paypal 1.0.1 → 1.8.0

data/README

@@ -6,19 +6,19 @@ business account and tell paypal where to send the IPN ( Instant payment notific
 
 == Download
 
-* Preferred method of installation is using rubygems. gem install --source http://dist.leetsoft.com paypal
+* Preferred method of installation is using rubygems. gem install paypal --source http://dist.leetsoft.com
 * Alternatively you can get the library packaged at http://dist.leetsoft.com/pkg/
 
 == Requirements
 
-* Ruby 1.8.2 (may work with previous versions) With Open SSL support compiled in. 
+* Ruby 1.8.2 (may work with previous versions) With OpenSSL support compiled in. 
 * Valid paypal business account. 
-* The money library from http://dist.leetsoft.com/api/money
+* (optional) The money library from http://dist.leetsoft.com/api/money 
 
 == Installation 
 
-1) Either install the rubygem for this library ( rake install from source 
-   or gem install --source <url> paypal    using gems directly )
+1) Either install the rubygem for this library (rake install from source) or use gems directly:
+   gem install paypal --source http://dist.leetsoft.com/
    
 2) Create a new controller which handels the paypal related tasks.  
     script/generate controller payment   
@@ -27,6 +27,7 @@ business account and tell paypal where to send the IPN ( Instant payment notific
     module PaymentHelper
       include Paypal::Helpers
     end
+
 4) Create a paypal_ipn ( or similar ) action like the one in the "Example rails controller" appendix. 
 
 Within the new payment controller you can now create pages from which users can be sent to paypal. You always 
@@ -61,19 +62,56 @@ sandbox account to use while the application is running in development mode.
 == Example paypal forward page
 
    <%= paypal_form_tag %>
-     <%= paypal_setup "Item 500", Money.us_dollar(50000), "bob@bigbusiness.com", :notify_url => url_for(:path_only => false, :action => 'paypal_ipn') %>  
+     <%= paypal_setup "Item 500", Money.us_dollar(50000), "bob@bigbusiness.com", :notify_url => url_for(:only_path => false, :action => 'paypal_ipn') %>  
 
      Please press here to pay $500US using paypal. <br/>
      <%= submit_tag "Go to paypal >>" %>
 
    <% end_form_tag %> 
 
+== Using encrypted form data
+
+Paypal supports encrypted form data to prevent tampering by third parties.
+You must have a verified paypal account to use this functionality.
+
+1) Create a private key for yourself
+
+    openssl genrsa -out business_key.prm 1024
+
+2) Create a public certificate to share with Paypal
+
+    openssl req -new -key business_key.pem -x509 -days 3650 -out business_cert.pem
+
+3) Upload the public certificate to Paypal (under Profile -> Encrypted Payment Settings -> Your Public Certificates -> Add),
+and note the "Cert ID" that Paypal shows for the certificate.
+
+4) Update your controller to include the details for your key and certificate.
+
+    @business_key = File::read("business_key.pem")
+    @business_cert = File::read("business_cert.pem")
+    @business_certid = "certid from paypal"
+
+5) Update your views to populate the :business_key, :business_cert and :business_certid options in 'paypal_setup' - the rest of the signature is the same.
+
+6) When you're ready to go live, download the production Paypal certificate and override the default certificate.
+
+    Paypal::Notification.paypal_cert = File::read("paypal_cert.pem")
+
 == Troubleshooting
 
 uninitalized constant Paypal - Make sure your ruby has openssl support
 
 == Changelog
 
+2006-02-10 -- 1.5.1
+* added complete list of valid paypal options (Paul Hart)
+
+2006-02-02 -- 1.5.0
+* Now report an error when invalid option is passed to paypal_setup
+* Had to rename parameters cancel_url to cancel_return and return_url to return, please update your app
+* Improved the test coverage strategy for helper tests
+* Added support for encrypted form data (Paul Hart)
+
 2005-09-16 -- 0.9.6
 * Added readme note about the openssl requirement
 
