paid 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: acd4fd8d0c3ea2366a13704be64eed1765bc7541
+  data.tar.gz: 5d7e118d0735f1da69ad6d04d315e455953e44f0
+SHA512:
+  metadata.gz: 77daeece70472dca00a5157a3db3cd1b2e5d9eb4ec14526bbe2d9b9680767afaa30df5386f108e4d6dcf66112cab48106981d987d2e3037aa1902fe8d73e624f
+  data.tar.gz: 9ea6a5974b22f56cb695064cf8c9c1eca1222aecfd35aeca94288c27de4fb413aa3bfc49311e8e1bc4769a436c857a47dbd5bb405adb4549f1d4fa84e4034bcf

data/Gemfile

@@ -0,0 +1,8 @@
+source "https://rubygems.org"
+gemspec
+
+if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('1.9.3')
+  gem 'i18n', '< 0.7'
+  gem 'rest-client', '~> 1.6.8'
+  gem 'activesupport', '~> 3.2'
+end

data/Gemfile.lock

@@ -0,0 +1,54 @@
+PATH
+  remote: .
+  specs:
+    paid (0.0.1)
+      json (~> 1.8.1)
+      mime-types (>= 1.25, < 3.0)
+      rest-client (~> 1.4)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activesupport (4.2.0)
+      i18n (~> 0.7)
+      json (~> 1.7, >= 1.7.7)
+      minitest (~> 5.1)
+      thread_safe (~> 0.3, >= 0.3.4)
+      tzinfo (~> 1.1)
+    bourne (1.5.0)
+      mocha (>= 0.13.2, < 0.15)
+    i18n (0.7.0)
+    json (1.8.2)
+    metaclass (0.0.4)
+    mime-types (2.4.3)
+    minitest (5.5.1)
+    mocha (0.13.3)
+      metaclass (~> 0.0.1)
+    netrc (0.10.2)
+    power_assert (0.2.2)
+    rake (10.4.2)
+    rest-client (1.7.2)
+      mime-types (>= 1.16, < 3.0)
+      netrc (~> 0.7)
+    shoulda (3.4.0)
+      shoulda-context (~> 1.0, >= 1.0.1)
+      shoulda-matchers (~> 1.0, >= 1.4.1)
+    shoulda-context (1.2.1)
+    shoulda-matchers (1.5.6)
+      activesupport (>= 3.0.0)
+      bourne (~> 1.3)
+    test-unit (3.0.9)
+      power_assert
+    thread_safe (0.3.4)
+    tzinfo (1.2.2)
+      thread_safe (~> 0.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  mocha (~> 0.13.2)
+  paid!
+  rake
+  shoulda (~> 3.4.0)
+  test-unit

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2015 Ryan Jackson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,35 @@
+= Paid Ruby bindings
+
+== Installation
+
+gem 'paid'
+
+== Requirements
+
+* Ruby 1.8.7 or above. (Ruby 1.8.6 may work if you load
+  ActiveSupport.) For Ruby versions before 1.9.2, you'll need to add this to your Gemfile:
+
+    if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('1.9.2')
+      gem 'rest-client', '~> 1.6.8'
+    end
+
+
+* rest-client, json
+
+== Mirrors
+
+The paid gem is mirrored on Rubygems, so you should be able to
+install it via <tt>gem install paid</tt> if desired.
+
+Note that if you are installing via bundler, you should be sure to use the https
+rubygems source in your Gemfile, as any gems fetched over http could potentially be
+compromised in transit and alter the code of gems fetched securely over https:
+
+  source 'https://rubygems.org'
+
+  gem 'rails'
+  gem 'paid'
+
+== Development
+
+Test cases can be run with: `bundle exec rake test`

data/Rakefile

@@ -0,0 +1,34 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Paid'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+
+
+
+
+
+Bundler::GemHelper.install_tasks
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+
+task default: :test

data/lib/paid/account.rb

@@ -0,0 +1,4 @@
+module Paid
+  class Account < SingletonAPIResource
+  end
+end

data/lib/paid/api_operations/create.rb

@@ -0,0 +1,17 @@
+module Paid
+  module APIOperations
+    module Create
+      module ClassMethods
+        def create(params={}, opts={})
+          api_key, headers = Util.parse_opts(opts)
+          response, api_key = Paid.request(:post, self.url, api_key, params, headers)
+          Util.convert_to_paid_object(response, api_key)
+        end
+      end
+
+      def self.included(base)
+        base.extend(ClassMethods)
+      end
+    end
+  end
+end

data/lib/paid/api_operations/delete.rb

@@ -0,0 +1,11 @@
+module Paid
+  module APIOperations
+    module Delete
+      def delete(params = {}, opts={})
+        api_key, headers = Util.parse_opts(opts)
+        response, api_key = Paid.request(:delete, url, api_key || @api_key, params, headers)
+        refresh_from(response, api_key)
+      end
+    end
+  end
+end

