onlinepayments-sdk-ruby 4.22.0 → 5.0.0

data/lib/onlinepayments/sdk/webhooks/in_memory_secret_key_store.rb

@@ -1,55 +1,58 @@
 require 'concurrent'
 require 'singleton'
+require 'onlinepayments/sdk/webhooks/secret_key_not_available_exception'
+require 'onlinepayments/sdk/webhooks/secret_key_store'
 
-module OnlinePayments::SDK
-  module Webhooks
-    # An in-memory secret key store. This implementation can be used
-    # in applications where secret keys are specified at application
-    # startup. Thread-safe.
-    class InMemorySecretKeyStore
+module OnlinePayments
+  module SDK
+    module Webhooks
+      # An in-memory secret key store. This implementation can be used
+      # in applications where secret keys are specified at application
+      # startup. Thread-safe.
+      class InMemorySecretKeyStore
+        include Singleton
+        include SecretKeyStore
 
-      include Singleton
-      include SecretKeyStore
-
-      # Creates new InMemorySecretKeyStore
-      def initialize
-        # NOTE: use Map instead of Hash to provide better performance
-        # under high concurrency.
-        @store = Concurrent::Map.new
-      end
+        # Creates new InMemorySecretKeyStore
+        def initialize
+          # NOTE: use Map instead of Hash to provide better performance
+          # under high concurrency.
+          @store = Concurrent::Map.new
+        end
 
-      # Retrieves the secret key corresponding to the given key id
-      #
-      # @param key_id [String] key id of the secret key
-      # @raise [OnlinePayments::SDK::Webhooks::SecretKeyNotAvailableException] if the secret key for the given key id is not available.
-      def get_secret_key(key_id)
-        if (secret_key = @store.get(key_id))
-          return secret_key
+        # Retrieves the secret key corresponding to the given key id
+        #
+        # @param key_id [String] key id of the secret key
+        # @raise [OnlinePayments::SDK::Webhooks::SecretKeyNotAvailableException] if the secret key for the given key id is not available.
+        def get_secret_key(key_id)
+          if (secret_key = @store.get(key_id)).nil?
+            msg = "could not find secret key for key id " + key_id
+            raise SecretKeyNotAvailableException.new(message: msg, key_id: key_id)
+          end
+          secret_key
         end
-        msg = "could not find secret key for key id #{key_id}"
-        raise SecretKeyNotAvailableException, message: msg, key_id: key_id
-      end
 
-      # Stores the given secret key for the given key id.
-      #
-      # @param key_id     [String] key id of the secret key
-      # @param secret_key [String] the secret key to be stored
-      def store_secret_key(key_id, secret_key)
-        raise ArgumentError if key_id.nil? || key_id.strip.empty?
-        raise ArgumentError if secret_key.nil? || secret_key.strip.empty?
-        @store.put(key_id, secret_key)
-      end
+        # Stores the given secret key for the given key id.
+        #
+        # @param key_id     [String] key id of the secret key
+        # @param secret_key [String] the secret key to be stored
+        def store_secret_key(key_id, secret_key)
+          raise ArgumentError if key_id.nil? or key_id.strip.empty?
+          raise ArgumentError if secret_key.nil? or secret_key.strip.empty?
+          @store.put(key_id, secret_key)
+        end
 
-      # Removes the secret key for the given key id.
-      #
-      # @param key_id [String] the key id whose corresponding secret should be removed from the store
-      def remove_secret_key(key_id)
-        @store.delete(key_id)
-      end
+        # Removes the secret key for the given key id.
+        #
+        # @param key_id [String] the key id whose corresponding secret should be removed from the store
+        def remove_secret_key(key_id)
+          @store.delete(key_id)
+        end
 
-      # Removes all stored secret keys from the store
-      def clear
-        @store.clear
+        # Removes all stored secret keys from the store
+        def clear
+          @store.clear
+        end
       end
     end
   end

data/lib/onlinepayments/sdk/webhooks/secret_key_not_available_exception.rb

@@ -1,17 +1,21 @@
-module OnlinePayments::SDK
-  module Webhooks
-    # Raised when an error caused a secret to become not available.
-    #
-    # @attr_reader [String] key_id
-    class SecretKeyNotAvailableException < SignatureValidationException
+require 'onlinepayments/sdk/webhooks/signature_validation_exception'
 
