recurly 0.4.8 → 0.4.10

data/README.md

@@ -26,7 +26,7 @@ Installation
 Setup (Rails 3)
 --------------
 
-The Recurly Ruby Client requires an API user to connect. Please see the [Authentication](http://support.recurly.com/faqs/api/authentication) documentation for more information.
+The Recurly Ruby Client requires an API user to connect. Please see the [Authentication](http://docs.recurly.com/api/authentication/) documentation for more information.
 
 If using Rails 3, the easiest way to get Recurly set up is to run `rake recurly:setup`. This will create a config/recurly.yml that has your recurly account authentication, and the Recurly rails initializer will pick it up on restart of your web app.
 
@@ -135,4 +135,4 @@ This will run `recurly:clear_test_data` (using your spec/config/recurly.yml auth
 API Documentation
 -----------------
 
-Please see the [Recurly API](http://docs.recurly.com/api/basics) for more information and examples.
+Please see the [Recurly API](http://docs.recurly.com/api/basics) for more information and examples.

data/lib/recurly.rb

@@ -38,6 +38,7 @@ module Recurly
   autoload :Subscription,   'recurly/subscription'
   autoload :Transaction,    'recurly/transaction'
   autoload :Transparent,    'recurly/transparent'
+  autoload :Verification,   'recurly/verification'
 
   class << self
     attr_accessor :username, :password, :environment, :subdomain, :private_key
@@ -79,7 +80,7 @@ module Recurly
       environment = :production if environment.nil? # Default to production
       case environment.to_sym
       when :development
-        "http://app.recurly.local:3000"
+        "http://app.lvh.me:3000"
       when :production
         "https://api-production.recurly.com"
       when :sandbox

data/lib/recurly/account.rb

@@ -18,10 +18,10 @@ module Recurly
     end
 
     # initialize associations
-    def initialize(attributes = {})
+    def initialize(attributes = {}, persisted = false)
       attributes = attributes.with_indifferent_access
       attributes[:billing_info] ||= {}
-      super(attributes)
+      super
     end
 
     attr_accessor :account_code_was

data/lib/recurly/base.rb

@@ -15,6 +15,14 @@ module Recurly
       self.errors.blank?
     end
 
+    # Define #initialize with persisted for our Rails 2.3 and 3.0 friends
+    def initialize(attributes = {}, persisted = false)
+      @attributes     = {}.with_indifferent_access
+      @prefix_options = {}
+      @persisted = persisted
+      load(attributes)
+    end
+
     # See http://github.com/rails/rails/commit/1488c6cc9e6237ce794e3c4a6201627b9fd4ca09
     # Errors in Rails 2.3.4 are not parsed correctly.
     def save
@@ -26,6 +34,8 @@ module Recurly
       true
     rescue ActiveResource::ResourceInvalid => e
       load_errors e.response.body
+      #raise Recurly::ResourceInvalid.new(e.response, self.errors.full_messages.join(', '))
+      false
     end
 
     # patch persisted? so it looks to see if it actually is persisted
@@ -51,9 +61,10 @@ module Recurly
         @attributes[key.to_s] =
           case value
             when Array
-              resource = find_or_create_resource_for_collection(key)
+              resource = nil
               value.map do |attrs|
                 if attrs.is_a?(Hash)
+                  resource ||= find_or_create_resource_for_collection(key)
                   resource.new(attrs)
                 else
                   attrs.duplicable? ? attrs.dup : attrs
@@ -78,20 +89,21 @@ module Recurly
     protected
       # patch load_attributes_from_response so it marks result records as persisted
       def load_attributes_from_response(response)
-        super
-        @persisted = true
+        if (response['Content-Length'].blank? || response['Content-Length'] != "0") && !response.body.nil? && response.body.strip.size > 0
+          load(self.class.format.decode(response.body), true)
+          @persisted = true
+        end
       end
 
       def load_errors xml
         load_errors_from_array(
-          Recurly::Formats::XmlWithErrorsFormat.new.decode(error)
+          Recurly::Formats::XmlWithErrorsFormat.new.decode(xml)
         )
       rescue => e
         logger.warn "Recurly::Base#load_errors exception parsing nested error information"
         # Fallback to default errors parsing
         errors.from_xml xml
-      ensure
-        return false
+        raise
       end
       
