nordea-siirto 2.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 7a303e3afcc99342e66813882aab9976f53b9a8b201cca342226779d0a81bcc9
+  data.tar.gz: '0914494f49ad84ab02fd00231c17b91cdb063920a147b57ae000a8093623f31b'
+SHA512:
+  metadata.gz: c40ad8d7577fe6f02209344a8bf91b509a95cf0cf2543e3c8382fe06451fcba75cbfef69adbb7a88862fc48b6f0d51d12cbae0e390e2c91d53faf7eaf28f099d
+  data.tar.gz: fd2662e9219443cd1d4500f082669be73affaa8b1c9dcac61b8ee126326d56d8bdf6a33ed4d415f907a7ebe0f65ad18e67b962b30e3244f31bf4b3d617803713

data/lib/nordea/siirto.rb

@@ -0,0 +1,23 @@
+# Dependencies
+require 'net/http'
+require 'iban'
+require 'active_support'
+require 'active_support/core_ext'
+
+# Intended public interface of the gem
+require 'nordea/siirto/siirto.rb'
+
+# Implemented requests
+require 'nordea/siirto/access_token.rb'
+require 'nordea/siirto/lookup.rb'
+require 'nordea/siirto/pay.rb'
+
+# Implemented protocols
+require 'nordea/siirto/protocols/base.rb'
+require 'nordea/siirto/protocols/net_http.rb'
+require 'nordea/siirto/protocols/curl.rb'
+
+# Utility classes
+require 'nordea/siirto/errors.rb'
+require 'nordea/siirto/request.rb'
+require 'nordea/siirto/response.rb'

data/lib/nordea/siirto/access_token.rb

@@ -0,0 +1,70 @@
+module Nordea
+  module Siirto
+    # Responsible for fetching access token from the server,
+    # and memoizing it.
+    module AccessToken
+      # Store current access token into REDIS
+      KEY = 'Nordea::Siirto::AccessToken'.freeze
+      EXPIRATION_BUFFER = 20 # seconds, arbitrary
+      MUTEX = Mutex.new
+
+      module_function
+
+      # Fetches access token from server if previous token has expired
+      # Memoizes token, and sets expiration time, with some buffer.
+      # @return [String]
+      # rubocop:disable MethodLength
+      def access_token
+        # Synchronization is needed, otherwise race condition may ensue:
+        # Let's assume token has expired, and two threads ask for a new token.
+        # Both proceed to fetch the token from remote server, both return,
+        # but the first token is no longer valid.
+        MUTEX.synchronize do
+          token = Nordea::Siirto.redis.get(KEY)
+          return token if token
+
+          Nordea::Siirto.log('Requesting new access token...')
+          payload = response.body
+
+          token = payload['access_token']
+          expires_in = payload['expires_in'] - EXPIRATION_BUFFER
+          Nordea::Siirto.redis.set(KEY, token)
+          Nordea::Siirto.redis.expire(KEY, expires_in)
+
+          token
+        end
+      end
+      # rubocop:enable MethodLength
+
+      # @return [URI::HTTPS]
+      def uri
+        @uri ||= URI.parse("#{Nordea::Siirto.endpoint}/auth")
+      end
+
+      # @return Nordea::Siirto::Request
+      # rubocop:disable MethodLength
+      def request
+        request = Nordea::Siirto::Request.new
+        request.uri = uri
+        request.method = 'POST'
+        request.headers = {
+          'Accept' => 'application/json',
+          'Content-Type' => 'application/x-www-form-urlencoded'
+        }
+        request.body = {
+          grant_type: 'password',
+          username:   Nordea::Siirto.username,
+          password:   Nordea::Siirto.api_token,
+          client_id:  Nordea::Siirto.username
+        }.to_query
+        request
+      end
+      # rubocop:enable MethodLength
+
+      # @return [Nordea::Siirto::Response]
+      def response
+        Nordea::Siirto.protocol.send!(request)
+      end
+    end
+  end
+end

data/lib/nordea/siirto/errors.rb

@@ -0,0 +1,13 @@
+module Nordea
+  # Gem specific errors
+  module Siirto
+    class InitializationError < StandardError; end
+
+    # Errors used by Pay module
+    module Pay
+      class InvalidIBAN < ArgumentError; end
+      class InvalidPayload < ArgumentError; end
+      class MissingLookupId < StandardError; end
+    end
+  end
+end

