pagarme 2.1.0 → 2.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +49 -0
- data/lib/pagarme.rb +4 -2
- data/lib/pagarme/resources/postback.rb +23 -6
- data/lib/pagarme/version.rb +1 -1
- data/test/fixtures.rb +2 -7
- data/test/pagarme/resources/payable_test.rb +1 -1
- data/test/pagarme/resources/postback_test.rb +10 -4
- metadata +2 -4
- data/test/pagarme/pagarme_test.rb +0 -10
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 19db5c088393486c4bc44af6ee169fb3a50a37f5
|
|
4
|
+
data.tar.gz: 33157926082f202f8affcc8dc8093831d1acb37e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 438ca7c4e957ac3561b4663b899fbbccbd7d3c6bbaa4dbaff918307a6cac1ce2fd08025e8476936306c5bd7073a3ab3de0099fa3ea5e0fd5e10426292a20e261
|
|
7
|
+
data.tar.gz: 4b61661fd23f341dcd0194019693021aba613b1ab62934565ee136cb7078180befb4df5734f25680d85b897011cda19edaded58916e73dd3ef984eb27287d60c
|
data/README.md
CHANGED
|
@@ -269,6 +269,55 @@ More about [Querying Payables](https://docs.pagar.me/api/#retornando-recebiveis)
|
|
|
269
269
|
|
|
270
270
|
More about [Payable Transactions](https://docs.pagar.me/api/#retornando-pagamentos-da-transacao)
|
|
271
271
|
|
|
272
|
+
### Validating Postback
|
|
273
|
+
|
|
274
|
+
You need to ensure that all received postback are sent by Pagar.me and not from anyone else,
|
|
275
|
+
to do this, is very important to validate it.
|
|
276
|
+
|
|
277
|
+
You must do it using the raw payload received on post request, and check it signature provided
|
|
278
|
+
in HTTP header X-Hub-Signature.
|
|
279
|
+
|
|
280
|
+
You can check it like this:
|
|
281
|
+
|
|
282
|
+
```ruby
|
|
283
|
+
PagarMe::Postback.valid_request_signature?(payload, signature)
|
|
284
|
+
```
|
|
285
|
+
|
|
286
|
+
#### Rails Example
|
|
287
|
+
|
|
288
|
+
If you are using Rails, you should do it your controller like this:
|
|
289
|
+
|
|
290
|
+
```ruby
|
|
291
|
+
|
|
292
|
+
class PostbackController < ApplicationController
|
|
293
|
+
skip_before_action :verify_authenticity_token
|
|
294
|
+
|
|
295
|
+
def postback
|
|
296
|
+
if valid_postback?
|
|
297
|
+
# Handle your code here
|
|
298
|
+
# postback payload is in params
|
|
299
|
+
else
|
|
300
|
+
render_invalid_postback_response
|
|
301
|
+
end
|
|
302
|
+
end
|
|
303
|
+
|
|
304
|
+
protected
|
|
305
|
+
def valid_postback?
|
|
306
|
+
raw_post = request.raw_post
|
|
307
|
+
signature = request.headers['HTTP_X_HUB_SIGNATURE']
|
|
308
|
+
PagarMe::Postback.valid_request_signature?(raw_post, signature)
|
|
309
|
+
end
|
|
310
|
+
|
|
311
|
+
def render_invalid_postback_response
|
|
312
|
+
render json: {error: 'invalid postback'}, status: 400
|
|
313
|
+
end
|
|
314
|
+
end
|
|
315
|
+
|
|
316
|
+
|
|
317
|
+
```
|
|
318
|
+
|
|
319
|
+
request.raw_post
|
|
320
|
+
|
|
272
321
|
### Undocumented Features
|
|
273
322
|
|
|
274
323
|
This gem is stable, but in constant development.
|
data/lib/pagarme.rb
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
require 'set'
|
|
2
2
|
require 'time'
|
|
3
3
|
require 'digest/sha1'
|
|
4
|
+
require 'openssl'
|
|
4
5
|
|
|
5
6
|
require_relative 'pagarme/version'
|
|
6
7
|
require_relative 'pagarme/core_ext'
|
|
@@ -25,7 +26,8 @@ module PagarMe
|
|
|
25
26
|
self.timeout = 90
|
|
26
27
|
self.api_key = ENV['PAGARME_API_KEY']
|
|
27
28
|
|
|
28
|
-
|
|
29
|
-
|
|
29
|
+
# TODO: Remove deprecated PagarMe.validate_fingerprint
|
|
30
|
+
def self.validate_fingerprint(*args)
|
|
31
|
+
raise '[Deprecation Error] PagarMe.validate_fingerprint is deprecated, use PagarMe::Postback.valid_request_signature? instead'
|
|
30
32
|
end
|
|
31
33
|
end
|
|
@@ -1,15 +1,32 @@
|
|
|
1
1
|
module PagarMe
|
|
2
2
|
class Postback < PagarMeObject
|
|
3
3
|
def valid?