       # Patched to read errors with field information
@@ -113,6 +125,12 @@ module Recurly
             humanized_name = field.to_s.humanize.downcase
             message = message[(humanized_name.size + 1)..-1] if message[0, humanized_name.size + 1].downcase == "#{humanized_name} "
 
+            # HACK: Special case nested billing errors
+            if self.is_a?(Recurly::BillingInfo) && Recurly::BillingInfo::CreditCard.known_attributes.include?(field)
+              self.credit_card.errors.add field.to_sym, message
+              next
+            end
+
             errors.add field.to_sym, message
           elsif error.is_a?(String)
             message = error
@@ -129,11 +147,11 @@ module Recurly
       end
 
     private
-      # patch instantiate_record so it marks result records as persisted
-      def self.instantiate_record(record, prefix_options)
-        result = super
-        result.instance_eval{ @persisted = true }
-        result
+      # Fix @persisted for Rails 2.3, 3.0
+      def self.instantiate_record(record, prefix_options = {})
+        new(record, true).tap do |resource|
+          resource.prefix_options = prefix_options
+        end
       end
 
       def handle_response(response)
@@ -149,7 +167,7 @@ module Recurly
           raise ResourceNotFound.new(response, message)
         when 422
           message = Hash.from_xml(response.body)['errors']['error'] rescue nil
-          raise ResourceInvalid.new(response, message)
+          raise Recurly::ResourceInvalid.new(response, message)
         when 412
           message = Hash.from_xml(response.body)['errors']['error'] rescue nil
           raise ClientError.new(response, message)

data/lib/recurly/billing_info.rb

@@ -36,10 +36,10 @@ module Recurly
     end
 
     # initialize associations
-    def initialize(attributes = {})
+    def initialize(attributes = {}, persisted = false)
       attributes = attributes.with_indifferent_access
       attributes[:credit_card] ||= {}
-      super(attributes)
+      super
     end
 
     def update_only

data/lib/recurly/exceptions.rb

@@ -1,3 +1,6 @@
+require 'active_resource/exceptions'
+require 'active_resource/validations'
+
 module Recurly
   class RecurlyError < StandardError; end
   
@@ -15,5 +18,15 @@ module Recurly
     end
 
   end
+
+  class ResourceInvalid < ::ActiveResource::ResourceInvalid
+    # Overridden to print the actual error message
+    def to_s
+      message = "Failed."
+      message << "  Response code = #{response.code}." if response.respond_to?(:code)
+      message << "  Response message = #{@message}." if @message
+      message
+    end
+  end
   
 end

data/lib/recurly/plan.rb

@@ -1,7 +1,7 @@
 module Recurly
   class Plan < Base
     self.element_name = "plan"
-    self.prefix = "/company/"
+    self.prefix = "/site/"
     self.primary_key = :plan_code
 
     def self.known_attributes

data/lib/recurly/subscription.rb

@@ -13,11 +13,11 @@ module Recurly
     end
 
     # initialize associations
-    def initialize(attributes = {})
+    def initialize(attributes = {}, persisted = false)
       attributes = attributes.with_indifferent_access
       attributes[:account] ||= {}
       attributes[:addons] ||= []
-      super(attributes)
+      super
     end
 
     def self.refund(account_code, refund_type = :partial)

data/lib/recurly/transaction.rb

@@ -24,11 +24,11 @@ module Recurly
     end
 
     # initialize fields with blank data
-    def initialize(attributes = {})
+    def initialize(attributes = {}, persisted = false)
       # initialize embedded attributes
       attributes = attributes.with_indifferent_access
       attributes[:account] ||= {}
-      super(attributes)
+      super
     end
 
     def self.list(status = :all)

data/lib/recurly/transparent.rb

@@ -111,7 +111,7 @@ module Recurly
         return model.new.from_transparent_results(response)
 
       rescue ActiveResource::ResourceInvalid => ex
-        model_result = model.new.from_transparent_results(ex.response)
+        model_result = model.new.from_transparent_results(ex.response, true)
         raise Recurly::ValidationsFailed.new(model_result)
       end
     end