@@ -87,4 +125,4 @@ uninitalized constant Paypal - Make sure your ruby has openssl support
 2005-07-22 -- 0.9.1
 * support for cancel_url as well as notify_url. This means you can now set the IPN callback address from the paypal_setup method and 
   you don't have to do that in the paypal admin interface!
-* Removed the actual form tag from the paypal_setup generated code to conform better with docs 
+* Removed the actual form tag from the paypal_setup generated code to conform better with docs 

data/Rakefile

@@ -5,7 +5,7 @@ require 'rake/rdoctask'
 require 'rake/gempackagetask'
 require 'rake/contrib/rubyforgepublisher'
 
-PKG_VERSION = "1.0.1"
+PKG_VERSION = "1.8.0"
 PKG_NAME = "paypal"
 PKG_FILE_NAME = "#{PKG_NAME}-#{PKG_VERSION}"
 
@@ -19,17 +19,25 @@ PKG_FILES = FileList[
 ].exclude(/\bCVS\b|~$/)
 
 desc "Default Task"
-task :default => [ :test ]
+task :default => [ :test, :test_remote ]
 
 desc "Delete tar.gz / zip / rdoc"
 task :cleanup => [ :rm_packages, :clobber_rdoc ]
 
 # Run the unit tests
-Rake::TestTask.new("test") { |t|
+Rake::TestTask.new :test do |t|
   t.libs << "test"
   t.pattern = 'test/*_test.rb'
+  t.ruby_opts << '-rubygems'
   t.verbose = false
-}
+end
+
+Rake::TestTask.new :test_remote do |t|
+  t.libs << "test"
+  t.pattern = 'test/remote/*_test.rb'
+  t.ruby_opts << '-rubygems'
+  t.verbose = false
+end
 
 desc "Create a rubygem and install it. Might need root rights"
 task :install => [:package] do
@@ -107,115 +115,11 @@ RELEASE_NAME  = "REL #{PKG_VERSION}"
 
 desc "Publish the release files to RubyForge."
 task :release => [:gem] do
-  files = ["gem"].map { |ext| "pkg/#{PKG_FILE_NAME}.#{ext}" }
-
-  if RUBY_FORGE_PROJECT then
-    require 'net/http'
-    require 'open-uri'
-
-    project_uri = "http://rubyforge.org/projects/#{RUBY_FORGE_PROJECT}/"
-    project_data = open(project_uri) { |data| data.read }
-    group_id = project_data[/[?&]group_id=(\d+)/, 1]
-    raise "Couldn't get group id" unless group_id
-
-    # This echos password to shell which is a bit sucky
-    if ENV["RUBY_FORGE_PASSWORD"]
-      password = ENV["RUBY_FORGE_PASSWORD"]
-    else
-      print "#{RUBY_FORGE_USER}@rubyforge.org's password: "
-      password = STDIN.gets.chomp
-    end
+  `rubyforge login`
 