data/lib/paid/api_operations/list.rb

@@ -0,0 +1,17 @@
+module Paid
+  module APIOperations
+    module List
+      module ClassMethods
+        def all(filters={}, opts={})
+          api_key, headers = Util.parse_opts(opts)
+          response, api_key = Paid.request(:get, url, api_key, filters, headers)
+          Util.convert_to_paid_object(response, api_key)
+        end
+      end
+
+      def self.included(base)
+        base.extend(ClassMethods)
+      end
+    end
+  end
+end

data/lib/paid/api_operations/update.rb

@@ -0,0 +1,57 @@
+module Paid
+  module APIOperations
+    module Update
+      def save(opts={})
+        values = serialize_params(self).merge(opts)
+
+        if @values[:metadata]
+          values[:metadata] = serialize_metadata
+        end
+
+        if values.length > 0
+          values.delete(:id)
+
+          response, api_key = Paid.request(:post, url, @api_key, values)
+          refresh_from(response, api_key)
+        end
+        self
+      end
+
+      def serialize_metadata
+        if @unsaved_values.include?(:metadata)
+          # the metadata object has been reassigned
+          # i.e. as object.metadata = {key => val}
+          metadata_update = @values[:metadata]  # new hash
+          new_keys = metadata_update.keys.map(&:to_sym)
+          # remove keys at the server, but not known locally
+          keys_to_unset = @previous_metadata.keys - new_keys
+          keys_to_unset.each {|key| metadata_update[key] = ''}
+
+          metadata_update
+        else
+          # metadata is a PaidObject, and can be serialized normally
+          serialize_params(@values[:metadata])
+        end
+      end
+
+      def serialize_params(obj)
+        case obj
+        when nil
+          ''
+        when PaidObject
+          unsaved_keys = obj.instance_variable_get(:@unsaved_values)
+          obj_values = obj.instance_variable_get(:@values)
+          update_hash = {}
+
+          unsaved_keys.each do |k|
+            update_hash[k] = serialize_params(obj_values[k])
+          end
+
+          update_hash
+        else
+          obj
+        end
+      end
+    end
+  end
+end

data/lib/paid/api_resource.rb

@@ -0,0 +1,32 @@
+module Paid
+  class APIResource < PaidObject
+    def self.class_name
+      self.name.split('::')[-1]
+    end
+
+    def self.url
+      if self == APIResource
+        raise NotImplementedError.new('APIResource is an abstract class.  You should perform actions on its subclasses (Transaction, Customer, etc.)')
+      end
+      "/v0/#{CGI.escape(class_name.downcase)}s"
+    end
+
+    def url
+      unless id = self['id']
+        raise InvalidRequestError.new("Could not determine which URL to request: #{self.class} instance has invalid ID: #{id.inspect}", 'id')
+      end
+      "#{self.class.url}/#{CGI.escape(id)}"
+    end
+
+    def refresh
+      response, api_key = Paid.request(:get, url, @api_key, @retrieve_options)
+      refresh_from(response, api_key)
+    end
+
+    def self.retrieve(id, api_key=nil)
+      instance = self.new(id, api_key)
+      instance.refresh
+      instance
+    end
+  end
+end

data/lib/paid/certificate_blacklist.rb

@@ -0,0 +1,55 @@
+require 'uri'
+require 'digest/sha1'
+
+module Paid
+  module CertificateBlacklist
+
+    BLACKLIST = {
+      "api.paidapi.com" => [
+        '',
+      ],
+      "revoked.paidapi.com" => [
+        '',
+      ]
+    }
+
+    # Preflight the SSL certificate presented by the backend. This isn't 100%
+    # bulletproof, in that we're not actually validating the transport used to
+    # communicate with Paid, merely that the first attempt to does not use a
+    # revoked certificate.
+
+    # Unfortunately the interface to OpenSSL doesn't make it easy to check the
+    # certificate before sending potentially sensitive data on the wire. This
+    # approach raises the bar for an attacker significantly.
+
+    def self.check_ssl_cert(uri, ca_file)
+      uri = URI.parse(uri)
+
+      sock = TCPSocket.new(uri.host, uri.port)
+      ctx = OpenSSL::SSL::SSLContext.new
+      ctx.set_params(:verify_mode => OpenSSL::SSL::VERIFY_PEER,
+                     :ca_file => ca_file)
+
+      socket = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+      socket.connect
+
+      certificate = socket.peer_cert.to_der
+      fingerprint = Digest::SHA1.hexdigest(certificate)
+
+      if blacklisted_certs = BLACKLIST[uri.host]
+        if blacklisted_certs.include?(fingerprint)
+          raise APIConnectionError.new(
+            "Invalid server certificate. You tried to connect to a server that" +
+            "has a revoked SSL certificate, which means we cannot securely send" +
+            "data to that server. Please email support@paidapi.com if you need" +
+            "help connecting to the correct API server."
+          )
+        end
+      end
+
+      socket.close
+
+      return true
+    end
+  end
+end

