RubyGems - money_mover - Versions diffs - 0.0.3 → 0.0.4 - Mend

money_mover 0.0.3 → 0.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

checksums.yaml +4 -4
data/Gemfile +0 -14
data/Gemfile.lock +11 -14
data/lib/money_mover.rb +3 -5
data/lib/money_mover/dwolla.rb +3 -2
data/lib/money_mover/dwolla/models/api_resource.rb +6 -4
data/lib/money_mover/dwolla/models/receive_only_business_customer.rb +1 -9
data/lib/money_mover/dwolla/models/receive_only_customer.rb +11 -4
data/lib/money_mover/dwolla/request_signature_validator.rb +24 -0
data/lib/money_mover/version.rb +1 -1
data/money_mover.gemspec +11 -4
data/spec/integration/money_mover/dwolla/request_signature_validator_spec.rb +52 -0
data/spec/support/dwolla_helper.rb +17 -0
metadata +108 -27

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f9f28c16cd835ccdab226255564ecb0bcaf9e5d4
-  data.tar.gz: 73a7dfbfa1c0603072668b09d37547a918586b30
+  metadata.gz: 539a311851902d5ab85946c0722879850cd5c8b7
+  data.tar.gz: c6147bebb234f5b70abc1c5b276c1c22eadbc5d2
 SHA512:
-  metadata.gz: 5d69bd6eafd2db81ca96f2b7fc419ecd8d4ab54b48c10e949f5054432d65c42e64db0a6c8db98ea748af6768536dff3589c0c7267834dba4a47bf2646c5bd07c
-  data.tar.gz: f6e6a950ed63bb3a46fbd3c3f0cfef703fa7d1704eb3879908fbb873f52154c2fd4e08faf701f4454cd06692b564e39e4092bc33f1a7372a07ae6fb0fa9c39ef
+  metadata.gz: 204cb3879e4d423c4d65717c0ec4a40de1038b5f76daa6f7c64d88757270386221b35eaa69a6ee99222ad8f7c9f02fb8decc8be45e53fdf14d1c68f666d1e603
+  data.tar.gz: cc3a3b581cfe26aa293bbd06de1d30d36c3fd7350b9646c995051d0d921384f73ec0a4f705798f7cd9cdb271352ce54ddfa1511afdf6f9ba1da092320a24d281

data/Gemfile CHANGED Viewed

@@ -1,17 +1,3 @@
 source "https://rubygems.org"
 gemspec
-group :development do
-  gem 'rake'
-  gem 'rspec'
-  gem 'webmock'
-  gem 'shoulda-matchers'
-  gem 'activesupport'
-  gem 'activemodel'
-  gem 'faraday'
-  gem 'faraday_middleware'
-  gem "rack-test"
-end

data/Gemfile.lock CHANGED Viewed

@@ -1,11 +1,12 @@
 PATH
   remote: .
   specs:
-    money_mover (0.0.1)
-      activemodel (~> 4.2, >= 4.2.6)
-      activesupport (~> 4.2, >= 4.2.6)
-      faraday (~> 0.9, >= 0.9.0)
-      faraday_middleware (~> 0.9, >= 0.9.0)
+    money_mover (0.0.3)
+      activemodel (>= 4.0, < 5.1)
+      activesupport (>= 4.0, < 5.1)
+      faraday (~> 0.9)
+      faraday_middleware (~> 0.9)
+      rack (>= 1.6, < 2.1)
 GEM
   remote: https://rubygems.org/
@@ -65,16 +66,12 @@ PLATFORMS
   ruby
 DEPENDENCIES
-  activemodel
-  activesupport
-  faraday
-  faraday_middleware
   money_mover!
-  rack-test
-  rake
-  rspec
-  shoulda-matchers
-  webmock
+  rack-test (~> 0.6)
+  rake (~> 11.2)
+  rspec (~> 3.5)
+  shoulda-matchers (~> 3.1)
+  webmock (~> 2.1)
 BUNDLED WITH
    1.11.2