data/lib/recurly/verification.rb

@@ -0,0 +1,77 @@
+module Recurly
+  module Verification
+    class PreEscapedString < String
+    end
+
+    def digest_data(data) 
+      if data.is_a? Array
+        return nil if data.empty?
+        PreEscapedString.new( '[%s]' % data.map{|v|digest_data(v)}.compact.join(',') )
+      elsif data.is_a? Hash
+        digest_data Hash[data.sort].map {|k,v|
+          prefix = (k =~ /\A\d+\Z/) ? '' : (k.to_s+':')
+          (v=digest_data(v)).nil? ? nil : PreEscapedString.new('%s%s' % [prefix,v])
+        }
+      elsif data.is_a?(String) && !data.instance_of?(PreEscapedString)
+        PreEscapedString.new( data.gsub(/([\[\]\,\:\\])/) { |c| '\\' + c } )
+      else
+        data
+      end
+    end
+
+    def generate_signature(claim, args, timestamp=nil)
+      raise Recurly::ConfigurationError.new("Recurly gem not configured. 'private_key' missing.") if Recurly.private_key.blank?
+
+      timestamp ||= Time.now.to_i
+      timestamp = timestamp.to_s
+      input_data = [timestamp,claim,args]
+      input_string = digest_data(input_data)
+
+      digest_key = ::Digest::SHA1.digest(Recurly.private_key)
+      sha1_hash = ::OpenSSL::Digest::Digest.new("sha1")
+      signature = ::OpenSSL::HMAC.hexdigest(sha1_hash, digest_key, input_string.to_s)
+      signature + '-' + timestamp
+    end
+
+    # Raises a Recurly::ForgedQueryString exception if the signature cannot be validated
+    def verify_params!(claim, args)
+      args = Hash[args.map { |k, v| [k.to_s, v] }]
+      signature = args.delete('signature') or raise Recurly::ForgedQueryString.new('Signature is missing')
+      hmac, timestamp = signature.split('-')
+      age = Time.now.to_i - timestamp.to_i
+      raise Recurly::ForgedQueryString.new('Timestamp is too old or new') if age > 3600 || age < 0
+
+      if signature != generate_signature(claim, args, timestamp)
+        raise Recurly::ForgedQueryString.new('Signature cannot be verified')
+      end
+    end
+
+    def sign_billing_info_update(account_code)
+      generate_signature('billinginfoupdate', {
+        account_code: account_code
+      })
+    end
+
+    def sign_transaction(account_code, currency, amount_in_cents)
+      generate_signature('transactioncreate', {
+        account_code: account_code,
+        currency: currency,
+        amount_in_cents: amount_in_cents
+      }) 
+    end
+
+    def verify_subscription!(params)
+      verify_params! 'subscriptioncreated', params
+    end
+
+    def verify_transaction!(params)
+      verify_params! 'transactioncreated', params
+    end
+
+    def verify_billing_info_update!(params)
+      verify_params! 'billinginfoupdated', params
+    end
+
+    extend self
+  end
+end

data/lib/recurly/version.rb

@@ -1,3 +1,3 @@
 module Recurly #:nodoc
-  VERSION = "0.4.8"
+  VERSION = "0.4.10"
 end

data/spec/config/recurly.yml

@@ -1,6 +1,6 @@
 ---
-username: api-test@litle.com
-password: 6499f1cd3ae14875beb91417d31e91b7
-private_key: 78753d36439c423aba60e581be828a2a
-subdomain: litle-test
+username: api-test@facebook-test.com
+password: 69d95a9768c745ecb5ac6864032ec970
+private_key: 4cdbdfbb90f84b3c8fb4ca337d1b2cfc
+subdomain: facebook-test
 environment: :development

data/spec/integration/account_spec.rb

@@ -13,6 +13,10 @@ module Recurly
       it "should be valid" do
         @account.should be_valid
       end
+      
+      it "should not be persisted" do
+        @account.should_not be_persisted
+      end
 
       it "should set the attributes correctly" do
         attributes.each do |key, val|
@@ -30,6 +34,10 @@ module Recurly
           @account = Account.create(attributes)
         end
 
+        it "should be persisted" do
+          @account.should be_persisted
+        end
+
         it "should be valid" do
           @account.should be_valid
         end
@@ -82,6 +90,10 @@ module Recurly
         @account.should_not be_nil
       end
 
+      it "should be persisted" do
+        @account.should be_persisted
+      end
+
       describe "returned account" do
         it "should have a created_at date" do
           @account.created_at.should_not be_nil

data/spec/integration/billing_info_spec.rb

@@ -127,7 +127,7 @@ module Recurly
         })
 
         billing_info = BillingInfo.create(@billing_attributes)
-        billing_info.errors[:base].count.should == 1
+        billing_info.credit_card.errors[:number].count.should == 1
       end
       
       it "should set an error if the card number is invalid" do
@@ -141,7 +141,7 @@ module Recurly
         })
 
         billing_info = BillingInfo.create(@billing_attributes)
-        billing_info.errors.count.should == 1
+        billing_info.credit_card.errors.count.should == 1
       end
     end
   end

data/spec/integration/charge_spec.rb

@@ -140,7 +140,6 @@ module Recurly
                                           :description => "inconvenience fee"
 