data/lib/nordea/siirto/lookup.rb

@@ -0,0 +1,37 @@
+module Nordea
+  module Siirto
+    # Fetches unique LookupId from Nordea server.
+    # LookupId is required to make a payment request.
+    module Lookup
+      module_function
+
+      # @return [Hash]
+      def lookup
+        response = Nordea::Siirto.protocol.send!(request)
+        response.body
+      end
+
+      # @return [URI::HTTPS]
+      def uri
+        @uri ||= URI.parse("#{Nordea::Siirto.endpoint}/lookup/uuid")
+      end
+
+      # @return [Nordea::Siirto::Request]
+      def request
+        request = Nordea::Siirto::Request.new
+        request.uri = uri
+        request.method = 'GET'
+        request.headers = {
+          'Accept' => 'application/json',
+          'Authorization' => "Bearer #{AccessToken.access_token}"
+        }
+        request
+      end
+
+      # @return [Nordea::Siirto::Response]
+      def response
+        Nordea::Siirto.protocol.send!(request)
+      end
+    end
+  end
+end

data/lib/nordea/siirto/pay.rb

@@ -0,0 +1,102 @@
+module Nordea
+  module Siirto
+    # Implements Nordea Siirto IBAN payments.
+    module Pay
+      # Accepted parameters
+      PARAMS = {
+        required: [:amount, :currency, :bene_account_number],
+        person: [:bene_first_names, :bene_last_name],
+        company: [:bene_company_name],
+        optional: [:fallback_payment, :reference_number, :payment_message,
+                   :ultimate_bene_ref_name, :beneficiary_minimum_age,
+                   :beneficiary_identifier]
+      }.freeze
+
+      module_function
+
+      # @param [Hash] See README
+      # @return [Nordea::Siirto::Response]
+      def pay(params) # :nodoc:
+        raise InvalidPayload, params.inspect unless valid_payload?(params)
+        raise InvalidIBAN, params.inspect unless valid_iban?(params)
+
+        Nordea::Siirto.protocol.send!(request(params))
+      end
+
+      # @return [URI::HTTPS]
+      def uri # :nodoc:
+        @uri ||= URI.parse("#{Nordea::Siirto.endpoint}/payment/pay")
+      end
+
+      # @param [Hash]
+      # @return [Nordea::Siirto::Request]
+      # rubocop:disable MethodLength
+      def request(params)
+        request = Nordea::Siirto::Request.new
+        request.uri = uri
+        request.method = 'POST'
+        request.headers = {
+          'Accept' => 'application/json',
+          'Content-type' => 'application/json',
+          'Authorization' => "Bearer #{AccessToken.access_token}"
+        }
+        request.body = format_params(params).to_json
+        Nordea::Siirto.log("Body: #{request.body}")
+        request
+      end
+      # rubocop:enable MethodLength
+
+      # @param [Hash]
+      # @return [Hash]
+      def format_params(params) # :nodoc:
+        hash = params.map do |key, val|
+          # dromedar case required
+          str = key.to_s.camelize
+          str[0] = str[0].downcase
+          { str => val }
+        end.reduce(&:merge)
+
+        # unique lookupId is needed for each payment request
+        lookup_id = Lookup.lookup.slice('lookupId')
+        raise MissingLookupId unless lookup_id.present?
+
+        hash.merge(lookup_id)
+      end
+
+
+      # @param [Hash]
+      # @return [Boolean]
+      def valid_iban?(params)
+        # It makes sense to check IBAN validity and bank compatibility before
+        # sending request
+        iban = Iban.new(params[:bene_account_number])
+        return false unless iban.validate
+
+        ALLOWED_BIC.include?(iban.bic)
+      end
+
+      # @param [Hash]
+      # @return [Boolean]
+      # rubocop:disable AbcSize,LineLength
+      def valid_payload?(params)
+        return false unless params.is_a?(Hash)
+
+        # convenience lambda for testing conditions
+        params_present = lambda do |key|
+          (params.keys & PARAMS[key]).size == PARAMS[key].size
+        end
+
+        # required params present
+        return false unless params_present.call(:required)
+
+        # either person or company params present
+        return false if params_present.call(:person) && params_present.call(:company)
+        return false unless params_present.call(:person) || params_present.call(:company)
+
+        # must not contain other params than those listed above
+        (params.keys - PARAMS.values.flatten).size.zero?
+      end
+      # rubocop:enable AbcSize,LineLength
+    end
+  end
+end