-    login_response = Net::HTTP.start("rubyforge.org", 80) do |http|
-      data = [
-        "login=1",
-        "form_loginname=#{RUBY_FORGE_USER}",
-        "form_pw=#{password}"
-      ].join("&")
-      http.post("/account/login.php", data)
-    end
-
-    cookie = login_response["set-cookie"]
-    raise "Login failed" unless cookie
-    headers = { "Cookie" => cookie }
-
-    release_uri = "http://rubyforge.org/frs/admin/?group_id=#{group_id}"
-    release_data = open(release_uri, headers) { |data| data.read }
-    package_id = release_data[/[?&]package_id=(\d+)/, 1]
-    raise "Couldn't get package id" unless package_id
-
-    first_file = true
-    release_id = ""
-
-    files.each do |filename|
-      basename  = File.basename(filename)
-      file_ext  = File.extname(filename)
-      file_data = File.open(filename, "rb") { |file| file.read }
-
-      puts "Releasing #{basename}..."
-
-      release_response = Net::HTTP.start("rubyforge.org", 80) do |http|
-        release_date = Time.now.strftime("%Y-%m-%d %H:%M")
-        type_map = {
-          ".zip"    => "3000",
-          ".tgz"    => "3110",
-          ".gz"     => "3110",
-          ".gem"    => "1400"
-        }; type_map.default = "9999"
-        type = type_map[file_ext]
-        boundary = "rubyqMY6QN9bp6e4kS21H4y0zxcvoor"
-
-        query_hash = if first_file then
-          {
-            "group_id" => group_id,
-            "package_id" => package_id,
-            "release_name" => RELEASE_NAME,
-            "release_date" => release_date,
-            "type_id" => type,
-            "processor_id" => "8000", # Any
-            "release_notes" => "",
-            "release_changes" => "",
-            "preformatted" => "1",
-            "submit" => "1"
-          }
-        else
-          {
-            "group_id" => group_id,
-            "release_id" => release_id,
-            "package_id" => package_id,
-            "step2" => "1",
-            "type_id" => type,
-            "processor_id" => "8000", # Any
-            "submit" => "Add This File"
-          }
-        end
-
-        query = "?" + query_hash.map do |(name, value)|
-          [name, URI.encode(value)].join("=")
-        end.join("&")
-
-        data = [
-          "--" + boundary,
-          "Content-Disposition: form-data; name=\"userfile\"; filename=\"#{basename}\"",
-          "Content-Type: application/octet-stream",
-          "Content-Transfer-Encoding: binary",
-          "", file_data, ""
-          ].join("\x0D\x0A")
-
-        release_headers = headers.merge(
-          "Content-Type" => "multipart/form-data; boundary=#{boundary}"
-        )
-
-        target = first_file ? "/frs/admin/qrs.php" : "/frs/admin/editrelease.php"
-        http.post(target + query, data, release_headers)
-      end
-
-      if first_file then
-        release_id = release_response.body[/release_id=(\d+)/, 1]
-        raise("Couldn't get release id") unless release_id
-      end
-
-      first_file = false
-    end
+  for ext in %w( gem tgz zip )
+    release_command = "rubyforge add_release #{PKG_NAME} #{PKG_NAME} 'REL #{PKG_VERSION}' pkg/#{PKG_NAME}-#{PKG_VERSION}.#{ext}"
+    puts release_command
+    system(release_command)
   end
 end

data/lib/helper.rb

@@ -17,8 +17,8 @@ module Paypal
     
     # Convenience helper. Can replace <%= form_tag Paypal::Notification.ipn_url %>
     # takes optional url parameter, default is Paypal::Notification.ipn_url
-    def paypal_form_tag(url = Paypal::Notification.ipn_url)
-      form_tag(url)
+    def paypal_form_tag(url = Paypal::Notification.ipn_url, options = {})
+      form_tag(url, options)
     end
 