|
|
4
|
-
self.class.
|
|
4
|
+
signature == self.class.signature(payload)
|
|
5
5
|
end
|
|
6
6
|
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
7
|
+
class << self
|
|
8
|
+
def valid_request_signature?(payload, signature)
|
|
9
|
+
kind, raw_signature = signature.split '=', 2
|
|
10
|
+
return false if kind.blank? || raw_signature.blank?
|
|
11
|
+
signature(payload, kind) == raw_signature
|
|
12
|
+
end
|
|
13
|
+
alias :validate_request_signature :valid_request_signature?
|
|
14
|
+
|
|
15
|
+
def signature(payload, hash_method = 'sha1')
|
|
16
|
+
OpenSSL::HMAC.hexdigest hash_method, PagarMe.api_key, payload
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
# TODO: Remove deprecated Postback.validate
|
|
20
|
+
def validate(id, fingerprint)
|
|
21
|
+
$stderr.puts '[DEPRECATION WARNING] PagarMe.validate method is deprecated, use PagarMe.validate_request_signature instead'
|
|
22
|
+
valid_request_signature? id, fingerprint
|
|
23
|
+
end
|
|
10
24
|
|
|
11
|
-
|
|
12
|
-
|
|
25
|
+
# TODO: Remove deprecated Postback.fingerprint_for
|
|
26
|
+
def fingerprint_for(id)
|
|
27
|
+
$stderr.puts '[DEPRECATION WARNING] PagarMe.fingerprint_for method is deprecated, use PagarMe.signature instead'
|
|
28
|
+
signature id
|
|
29
|
+
end
|
|
13
30
|
end
|
|
14
31
|
end
|
|
15
32
|
end
|
data/lib/pagarme/version.rb
CHANGED
data/test/fixtures.rb
CHANGED
|
@@ -121,13 +121,8 @@ class Fixtures
|
|
|
121
121
|
|
|
122
122
|
def postback_response
|
|
123
123
|
{
|
|
124
|
-
id:
|
|
125
|
-
|
|
126
|
-
fingerprint: 'f8eb5ce941d70473ea691959ea4bfdeb79d48e2c',
|
|
127
|
-
desired_status: 'paid',
|
|
128
|
-
current_status: 'paid',
|
|
129
|
-
object: 'transaction',
|
|
130
|
-
old_status: 'processing'
|
|
124
|
+
payload: "id=406483&fingerprint=9e9496ef28d1154b2db9a446323db90103069330&event=transaction_status_changed&old_status=processing&desired_status=paid¤t_status=paid&object=transaction&transaction[object]=transaction&transaction[status]=paid&transaction[refuse_reason]=null&transaction[status_reason]=acquirer&transaction[acquirer_response_code]=0&transaction[acquirer_name]=pagarme&transaction[authorization_code]=18051&transaction[soft_descriptor]=null&transaction[tid]=406483&transaction[nsu]=406483&transaction[date_created]=2016-03-03T19:13:31.000Z&transaction[date_updated]=2016-03-03T19:13:32.000Z&transaction[amount]=1000&transaction[authorized_amount]=1000&transaction[paid_amount]=1000&transaction[refunded_amount]=0&transaction[installments]=1&transaction[id]=406483&transaction[cost]=50&transaction[card_holder_name]=Jose da Silva&transaction[card_last_digits]=4448&transaction[card_first_digits]=490172&transaction[card_brand]=visa&transaction[postback_url]=http://example.com/postback/1&transaction[payment_method]=credit_card&transaction[capture_method]=ecommerce&transaction[antifraud_score]=null&transaction[boleto_url]=null&transaction[boleto_barcode]=null&transaction[boleto_expiration_date]=null&transaction[referer]=api_key&transaction[ip]=179.185.132.108&transaction[subscription_id]=null&transaction[phone][object]=phone&transaction[phone][ddi]=55&transaction[phone][ddd]=21&transaction[phone][number]=922334455&transaction[phone][id]=21123&transaction[address][object]=address&transaction[address][street]=Av. Brigadeiro Faria Lima&transaction[address][complementary]=null&transaction[address][street_number]=2941&transaction[address][neighborhood]=Itaim bibi&transaction[address][city]=São Paulo&transaction[address][state]=SP&transaction[address][zipcode]=1452000&transaction[address][country]=Brasil&transaction[address][id]=21810&transaction[customer][object]=customer&transaction[customer][document_number]=84931126235&transaction[customer][document_type]=cpf&transaction[customer][name]=Jose da