9)
+      faraday_middleware (~> 0.9)
+      rack (>= 1.6, < 2.1)
 
 GEM
   remote: https://rubygems.org/
@@ -65,16 +66,12 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  activemodel
-  activesupport
-  faraday
-  faraday_middleware
   money_mover!
-  rack-test
-  rake
-  rspec
-  shoulda-matchers
-  webmock
+  rack-test (~> 0.6)
+  rake (~> 11.2)
+  rspec (~> 3.5)
+  shoulda-matchers (~> 3.1)
+  webmock (~> 2.1)
 
 BUNDLED WITH
    1.11.2

data/lib/money_mover.rb

@@ -1,14 +1,12 @@
-require 'active_support/core_ext/hash'
-#require 'active_support/hash_with_indifferent_access'
-
+require 'active_support/core_ext/hash' # for hash with indifferent access
+require 'openssl'
+require 'rack/utils'
 require 'faraday'
 require 'faraday_middleware'
 require 'active_model'
 
 require 'money_mover/version'
 require 'money_mover/standalone_errors'
-
-# dwolla
 require 'money_mover/dwolla'
 
 module MoneyMover; end

data/lib/money_mover/dwolla.rb

@@ -24,13 +24,14 @@ require 'money_mover/dwolla/models/transfer'
 require 'money_mover/dwolla/models/root_account'
 # customer models
 require 'money_mover/dwolla/models/customer'
-require 'money_mover/dwolla/models/receive_only_business_customer'
 require 'money_mover/dwolla/models/receive_only_customer'
+require 'money_mover/dwolla/models/receive_only_business_customer'
 require 'money_mover/dwolla/models/unverified_customer'
 require 'money_mover/dwolla/models/unverified_business_customer'
 require 'money_mover/dwolla/models/verified_business_customer'
 
-# application stuff
+# other stuff
+require 'money_mover/dwolla/request_signature_validator'
 require 'money_mover/dwolla/models/webhook_subscription'
 
 module MoneyMover

data/lib/money_mover/dwolla/models/api_resource.rb

@@ -38,7 +38,7 @@ module MoneyMover
           @resource_location = response.resource_location
           @id = response.resource_id
         else
-          populate_errors_from_response(response)
+          add_errors_from response
         end
 
         errors.empty?
@@ -47,15 +47,17 @@ module MoneyMover
       def destroy
         response = @client.delete resource_endpoint
 
-        populate_errors_from_response(response) unless response.success?
+        add_errors_from response unless response.success?
 
         errors.empty?
       end
 
       private
 
-      def populate_errors_from_response(response)
-        response.errors.each {|key, message| errors.add key, message }
+      def add_errors_from(model)
+        model.errors.each do |key, messages|
+          errors.add key, messages
+        end
       end
 
       def resource_endpoint

data/lib/money_mover/dwolla/models/receive_only_business_customer.rb

@@ -1,14 +1,6 @@
 module MoneyMover
   module Dwolla
-    class ReceiveOnlyBusinessCustomer < Customer
-      def initialize(attrs = {})
-        attrs[:type] = 'receive-only'
-        super attrs
-      end
-      private
-
-      validates_presence_of :firstName, :lastName, :email
-
+    class ReceiveOnlyBusinessCustomer < ReceiveOnlyCustomer
       def create_params
         create_attrs = {
           firstName: firstName,

data/lib/money_mover/dwolla/models/receive_only_customer.rb

@@ -1,18 +1,25 @@
 module MoneyMover
   module Dwolla
     class ReceiveOnlyCustomer < Customer
-      private
-
       validates_presence_of :firstName, :lastName, :email
 