     # This helper creates the hidden form data which is needed for a paypal purchase. 
@@ -33,77 +33,226 @@ module Paypal
     #
     # * <tt>business</tt> -- This is your paypal account name ( a email ). This needs to be a valid paypal business account.
     #
-    # The last parameter is a options hash. You can override several things:
+    # The last parameter is a options hash. You can set or override any Paypal-recognized parameter, including:
     #
-    # * <tt>:notify_url</tt> -- default is nil. Supply an url which paypal will send its IPN notification to once a 
-    #   purchase is made, canceled or any other status changes occure. 
-    # * <tt>:return_url</tt> -- default is nil. If provided paypal will redirect a user back to this url after a 
-    #   successful purchase. Useful for a kind of thankyou page. 
-    # * <tt>:cancel_url</tt> -- default is nil. If provided paypal will redirect a user back to this url when
-    #   the user cancels the purchase.
+    # * <tt>:cmd</tt> -- default is '_xclick'.
+    # * <tt>:quantity</tt> -- default is '1'.
+    # * <tt>:no_note</tt> -- default is '1'.
     # * <tt>:item_name</tt> -- default is 'Store purchase'. This is the name of the purchase which will be displayed
     #   on the paypal page. 
     # * <tt>:no_shipping</tt> -- default is '1'. By default we tell paypal that no shipping is required. Usually
     #   the shipping address should be collected in our application, not by paypal. 
-    # * <tt>:no_note</tt> -- default is '1'
-    # * <tt>:currency</tt> -- default is 'USD'
+    # * <tt>:currency</tt> -- default is 'USD'. If you provide a Money object, that will automatically override
+    #   the value.
+    # * <tt>:charset</tt> -- default is 'utf-8'.
+    # * <tt>:notify_url</tt> -- If provided paypal will send its IPN notification once a 
+    #   purchase is made, canceled or any other status changes occur.
+    # * <tt>:return</tt> -- If provided paypal will redirect a user back to this url after a 
+    #   successful purchase. Useful for a kind of thankyou page. 
+    # * <tt>:cancel_return</tt> -- If provided paypal will redirect a user back to this url when
+    #   the user cancels the purchase.
     # * <tt>:tax</tt> -- the tax for the store purchase. Same format as the amount parameter but optional
     # * <tt>:invoice</tt> -- Unique invoice number. User will never see this. optional
     # * <tt>:custom</tt> -- Custom field. User will never see this. optional
-    # * <tt>:no_utf8</tt> -- if set to false this prevents the charset = utf-8 hidden field. (I don't know why you 
-    #   would want to disable this... )
     #
+    # Generating encrypted form data
+    #
+    # The helper also supports the generation of encrypted button data. Please see the README for more information
+    # on the setup and prerequisite steps for using encrypted forms.
+    #
+    # The following options must all be provided (as strings) to encrypt the data:
+    #
+    # * <tt>:business_key</tt> -- The private key you have generated
+    # * <tt>:business_cert</tt> -- The public certificate you have also uploaded to Paypal
+    # * <tt>:business_certid</tt> -- The certificate ID that Paypal has assigned to your certificate.
+    # 
     # Examples:
     #   
     #   <%= paypal_setup @order.id, Money.us_dollar(50000), "bob@bigbusiness.com" %>  
     #   <%= paypal_setup @order.id, '50.00', "bob@bigbusiness.com", :currency => 'USD' %>  
     #   <%= paypal_setup @order.id, '50.00', "bob@bigbusiness.com", :currency => 'USD', :notify_url => url_for(:only_path => false, :action => 'paypal_ipn') %>  
     #   <%= paypal_setup @order.id, Money.ca_dollar(50000), "bob@bigbusiness.com", :item_name => 'Snowdevil shop purchase', :return_url => paypal_return_url, :cancel_url => paypal_cancel_url, :notify_url => paypal_ipn_url  %>  
+    #   <%= paypal_setup @order.id, Money.ca_dollar(50000), "bob@bigbusiness.com", :item_name => 'Snowdevil shop purchase', :return_url => paypal_return_url, :cancel_url => paypal_cancel_url, :business_key => @business_key, :business_cert => @business_cert, :business_certid => @business_certid  %>  
     # 
     def paypal_setup(item_number, amount, business, options = {})
+      
+      misses = (options.keys - valid_setup_options)
+      raise ArgumentError, "Unknown option #{misses.inspect}" if not misses.empty?
 
       params = {
+        :cmd => "_xclick",
+        :quantity => 1,
+        :business => business,
+        :item_number => item_number,
         :item_name => 'Store purchase',
         :no_shipping => '1',
         :no_note => '1',
-        :currency => 'USD',
-        :return_url => nil
+        :charset => 'utf-8'
       }.merge(options)
+            
+      params[:currency_code] = amount.currency if amount.respond_to?(:currency)
+      params[:currency_code] = params.delete(:currency) if params[:currency]
+      params[:currency_code] ||= 'USD'
 