data/lib/paid/customer.rb

@@ -0,0 +1,16 @@
+module Paid
+  class Customer < APIResource
+    include Paid::APIOperations::Create
+    include Paid::APIOperations::Delete
+    include Paid::APIOperations::Update
+    include Paid::APIOperations::List
+
+    def invoices
+      Invoice.all({ :customer => id }, @api_key)
+    end
+
+    def transactions
+      Transaction.all({ :customer => id }, @api_key)
+    end
+  end
+end

data/lib/paid/errors/api_connection_error.rb

@@ -0,0 +1,4 @@
+module Paid
+  class APIConnectionError < PaidError
+  end
+end

data/lib/paid/errors/api_error.rb

@@ -0,0 +1,4 @@
+module Paid
+  class APIError < PaidError
+  end
+end

data/lib/paid/errors/authentication_error.rb

@@ -0,0 +1,4 @@
+module Paid
+  class AuthenticationError < PaidError
+  end
+end

data/lib/paid/errors/invalid_request_error.rb

@@ -0,0 +1,10 @@
+module Paid
+  class InvalidRequestError < PaidError
+    attr_accessor :param
+
+    def initialize(message, param, http_status=nil, http_body=nil, json_body=nil)
+      super(message, http_status, http_body, json_body)
+      @param = param
+    end
+  end
+end

data/lib/paid/errors/paid_error.rb

@@ -0,0 +1,20 @@
+module Paid
+  class PaidError < StandardError
+    attr_reader :message
+    attr_reader :http_status
+    attr_reader :http_body
+    attr_reader :json_body
+
+    def initialize(message=nil, http_status=nil, http_body=nil, json_body=nil)
+      @message = message
+      @http_status = http_status
+      @http_body = http_body
+      @json_body = json_body
+    end
+
+    def to_s
+      status_string = @http_status.nil? ? "" : "(Status #{@http_status}) "
+      "#{status_string}#{@message}"
+    end
+  end
+end

data/lib/paid/event.rb

@@ -0,0 +1,5 @@
+module Paid
+  class Event < APIResource
+    include Paid::APIOperations::List
+  end
+end

data/lib/paid/invoice.rb

@@ -0,0 +1,7 @@
+module Paid
+  class Invoice < APIResource
+    include Paid::APIOperations::List
+    include Paid::APIOperations::Update
+    include Paid::APIOperations::Create
+  end
+end

data/lib/paid/list_object.rb

@@ -0,0 +1,37 @@
+module Paid
+  class ListObject < PaidObject
+
+    def [](k)
+      case k
+      when String, Symbol
+        super
+      else
+        raise ArgumentError.new("You tried to access the #{k.inspect} index, but ListObject types only support String keys. (HINT: List calls return an object with a 'data' (which is the data array). You likely want to call #data[#{k.inspect}])")
+      end
+    end
+
+    def each(&blk)
+      self.data.each(&blk)
+    end
+
+    def retrieve(id, api_key=nil)
+      api_key ||= @api_key
+      response, api_key = Paid.request(:get,"#{url}/#{CGI.escape(id)}", api_key)
+      Util.convert_to_paid_object(response, api_key)
+    end
+
+    def create(params={}, opts={})
+      api_key, headers = Util.parse_opts(opts)
+      api_key ||= @api_key
+      response, api_key = Paid.request(:post, url, api_key, params, headers)
+      Util.convert_to_paid_object(response, api_key)
+    end
+
+    def all(params={}, opts={})
+      api_key, headers = Util.parse_opts(opts)
+      api_key ||= @api_key
+      response, api_key = Paid.request(:get, url, api_key, params, headers)
+      Util.convert_to_paid_object(response, api_key)
+    end
+  end
+end

