sermepa_web_tpv 0.0.2 → 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: cea5def5710b4a30eaf4e4132c73897b4cb717aa
+  data.tar.gz: 0980e6c6776408beac945ba5e9b147869fef9fbf
+SHA512:
+  metadata.gz: b8ce025ec8bfa7e0bc1720323f4a5b98da8584ea1fb6a505acc1eea731cbded29805680fa59ca8becc6a5bfe40a58f47cb4ff034e4b4906cab131ae65700e49b
+  data.tar.gz: 29be593d02f6ef515ee2e396171e4359b2f9fdde8f66e9d496d034e73dc8a5c7a09cd48ecb94e9b653cd90e8316a54e64ccb8d285e7bc80e8664461818840723

data/README.md

@@ -1,6 +1,6 @@
 # Sermepa web TPV
 
-Add simple web payment tpv to your rails application
+Add simple web payment tpv to your rails application. This version is compliance with new hmac 256 signature. For older sha1 signature use version 0.0.2.
 
 Example app source at: https://github.com/ritxi/sermepa_web_tpv_sample_app
 
@@ -24,7 +24,7 @@ Steps to use it:
 module MyApp
   class Application < Rails::Application
     config.web_tpv.bank_url = 'https://sis-t.sermepa.es:25443/sis/realizarPago'
-    config.web_tpv.response_host = 'my_application_host.com'
+    config.web_tpv.response_host = 'https://my_application_host.com'
     config.web_tpv.merchant_code = '000000000'
     config.web_tpv.terminal = 1
     config.web_tpv.callback_response_path = '/payments/validate'
@@ -36,6 +36,7 @@ module MyApp
     config.web_tpv.transaction_type = 0
     config.web_tpv.language = '003' #Catala
     config.web_tpv.merchant_name = 'MY MERCHANT NAME'
+    config.web_tpv.pay_methods = 'C' # Only credit card
   end
 end
 ```

data/lib/sermepa_web_tpv.rb

@@ -42,8 +42,12 @@ module SermepaWebTpv
   mattr_accessor :redirect_failure_path
   @@redirect_failure_path = nil #"/payments/failure"
 
+  mattr_accessor :pay_methods
+  @@pay_methods = '' # 'C' for credit card only (see official doc)
+
   autoload :Request, 'sermepa_web_tpv/request'
   autoload :Response, 'sermepa_web_tpv/response'
+  autoload :Signature, 'sermepa_web_tpv/signature'
 
 end
 require 'sermepa_web_tpv/persistence/active_record'

data/lib/sermepa_web_tpv/request.rb

@@ -1,5 +1,4 @@
 require 'uri'
-require 'digest/sha1'
 
 module SermepaWebTpv
   class Request < Struct.new(:transaction, :description)
@@ -9,38 +8,45 @@ module SermepaWebTpv
       SermepaWebTpv.bank_url
     end
 
-    def options
-      optional_options.merge(must_options)
-    end
-
     def transact(&block)
       generate_transaction_number!
       yield(transaction)
-      self
+      transaction
     end
 
-    private
+    def options
+      optional_options.merge(must_options)
+    end
 
-    def transaction_number_attribute
-      SermepaWebTpv.transaction_model_transaction_number_attribute
+    def merchant_parameters_json
+      options.to_json
     end
 
-    def transaction_model_amount_attribute
-      SermepaWebTpv.transaction_model_amount_attribute
+    def merchant_parameters
+      Base64.urlsafe_encode64(
+        merchant_parameters_json).split("\n").join('')
     end
 
-    def amount
-      (transaction_amount * 100).to_i.to_s
+    def params
+      {
+        'Ds_SignatureVersion' => 'HMAC_SHA256_V1',
+        'Ds_MerchantParameters' => merchant_parameters,
+        'Ds_Signature' => signature
+      }
+    end
+    private
+
+    def signature
+      @signature ||= Signature.new(self).signature
     end
 
     def must_options
       {
         'Ds_Merchant_Amount' =>             amount,
-        'Ds_Merchant_Currency' =>           SermepaWebTpv.currency, #EURO
         'Ds_Merchant_Order' =>              transaction_number,
         'Ds_Merchant_ProductDescription' => description,
+        'Ds_Merchant_Currency' =>           SermepaWebTpv.currency,
         'Ds_Merchant_MerchantCode' =>       SermepaWebTpv.merchant_code,
-        'Ds_Merchant_MerchantSignature' =>  signature,
         'Ds_Merchant_Terminal' =>           SermepaWebTpv.terminal,
         'Ds_Merchant_TransactionType' =>    SermepaWebTpv.transaction_type,
         'Ds_Merchant_ConsumerLanguage' =>   SermepaWebTpv.language,
@@ -48,16 +54,6 @@ module SermepaWebTpv
       }
     end
 
-    def signature
-      #Ds_Merchant_Amount + Ds_Merchant_Order +Ds_Merchant_MerchantCode + Ds_Merchant_Currency +Ds_Merchant_TransactionType + Ds_Merchant_MerchantURL + CLAVE SECRETA
-      merchant_code = SermepaWebTpv.merchant_code
-      currency = SermepaWebTpv.currency
-      transaction_type = SermepaWebTpv.transaction_type
-      callback_url = url_for(:callback_response_path)
-      merchant_secret_key = SermepaWebTpv.merchant_secret_key
-      Digest::SHA1.hexdigest("#{amount}#{transaction_number}#{merchant_code}#{currency}#{transaction_type}#{callback_url}#{merchant_secret_key}").upcase
-    end
-
     # Available options
     # redirect_success_path
     # redirect_failure_path
@@ -66,19 +62,29 @@ module SermepaWebTpv
       host = SermepaWebTpv.response_host