-      # We accept both, strings and money objects as amount    
+      # We accept both strings and money objects as amount    
       amount = amount.cents.to_f / 100.0 if amount.respond_to?(:cents)
-      amount = sprintf("%.2f", amount)
+      params[:amount] = sprintf("%.2f", amount)
       
       # same for tax
       tax = params[:tax]
       if tax
         tax = tax.cents.to_f / 100.0 if tax.respond_to?(:cents)
-        tax = sprintf("%.2f", tax)
+        params[:tax] = sprintf("%.2f", tax)
       end
-      
+
+      # look for encryption parameters, save them outsite the parameter hash.
+      business_key = params.delete(:business_key)
+      business_cert = params.delete(:business_cert)
+      business_certid = params.delete(:business_certid)
+
       # Build the form 
       returning button = [] do
-        button << tag(:input, :type => 'hidden', :name => 'cmd', :value => "_xclick")
-        button << tag(:input, :type => 'hidden', :name => 'quantity', :value => 1)
-        button << tag(:input, :type => 'hidden', :name => 'business', :value => business)
-        button << tag(:input, :type => 'hidden', :name => 'amount', :value => amount)
-        button << tag(:input, :type => 'hidden', :name => 'item_number', :value => item_number)
-        button << tag(:input, :type => 'hidden', :name => 'item_name', :value => params[:item_name])
-        button << tag(:input, :type => 'hidden', :name => 'no_shipping', :value => params[:no_shipping])
-        button << tag(:input, :type => 'hidden', :name => 'no_note', :value => params[:no_note])
-        button << tag(:input, :type => 'hidden', :name => 'return', :value => params[:return_url]) if params[:return_url]
-        button << tag(:input, :type => 'hidden', :name => 'notify_url', :value => params[:notify_url]) if params[:notify_url]
-        button << tag(:input, :type => 'hidden', :name => 'cancel_return', :value => params[:cancel_url]) if params[:cancel_url]
-        button << tag(:input, :type => 'hidden', :name => 'tax', :value => tax) if tax
-        button << tag(:input, :type => 'hidden', :name => 'invoice', :value => params[:invoice]) if params[:invoice]
-        button << tag(:input, :type => 'hidden', :name => 'custom', :value => params[:custom]) if params[:custom]
+        # Only attempt an encrypted form if we have all the required fields.
+        if business_key and business_cert and business_certid
+          require 'openssl'
+
+          # Convert the key and certificates into OpenSSL-friendly objects.
+          paypal_cert = OpenSSL::X509::Certificate.new(Paypal::Notification.paypal_cert)
+          business_key = OpenSSL::PKey::RSA.new(business_key)
+          business_cert = OpenSSL::X509::Certificate.new(business_cert)
+          # Put the certificate ID back into the parameter hash the way Paypal wants it.
+          params[:cert_id] = business_certid
+
+          # Prepare a string of data for encryption
+          data = ""
+          params.each_pair {|k,v| data << "#{k}=#{v}\n"}
 
-        # if amount was a object of type money or something compatible we will use its currency, 
-        # otherwise get the currency from the options. default is USD
-        button << tag(:input, :type => 'hidden', :name => 'currency_code', :value => amount.respond_to?(:currency) ? amount.currency : params[:currency])
-        button << tag(:input, :type => 'hidden', :name => 'charset', :value => 'utf-8') unless params[:no_utf8]
+          # Sign the data with our key/certificate pair
+          signed = OpenSSL::PKCS7::sign(business_cert, business_key, data, [], OpenSSL::PKCS7::BINARY)
+          # Encrypt the signed data with Paypal's public certificate.
+          encrypted = OpenSSL::PKCS7::encrypt([paypal_cert], signed.to_der, OpenSSL::Cipher::Cipher::new("DES3"), OpenSSL::PKCS7::BINARY)
+
+          # The command for encrypted forms is always '_s-xclick'; the real command is in the encrypted data.
+          button << tag(:input, :type => 'hidden', :name => 'cmd', :value => "_s-xclick")
+          button << tag(:input, :type => 'hidden', :name => 'encrypted', :value => encrypted)
+        else
+          # Just emit all the parameters that we have as hidden fields.
+          # Note that the sorting isn't really needed, but it makes testing a lot easier for now.
+          params.each do |key, value|
+            button << tag(:input, :type => 'hidden', :name => key, :value => value)
+          end
+        end
       end.join("\n")
     end
     