-      def initialize(args)
-        raise ArgumentError if (key_id = args.delete(:key_id)).nil? # key_id is mandatory
-        super(args)
-        @key_id = key_id
-      end
+module OnlinePayments
+  module SDK
+    module Webhooks
+      # Raised when an error caused a secret to become not available.
+      #
+      # @attr_reader [String] key_id
+      class SecretKeyNotAvailableException < SignatureValidationException
+
+        def initialize(args)
+          raise ArgumentError if (key_id = args.delete(:key_id)).nil? # key_id is mandatory
+          super(args)
+          @key_id = key_id
+        end
 
-      attr_reader :key_id
+        attr_reader :key_id
+      end
     end
   end
 end

data/lib/onlinepayments/sdk/webhooks/secret_key_store.rb

@@ -1,15 +1,17 @@
-module OnlinePayments::SDK
-  module Webhooks
-    # An abstract store of secret keys. Implementation can store secret keys in a database,
-    # on disk, etc. Should be Thread-safe.
-    module SecretKeyStore
+module OnlinePayments
+  module SDK
+    module Webhooks
+      # An abstract store of secret keys. Implementation can store secret keys in a database,
+      # on disk, etc. Should be Thread-safe.
+      module SecretKeyStore
 
-      # Retrieve secret key for given key id
-      #
-      # @param key_id [String] key id of the secret key
-      # @raise [OnlinePayments::SDK::Webhooks::SecretKeyNotAvailableException] if the secret key for the given key id is not available.
-      def get_secret_key(key_id)
-        raise NotImplementedError
+        # Retrieve secret key for given key id
+        #
+        # @param key_id [String] key id of the secret key
+        # @raise [OnlinePayments::SDK::Webhooks::SecretKeyNotAvailableException] if the secret key for the given key id is not available.
+        def get_secret_key(key_id)
+          raise NotImplementedError
+        end
       end
     end
   end

data/lib/onlinepayments/sdk/webhooks/signature_validation_exception.rb

@@ -1,18 +1,19 @@
-module OnlinePayments::SDK
-  module Webhooks
+module OnlinePayments
+  module SDK
+    module Webhooks
+      # Raised when an error occurred when validating Webhooks signatures
+      class SignatureValidationException < RuntimeError
 
-    # Raised when an error occurred when validating Webhooks signatures
-    class SignatureValidationException < RuntimeError
-
-      # Creates a new SignatureValidationException
-      #
-      # @param [Hash] args the options to create the Exception with
-      # @option args [String] :message the error message
-      # @option args [RuntimeError] :cause an Error object that causes the Exception
-      def initialize(args)
-        super(args[:message]) # NOTE: can be nil
-        # store backtrace info if exception given
-        set_backtrace(args[:cause].backtrace) if args[:cause]
+        # Creates a new SignatureValidationException
+        #
+        # @param [Hash] args the options to create the Exception with
+        # @option args [String] :message the error message
+        # @option args [RuntimeError] :cause an Error object that causes the Exception
+        def initialize(args)
+          super(args[:message]) # NOTE: can be nil
+          # store backtrace info if exception given
+          set_backtrace(args[:cause].backtrace) unless args[:cause].nil?
+        end
       end
     end
   end