+      def initialize(attrs = {})
+        super attrs.merge(type: 'receive-only')
+      end
+
+      private
+
       def create_params
-        {
+        create_attrs = {
           firstName: firstName,
           lastName: lastName,
           email: email,
           type: 'receive-only',
-          ipAddress: ipAddress
         }
+
+        create_attrs[:ipAddress] = ipAddress if ipAddress.present?
+
+        create_attrs
       end
     end
   end

data/lib/money_mover/dwolla/request_signature_validator.rb

@@ -0,0 +1,24 @@
+module MoneyMover
+  module Dwolla
+    class RequestSignatureValidator
+      include ActiveModel::Model
+      validate :valid_request_signature
+
+      def initialize(request_body, request_headers, ach_config = Config.new)
+        @request_body = request_body
+        @ach_request_signature = request_headers['HTTP_X_REQUEST_SIGNATURE_SHA_256']
+        @ach_webhook_secret_key = ach_config.webhook_secret_key
+      end
+
+      def valid_request_signature
+        unless @ach_request_signature && Rack::Utils.secure_compare(signed_body, @ach_request_signature)
+          errors.add :base, "Request Signature Invalid"
+        end
+      end
+
+      def signed_body
+        OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new("sha256"), @ach_webhook_secret_key, @request_body.string)
+      end
+    end
+  end
+end

data/lib/money_mover/version.rb

@@ -1,3 +1,3 @@
 module MoneyMover
-  VERSION = '0.0.3'
+  VERSION = '0.0.4'
 end

data/money_mover.gemspec

@@ -15,10 +15,17 @@ Gem::Specification.new do |s|
   s.homepage    = 'https://github.com/danoph/money_mover'
   s.license     = 'MIT'
 
-  s.add_dependency('faraday', '~> 0.9', '>= 0.9.0')
-  s.add_dependency('faraday_middleware', '~> 0.9', '>= 0.9.0')
-  s.add_dependency('activemodel', '~> 4.2', '>= 4.2.6')
-  s.add_dependency('activesupport', '~> 4.2', '>= 4.2.6')
+  s.add_dependency 'faraday', '~> 0.9'
+  s.add_dependency 'faraday_middleware', '~> 0.9'
+  s.add_dependency 'activemodel', '>= 4.0', '< 5.1'
+  s.add_dependency 'activesupport', '>= 4.0', '< 5.1'
+  s.add_dependency 'rack', '>= 1.6', '< 2.1'
+
+  s.add_development_dependency 'rake', '~> 11.2'
+  s.add_development_dependency 'rspec', '~> 3.5'
+  s.add_development_dependency 'webmock', '~> 2.1'
+  s.add_development_dependency 'shoulda-matchers', '~> 3.1'
+  s.add_development_dependency 'rack-test', '~> 0.6'
 
   s.files = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- spec/*`.split("\n")

data/spec/integration/money_mover/dwolla/request_signature_validator_spec.rb

@@ -0,0 +1,52 @@
+require 'spec_helper'
+
+describe MoneyMover::Dwolla::RequestSignatureValidator do
+  let(:event_params) {
+    {
+      id: "177dd734-3ce1-4701-8f92-9e57386d20f2",
+      resourceId: 'some-id',
+      topic: "some_topic",
+      timestamp: "2016-03-24T20:29:40.346Z",
+      _links: {
+        self: {href: "https://api-uat.dwolla.com/events/177dd734-3ce1-4701-8f92-9e57386d20f2"},
+        account: {href: "https://api-uat.dwolla.com/accounts/0f6589ac-588d-4283-81fc-325cbaa33d54"},
+        resource: {href: "https://api-uat.dwolla.com/funding-sources/something"},
+        customer: {href:"https://api-uat.dwolla.com/customers/2b4af2fe-4d2c-4a5f-8f06-898449086b7b"}
+      }
+    }
+  }
+
+  let(:request_body) { double 'request body', string: request_body_string }
+  let(:request_body_string) { Rack::Utils.build_nested_query event_params }
+
+  subject { described_class.new request_body, request_headers  }
+
+  describe '#valid?' do
+    context 'request correctly signed' do
+      let(:request_headers) { dwolla_helper.webhook_signed_header(event_params) }
+
+      it 'returns true' do
+        expect(subject.valid?).to eq(true)
+      end
+    end
+  end
+
+  context 'request NOT correctly signed' do
+    let(:request_headers) { dwolla_helper.webhook_header }
+
+    it 'rejects the request with a 401' do
+      expect(subject.valid?).to eq(false)
+      expect(subject.errors[:base]).to eq(['Request Signature Invalid'])
+    end
+  end
+
+  context 'request DOES NOT have signature header' do
+    let(:request_headers) {{}}
+
+    it 'rejects the request with a 401' do
+      expect(subject.valid?).to eq(false)
+      expect(subject.errors[:base]).to eq(['Request Signature Invalid'])
+    end
+  end
+end
+

