reputable 0.1.13 → 0.1.14

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cb476f1f238df7751eac5e901cf1b9e7cf6907720f74b84a98f1509963459c52
-  data.tar.gz: a39ce0abde8171b3915e34a1008dd72cd3e2834922a26959791c6fdb614f6466
+  metadata.gz: c71694602b9f9eb25537c91c895503e068d59f36b9fbafcefcb7104acacd945f
+  data.tar.gz: 95fabaa4a264c471b46957b781b49cef0cda4205ab35d312ebb85497d9a88657
 SHA512:
-  metadata.gz: 961ade11852eb1ebabfac922c70935646f9bcb68837f5c72fa4c7056207644949ca5ca7cfbc17b04fa10bc85e66a418c376530a705ea09f72f911744af5cc82e
-  data.tar.gz: ddfc988515d1ff11540bc4ac1b0b8f2d8e3cfd11bb601c092a031ea2182eb00f7602c0178d51c23122a19f0b8a087536618b3cf7b9d33353551f757c48ba2253
+  metadata.gz: 4a8f05f1bc68354e88b6591873de564f4dbc56531209d7b00781536d23303d969447f05f76bd040b8e078efc836c8697ef1894342168e93c1c5592eb3af62639
+  data.tar.gz: dcd56a2d35fb3d162ffe0813e336212ce61d3e57a6e64d94303f9198b62849211e24879a7302073d4f1e0d3fa90ad765edc0ce6e941951e38a9a67c4dfb6f5fe

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    reputable (0.1.13)
+    reputable (0.1.14)
       connection_pool (~> 2.2)
       redis (>= 4.0, < 6.0)
 

data/lib/reputable/rails.rb

@@ -159,9 +159,19 @@ module Reputable
       )
         return if reputable_verified?(session_key: session_key)
 
-        if params[:reputable_signature]
+        # Check for new format (reputable_s) or legacy format (reputable_signature)
+        if params[:reputable_s] || params[:reputable_signature]
           if Reputable.verify_redirect_return(params)
-            if params[:reputable_status] == "pass"
+            # For new format, decode payload to get status
+            # For legacy format, use reputable_status directly
+            status = if params[:reputable_r]
+              decoded = Reputable.decode_reputable_response(params)
+              decoded&.dig("status")
+            else
+              params[:reputable_status]
+            end
+
+            if status == "pass"
               session[session_key] = Time.now.to_i
               return
             end

data/lib/reputable/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Reputable
-  VERSION = "0.1.13"
+  VERSION = "0.1.14"
 end

data/lib/reputable.rb

@@ -181,9 +181,77 @@ module Reputable
     end
 
     # Verify the signature of a redirect return
+    # Supports both new format (reputable_r + reputable_s) and legacy format
     # @param params [Hash] Request query parameters
-    # @return [Boolean] true if valid logic and passed signature check
+    # @return [Boolean] true if valid signature check
     def verify_redirect_return(params)
+      keys = configuration.trusted_keys
+      if keys.nil? || keys.empty?
+        logger&.warn "Reputable: Missing trusted_keys, cannot verify redirect"
+        return false
+      end
+
+      # Detect format: new (reputable_r) vs legacy (reputable_status)
+      if params["reputable_r"] && params["reputable_s"]
+        verify_new_format(params, keys)
+      elsif params["reputable_status"] && params["reputable_signature"]
+        verify_legacy_format(params, keys)
+      else
+        false
+      end
+    end
+
+    # Decode the new reputable_r payload
+    # @param params [Hash] Request query parameters
+    # @return [Hash, nil] Decoded payload with normalized keys, or nil if invalid
+    def decode_reputable_response(params)
+      encoded = params["reputable_r"]
+      return nil unless encoded
+
+      begin
+        json = base64url_decode(encoded)
+        payload = JSON.parse(json)
+        
+        # Return normalized hash with full key names
+        {
+          "version" => payload["v"],
+          "status" => payload["s"],
+          "session_id" => payload["sid"],
+          "outcome" => payload["o"],
+          "ignore_analytics" => payload["i"],
+          "country" => payload["c"],
+          "challenge_passed" => payload["cp"]
+        }.compact
+      rescue StandardError => e
+        logger&.warn "Reputable: Failed to decode response: #{e.message}"
+        nil
+      end
+    end
+
+    private
+
+    def verify_new_format(params, keys)
+      encoded_payload = params["reputable_r"]
+      signature = params["reputable_s"]
+      
+      return false unless encoded_payload && signature
+      
+      begin
+        # Decode to get the JSON string (this is what was signed)
+        json_payload = base64url_decode(encoded_payload)
+        
+        # Verify signature against JSON string
+        keys.any? do |key|
+          expected_signature = OpenSSL::HMAC.hexdigest("SHA256", key, json_payload)
+          secure_compare(expected_signature, signature)
+        end
+      rescue StandardError => e
+        logger&.warn "Reputable: Failed to verify new format: #{e.message}"
+        false
+      end
+    end
+
+    def verify_legacy_format(params, keys)
       status = params["reputable_status"]
       session_id = params["reputable_session_id"]
       signature = params["reputable_signature"]
@@ -194,14 +262,7 @@ module Reputable
       