           @charge = Charge.lookup(account.account_code, charge.id)
-
           @charge.destroy
         end
 

data/spec/integration/plan_spec.rb

@@ -64,7 +64,7 @@ module Recurly
           Plan.new({
             :plan_code => "test",
             :name => "Test Plan",
-            :amount_in_cents => 100,
+            :unit_amount_in_cents => 100,
             :plan_interval_length => 1,
             :plan_interval_unit => "months",
             :trial_interval_length => 0,
@@ -75,7 +75,7 @@ module Recurly
       end
 
       it "should update the plan" do
-        @test_plan.amount_in_cents = 200
+        @test_plan.unit_amount_in_cents = 200
         @test_plan.save!
 
         @test_plan = test_plan

data/spec/support/vcr.rb

@@ -1,8 +1,8 @@
 require 'vcr'
-require 'vcr/rspec'
+
 VCR.config do |c|
   c.cassette_library_dir = 'spec/vcr'
-  c.http_stubbing_library = :webmock
+  c.stub_with :webmock
   c.default_cassette_options = { :record => :new_episodes }
 end
 

data/spec/unit/verification_spec.rb

@@ -0,0 +1,76 @@
+require 'spec_helper'
+
+module Recurly
+  describe Verification do
+    origin_time = 1312806801
+    test_sig = 'fb5194a51aa97996cdb995a89064764c5c1bfd93-1312806801'
+
+    before(:each) do
+      Recurly.configure_from_yaml("#{File.dirname(__FILE__)}/../config/recurly.yml")
+      Recurly::private_key = '0123456789abcdef0123456789abcdef' # Used for testing
+    end
+
+    it "should ignore empty arrays, hashes, strings, and nil" do
+      Verification::digest_data([
+        [], {}, '', nil
+      ]).should == '[]'
+    end
+
+    it "should encode nested arrays and hashes" do
+      Verification::digest_data( 
+        {a: [1,2,3], b: {c: '123', d:'456'}}
+      ).should == '[a:[1,2,3],b:[c:123,d:456]]'
+    end
+
+    it "should treat hashes with numeric indexes as arrays" do
+      Verification::digest_data( 
+        {'1' => 4, '2' => 5, '3' => 6}
+      ).should == '[4,5,6]'
+    end
+
+    it "should escape syntax characters" do
+      Verification::digest_data(
+        {syntaxchars: ' \\ [ ] : , '}
+      ).should == '[syntaxchars: \\\\ \[ \] \: \, ]'
+    end
+
+    it "should generate proper signatures" do
+      Time.stub!(:now).and_return(origin_time) # gen at origin time
+      sig = Verification.generate_signature('update',{a:'foo',b:'bar'})
+      sig.should == test_sig
+    end
+
+    it "should validate proper signatures" do
+      Time.stub!(:now).and_return(Time.at(origin_time+60)) # one minute passed
+      lambda {
+        good = Verification.verify_params!('update',
+                           {a:'foo',b:'bar',signature:test_sig})
+      }.should_not raise_error
+    end
+
+    it "should reject invalid signature" do
+      Time.stub!(:now).and_return(Time.at(origin_time+60)) # one minute passed
+      lambda {
+        good = Verification.verify_params!('update',
+                           {a:'foo',b:'bar',signature:'badsig'})
+      }.should raise_error(Recurly::ForgedQueryString)
+    end
+
+    it "should reject expired signature" do
+      Time.stub!(:now).and_return(Time.at(origin_time+7200)) # two hours passed
+      lambda {
+        good = Verification.verify_params!('update',
+                           {a:'foo',b:'bar',signature:test_sig})
+      }.should raise_error(Recurly::ForgedQueryString)
+    end
+
+    it "should reject time traveling signatures from the future" do
+      Time.stub!(:now).and_return(Time.at(origin_time-60)) # one minute earlier
+      lambda {
+        good = Verification.verify_params!('update',
+                           {a:'foo',b:'bar',signature:test_sig})
+      }.should raise_error(Recurly::ForgedQueryString)
+    end
+  end
+
+end