+    private
+    
+    # See https://www.paypal.com/IntegrationCenter/ic_std-variable-reference.html for details on the following options.
+    def valid_setup_options
+      [
+      # Generic Options
+      :cmd,
+      # IPN Support
+      :notify_url,
+      # Item Information
+      :item_name,
+      :quantity,
+      :undefined_quantity,
+      :on0,
+      :os0,
+      :on1,
+      :os1,
+      # Display Information
+      :add,
+      :cancel_return,
+      :cbt,
+      :cn,
+      :cpp_header_image,
+      :cpp_headerback_color,
+      :cpp_headerborder_color,
+      :cpp_payflow_color,
+      :cs,
+      :display,
+      :image_url,
+      :no_note,
+      :no_shipping,
+      :page_style,
+      :return,
+      :rm,
+      # Transaction Information
+      :address_override,
+      :currency,
+      :currency_code,
+      :custom,
+      :handling,
+      :invoice,
+      :redirect_cmd,
+      :shipping,
+      :tax,
+      :tax_cart,
+      # Shopping Cart Options
+      :amount,
+      :business,
+      :handling_cart,
+      :paymentaction,
+      :rupload,
+      :charset,
+      :upload,
+      # Prepopulating PayPal FORMs or Address Overriding
+      :address1,
+      :address2,
+      :city,
+      :country,
+      :email,
+      :first_name,
+      :last_name,
+      :lc,
+      :night_phone_a,
+      :night_phone_b,
+      :night_phone_c,
+      :state,
+      :zip,
+      # Prepopulating Business Account Sign-up
+      :business_address1,
+      :business_address2,
+      :business_city,
+      :business_state,
+      :business_country,
+      :business_cs_email,
+      :business_cs_phone_a,
+      :business_cs_phone_b,
+      :business_cs_phone_c,
+      :business_url,
+      :business_night_phone_a,
+      :business_night_phone_b,
+      :business_night_phone_c,
+      # End of list from https://www.paypal.com/IntegrationCenter/ic_std-variable-reference.html
+      # The following items are known to exist but are not yet on the above page.
+      :business_zip,
+      :day_phone_a,
+      :day_phone_b,
+      :day_phone_c,
+      # Subscription Options
+      :a1, # Trial Amount 1
+      :p1, # Trial Period 1
+      :t1, # Trial Period 1 Units (D=days, W=weeks, M=months, Y=years)
+      :a2, # Trial Amount 2
+      :p2, # Trial Period 2
+      :t2, # Trial Period 2 Units
+      :a3, # Regular Subscription Amount
+      :p3, # Regular Subscription Period
+      :t3, # Regular Subscription Period Units
+      :src, # Recurring Payments? (1=yes, default=0)
+      :sra, # Reattempt Transaction on Failure? (1=yes, default=0)
+      :srt, # Recurring Times (number of renewals before auto-cancel, default=forever)
+      :usr_manage, # Username and Password Generator? (1=yes, default=0)
+      :modify, # Modification Behaviour (0=new subs only, 1=new or modify, 2=modify existing only, default=0)
+      # Encryption Options - used internally only.
+      :business_key, # Your private key
+      :business_cert, # Your public certificate
+      :business_certid # Your public certificate ID (from Paypal)
+      ]
+    end
+    
   end
-end
+end