data/lib/nordea/siirto/protocols/base.rb

@@ -0,0 +1,68 @@
+module Nordea
+  module Siirto
+    # NOTE: NOT COVERED BY TEST SET
+    module Protocols
+      # This class may be used as a base class for protocol implementations.
+      # Sub-classes should implement :send_request and :parse_response methods
+      # correctly.
+      #
+      # Gem expects protocol implementation to respond to :send! method, which
+      # takes in a generic Siirto request object, and returns a generic Siirto
+      # response object.
+      class Base
+        # Public interface of protocol implementations
+        # @param [Nordea::Siirto::Request]
+        # @return [Nordea::Siirto::Response]
+        # rubocop:disable MethodLength,AbcSize,LineLength
+        def send!(request)
+          uri = request.uri
+          Nordea::Siirto.log("Sending request to: #{uri}")
+
+          # Send request
+          begin
+            protocol_response = send_request(request)
+          rescue StandardError => e
+            Nordea::Siirto.log("Failed to send request: #{request.inspect} #{e.message}")
+            raise
+          end
+
+          # Parse response
+          begin
+            response = parse_response(protocol_response)
+          rescue StandardError => e
+            Nordea::Siirto.log("Failed to parse response: #{protocol_response.inspect} #{e.message}")
+            raise
+          end
+
+          # Log response
+          message = "Server responds: #{response.message}"
+          message << " #{response.code}"
+          unless response.body['access_token'] # do not log token
+            message << " #{response.body}"
+          end
+          Nordea::Siirto.log(message)
+
+          response
+        end
+        # rubocop:enable MethodLength,AbcSize,LineLength
+
+        private
+
+        # Sub-class must implement
+        # @param [Nordea::Siirto::Request]
+        # @return [Object] Protocol-specific response object
+        def send_request(request)
+          raise NotImplementedError, 'Sub-class must implement'
+        end
+
+        # Sub-class must implement
+        # @params [Object] Protocol-specific response object
+        # @return [Nordea::Siirto::Response]
+        def parse_response(protocol_response)
+          raise NotImplementedError, 'Sub-class must implement'
+        end
+      end
+    end
+  end
+end
+

data/lib/nordea/siirto/protocols/curl.rb

@@ -0,0 +1,66 @@
+module Nordea
+  module Siirto
+    # NOTE: NOT COVERED BY TEST SET
+    module Protocols
+      # Implements communication with Nordea server using command line cURL.
+      # Provided as an alternative protocol for net/http, as some Ruby
+      # implementations fail to complete SSL Handshake with Nordea servers.
+      # At least JRuby 1.9.17 falls in this category.
+      #
+      # WARNING: We cannot guarantee what Nordea::Siirto::Response#code
+      # will contain. With legacy JRuby, a better way (next to upgrading)
+      # would be to wrap sufficiently modern and robust Java HTTP library.
+      # That way server responses would be more reliable.
+      class Curl < Base
+        private
+
+        # Parses generic Siirto request and returns curl command string
+        # @param [Nordea::Siirto::Request]
+        # @return [String]
+        def create_request(siirto_request)
+          # i - show information, not just response body
+          # s - hide statusbar, error information
+          request = "curl -X #{siirto_request.method} -is"
+          siirto_request.headers.each do |header, value|
+            request << " --header '#{header}: #{value}'"
+          end
+          if (body = siirto_request.body).present?
+            request << " --data '#{body}'"
+          end
+          request << " #{siirto_request.uri}"
+          request
+        end
+
+       # Makes the actual request
+       # @param [Nordea::Siirto::Request]
+       # @return [Net::HTTPRequest]
+       def send_request(siirto_request)
+          request = create_request(siirto_request)
+          IO.popen(request)
+        end
+
+        # Parses curl response string and returns a generic Siirto response
+        # @params [String]
+        # @return [Nordea::Siirto::Response]
+        def parse_response(curl_response)
+          lines = curl_response.readlines
+          # Absence of network connection
+          raise IOError, 'Curl response empty' if lines.blank?
+
+          code = lines.first.split(' ').last
+          body = JSON.parse(lines.last)
+
+          response = Nordea::Siirto::Response.new
+          response.code = code
+          # Nordea server responds to curl in HTTP/2, and apparently in HTTP/2
+          # there is no standard way to return HTTP status message (e.g. OK, Not
+          # Found), unlike in HTTP/1.1. We would need to either force HTTP/1.1
+          # or map status codes to messages here.
+          response.message = ''
+          response.body = body
+          response
+        end
+      end
+    end
+  end
+end