data/lib/paid/paid_object.rb

@@ -0,0 +1,187 @@
+module Paid
+  class PaidObject
+    include Enumerable
+
+    attr_accessor :api_key
+    @@permanent_attributes = Set.new([:api_key, :id])
+
+    # The default :id method is deprecated and isn't useful to us
+    if method_defined?(:id)
+      undef :id
+    end
+
+    def initialize(id=nil, api_key=nil)
+      # parameter overloading!
+      if id.kind_of?(Hash)
+        @retrieve_options = id.dup
+        @retrieve_options.delete(:id)
+        id = id[:id]
+      else
+        @retrieve_options = {}
+      end
+
+      @api_key = api_key
+      @values = {}
+      # This really belongs in APIResource, but not putting it there allows us
+      # to have a unified inspect method
+      @unsaved_values = Set.new
+      @transient_values = Set.new
+      @values[:id] = id if id
+    end
+
+    def self.construct_from(values, api_key=nil)
+      self.new(values[:id], api_key).refresh_from(values, api_key)
+    end
+
+    def to_s(*args)
+      JSON.pretty_generate(@values)
+    end
+
+    def inspect
+      id_string = (self.respond_to?(:id) && !self.id.nil?) ? " id=#{self.id}" : ""
+      "#<#{self.class}:0x#{self.object_id.to_s(16)}#{id_string}> JSON: " + JSON.pretty_generate(@values)
+    end
+
+    def refresh_from(values, api_key, partial=false)
+      @api_key = api_key
+
+      @previous_metadata = values[:metadata]
+      removed = partial ? Set.new : Set.new(@values.keys - values.keys)
+      added = Set.new(values.keys - @values.keys)
+
+      instance_eval do
+        remove_accessors(removed)
+        add_accessors(added)
+      end
+      removed.each do |k|
+        @values.delete(k)
+        @transient_values.add(k)
+        @unsaved_values.delete(k)
+      end
+      values.each do |k, v|
+        @values[k] = Util.convert_to_paid_object(v, api_key)
+        @transient_values.delete(k)
+        @unsaved_values.delete(k)
+      end
+
+      return self
+    end
+
+    def [](k)
+      @values[k.to_sym]
+    end
+
+    def []=(k, v)
+      send(:"#{k}=", v)
+    end
+
+    def keys
+      @values.keys
+    end
+
+    def values
+      @values.values
+    end
+
+    def to_json(*a)
+      JSON.generate(@values)
+    end
+
+    def as_json(*a)
+      @values.as_json(*a)
+    end
+
+    def to_hash
+      @values.inject({}) do |acc, (key, value)|
+        acc[key] = value.respond_to?(:to_hash) ? value.to_hash : value
+        acc
+      end
+    end
+
+    def each(&blk)
+      @values.each(&blk)
+    end
+
+    def _dump(level)
+      Marshal.dump([@values, @api_key])
+    end
+
+    def self._load(args)
+      values, api_key = Marshal.load(args)
+      construct_from(values, api_key)
+    end
+
+    if RUBY_VERSION < '1.9.2'
+      def respond_to?(symbol)
+        @values.has_key?(symbol) || super
+      end
+    end
+
+    protected
+
+    def metaclass
+      class << self; self; end
+    end
+
+    def remove_accessors(keys)
+      metaclass.instance_eval do
+        keys.each do |k|
+          next if @@permanent_attributes.include?(k)
+          k_eq = :"#{k}="
+          remove_method(k) if method_defined?(k)
+          remove_method(k_eq) if method_defined?(k_eq)
+        end
+      end
+    end
+
+    def add_accessors(keys)
+      metaclass.instance_eval do
+        keys.each do |k|
+          next if @@permanent_attributes.include?(k)
+          k_eq = :"#{k}="
+          define_method(k) { @values[k] }
+          define_method(k_eq) do |v|
+            if v == ""
+              raise ArgumentError.new(
+                "You cannot set #{k} to an empty string." +
+                "We interpret empty strings as nil in requests." +
+                "You may set #{self}.#{k} = nil to delete the property.")
+            end
+            @values[k] = v
+            @unsaved_values.add(k)
+          end
+        end
+      end
+    end
+
+    def method_missing(name, *args)
+      # TODO: only allow setting in updateable classes.
+      if name.to_s.end_with?('=')
+        attr = name.to_s[0...-1].to_sym
+        add_accessors([attr])
+        begin
+          mth = method(name)
+        rescue NameError
+          raise NoMethodError.new("Cannot set #{attr} on this object. HINT: you can't set: #{@@permanent_attributes.to_a.join(', ')}")
+        end
+        return mth.call(args[0])
+      else
+        return @values[name] if @values.has_key?(name)
+      end
+
+      begin
+        super
+      rescue NoMethodError => e
+        if @transient_values.include?(name)
+          raise NoMethodError.new(e.message + ".  HINT: The '#{name}' attribute was set in the past, however.  It was then wiped when refreshing the object with the result returned by Paid's API, probably as a result of a save().  The attributes currently available on this object are: #{@values.keys.join(', ')}")
+        else
+          raise
+        end
+      end
+    end
+
+    def respond_to_missing?(symbol, include_private = false)
+      @values && @values.has_key?(symbol) || super
+    end
+  end
+end