       return false unless status && session_id && signature
       
-      keys = configuration.trusted_keys
-      if keys.nil? || keys.empty?
-        logger&.warn "Reputable: Missing trusted_keys, cannot verify redirect"
-        return false
-      end
-      
       # Reconstruct data string: status:sessionId:outcome:ignoreAnalytics:country:challengePassed
-      # Note: optional params default to empty strings if missing in reconstruction logic on server
       data_parts = [
         status,
         session_id,
@@ -213,12 +274,21 @@ module Reputable
       
       data = data_parts.join(":")
       
-      # Iterate through all trusted keys to find a match
       keys.any? do |key|
         expected_signature = OpenSSL::HMAC.hexdigest("SHA256", key, data)
         secure_compare(expected_signature, signature)
       end
     end
+    
+    def base64url_encode(str)
+      Base64.urlsafe_encode64(str).gsub("=", "")
+    end
+
+    def base64url_decode(str)
+      # Add padding if needed
+      padded = str + "=" * ((4 - str.length % 4) % 4)
+      Base64.urlsafe_decode64(padded)
+    end
 
     private
     

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: reputable
 version: !ruby/object:Gem::Version
-  version: 0.1.13
+  version: 0.1.14
 platform: ruby
 authors:
 - Reputable
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-12-31 00:00:00.000000000 Z
+date: 2026-01-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: redis
@@ -137,7 +137,6 @@ files:
 - lib/reputable/reputation.rb
 - lib/reputable/tracker.rb
 - lib/reputable/version.rb
-- reputable.gemspec
 homepage: https://github.com/reputable-click/reputable-rb
 licenses:
 - MIT

data/reputable.gemspec

@@ -1,38 +0,0 @@
-# frozen_string_literal: true
-
-require_relative "lib/reputable/version"
-
-Gem::Specification.new do |spec|
-  spec.name = "reputable"
-  spec.version = Reputable::VERSION
-  spec.authors = ["Reputable"]
-  spec.email = ["support@reputable.click"]
-
-  spec.summary = "Ruby client for Reputable - bot detection and reputation scoring"
-  spec.description = "Track requests and manage IP reputation through Redis/Dragonfly integration with Reputable"
-  spec.homepage = "https://github.com/reputable-click/reputable-rb"
-  spec.license = "MIT"
-  spec.required_ruby_version = ">= 2.7.0"
-
-  spec.metadata["homepage_uri"] = spec.homepage
-  spec.metadata["source_code_uri"] = spec.homepage
-  spec.metadata["changelog_uri"] = "#{spec.homepage}/blob/main/CHANGELOG.md"
-
-  spec.files = Dir.chdir(__dir__) do
-    `git ls-files -z`.split("\x0").reject do |f|
-      (f == __FILE__) || f.match(%r{\A(?:(?:bin|test|spec|features)/|\.(?:git|travis|circleci)|appveyor)}) || f.end_with?(".gem")
-    end
-  end
-  spec.bindir = "exe"
-  spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
-
-  spec.add_dependency "redis", ">= 4.0", "< 6.0"
-  spec.add_dependency "connection_pool", "~> 2.2"
-
-  spec.add_development_dependency "bundler", "~> 2.0"
-  spec.add_development_dependency "rake", "~> 13.0"
-  spec.add_development_dependency "rspec", "~> 3.12"
-  spec.add_development_dependency "rack", "~> 2.0"
-  spec.add_development_dependency "rubocop", "~> 1.0"
-end