Silva&transaction[customer][email]=pagarmetestruby@mailinator.com&transaction[customer][born_at]=1970-10-11T00:00:00.000Z&transaction[customer][gender]=M&transaction[customer][date_created]=2016-03-01T18:38:25.000Z&transaction[customer][id]=43304&transaction[card][object]=card&transaction[card][id]=card_cil9rcdql00gmbp6er9i5q48u&transaction[card][date_created]=2016-03-01T18:38:25.000Z&transaction[card][date_updated]=2016-03-01T18:38:29.000Z&transaction[card][brand]=visa&transaction[card][holder_name]=Jose da Silva&transaction[card][first_digits]=490172&transaction[card][last_digits]=4448&transaction[card][country]=BR&transaction[card][fingerprint]=F0Y0+wH0d8DS&transaction[card][customer]=undefined&transaction[card][valid]=true",
|
|
125
|
+
signature: '57925d5954efd85613bbffa121dc06b4e7737256'
|
|
131
126
|
}
|
|
132
127
|
end
|
|
133
128
|
|
|
@@ -18,7 +18,7 @@ module PagarMe
|
|
|
18
18
|
assert_equal transaction.payables.map(&:recipient_id).sort, fixtures.persistent_recipient_ids.sort
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
-
should '
|
|
21
|
+
should 'be found' do
|
|
22
22
|
payables = PagarMe::Payable.find_by type: 'refund'
|
|
23
23
|
|
|
24
24
|
assert payables.count > 0
|
|
@@ -2,17 +2,23 @@ require_relative '../../test_helper'
|
|
|
2
2
|
|
|
3
3
|
module PagarMe
|
|
4
4
|
class TransactionTest < Test::Unit::TestCase
|
|
5
|
-
should 'be valid when has valid
|
|
5
|
+
should 'be valid when has valid signature' do
|
|
6
6
|
fixed_api_key do
|
|
7
7
|
postback = PagarMe::Postback.new postback_response_params
|
|
8
8
|
assert postback.valid?
|
|
9
9
|
end
|
|
10
10
|
end
|
|
11
11
|
|
|
12
|
-
should 'be valid when has invalid
|
|
13
|
-
|
|
14
|
-
postback = PagarMe::Postback.new postback_response_params(fingerprint: invalid_fingerprint)
|
|
12
|
+
should 'be valid when has invalid signature' do
|
|
13
|
+
postback = PagarMe::Postback.new postback_response_params(signature: 'invalid signature')
|
|
15
14
|
assert !postback.valid?
|
|
16
15
|
end
|
|
16
|
+
|
|
17
|
+
should 'validate signature' do
|
|
18
|
+
params = postback_response_params
|
|
19
|
+
assert PagarMe::Postback.valid_request_signature?(params[:payload], "sha1=#{params[:signature]}")
|
|
20
|
+
assert !PagarMe::Postback.valid_request_signature?(params[:payload], params[:signature])
|
|
21
|
+
assert !PagarMe::Postback.valid_request_signature?(params[:payload], 'invalid signature')
|
|
22
|
+
end
|
|
17
23
|
end
|
|
18
24
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pagarme
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.1.
|
|
4
|
+
version: 2.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Pedro Franceschi
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2016-03-
|
|
12
|
+
date: 2016-03-18 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: bundler
|
|
@@ -185,7 +185,6 @@ files:
|
|
|
185
185
|
- test/fixtures.rb
|
|
186
186
|
- test/pagarme/error_test.rb
|
|
187
187
|
- test/pagarme/object_test.rb
|
|
188
|
-
- test/pagarme/pagarme_test.rb
|
|
189
188
|
- test/pagarme/resources/balance_test.rb
|
|
190
189
|
- test/pagarme/resources/bank_account_test.rb
|
|
191
190
|
- test/pagarme/resources/bulk_anticipation_test.rb
|
|
@@ -227,7 +226,6 @@ test_files:
|
|
|
227
226
|
- test/fixtures.rb
|
|
228
227
|
- test/pagarme/error_test.rb
|
|
229
228
|
- test/pagarme/object_test.rb
|
|
230
|
-
- test/pagarme/pagarme_test.rb
|
|
231
229
|
- test/pagarme/resources/balance_test.rb
|
|
232
230
|
- test/pagarme/resources/bank_account_test.rb
|
|
233
231
|
- test/pagarme/resources/bulk_anticipation_test.rb
|
|
@@ -1,10 +0,0 @@
|
|
|
1
|
-
require_relative '../test_helper'
|
|
2
|
-
|
|
3
|
-
module PagarMe
|
|
4
|
-
class PagarMeTest < Test::Unit::TestCase
|
|
5
|
-
should 'validate fingerprint correctly' do
|
|
6
|
-
finderprint = Digest::SHA1.hexdigest "123##{PagarMe.api_key}"
|
|
7
|
-
assert PagarMe.validate_fingerprint(123, finderprint)
|
|
8
|
-
end
|
|
9
|
-
end
|
|
10
|
-
end
|