data/spec/support/dwolla_helper.rb

@@ -327,4 +327,21 @@ class DwollaHelper
   def customer_url(customer_token)
     "#{customers_url}/#{customer_token}"
   end
+
+  def body_signature(body)
+    OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new("sha256"), webhook_secret_key, body)
+  end
+
+  def header_signature(hash)
+    body_signature Rack::Utils.build_nested_query(hash)
+  end
+
+  def webhook_signed_header(hash)
+    webhook_header header_signature(hash)
+  end
+
+  def webhook_header(value = 'invalid')
+    #{ 'X-Request-Signature-Sha-256' => value } # real value from rack
+    { 'HTTP_X_REQUEST_SIGNATURE_SHA_256' => value }
+  end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: money_mover
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.4
 platform: ruby
 authors:
 - Daniel Errante
@@ -17,9 +17,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.9.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -27,9 +24,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.9.0
 - !ruby/object:Gem::Dependency
   name: faraday_middleware
   requirement: !ruby/object:Gem::Requirement
@@ -37,9 +31,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.9.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -47,49 +38,136 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
+- !ruby/object:Gem::Dependency
+  name: activemodel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.9.0
+        version: '4.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.1'
 - !ruby/object:Gem::Dependency
-  name: activemodel
+  name: activesupport
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4.0'
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '4.2'
+        version: '5.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.2.6
+        version: '4.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.1'
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.6'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.6'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.2'
-    - - ">="
+        version: '11.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.2.6
+        version: '11.2'
 - !ruby/object:Gem::Dependency
-  name: activesupport
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.2'
-    - - ">="
+        version: '3.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.2.6
-  type: :runtime
+        version: '3.5'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+  type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.2'
-    - - ">="
+        version: '2.1'
+- !ruby/object:Gem::Dependency
+  name: shoulda-matchers
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.2.6
+        version: '0.6'
 description: Moves Money with ACH integrations (dwolla, stripe)
 email: danoph@gmail.com
 executables: []
@@ -127,6 +205,7 @@ files:
 - lib/money_mover/dwolla/models/unverified_customer.rb
 - lib/money_mover/dwolla/models/verified_business_customer.rb
 - lib/money_mover/dwolla/models/webhook_subscription.rb
+- lib/money_mover/dwolla/request_signature_validator.rb
 - lib/money_mover/dwolla/token.rb
 - lib/money_mover/standalone_errors.rb
 - lib/money_mover/version.rb
@@ -137,6 +216,7 @@ files:
 - spec/integration/money_mover/dwolla/documents/create_spec.rb
 - spec/integration/money_mover/dwolla/funding-sources/micro-deposits/initiation_spec.rb
 - spec/integration/money_mover/dwolla/funding-sources/micro-deposits/verification_spec.rb
+- spec/integration/money_mover/dwolla/request_signature_validator_spec.rb
 - spec/integration/money_mover/dwolla/transfers/create_spec.rb
 - spec/lib/money_mover/dwolla/client_spec.rb
 - spec/lib/money_mover/dwolla/config_spec.rb
@@ -170,7 +250,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 2.6.6
 signing_key: 
 specification_version: 4
 summary: Money Mover
@@ -181,6 +261,7 @@ test_files:
 - spec/integration/money_mover/dwolla/documents/create_spec.rb
 - spec/integration/money_mover/dwolla/funding-sources/micro-deposits/initiation_spec.rb
 - spec/integration/money_mover/dwolla/funding-sources/micro-deposits/verification_spec.rb
+- spec/integration/money_mover/dwolla/request_signature_validator_spec.rb
 - spec/integration/money_mover/dwolla/transfers/create_spec.rb
 - spec/lib/money_mover/dwolla/client_spec.rb
 - spec/lib/money_mover/dwolla/config_spec.rb