data/lib/onlinepayments/sdk/webhooks/signature_validator.rb

@@ -0,0 +1,81 @@
+require 'base64'
+require 'openssl'
+require 'onlinepayments/sdk/webhooks/signature_validation_exception'
+
+module OnlinePayments
+  module SDK
+    module Webhooks
+
+      # Validator for webhooks signatures. Thread-safe.
+      class SignatureValidator
+        def initialize(secret_key_store)
+          raise ArgumentError if secret_key_store.nil?
+          @secret_key_store = secret_key_store
+        end
+
+        # Validates incoming request using request headers
+        #
+        # @param body            [String] body of the request
+        # @param request_headers [Array<OnlinePayments::SDK::Communication::RequestHeader>] headers of the request
+        def validate(body, request_headers)
+          validate_body(body, request_headers)
+        end
+
+        private
+
+        HEADER_SIGNATURE = 'X-GCS-Signature'.freeze
+        HEADER_KEY_ID = 'X-GCS-KeyId'.freeze
+        HMAC_SCHEME = 'SHA256'.freeze
+
+        # Validates the body using given request headers
+        #
+        # @param body            [String] body of the request
+        # @param request_headers [Array<OnlinePayments::SDK::Communication::RequestHeader>] headers of the request
+        def validate_body(body, request_headers)
+          signature = get_header_value(request_headers, HEADER_SIGNATURE)
+          key_id = get_header_value(request_headers, HEADER_KEY_ID)
+          secret_key = @secret_key_store.get_secret_key(key_id)
+          digest = OpenSSL::Digest.new(HMAC_SCHEME)
+          hmac = OpenSSL::HMAC.digest(digest, secret_key, body)
+          expected_signature = Base64.strict_encode64(hmac).strip
+
+          unless equal_signatures?(signature, expected_signature)
+            msg = "failed to validate signature '#{signature}'"
+            raise SignatureValidationException.new(message: msg)
+          end
+        end
+
+        # Checks two signatures
+        #
+        # @param signature          [String]
+        # @param expected_signature [String]
+        def equal_signatures?(signature, expected_signature)
+          # NOTE: copy the signatures to avoid runtime tampering via references
+          signature = signature.dup.freeze
+          expected_signature = expected_signature.dup.freeze
+          # NOTE: do not use simple equality comparision to avoid side channel attack
+          limit = [signature.length, expected_signature.length, 256].max
+          limit.times.inject(true) do |flag, idx|
+            # NOTE: this block is constructed to take constant time to run
+            flag &= signature[idx] == expected_signature[idx]
+            # [] returns nil if idx >= the length of the String
+          end
+        end
+
+        # Retrieves header value from the request headers whose header name matches the given parameter
+        def get_header_value(request_headers, header_name)
+          if (right_header = request_headers.select { |h| h.name.casecmp(header_name) == 0 }).size != 1
+            msg = if right_header.empty?
+                    "could not find header '#{header_name}'"
+                  else
+                    # more than 2 headers
+                    "encountered multiple occurrences of header '#{header_name}'"
+                  end
+            raise SignatureValidationException.new(message: msg)
+          end
+          right_header.first.value
+        end
+      end
+    end
+  end
+end