data/lib/money_mover.rb CHANGED Viewed

@@ -1,14 +1,12 @@
-require 'active_support/core_ext/hash'
-#require 'active_support/hash_with_indifferent_access'
+require 'active_support/core_ext/hash' # for hash with indifferent access
+require 'openssl'
+require 'rack/utils'
 require 'faraday'
 require 'faraday_middleware'
 require 'active_model'
 require 'money_mover/version'
 require 'money_mover/standalone_errors'
-# dwolla
 require 'money_mover/dwolla'
 module MoneyMover; end

data/lib/money_mover/dwolla.rb CHANGED Viewed

@@ -24,13 +24,14 @@ require 'money_mover/dwolla/models/transfer'
 require 'money_mover/dwolla/models/root_account'
 # customer models
 require 'money_mover/dwolla/models/customer'
-require 'money_mover/dwolla/models/receive_only_business_customer'
 require 'money_mover/dwolla/models/receive_only_customer'
+require 'money_mover/dwolla/models/receive_only_business_customer'
 require 'money_mover/dwolla/models/unverified_customer'
 require 'money_mover/dwolla/models/unverified_business_customer'
 require 'money_mover/dwolla/models/verified_business_customer'
-# application stuff
+# other stuff
+require 'money_mover/dwolla/request_signature_validator'
 require 'money_mover/dwolla/models/webhook_subscription'
 module MoneyMover

data/lib/money_mover/dwolla/models/api_resource.rb CHANGED Viewed

@@ -38,7 +38,7 @@ module MoneyMover
           @resource_location = response.resource_location
           @id = response.resource_id
         else
-          populate_errors_from_response(response)
+          add_errors_from response
         end
         errors.empty?
@@ -47,15 +47,17 @@ module MoneyMover
       def destroy
         response = @client.delete resource_endpoint
-        populate_errors_from_response(response) unless response.success?
+        add_errors_from response unless response.success?
         errors.empty?
       end
       private
-      def populate_errors_from_response(response)
-        response.errors.each {|key, message| errors.add key, message }
+      def add_errors_from(model)
+        model.errors.each do |key, messages|
+          errors.add key, messages
+        end
       end
       def resource_endpoint

data/lib/money_mover/dwolla/models/receive_only_business_customer.rb CHANGED Viewed

@@ -1,14 +1,6 @@
 module MoneyMover
   module Dwolla
-    class ReceiveOnlyBusinessCustomer < Customer
-      def initialize(attrs = {})
-        attrs[:type] = 'receive-only'
-        super attrs
-      end
-      private
-      validates_presence_of :firstName, :lastName, :email
+    class ReceiveOnlyBusinessCustomer < ReceiveOnlyCustomer
       def create_params
         create_attrs = {
           firstName: firstName,

data/lib/money_mover/dwolla/models/receive_only_customer.rb CHANGED Viewed

@@ -1,18 +1,25 @@
 module MoneyMover
   module Dwolla
     class ReceiveOnlyCustomer < Customer
-      private
       validates_presence_of :firstName, :lastName, :email
+      def initialize(attrs = {})
+        super attrs.merge(type: 'receive-only')
+      end
+      private
       def create_params
-        {
+        create_attrs = {
           firstName: firstName,
           lastName: lastName,
           email: email,
           type: 'receive-only',
-          ipAddress: ipAddress
         }
+        create_attrs[:ipAddress] = ipAddress if ipAddress.present?
+        create_attrs
       end
     end
   end