       path = SermepaWebTpv.send(option)
 
-      if host.present? && path.present?
-        URI.join("http://#{host}", path).to_s
-      end
+      return if !host.present? || !path.present?
+      URI.join(host, path).to_s
     end
 
     def optional_options
       {
         'Ds_Merchant_Titular'      => SermepaWebTpv.merchant_name,
         'Ds_Merchant_UrlKO'        => url_for(:redirect_failure_path),
-        'Ds_Merchant_UrlOK'        => url_for(:redirect_success_path)
-      }.delete_if {|key, value| value.blank? }
+        'Ds_Merchant_UrlOK'        => url_for(:redirect_success_path),
+        'Ds_Merchant_PayMethods'   => SermepaWebTpv.pay_methods
+      }.delete_if { |_key, value| value.blank? }
+    end
+
+    def transaction_number_attribute
+      SermepaWebTpv.transaction_model_transaction_number_attribute
     end
 
+    def transaction_model_amount_attribute
+      SermepaWebTpv.transaction_model_amount_attribute
+    end
 
+    def amount
+      (transaction_amount * 100).to_i.to_s
+    end
   end
 end

data/lib/sermepa_web_tpv/response.rb

@@ -1,26 +1,37 @@
-require 'digest/sha1'
+
 
 module SermepaWebTpv
-  class Response < Struct.new(:params)
+  BASE = Struct.new(:params) unless defined?(BASE)
+  class Response < BASE
+    def transaction_number
+      merchant_parameters_hash['Ds_Order']
+    end
+
+
     def valid?
-      params[:Ds_Signature] == signature
+      params['Ds_Signature'] == signature
     end
 
     def success?
-      params[:Ds_Response].to_i == 0
+      merchant_parameters_hash['Ds_Response'].to_i == 0
     end
 
-    private
     def signature
-      response = %W(
-        #{params[:Ds_Amount]}
-        #{params[:Ds_Order]}
-        #{params[:Ds_MerchantCode]}
-        #{params[:Ds_Currency]}
-        #{params[:Ds_Response]}
-        #{SermepaWebTpv.merchant_secret_key}
-      ).join
-      Digest::SHA1.hexdigest(response).upcase
+      Signature.new(self).signature
+    end
+
+    def merchant_parameters
+      params['Ds_MerchantParameters']
+    end
+
+    def merchant_paramters_json
+      @merchant_paramters_json ||=
+        Base64.urlsafe_decode64(merchant_parameters)
+    end
+
+    def merchant_parameters_hash
+      @merchant_parameters_hash ||=
+        JSON.parse(merchant_paramters_json)
     end
   end
-end
+end

data/lib/sermepa_web_tpv/signature.rb

@@ -0,0 +1,46 @@
+require 'base64'
+require 'openssl'
+require 'mcrypt'
+
+module SermepaWebTpv
+  class Signature
+    include SermepaWebTpv::Persistence::ActiveRecord
+
+    attr_reader :action
+
+    class << self
+      def iv
+        # "\x00\x00\x00\x00\x00\x00\x00\x00"
+        0.chr * 8
+      end
+
+      def merchant_key
+        Base64.decode64(SermepaWebTpv.merchant_secret_key)
+      end
+
+      def cipher
+        @cipher ||= Mcrypt.new(:tripledes, :cbc, merchant_key,
+                               iv, :zeros)
+      end
+
+      def digestor
+        @digestor ||= OpenSSL::Digest.new('sha256')
+      end
+    end
+
+    def initialize(action)
+      @action = action
+    end
+
+    def signature
+      Base64.encode64(
+        OpenSSL::HMAC.digest(self.class.digestor, key,
+                             action.merchant_parameters))
+        .strip
+    end
+
+    def key
+      self.class.cipher.encrypt(action.transaction_number)
+    end
+  end
+end

data/lib/sermepa_web_tpv/version.rb

@@ -1,3 +1,3 @@
 module SermepaWebTpv
-  VERSION = "0.0.2"
+  VERSION = "0.1.0"
 end

metadata

@@ -1,94 +1,97 @@
 --- !ruby/object:Gem::Specification
 name: sermepa_web_tpv
 version: !ruby/object:Gem::Version
-  version: 0.0.2
-  prerelease: 
+  version: 0.1.0
 platform: ruby
 authors:
 - Ricard Forniol Agustí
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-10-20 00:00:00.000000000 Z
+date: 2015-11-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: ruby-mcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: fuubar
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: nyan-cat-formatter
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: Simple rails engine to add payments to your web application using sermepa
@@ -99,38 +102,38 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- lib/sermepa_web_tpv.rb
 - lib/sermepa_web_tpv/persistence/active_record.rb
 - lib/sermepa_web_tpv/railtie.rb
 - lib/sermepa_web_tpv/request.rb
 - lib/sermepa_web_tpv/response.rb
+- lib/sermepa_web_tpv/signature.rb
 - lib/sermepa_web_tpv/version.rb
-- lib/sermepa_web_tpv.rb
 - lib/tasks/sermepa_web_tpv.rake
-- MIT-LICENSE
-- Rakefile
-- README.md
 homepage: http://github.com/ritxi/sermepa_web_tpv
 licenses: []
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.23
+rubygems_version: 2.4.5
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Add simple web tpv from sermepa to your rails application
 test_files: []