data/lib/onlinepayments/sdk/webhooks/webhooks_event.rb

@@ -1,57 +1,88 @@
-module OnlinePayments::SDK
-  module Webhooks
-
-    # @attr [String] api_version
-    # @attr [String] id
-    # @attr [String] created
-    # @attr [String] merchant_id
-    # @attr [String] type
-    # @attr [OnlinePayments::SDK::Domain::PaymentResponse] payment
-    # @attr [OnlinePayments::SDK::Domain::PayoutResponse] refund
-    # @attr [OnlinePayments::SDK::Domain::RefundResponse] payout
-    # @attr [OnlinePayments::SDK::Domain::TokenResponse] token
-    # @attr [OnlinePayments::SDK::Domain::DisputeResponse] dispute
-    class WebhooksEvent < OnlinePayments::SDK::DataObject
-
-      attr_accessor :api_version
-      attr_accessor :id
-      attr_accessor :created
-      attr_accessor :merchant_id
-      attr_accessor :type
-
-      attr_accessor :payment
-      attr_accessor :refund
-      attr_accessor :payout
-      attr_accessor :token
-      attr_accessor :dispute
-
-      # @return [Hash]
-      def to_h
-        hash = super
-        hash['apiVersion'] = @api_version if @api_version
-        hash['id'] = @id if @id
-        hash['created'] = @created if @created
-        hash['merchantId'] = @merchant_id if @merchant_id
-        hash['type'] = @type if @type
-        hash['payment'] = @payment.to_h if @payment
-        hash['refund'] = @refund.to_h if @refund
-        hash['payout'] = @payout.to_h if @payout
-        hash['token'] = @token.to_h if @token
-        hash['dispute'] = @dispute.to_h if @dispute
-        hash
-      end
+require 'onlinepayments/sdk/domain/data_object'
+require 'onlinepayments/sdk/domain/payment_response'
+require 'onlinepayments/sdk/domain/payout_response'
+require 'onlinepayments/sdk/domain/refund_response'
+require 'onlinepayments/sdk/domain/token_response'
+
+module OnlinePayments
+  module SDK
+    module Webhooks
+      # @attr [String] api_version
+      # @attr [String] created
+      # @attr [String] id
+      # @attr [String] merchant_id
+      # @attr [String] type
+      # @attr [OnlinePayments::SDK::V2::Domain::PaymentResponse] payment
+      # @attr [OnlinePayments::SDK::V2::Domain::PayoutResponse] payout
+      # @attr [OnlinePayments::SDK::V2::Domain::RefundResponse] refund
+      # @attr [OnlinePayments::SDK::V2::Domain::TokenResponse] token
+      class WebhooksEvent < OnlinePayments::SDK::Domain::DataObject
+
+        attr_accessor :api_version
+
+        attr_accessor :created
+
+        attr_accessor :dispute
+
+        attr_accessor :id
+
+        attr_accessor :merchant_id
+
+        attr_accessor :type
+
+        attr_accessor :payment
+
+        attr_accessor :payout
+
+        attr_accessor :refund
+
+        attr_accessor :token
+
+        # @return (Hash)
+        def to_h
+          hash = super
+          hash['apiVersion'] = @api_version unless @api_version.nil?
+          hash['created'] = @created unless @created.nil?
+          hash['id'] = @id unless @id.nil?
+          hash['merchantId'] = @merchant_id unless @merchant_id.nil?
+          hash['type'] = @type unless @type.nil?
+          hash['payment'] = @payment.to_h unless @payment.nil?
+          hash['payout'] = @payout.to_h unless @payout.nil?
+          hash['refund'] = @refund.to_h unless @refund.nil?
+          hash['token'] = @token.to_h unless @token.nil?
+          hash
+        end
 
-      def from_hash(hash)
-        super
-        @api_version = hash['apiVersion'] if hash.key? 'apiVersion'
-        @id = hash['id'] if hash.key? 'id'
-        @created = hash['created'] if hash.key? 'created'
-        @merchant_id = hash['merchantId'] if hash.key? 'merchantId'
-        @type = hash['type'] if hash.key? 'type'
-        @payment = OnlinePayments::SDK::Domain::PaymentResponse.new_from_hash(hash['payment']) if hash.key? 'payment'
-        @refund = OnlinePayments::SDK::Domain::RefundResponse.new_from_hash(hash['refund']) if hash.key? 'refund'
-        @payout = OnlinePayments::SDK::Domain::PayoutResponse.new_from_hash(hash['payout']) if hash.key? 'payout'
-        @token = OnlinePayments::SDK::Domain::TokenResponse.new_from_hash(hash['token']) if hash.key? 'token'
+        def from_hash(hash)
+          super
+          if hash.has_key? 'apiVersion'
+            @api_version = hash['apiVersion']
+          end
+          if hash.has_key? 'created'
+            @created = hash['created']
+          end
+          if hash.has_key? 'id'
+            @id = hash['id']
+          end
+          if hash.has_key? 'merchantId'
+            @merchant_id = hash['merchantId']
+          end
+          if hash.has_key? 'type'
+            @type = hash['type']
+          end
+          if hash.has_key? 'payment'
+            @payment = OnlinePayments::SDK::Domain::PaymentResponse.new_from_hash(hash['payment'])
+          end
+          if hash.has_key? 'payout'
+            @payout = OnlinePayments::SDK::Domain::PayoutResponse.new_from_hash(hash['payout'])
+          end
+          if hash.has_key? 'refund'
+            @refund = OnlinePayments::SDK::Domain::RefundResponse.new_from_hash(hash['refund'])
+          end
+          if hash.has_key? 'token'
+            @token = OnlinePayments::SDK::Domain::TokenResponse.new_from_hash(hash['token'])
+          end
+        end
       end
     end
   end