data/lib/notification.rb

@@ -48,7 +48,38 @@ module Paypal
     #   Paypal::Notification.ipn_url = http://www.paypal.com/cgi-bin/webscr
     #
     cattr_accessor :ipn_url
-    @@ipn_url = 'http://www.sandbox.paypal.com/cgi-bin/webscr'
+    @@ipn_url = 'https://www.sandbox.paypal.com/cgi-bin/webscr'
+    
+
+    # Overwrite this certificate. It contains the Paypal sandbox certificate by default.
+    #
+    # Example:
+    #   Paypal::Notification.paypal_cert = File::read("paypal_cert.pem")
+    cattr_accessor :paypal_cert
+    @@paypal_cert = """
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAwqgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMRUwEwYDVQQK
+EwxQYXlQYWwsIEluYy4xFjAUBgNVBAsUDXNhbmRib3hfY2VydHMxFDASBgNVBAMU
+C3NhbmRib3hfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMB4XDTA0
+MDQxOTA3MDI1NFoXDTM1MDQxOTA3MDI1NFowgZgxCzAJBgNVBAYTAlVTMRMwEQYD
+VQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhTYW4gSm9zZTEVMBMGA1UEChMMUGF5
+UGFsLCBJbmMuMRYwFAYDVQQLFA1zYW5kYm94X2NlcnRzMRQwEgYDVQQDFAtzYW5k
+Ym94X2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbTCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEAt5bjv/0N0qN3TiBL+1+L/EjpO1jeqPaJC1fDi+cC
+6t6tTbQ55Od4poT8xjSzNH5S48iHdZh0C7EqfE1MPCc2coJqCSpDqxmOrO+9QXsj
+HWAnx6sb6foHHpsPm7WgQyUmDsNwTWT3OGR398ERmBzzcoL5owf3zBSpRP0NlTWo
+nPMCAwEAAaOB+DCB9TAdBgNVHQ4EFgQUgy4i2asqiC1rp5Ms81Dx8nfVqdIwgcUG
+A1UdIwSBvTCBuoAUgy4i2asqiC1rp5Ms81Dx8nfVqdKhgZ6kgZswgZgxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhTYW4gSm9zZTEV
+MBMGA1UEChMMUGF5UGFsLCBJbmMuMRYwFAYDVQQLFA1zYW5kYm94X2NlcnRzMRQw
+EgYDVQQDFAtzYW5kYm94X2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNv
+bYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAFc288DYGX+GX2+W
+P/dwdXwficf+rlG+0V9GBPJZYKZJQ069W/ZRkUuWFQ+Opd2yhPpneGezmw3aU222
+CGrdKhOrBJRRcpoO3FjHHmXWkqgbQqDWdG7S+/l8n1QfDPp+jpULOrcnGEUY41Im
+jZJTylbJQ1b5PBBjGiP0PpK48cdF
+-----END CERTIFICATE-----
+"""
 
     # Creates a new paypal object. Pass the raw html you got from paypal in. 
     # In a rails application this looks something like this
@@ -124,8 +155,10 @@ module Paypal
     # This combines the gross and currency and returns a proper Money object. 
     # this requires the money library located at http://dist.leetsoft.com/api/money
     def amount
+      require 'money'
       amount = gross.sub(/[^\d]/, '').to_i
-      Money.new(amount, currency)
+      return Money.new(amount, currency) rescue ArgumentError
+      return Money.new(amount) # maybe you have an own money object which doesn't take a currency?
     end
     