data/lib/nordea/siirto/protocols/net_http.rb

@@ -0,0 +1,52 @@
+module Nordea
+  module Siirto
+    # NOTE: NOT COVERED BY TEST SET
+    module Protocols
+      # Implements communication with Nordea server using Ruby's standard
+      # net/http library
+      class NetHttp < Base
+        private
+
+        # Creates protocol-specific request from generic Siirto request
+        # @param [Nordea::Siirto::Request]
+        # @return [Net::HTTPRequest]
+        def create_request(siirto_request)
+          # Extract data
+          klass = "Net::HTTP::#{siirto_request.method.capitalize}".constantize
+          uri = siirto_request.uri.request_uri
+          body = siirto_request.body
+          headers = siirto_request.headers
+
+          # Create new Request object
+          request = klass.new(uri)
+          headers.each do |header, value|
+            request[header] = value
+          end
+          request.body = body if body.present?
+          request
+        end
+
+        # Makes the actual request
+        # @param [Nordea::Siirto::Request]
+        # @return [Net::HTTPRequest]
+        def send_request(siirto_request)
+          request = create_request(siirto_request)
+          uri = siirto_request.uri
+          http = Net::HTTP.new(uri.host, uri.port)
+          http.use_ssl = true if uri.port == 443
+          http.request(request)
+        end
+
+        # Parses NET::HTTPResponse into a generic Siirto response
+        # @param [Net::HTTPResponse]
+        # @return [Nordea::Siirto::Response]
+        def parse_response(http_response)
+          response = Nordea::Siirto::Response.new
+          response.code = http_response.code
+          response.body = JSON.parse(http_response.body)
+          response.message = http_response.message
+        end
+      end
+    end
+  end
+end

data/lib/nordea/siirto/request.rb

@@ -0,0 +1,8 @@
+module Nordea
+  module Siirto
+    # Generic data class which Protocol implementations can use
+    class Request
+      attr_accessor :uri, :body, :headers, :method
+    end
+  end
+end

data/lib/nordea/siirto/response.rb

@@ -0,0 +1,8 @@
+module Nordea
+  module Siirto
+    # Generic data class which Protocol implementations should return
+    class Response
+      attr_accessor :code, :message, :body
+    end
+  end
+end