data/lib/onlinepayments/sdk/webhooks/webhooks_helper.rb

@@ -1,100 +1,38 @@
-require 'openssl'
-require 'base64'
-
-module OnlinePayments::SDK
-  module Webhooks
-
-    # Online Payments platform webhooks Helper, Thread-safe.
-    class WebhooksHelper
-      def initialize(marshaller, secret_key_store)
-        raise ArgumentError unless marshaller
-        raise ArgumentError unless secret_key_store
-        @marshaller = marshaller
-        @secret_key_store = secret_key_store
-      end
-
-      # Unmarshals the given body, while also validating it using the given request headers.
-      #
-      # @param body            [String] body of the request
-      # @param request_headers [Array<OnlinePayments::SDK::RequestHeader>] headers of the request
-      def unmarshal(body, request_headers)
-        validate(body, request_headers)
-        event = @marshaller.unmarshal(body, WebhooksEvent)
-        validate_api_version(event)
-        event
-      end
-
-      # Validates incoming request using request headers
-      #
-      # @param body            [String] body of the request
-      # @param request_headers [Array<OnlinePayments::SDK::RequestHeader>] headers of the request
-      def validate(body, request_headers)
-        validate_body(body, request_headers)
-      end
-
-      private
-
-      HEADER_SIGNATURE = 'X-GCS-Signature'.freeze
-      HEADER_KEY_ID = 'X-GCS-KeyId'.freeze
-      HMAC_SCHEME = 'SHA256'.freeze
-
-      # validation utility methods
-
-      # Validates the body using given request headers
-      #
-      # @param body            [String] body of the request
-      # @param request_headers [Array<OnlinePayments::SDK::RequestHeader>] headers of the request
-      def validate_body(body, request_headers)
-        signature = get_header_value(request_headers, HEADER_SIGNATURE)
-        key_id = get_header_value(request_headers, HEADER_KEY_ID)
-        secret_key = @secret_key_store.get_secret_key(key_id)
-        digest = OpenSSL::Digest.new(HMAC_SCHEME)
-        hmac = OpenSSL::HMAC.digest(digest, secret_key, body)
-        expected_signature = Base64.strict_encode64(hmac).strip
-
-        unless equal_signatures?(signature, expected_signature)
-          msg = "failed to validate signature '#{signature}'"
-          raise SignatureValidationException, message: msg
+require 'onlinepayments/sdk/webhooks/webhooks_event'
+require 'onlinepayments/sdk/webhooks/api_version_mismatch_exception'
+require 'onlinepayments/sdk/webhooks/signature_validator'
+
+module OnlinePayments
+  module SDK
+    module Webhooks
+      # Online Payments platform webhooks Helper, Thread-safe.
+      class WebhooksHelper
+        def initialize(marshaller, secret_key_store)
+          raise ArgumentError if marshaller.nil?
+          @marshaller = marshaller
+          @signature_validator = OnlinePayments::SDK::Webhooks::SignatureValidator.new(secret_key_store)
         end
-      end
 
-      # Checks two signatures
-      #
-      # @param signature          [String]
-      # @param expected_signature [String]
-      def equal_signatures?(signature, expected_signature)
-        # NOTE: copy the signatures to avoid runtime tampering via references
-        signature = signature.dup.freeze
-        expected_signature = expected_signature.dup.freeze
-        # NOTE: do not use simple equality comparision to avoid side channel attack
-        limit = [signature.length, expected_signature.length, 256].max
-        limit.times.inject(true) do |flag, idx|
-          # NOTE: this block is constructed to take constant time to run
-          flag &= signature[idx] == expected_signature[idx]
-          # [] returns nil if idx >= the length of the String
+        # Unmarshals the given body, while also validating it using the given request headers.
+        #
+        # @param body            [String] body of the request
+        # @param request_headers [Array<OnlinePayments::SDK::Communication::RequestHeader>] headers of the request
+        # @return [OnlinePayments::SDK::Webhooks::WebhooksEvent]
+        def unmarshal(body, request_headers)
+          @signature_validator.validate(body, request_headers)
+
+          event = @marshaller.unmarshal(body, OnlinePayments::SDK::Webhooks::WebhooksEvent)
+          validate_api_version(event)
+          event
         end
-      end
-
-      # general utility methods
 