data/lib/money_mover/dwolla/request_signature_validator.rb ADDED Viewed

@@ -0,0 +1,24 @@
+module MoneyMover
+  module Dwolla
+    class RequestSignatureValidator
+      include ActiveModel::Model
+      validate :valid_request_signature
+      def initialize(request_body, request_headers, ach_config = Config.new)
+        @request_body = request_body
+        @ach_request_signature = request_headers['HTTP_X_REQUEST_SIGNATURE_SHA_256']
+        @ach_webhook_secret_key = ach_config.webhook_secret_key
+      end
+      def valid_request_signature
+        unless @ach_request_signature && Rack::Utils.secure_compare(signed_body, @ach_request_signature)
+          errors.add :base, "Request Signature Invalid"
+        end
+      end
+      def signed_body
+        OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new("sha256"), @ach_webhook_secret_key, @request_body.string)
+      end
+    end
+  end
+end

data/lib/money_mover/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module MoneyMover
-  VERSION = '0.0.3'
+  VERSION = '0.0.4'
 end

data/money_mover.gemspec CHANGED Viewed

@@ -15,10 +15,17 @@ Gem::Specification.new do |s|
   s.homepage    = 'https://github.com/danoph/money_mover'
   s.license     = 'MIT'
-  s.add_dependency('faraday', '~> 0.9', '>= 0.9.0')
-  s.add_dependency('faraday_middleware', '~> 0.9', '>= 0.9.0')
-  s.add_dependency('activemodel', '~> 4.2', '>= 4.2.6')
-  s.add_dependency('activesupport', '~> 4.2', '>= 4.2.6')
+  s.add_dependency 'faraday', '~> 0.9'
+  s.add_dependency 'faraday_middleware', '~> 0.9'
+  s.add_dependency 'activemodel', '>= 4.0', '< 5.1'
+  s.add_dependency 'activesupport', '>= 4.0', '< 5.1'
+  s.add_dependency 'rack', '>= 1.6', '< 2.1'
+  s.add_development_dependency 'rake', '~> 11.2'
+  s.add_development_dependency 'rspec', '~> 3.5'
+  s.add_development_dependency 'webmock', '~> 2.1'
+  s.add_development_dependency 'shoulda-matchers', '~> 3.1'
+  s.add_development_dependency 'rack-test', '~> 0.6'
   s.files = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- spec/*`.split("\n")

data/spec/integration/money_mover/dwolla/request_signature_validator_spec.rb ADDED Viewed

@@ -0,0 +1,52 @@
+require 'spec_helper'
+describe MoneyMover::Dwolla::RequestSignatureValidator do
+  let(:event_params) {
+    {
+      id: "177dd734-3ce1-4701-8f92-9e57386d20f2",
+      resourceId: 'some-id',
+      topic: "some_topic",
+      timestamp: "2016-03-24T20:29:40.346Z",
+      _links: {
+        self: {href: "https://api-uat.dwolla.com/events/177dd734-3ce1-4701-8f92-9e57386d20f2"},
+        account: {href: "https://api-uat.dwolla.com/accounts/0f6589ac-588d-4283-81fc-325cbaa33d54"},
+        resource: {href: "https://api-uat.dwolla.com/funding-sources/something"},
+        customer: {href:"https://api-uat.dwolla.com/customers/2b4af2fe-4d2c-4a5f-8f06-898449086b7b"}
+      }
+    }
+  }
+  let(:request_body) { double 'request body', string: request_body_string }
+  let(:request_body_string) { Rack::Utils.build_nested_query event_params }
+  subject { described_class.new request_body, request_headers  }
+  describe '#valid?' do
+    context 'request correctly signed' do
+      let(:request_headers) { dwolla_helper.webhook_signed_header(event_params) }
+      it 'returns true' do
+        expect(subject.valid?).to eq(true)
+      end
+    end
+  end
+  context 'request NOT correctly signed' do
+    let(:request_headers) { dwolla_helper.webhook_header }
+    it 'rejects the request with a 401' do
+      expect(subject.valid?).to eq(false)
+      expect(subject.errors[:base]).to eq(['Request Signature Invalid'])
+    end
+  end
+  context 'request DOES NOT have signature header' do
+    let(:request_headers) {{}}
+    it 'rejects the request with a 401' do
+      expect(subject.valid?).to eq(false)
+      expect(subject.errors[:base]).to eq(['Request Signature Invalid'])
+    end
+  end
+end