data/lib/nordea/siirto/siirto.rb

@@ -0,0 +1,132 @@
+module Nordea
+  # This module is intended as the sole public API of this gem.
+  #
+  # AccessToken and Lookup requests are needed for actual processing
+  # requests, such as Pay, to work. Client should not need to call them
+  # directly, and therefore they are not directly callable from this module.
+  #
+  # A method handle for each request meant to be called directly by client,
+  # should be included in this API.
+  module Siirto
+    # Nordea endpoints
+    ENDPOINT = {
+      prod: 'https://merchant.mobilewalletservices.nordea.com',
+      test: 'https://merchant.trescomas.express'
+    }.freeze
+
+    # Only Nordea and OP supported at the moment
+    ALLOWED_BIC = %w[NDEAFIHH OKOYFIHH].freeze
+
+    # Singleton features implemented as such
+    class << self
+      # Mandatory params: Client must provide these at setup
+      attr_reader :server, :username, :api_token
+
+      # Optional params: Client may provide these at setup
+      attr_reader :logger, :tag, :redis, :protocol
+
+      # Make sure initialization is thread safe
+      MUTEX = Mutex.new
+
+      # Client must initialize Nordea::Siirto module before calling other
+      # methods.
+      #
+      # @params opts [Hash] See README for details
+      # @raise [Nordea::Siirto::InitializationError]
+      # @return [Boolean]
+      # rubocop:disable MethodLength
+      def setup(opts)
+        MUTEX.synchronize do
+          allow_initialize?(opts)
+
+          # Initialize
+          opts.each do |key, val|
+            attr = "@#{key}".to_sym
+            instance_variable_set(attr, val)
+          end
+
+          # Client can inject logger of choice
+          @logger ||= Rails.logger
+
+          # Client can inject logging tag
+          @tag ||= 'Nordea::Siirto --'
+
+          # Client can inject REDIS instance of choice, or adapter.
+          @redis ||= REDIS
+
+          # Client can inject another Protocol
+          @protocol ||= Protocols::NetHttp.new
+
+          # Initialization complete
+          log('Initialized!')
+          true
+        end
+      end
+      # rubocop:enable MethodLength
+
+      # Checks if gem is already initialized with required parameters.
+      # @return [Boolean]
+      def initialized?
+        server.present? && username.present? && api_token.present?
+      end
+
+      # 8.2. Send a payment using IBAN account number
+      # POST /payment/pay
+      #
+      # @param payload [Hash] See README
+      # @raise [Nordea::Siirto::Pay::InvalidIBAN]
+      # @raise [Nordea::Siirto::Pay::InvalidPayload]
+      # @return [Nordea::Siirto::Response]
+      def pay(payload)
+        Pay.pay(payload)
+      end
+
+      # Convenience method for requests
+      # @return [String]
+      def endpoint
+        ENDPOINT[server]
+      end
+
+      # Convenience method for requests
+      # @param msg [String]
+      def log(msg)
+        logger.info("#{tag} #{msg}")
+      end
+
+      private
+
+      # Error messages
+      ERROR = {
+        already_initialized: 'Nordea::Siirto is already initialized.',
+        missing_args: 'Invalid or missing arguments. Client must provide
+          parameter hash with the following keys: :server (either :prod or
+          :test), :username, :api_token.',
+        invalid_logger: 'Logger must respond to :info method.',
+        invalid_protocol: 'Protocol must respond to :send! method'
+      }.freeze
+
+      # Checks that module has not been previously initialized, and
+      # that arguments are more or less acceptable.
+      # @raise [Nordea::Siirto::InitializationError]
+      # rubocop:disable AbcSize,CyclomaticComplexity,GuardClause
+      def allow_initialize?(opts)
+        raise InitializationError, ERROR[:already_initialized] if initialized?
+        raise InitializationError, ERROR[:missing_args] if missing_args?(opts)
+        if opts[:logger] && !opts[:logger].respond_to?(:info)
+          raise InitializationError, ERROR[:invalid_logger]
+        end
+        if opts[:protocol] && !opts[:protocol].respond_to?(:send!)
+          raise InitializationError, ERROR[:invalid_protocol]
+        end
+      end
+      # rubocop:enable AbcSize,CyclomaticComplexity,GuardClause
+
+      # Checks that required parameters are present.
+      # @return [Boolean]
+      def missing_args?(opts)
+        !(opts[:server] && opts[:username] && opts[:api_token] &&
+          ENDPOINT.keys.include?(opts[:server].to_sym))
+      end
+    end
+  end
+end

data/lib/nordea/siirto/version.rb

@@ -0,0 +1,5 @@
+module Nordea
+  module Siirto
+    VERSION = '2.0.1'.freeze
+  end
+end

metadata

@@ -0,0 +1,57 @@
+--- !ruby/object:Gem::Specification
+name: nordea-siirto
+version: !ruby/object:Gem::Version
+  version: 2.0.1
+platform: ruby
+authors:
+- Matilda Smeds
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-09-16 00:00:00.000000000 Z
+dependencies: []
+description: |2
+      Nordea::Siirto implements requests according to Nordea Siirto protocol,
+      which enables real time payments for select Finnish bank accounts
+email: foss@aavasoftware.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/nordea/siirto.rb
+- lib/nordea/siirto/access_token.rb
+- lib/nordea/siirto/errors.rb
+- lib/nordea/siirto/lookup.rb
+- lib/nordea/siirto/pay.rb
+- lib/nordea/siirto/protocols/base.rb
+- lib/nordea/siirto/protocols/curl.rb
+- lib/nordea/siirto/protocols/net_http.rb
+- lib/nordea/siirto/request.rb
+- lib/nordea/siirto/response.rb
+- lib/nordea/siirto/siirto.rb
+- lib/nordea/siirto/version.rb
+homepage: 
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.9
+signing_key: 
+specification_version: 4
+summary: Nordea Siirto requests
+test_files: []