poundpay 0.1.1 → 0.1.2

data/README.rdoc

@@ -0,0 +1,72 @@
+== Poundpay
+
+Poundpay is payments platform for marketplaces 
+
+
+== Adding Poundpay to Rails
+
+1. Add the following to your Gemfile
+
+    gem 'poundpay', '~> 0.1.2'
+
+2. At the command prompt, install the gem with bundler
+
+    bundle install
+
+3. Add your Poundpay configuration to config/initializers/poundpay.rb
+
+    Poundpay.configure(
+      "DV0383d447360511e0bbac00264a09ff3c",  # developer_sid
+      "c31155b9f944d7aed204bdb2a253fef13b4fdcc6ae1540200449cc4526b2381a",  # auth_token
+      api_url = "https://api-sandbox.poundpay.com"  # Note: Leave out for production
+    )
+
+4. Protect your callback controller
+
+    before_filter :verify_poundpay_callback
+
+
+== Creating a payment
+Adding the payer_sid (from a previous payment), will cause the payer to see
+the repeat flow when they are not prompted to reenter their credit card information
+
+    @payment = Poundpay::Payment.create(
+      :amount                  => 20000,
+      :payer_fee_amount        => 0,
+      :payer_email_address     => "fred@example.com",
+      :payer_sid               => "97f51e5c38e211e08625e7af17bae06a",  # Optional
+      :recipient_fee_amount    => 500,
+      :recipient_email_address => "david@example.com",
+      :description             => "Beats by Dr. Dre",
+    )
+
+
+== Serving IFRAME
+
+    <script src="https://www.poundpay.com/js/poundpay.js"></script>
+
+    <div id="pound-root"></div>
+
+    <script>
+      function handlePaymentSuccess() {
+        // do something
+      }
+
+      function handlePaymentError() {
+        // handle error
+      }
+
+      PoundPay.init({
+        payment_sid: <%= @payment.sid %>,
+        success: handlePaymentSuccess,
+        error: handlePaymentError,
+        cardholder_name: 'Fred Nietzsche', // note: optional
+        phone_number: '4085551234', // note: optional
+        server: 'https://www-sandbox.poundpay.com' // note: exclude this property when in production
+      });
+    </script>
+
+
+== Releasing a payment
+
+    payment.release

data/lib/poundpay/callback.rb

@@ -0,0 +1,36 @@
+require 'base64'
+require 'openssl'
+
+module Poundpay
+  def self.verified_callback?(signature, params = {})
+    # Make a request to Poundpay for callback_url once
+    @callback_url = Developer.me.callback_url unless @callback_url
+    signature == calculate_signature(@callback_url, params)
+  end
+
+  protected
+    def self.calculate_signature(url, params)
+      data = url
+      @token = Resource.password
+      params.sort.each do |name, value|
+        data += "#{name}#{value}"
+      end
+      digest = OpenSSL::Digest::Digest.new('sha1')
+      Base64.encode64(OpenSSL::HMAC.digest(digest, @token, data)).strip
+    end
+end
+
+
+module ActionController
+  class Base
+    protected
+      def verify_poundpay_callback
+        signature = request.headers['HTTP_X_POUNDPAY_SIGNATURE']
+        Poundpay.verified_callback?(signature, request.POST) || handle_unverified_callback
+      end
+
+      def handle_unverified_callback
+        raise RoutingError.new('Not Found')
+      end
+  end
+end

data/lib/poundpay/version.rb

@@ -1,3 +1,3 @@
 module Poundpay
-  VERSION = "0.1.1"
+  VERSION = "0.1.2"
 end

data/lib/poundpay.rb

@@ -1,20 +1,19 @@
 require 'poundpay/resource'
 require 'poundpay/elements'
+require 'poundpay/callback'
 
 module Poundpay
   API_URL = "https://api.poundpay.com"
   API_VERSION = "silver"
 
-  class << self
-    def configure(developer_sid, auth_token, api_url=API_URL, version=API_VERSION)
-      unless developer_sid.start_with? "DV"
-        raise ArgumentError.new "developer_sid should start with 'DV'.  Make sure " \
-          "you're using the right developer_sid"
-      end
-      api_url.sub! /(\/)$/, ""  # Remove trailing backslash
-      Resource.site = "#{api_url}/#{version}/"
-      Resource.user = developer_sid
-      Resource.password = auth_token
+  def self.configure(developer_sid, auth_token, api_url=API_URL, version=API_VERSION)
+    unless developer_sid.start_with? "DV"
+      raise ArgumentError.new "developer_sid should start with 'DV'.  Make sure " \
+        "you're using the right developer_sid"
     end
+    api_url.sub! /(\/)$/, ""  # Remove trailing backslash
+    Resource.site = "#{api_url}/#{version}/"
+    Resource.user = developer_sid
+    Resource.password = auth_token
   end
 end

data/poundpay.gemspec

@@ -17,9 +17,10 @@ Gem::Specification.new do |s|
   s.add_dependency("activeresource", ">= 3.0")
 
   s.add_development_dependency("rspec", ">= 2.0")
+  s.add_development_dependency("wirble")
 
   s.files         = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
   s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.require_paths = ["lib"]
-end
+end