-      # Returns true if the client API version and the webhooks event API version matches
-      def validate_api_version(event)
-        raise ApiVersionMismatchException.new event.api_version, 'v1' unless 'v1'.eql?(event.api_version)
-      end
+        private
 
-      # Retrieves header value from the request headers whose header name matches the given parameter
-      def get_header_value(request_headers, header_name)
-        if (right_header = request_headers.select { |h| h.name.casecmp(header_name) == 0 }).size != 1
-          msg = if right_header.empty?
-                  "could not find header '#{header_name}'"
-                else
-                  # more than 2 headers
-                  "encountered multiple occurrences of header '#{header_name}'"
-                end
-          raise SignatureValidationException, message: msg
+        def validate_api_version(event)
+          raise OnlinePayments::SDK::Webhooks::ApiVersionMismatchException.new(event.api_version, 'v1') unless 'v1'.eql?(event.api_version)
         end
-        right_header.first.value
       end
     end
+
   end
 end

data/lib/onlinepayments/sdk/webhooks.rb

@@ -1,11 +1 @@
-prefix = 'onlinepayments/sdk/webhooks'
-
-require "#{prefix}/api_version_mismatch_exception"
-require "#{prefix}/signature_validation_exception"
-require "#{prefix}/secret_key_not_available_exception"
-require "#{prefix}/secret_key_store"
-require "#{prefix}/in_memory_secret_key_store"
-require "#{prefix}/webhooks_event"
-require "#{prefix}/webhooks_helper"
-require "#{prefix}/webhooks_helper_builder"
-require "#{prefix}/webhooks"
+Dir[File.join(__dir__, 'webhooks', '*.rb')].each { |f| require f }

data/lib/onlinepayments/sdk.rb

@@ -1,26 +1,4 @@
-prefix = 'onlinepayments/sdk'
-
-require "#{prefix}/logging"
-require "#{prefix}/exceptions"
-
-require "#{prefix}/marshaller"
-require "#{prefix}/response_header"
-require "#{prefix}/authenticator"
-require "#{prefix}/data_object"
-require "#{prefix}/proxy_configuration"
-require "#{prefix}/connection"
-require "#{prefix}/pooled_connection"
-require "#{prefix}/communicator"
-require "#{prefix}/endpoint_configuration"
-require "#{prefix}/communicator_configuration"
-require "#{prefix}/client"
-require "#{prefix}/call_context"
-require "#{prefix}/api_resource"
-require "#{prefix}/request_param"
-require "#{prefix}/request_header"
-require "#{prefix}/param_request"
-require "#{prefix}/meta_data_provider"
-require "#{prefix}/factory"
-
-require "#{prefix}/defaultimpl"
-require "#{prefix}/webhooks"
+#
+# This file was automatically generated.
+#
+Dir[File.join(__dir__, 'sdk', '*.rb')].each { |f| require f }

data/onlinepayments-sdk-ruby.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |spec|
   spec.name           = 'onlinepayments-sdk-ruby'
-  spec.version        = '4.22.0'
+  spec.version        = '5.0.0'
   spec.authors        = ['Worldline Direct support team']
   spec.email          = ['82139942+worldline-direct-support-team@users.noreply.github.com']
   spec.summary        = %q{SDK to communicate with the Online Payments platform using the Online Payments Server API}
@@ -22,7 +22,8 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'yard', '~> 0.9'
   spec.add_development_dependency 'rspec', '~> 3.5'
   spec.add_development_dependency 'webmock', '~> 2.1'
-  spec.add_development_dependency 'sinatra', '~> 1.4'
+  spec.add_development_dependency 'sinatra', '~> 2.1'
+  spec.add_development_dependency 'webrick', '~> 1.7'
   spec.add_development_dependency 'rake', '~> 12.3', '>= 12.3.3'
   # spec.metadata['yard.run'] = 'yri'  # compiles yard doc on install
 end