     # reset the notification. 
@@ -148,13 +181,26 @@ module Paypal
     #     else
     #       ... log possible hacking attempt ...
     #     end
-    def acknowledge
+    def acknowledge      
+      payload =  raw
+      
       uri = URI.parse(self.class.ipn_url)
-      status = nil
-      Net::HTTP.start(uri.host, uri.port) do |request|
-        status = request.post(uri.path, raw + "&cmd=_notify-validate").body
-      end
-      status == "VERIFIED"
+      request_path = "#{uri.path}?cmd=_notify-validate"
+      
+      request = Net::HTTP::Post.new(request_path)
+      request['Content-Length'] = "#{payload.size}"
+      request['User-Agent']     = "paypal-ruby -- http://rubyforge.org/projects/paypal/"
+
+      http = Net::HTTP.new(uri.host, uri.port)
+
+      http.verify_mode    = OpenSSL::SSL::VERIFY_NONE unless @ssl_strict
+      http.use_ssl        = true
+
+      request = http.request(request, payload)
+        
+      raise StandardError.new("Faulty paypal result: #{request.body}") unless ["VERIFIED", "INVALID"].include?(request.body)
+      
+      request.body == "VERIFIED"
     end
 
     private
@@ -165,8 +211,8 @@ module Paypal
       for line in post.split('&')    
         key, value = *line.scan( %r{^(\w+)\=(.*)$} ).flatten
         params[key] = CGI.unescape(value)
-      end    
+      end
     end
 
   end
-end
+end

data/lib/paypal.rb

@@ -24,13 +24,8 @@
 require 'cgi'
 require 'net/http'
 require 'net/https'
+require 'active_support'
 
-begin
-  require 'money' 
-rescue LoadError
-  require 'rubygems'
-  require_gem 'money'
-end
     
 require File.dirname(__FILE__) + '/notification'
 require File.dirname(__FILE__) + '/helper'

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
-rubygems_version: 0.8.10
+rubygems_version: 0.8.11
 specification_version: 1
 name: paypal
 version: !ruby/object:Gem::Version 
-  version: 1.0.1
-date: 2005-09-17
+  version: 1.8.0
+date: 2006-04-09 00:00:00 -04:00
 summary: Paypal IPN integration library for rails and other web applications
 require_paths: 
-  - lib
+- lib
 email: tobi@leetsoft.com
 homepage: http://dist.leetsoft.com/api/paypal
 rubyforge_project: 
@@ -18,37 +18,43 @@ bindir: bin
 has_rdoc: true
 required_ruby_version: !ruby/object:Gem::Version::Requirement 
   requirements: 
-    - 
-      - ">"
-      - !ruby/object:Gem::Version 
-        version: 0.0.0
+  - - ">"
+    - !ruby/object:Gem::Version 
+      version: 0.0.0
   version: 
 platform: ruby
+signing_key: 
+cert_chain: 
 authors: 
-  - Tobias Luetke
+- Tobias Luetke
 files: 
-  - README
-  - Rakefile
-  - MIT-LICENSE
-  - lib/helper.rb
-  - lib/notification.rb
-  - lib/paypal.rb
-  - "misc/PayPal - Instant Payment Notification - Technical Overview.pdf"
-  - misc/paypal.psd
+- README
+- Rakefile
+- MIT-LICENSE
+- lib/helper.rb
+- lib/notification.rb
+- lib/paypal.rb
+- misc/PayPal - Instant Payment Notification - Technical Overview.pdf
+- misc/paypal.psd
 test_files: []
+
 rdoc_options: []
+
 extra_rdoc_files: []
+
 executables: []
+
 extensions: []
+
 requirements: []
+
 dependencies: 
-  - !ruby/object:Gem::Dependency 
-    name: money
-    version_requirement: 
-    version_requirements: !ruby/object:Gem::Version::Requirement 
-      requirements: 
-        - 
-          - ">"
-          - !ruby/object:Gem::Version 
-            version: 0.0.0
-      version: 
+- !ruby/object:Gem::Dependency 
+  name: money
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Version::Requirement 
+    requirements: 
+    - - ">"
+      - !ruby/object:Gem::Version 
+        version: 0.0.0
+    version: