sberbank-acquiring 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 7f8468504447448f4c59173b580560f9a320ead9
+  data.tar.gz: 1eb948165621a4bb2cf43e426243b8366f1d7694
+SHA512:
+  metadata.gz: 445a28f80ae3fc93ff514e89ff9720dbd8539705b338638c09e83977fa826ded919a303f38d19bc78ad0e978363160ca4b915b2b3caaae0e752afc10baf340b7
+  data.tar.gz: b720936ba81b9e777da382c4fa2bbbc3db768a02af4e819c7595fae38c5a8792fb15c7cc1b175bfc0858abac0b9a3d2370741dbbb652a1ca9fe2331c19c0d525

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+/Gemfile.lock

data/.ruby-gemset

@@ -0,0 +1 @@
+sberbank-acquiring

data/.ruby-version

@@ -0,0 +1 @@
+2.1.10

data/.travis.yml

@@ -0,0 +1,11 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.1.10
+  - 2.2.10
+  - 2.3.7
+  - 2.4.4
+  - 2.5.1
+  - 2.6.0
+  - jruby
+before_install: gem install bundler -v 1.16.2

data/Gemfile

@@ -0,0 +1,11 @@
+source 'https://rubygems.org'
+
+git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
+
+gem 'bundler'
+gem 'rake', '~> 10.0'
+gem 'minitest', '~> 5.0'
+gem 'pry-byebug', '3.4.3', platforms: :ruby
+gem 'webmock', '3.4.2'
+
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2018 Aleksandr Panasyuk
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,220 @@
+# Sberbank::Acquiring
+
+[![Build Status](https://travis-ci.org/panasyuk/sberbank-acquiring.svg?branch=master)](https://travis-ci.org/panasyuk/sberbank-acquiring)
+
+## Описание
+
+GEM sberbank-acquiring предоставляет функциональность для взаимодействия с API эквайринга банка Сбербанк. Он использует RESTful API эквайринга Сбербанка.
+
+Перед тем, как приступить к использованию этого гема, автор настоятельно рекомендует (хотя бы бегло) ознакомиться с официальной [документацией к JSON API эквайринга Сбербанка](https://securepayments.sberbank.ru/wiki/doku.php/integration:api:start), а так же [Wiki](https://github.com/panasyuk/sberbank-acquiring/wiki), кому интересно
+
+## Установка
+
+```ruby
+# Gemfile
+gem 'sberbank-acquiring', github: 'panasyuk/sberbank-acquiring'
+```
+
+## Использование
+
+### SBRF::Acquiring::Client
+
+```ruby
+# client отправляет запросы на боевой сервер эквайринга
+client = SBRF::Acquiring::Client.new(username: 'username', password: 'password')
+
+# test_client отправляет запросы на тестовый сервер эквайринга
+test_client = SBRF::Acquiring::Client.new(token: 'token', test: true)
+```
+
+Клиент может выполнять следующие вызовы к API:
+
+| Название метода                  | Путь API                                |
+| -------------------------------- | --------------------------------------- |
+| deposit                          | /payment/rest/deposit.do                |
+| get_order_status_extended        | /payment/rest/getOrderStatusExtended.do |
+| payment                          | /payment/rest/payment.do                |
+| payment_sber_pay                 | /payment/rest/paymentSberPay.do         |
+| refund                           | /payment/rest/refund.do                 |
+| register                         | /payment/rest/register.do               |
+| register_pre_auth                | /payment/rest/registerPreAuth.do        |
+| reverse                          | /payment/rest/reverse.do                |
+| verify_enrollment                | /payment/rest/verifyEnrollment.do       |
+
+Все методы ожидают в качестве агрумента `Hash`, с ключами в **underscore**.
+При подготовке параметров к отправке, эта структура претерпит следующие изменения:
+
+1. Все ключи рекурсивно будут сконвертированы в **camelCase**
+2. Все значения класса `Hash` будут переданы в виде JSON
+
+Например этот код:
+
+```ruby
+client.register(
+  amount: 1000,
+  order_number: 'order#1',
+  return_url: 'https://example.com/sberbank/success',
+  json_params: { user_email: 'test@example.com' }
+)
+```
+
+сначала приведет параметры к следующему виду:
+
+```ruby
+{
+  'amount' => 1000,
+  'orderNumber' => 'order#1',
+  'returnUrl' => 'https://example.com/sberbank/success',
+  'jsonParams' => '{"userEmail":"test@example.com"}'
+}
+```
+
+a затем превратит их в параметры запроса:
+`amount=1000&orderNumber=order%231&returnUrl=https%3A%2F%2Fexample.com%2Fsberbank%2Fsuccess&jsonParams=%7B%22userEmail%22%3A%22test%40example.com%22%7D`
+
+#### Создание заказа на 10 рублей
+
+```ruby
+response = client.register(
+  amount: 1000, # в самых мелких долях валюты
+  order_number: 'order#1',
+  return_url: 'https://example.com/sberbank/success'
+)
+```
+
+```ruby
+response.success? # => true
+response.error?   # => false
+
+response.data # => { "orderId" => "f3ced54d-45df-7c1a-f3ce-d54d04b11830", "formUrl" => "https://3dsec.sberbank.ru/payment/merchants/sbersafe/payment_ru.html?mdOrder=f3ced54d-45df-7c1a-f3ce-d54d04b11830" }
+
+response.order_id # => "f3ced54d-45df-7c1a-f3ce-d54d04b11830"
+response.form_url # => "https://3dsec.sberbank.ru/payment/merchants/sbersafe/payment_ru.html?mdOrder=f3ced54d-45df-7c1a-f3ce-d54d04b11830"
+
+```
+
+#### Проверка состояния заказа
+```ruby
+response = client.get_order_status_extended(order_id: 'f3ced54d-45df-7c1a-f3ce-d54d04b11830')
+```
+или
+
+```ruby
+response = client.get_order_status_extended(order_number: 'order#1')
+```
+
+```ruby
+response.data # =>
+# {
+#   "errorCode" => "0",
+#   "errorMessage" => "Успешно",
+#   "orderNumber" => "order#2",
+#   "orderStatus" => 0,
+#   "actionCode" => -100,
+#   "actionCodeDescription" => "",
+#   "amount" => 1000,
+#   "currency" => "643",
+#   "date" => 1531643056391,
+#   "merchantOrderParams" => [],
+#   "attributes" => [{ "name" => "mdOrder", "value" => "aefeb658-48fb-7f37-aefe-b65804b11830" }],
+#   "terminalId" => "123456",
+#   "paymentAmountInfo" => { "paymentState" => "CREATED", "approvedAmount" => 0, "depositedAmount" => 0,  "refundedAmount" => 0},
+#   "bankInfo" => { "bankCountryCode" => "UNKNOWN", "bankCountryName" => "<Неизвестно>" }
+# }
+
+response.attributes # => [{ "name" => "mdOrder", "value" => "aefeb658-48fb-7f37-aefe-b65804b11830" }]
+response.bank_info # => { "bankCountryCode" => "UNKNOWN", "bankCountryName" => "<Неизвестно>" }
+```
+
+Запрос состояния заказа с результатом на английском языке:
+```ruby
+response = client.get_order_status_extended(language: 'en', order_number: 'order#1')
+```
+
+```ruby
+response.data # =>
+# {
+#   "errorCode" => "0",
+#   "errorMessage" => "Success",
+#   "orderNumber" => "order#2",
+#   "orderStatus" => 0,
+#   "actionCode" => -100,
+#   "actionCodeDescription" => "",
+#   "amount" => 1000,
+#   "currency" => "643",
+#   "date" => 1531643056391,
+#   "merchantOrderParams" => [],
+#   "attributes" => [{ "name" => "mdOrder", "value" => "aefeb658-48fb-7f37-aefe-b65804b11830" }],
+#   "terminalId" => "123456",
+#   "paymentAmountInfo" => { "paymentState" => "CREATED", "approvedAmount" => 0, "depositedAmount" => 0, "refundedAmount" => 0},
+#   "bankInfo" => { "bankCountryCode" => "UNKNOWN", "bankCountryName" => "<Unknown>" }
+# }
+
+response.terminal_id # => "123456"
+```
+
+### Проверка контрольной суммы callback-уведомлений
+
+API эквайринга Сбербанка поддерживает два вида callback-уведомлений: без контрольной суммы и с контрольной суммой.
+В случае обработки уведомления с контрольной суммой, алгоритм проверки включает в себя выполнение запроса 'getOrderStatusExtended' к API эквайринга для проверки действительного статуса платежа. В остальных случаях требуется проверка параметра `checksum` с использованием симметричного или асимметричного ключа.
+
+#### Симметричный ключ
+
+```ruby
+# params = {}
+symmetric_key = '20546026a3675994185a132875efe41a'
+
+callback_params = params.dup
+checksum = callback_params.delete('checksum')
+
+validator = Sberbank::Acquiring::SymmetricKeyChecksumValidator.new(symmetric_key)
+if validator.validate(checksum, callback_params)
+  # запрос успешно прошел валидацию, контрольная сумма верна
+else
+  # запрос не может быть обработан, так как контрольная сумма неверна
+end
+```
+
+## Разработка
+
+После клонирования репозитория, выполните `bin/setup` чтобы установить зависимости. Затем выполните `rake test`, чтобы запустить тесты. Так же можно запустить интерактивную консоль для экспериментов, выполнив `bin/console`.
+
+## TODO
+
+1. Добавить проверку Callback-уведомлений для асимметричного ключа
+2. v0.1.0
+3. Добавить API для того чтобы сделать удобнее отправку заказов по ФФД 1.05. Примерный API:
+```ruby
+sberbank_order = SBRF::Acquiring::Order.new(
+  number: 'order#1',
+  amount: 1,
+  amount_cents: 100,
+  return_url: 'https://',
+  fail_url: 'https://',
+  params: { email: 'email@example.com' },
+  tax_system: SBRF::USN_INCOME
+)
+
+item =
+  SBRF::Acquiring::Item.new(
+  name: 'item#1',
+  quantity: 2,
+  measure: 'pcs',
+  price: 1,
+  code: 'item#1',
+  tax: SBRF::VAT0)
+
+item.tax = SBRF::VAT18
+
+item.to_h #=> { name: '', quantity: 2. ... amount: 200, tax: { tax_type: 3, tax_sum: 36 } }
+
+sberbank_order.items << item
+```
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/panasyuk/sberbank-acquiring.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,10 @@
+require 'bundler/gem_tasks'
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.libs << 'lib'
+  t.test_files = FileList['test/**/*_test.rb']
+end
+
+task default: :test

data/bin/console

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'sberbank/acquiring'
+require 'pry'
+
+Pry.start

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/sberbank/acquiring.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require 'sberbank/acquiring/version'
+require 'sberbank/acquiring/response'
+require 'sberbank/acquiring/request'
+require 'sberbank/acquiring/command_parameters_convertor'
+require 'sberbank/acquiring/command_response_decorator'
+require 'sberbank/acquiring/client'
+require 'sberbank/acquiring/symmetric_key_checksum_validator'
+
+module Sberbank
+  module Acquiring
+    # Order statuses according to https://securepayments.sberbank.ru/wiki/doku.php/integration:api:rest:requests:getorderstatusextended
+    ORDER_NOT_PAID =   0 # order is registered but not paid
+    ORDER_HOLDED =     1 # pre-auth amount is holded (for 2-step payments)
+    ORDER_AUTHORIZED = 2 # order amount is fully authorized
+    ORDER_CANCELLED =  3 # authorization is cancelled
+    ORDER_REFUNDED =   4 # transaction amount was refunded
+    ORDER_PENDING =    5 # authorization pending
+    ORDER_REJECTED =   6 # authorization rejected
+
+    OPERATION_SUCCEEDED = 1
+    OPERATION_FAILED    = 0
+
+    OPERATION_APPROVED  = 'approved'.freeze  # amount holded
+    OPERATION_DEPOSITED = 'deposited'.freeze # oparation finished
+    OPERATION_REVERSED  = 'reversed'.freeze  # operation cancelled
+    OPERATION_REFUNDED  = 'refunded'.freeze  # amount refunded
+  end
+end
+
+SBRF = Sberbank

data/lib/sberbank/acquiring/client.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+module Sberbank
+  module Acquiring
+    class Client
+      attr_reader :test
+      alias test? test
+
+      def initialize(username: nil, password: nil, token: nil, test: false)
+        @test = !!test
+        @parameters_convertor = build_parameters_convertor(username: username, password: password, token: token)
+      end
+
+      def execute(path:, params:)
+        CommandResponseDecorator.new(
+          Request.new(path: path, params: @parameters_convertor.convert(params), test: test).perform
+        )
+      end
+
+      def deposit(params)
+        execute(path: '/payment/rest/deposit.do', params: params)
+      end
+
+      def get_order_status_extended(params)
+        execute(path: '/payment/rest/getOrderStatusExtended.do', params: params)
+      end
+
+      def payment(params)
+        execute(path: '/payment/rest/payment.do', params: params)
+      end
+
+      def payment_sber_pay(params)
+        execute(path: '/payment/rest/paymentSberPay.do', params: params)
+      end
+
+      def refund(params)
+        execute(path: '/payment/rest/refund.do', params: params)
+      end
+
+      def register(params)
+        execute(path: '/payment/rest/register.do', params: params)
+      end
+
+      def register_pre_auth(params)
+        execute(path: '/payment/rest/registerPreAuth.do', params: params)
+      end
+
+      def reverse(params)
+        execute(path: '/payment/rest/reverse.do', params: params)
+      end
+
+      def verify_enrollment(params)
+        execute(path: '/payment/rest/verifyEnrollment.do', params: params)
+      end
+
+      private
+
+      def build_parameters_convertor(username: nil, password: nil, token: nil)
+        CommandParametersConvertor.new(
+          token &&
+          { 'token' => token } ||
+          { 'userName' => username, 'password' => password }
+        )
+      end
+    end
+  end
+end

data/lib/sberbank/acquiring/command_parameters_convertor.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+module Sberbank
+  module Acquiring
+    class CommandParametersConvertor
+      attr_reader :default_params
+
+      def initialize(default_params = {})
+        @default_params = default_params
+      end
+
+      def convert(params)
+        jsonify_hash_values(camelize(params).merge!(default_params))
+      end
+
+      def camelize(params)
+        case params
+        when Hash then camelize_hash(params)
+        when Enumerable then camelize_enumerable(params)
+        else params
+        end
+      end
+
+      def jsonify_hash_values(hash)
+        result = hash.dup
+
+        result.each do |k, v|
+          result[k] = v.is_a?(Hash) && v.to_json || v
+        end
+
+        result
+      end
+
+      private
+
+      def camelize_string(string)
+        string.gsub(/_([a-z])/) { $1.upcase }
+      end
+
+      def camelize_hash(hash)
+        result = {}
+        hash.each { |k, v| result[camelize_string(k.to_s)] = camelize(v) }
+        result
+      end
+
+      def camelize_enumerable(enumerable)
+        enumerable.map { |e| camelize(e) }
+      end
+    end
+  end
+end

data/lib/sberbank/acquiring/command_response_decorator.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require 'forwardable'
+
+module Sberbank
+  module Acquiring
+    class CommandResponseDecorator
+      extend Forwardable
+
+      attr_reader :response
+      def_delegators :response, :data, :http_response, :http, :request
+      def_delegators :http, :body
+
+      def initialize(response)
+        @response = response
+      end
+
+      def error?
+        data.nil? || data['errorCode'].to_i > 0
+      end
+
+      def success?
+        !error?
+      end
+
+      def method_missing(name, *attrs)
+        key = camelize_string(name.to_s)
+        data.key?(key) ? data[key] : super
+      end
+
+      private
+
+      def camelize_string(string)
+        string.gsub(/_([a-z])/) { $1.upcase }
+      end
+    end
+  end
+end

data/lib/sberbank/acquiring/request.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+require 'net/http'
+require 'uri'
+
+module Sberbank
+  module Acquiring
+    class Request
+      TEST_HOST = '3dsec.sberbank.ru'.freeze
+      PRODUCTION_HOST = 'securepayments.sberbank.ru'.freeze
+
+      attr_reader :path, :params, :response, :test, :http_request, :host
+      alias test? test
+      alias http http_request
+
+      def initialize(host: nil, params:, path:, test: false)
+        @host        = host || test && TEST_HOST || PRODUCTION_HOST
+        @params      = params
+        @path        = path
+        @test        = test
+      end
+
+      def build_uri
+        URI::HTTPS.build(host: host, path: path, query: URI.encode_www_form(params))
+      end
+
+      def perform
+        uri = build_uri
+        Net::HTTP.start(uri.host, uri.port, use_ssl: true) do |http|
+          @http_request = Net::HTTP::Get.new(uri)
+          @response = Response.new(http_response: http.request(@http_request), request: self)
+        end
+      end
+    end
+  end
+end

data/lib/sberbank/acquiring/response.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Sberbank
+  module Acquiring
+    class Response
+      attr_reader :http_response, :request, :data
+      alias http http_response
+
+      def initialize(http_response:, request:)
+        @http_response = http_response
+        @request       = request
+        @data          = parse_response_body!
+      end
+
+      private
+
+      def parse_response_body!
+        JSON.parse(@http_response.body)
+      rescue JSON::ParserError
+      end
+    end
+  end
+end

data/lib/sberbank/acquiring/symmetric_key_checksum_validator.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+require 'openssl'
+
+module Sberbank
+  module Acquiring
+    class SymmetricKeyChecksumValidator
+      DIGEST_CLASS = OpenSSL::Digest::SHA256
+
+      def initialize(key, digest = DIGEST_CLASS.new)
+        @key = key
+        @digest = digest
+      end
+
+      def validate(checksum, params = {})
+        checksum == calculate_checksum(generate_digest_data(params))
+      end
+
+      def calculate_checksum(data)
+        OpenSSL::HMAC.hexdigest(@digest, @key, data).upcase!
+      end
+
+      private
+
+      def generate_digest_data(params)
+        params.
+          keys.
+          sort { |a, b| a.to_s <=> b.to_s }.
+          map { |param_key| "#{param_key};#{params[param_key]};" }.
+          join
+      end
+    end
+  end
+end

data/lib/sberbank/acquiring/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Sberbank
+  module Acquiring
+    VERSION = '0.1.0'
+  end
+end

data/sberbank-acquiring.gemspec

@@ -0,0 +1,23 @@
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'sberbank/acquiring/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'sberbank-acquiring'
+  spec.version       = Sberbank::Acquiring::VERSION
+  spec.authors       = ['Aleksandr Panasyuk']
+  spec.email         = ['panasmeister@gmail.com']
+
+  spec.summary       = 'GEM that makes integration of Sberbank Acquiring easier'
+  spec.description   = 'This is an implementation of Sberbank Acuiring API client'
+  spec.homepage      = 'https://github.com/panasyuk/sberbank-acquiring'
+  spec.license       = 'MIT'
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+
+  spec.require_paths = ['lib']
+end

metadata

@@ -0,0 +1,63 @@
+--- !ruby/object:Gem::Specification
+name: sberbank-acquiring
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Aleksandr Panasyuk
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-12-10 00:00:00.000000000 Z
+dependencies: []
+description: This is an implementation of Sberbank Acuiring API client
+email:
+- panasmeister@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".ruby-gemset"
+- ".ruby-version"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- lib/sberbank/acquiring.rb
+- lib/sberbank/acquiring/client.rb
+- lib/sberbank/acquiring/command_parameters_convertor.rb
+- lib/sberbank/acquiring/command_response_decorator.rb
+- lib/sberbank/acquiring/request.rb
+- lib/sberbank/acquiring/response.rb
+- lib/sberbank/acquiring/symmetric_key_checksum_validator.rb
+- lib/sberbank/acquiring/version.rb
+- sberbank-acquiring.gemspec
+homepage: https://github.com/panasyuk/sberbank-acquiring
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.8
+signing_key: 
+specification_version: 4
+summary: GEM that makes integration of Sberbank Acquiring easier
+test_files: []