data/spec/fixtures/callback.rb

@@ -0,0 +1,11 @@
+module Poundpay
+  module CallbackFixture
+    def valid_callback
+      {
+        :url => "http://awesomemarketplace.com/poundpay/callback",
+        :params => { "first" => "hello", "second" => "world" },
+        :signature => "gsdhVc5rnDSuDt6MX0wm6TrBVng=",
+      }
+    end
+  end
+end

data/spec/poundpay/callback_spec.rb

@@ -0,0 +1,37 @@
+require 'poundpay'
+require 'poundpay/callback'
+require 'fixtures/callback'
+
+describe Poundpay do
+  include Poundpay
+  include Poundpay::CallbackFixture
+
+  before (:all) do
+    Poundpay.configure(
+      "DV0383d447360511e0bbac00264a09ff3c",
+      "c31155b9f944d7aed204bdb2a253fef13b4fdcc6ae1540200449cc4526b2381a")
+  end
+
+  describe ".calculate_signature" do
+    it "should calculate the correct signature using HMAC-SHA1" do
+      signature = Poundpay.calculate_signature(valid_callback[:url], valid_callback[:params])
+      signature.should == valid_callback[:signature]
+    end
+  end
+
+  describe ".verified_callback?" do
+    before(:all) do
+      @developer = Poundpay::Developer.new :callback_url => valid_callback[:url]
+      Poundpay::Developer.should_receive(:me).and_return(@developer)
+    end
+
+    it "should validate a valid callback and only make request for callback_url once" do
+      Poundpay.verified_callback?(valid_callback[:signature], valid_callback[:params]).should == true
+      Poundpay.verified_callback?(valid_callback[:signature], valid_callback[:params]).should == true
+    end
+
+    it "should invalidate an invalid signature" do
+      Poundpay.verified_callback?("invalid signature", valid_callback[:params]).should == false
+    end
+  end
+end

metadata

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments: 
   - 0
   - 1
-  - 1
-  version: 0.1.1
+  - 2
+  version: 0.1.2
 platform: ruby
 authors: 
 - Matin Tamizi
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-02-14 00:00:00 -08:00
+date: 2011-02-15 00:00:00 -08:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -45,6 +45,19 @@ dependencies:
         version: "2.0"
   type: :development
   version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: wirble
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id003
 description: Payments platform for marketplaces
 email: devsupport@poundpay.com
 executables: []
@@ -59,7 +72,7 @@ files:
 - .rspec
 - .rvmrc
 - Gemfile
-- README.mkd
+- README.rdoc
 - Rakefile
 - examples/simple_application/.gems
 - examples/simple_application/.rvmrc
@@ -69,13 +82,16 @@ files:
 - examples/simple_application/config.ru
 - examples/simple_application/index.html.erb
 - lib/poundpay.rb
+- lib/poundpay/callback.rb
 - lib/poundpay/elements.rb
 - lib/poundpay/formats.rb
 - lib/poundpay/resource.rb
 - lib/poundpay/version.rb
 - poundpay.gemspec
+- spec/fixtures/callback.rb
 - spec/fixtures/developers.rb
 - spec/fixtures/payments.rb
+- spec/poundpay/callback_spec.rb
 - spec/poundpay/elements_spec.rb
 - spec/poundpay/formats_spec.rb
 - spec/poundpay/resource_spec.rb
@@ -113,8 +129,10 @@ signing_key:
 specification_version: 3
 summary: Poundpay Ruby library
 test_files: 
+- spec/fixtures/callback.rb
 - spec/fixtures/developers.rb
 - spec/fixtures/payments.rb
+- spec/poundpay/callback_spec.rb
 - spec/poundpay/elements_spec.rb
 - spec/poundpay/formats_spec.rb
 - spec/poundpay/resource_spec.rb

data/README.mkd

@@ -1,61 +0,0 @@
-Poundpay
-========
-
-
-Install
--------
-    gem install poundpay
-
-
-Configure
----------
-    Poundpay.configure(
-      "developer_sid",
-      "auth_token",
-      api_url = "https://api-sandbox.poundpay.com",  # Note: Leave out for production
-    )
-
-
-Creating a payment
-------------------
-    require 'poundpay'
-  
-    payment = Poundpay::Payment.create(
-      :amount                     => 20000,
-      :payer_fee_amount           => 0,
-      :payer_email_address        => "fred@example.com",
-      :recipient_fee_amount       => 500,
-      :recipient_email_address    => "david@example.com",
-      :description                => "Beats by Dr. Dre",
-    )
-
-Serving iframe
----------------
-    <script src="https://www.poundpay.com/js/poundpay.js"></script>
-
-    <div id="pound-root"></div>
-
-    <script>
-      function handlePaymentSuccess() {
-        // do something
-      }
-
-      function handlePaymentError() {
-        // handle error
-      }
-
-      PoundPay.init({
-        payment_sid: <%= payment.sid %>,
-        success: handlePaymentSuccess,
-        error: handlePaymentError,
-        cardholder_name: 'Fred Nietzsche', // note: optional
-        phone_number: '4085551234', // note: optional
-        server: 'https://www-sandbox.poundpay.com' // note: exclude this property when in production
-      });
-    </script>
-
-
-Releasing a payment
-------------------
-    payment.release
-    payment.save!