data/spec/support/dwolla_helper.rb CHANGED Viewed

@@ -327,4 +327,21 @@ class DwollaHelper
   def customer_url(customer_token)
     "#{customers_url}/#{customer_token}"
   end
+  def body_signature(body)
+    OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new("sha256"), webhook_secret_key, body)
+  end
+  def header_signature(hash)
+    body_signature Rack::Utils.build_nested_query(hash)
+  end
+  def webhook_signed_header(hash)
+    webhook_header header_signature(hash)
+  end
+  def webhook_header(value = 'invalid')
+    #{ 'X-Request-Signature-Sha-256' => value } # real value from rack
+    { 'HTTP_X_REQUEST_SIGNATURE_SHA_256' => value }
+  end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: money_mover
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.4
 platform: ruby
 authors:
 - Daniel Errante
@@ -17,9 +17,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.9.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -27,9 +24,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.9.0
 - !ruby/object:Gem::Dependency
   name: faraday_middleware
   requirement: !ruby/object:Gem::Requirement
@@ -37,9 +31,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.9.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -47,49 +38,136 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
+- !ruby/object:Gem::Dependency
+  name: activemodel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.9.0
+        version: '4.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.1'
 - !ruby/object:Gem::Dependency
-  name: activemodel
+  name: activesupport
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4.0'
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '4.2'
+        version: '5.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.2.6
+        version: '4.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.1'
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.6'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.6'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.2'
-    - - ">="
+        version: '11.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.2.6
+        version: '11.2'
 - !ruby/object:Gem::Dependency
-  name: activesupport
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.2'
-    - - ">="
+        version: '3.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.2.6
-  type: :runtime
+        version: '3.5'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+  type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.2'
-    - - ">="
+        version: '2.1'
+- !ruby/object:Gem::Dependency
+  name: shoulda-matchers
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.2.6
+        version: '0.6'
 description: Moves Money with ACH integrations (dwolla, stripe)
 email: danoph@gmail.com
 executables: []
@@ -127,6 +205,7 @@ files:
 - lib/money_mover/dwolla/models/unverified_customer.rb
 - lib/money_mover/dwolla/models/verified_business_customer.rb
 - lib/money_mover/dwolla/models/webhook_subscription.rb
+- lib/money_mover/dwolla/request_signature_validator.rb
 - lib/money_mover/dwolla/token.rb
 - lib/money_mover/standalone_errors.rb
 - lib/money_mover/version.rb
@@ -137,6 +216,7 @@ files:
 - spec/integration/money_mover/dwolla/documents/create_spec.rb
 - spec/integration/money_mover/dwolla/funding-sources/micro-deposits/initiation_spec.rb
 - spec/integration/money_mover/dwolla/funding-sources/micro-deposits/verification_spec.rb
+- spec/integration/money_mover/dwolla/request_signature_validator_spec.rb
 - spec/integration/money_mover/dwolla/transfers/create_spec.rb
 - spec/lib/money_mover/dwolla/client_spec.rb
 - spec/lib/money_mover/dwolla/config_spec.rb
@@ -170,7 +250,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.5.1
+rubygems_version: 2.6.6
 signing_key:
 specification_version: 4
 summary: Money Mover
@@ -181,6 +261,7 @@ test_files:
 - spec/integration/money_mover/dwolla/documents/create_spec.rb
 - spec/integration/money_mover/dwolla/funding-sources/micro-deposits/initiation_spec.rb
 - spec/integration/money_mover/dwolla/funding-sources/micro-deposits/verification_spec.rb
+- spec/integration/money_mover/dwolla/request_signature_validator_spec.rb
 - spec/integration/money_mover/dwolla/transfers/create_spec.rb
 - spec/lib/money_mover/dwolla/client_spec.rb
 - spec/lib/money_mover/dwolla/config_spec.rb