smart_pay 0.1

data/README.md

@@ -0,0 +1,43 @@
+## SmartPay
+
+Provides HMAC signing and verification when passing parameters
+to and from Barclays SmartPay hosted payment pages.
+
+More information can be found in the [SmartPay hosted payment process integration guide](http://www.barclaycard.com/smartpay/documentation/pdf/SmartPay_HPP_IntegrationGuide.pdf)
+
+### Usage
+```
+req = SmartPay::Request.new("Kah942*$7sdp0)", { 
+  :merchant_reference => "Internet Order 12345",
+  :payment_amount => 10000,
+  :currency_code => "GBP",
+  :ship_before_date => "2007-10-20",
+  :skin_code => "4aD37dJA",
+  :merchant_account => "TestMerchant",
+  :shopper_locale => "en_GB",
+  :order_data => "H4sIAAAAAAAAALMpsOPlCkssyswvLVZIz89PKVZIzEtRKE4tKstMTi3W4+Wy0S+wAwDOGUCXJgAAAA==",
+  :session_validity => "2007-10-11T11:00:00Z",
+  :merchant_signature => "yARtfsxD47jeXzOlEyZ0j3pg="
+})
+req.hmac_signature # => 'x58ZcRVL1H6y+XSeBGrySJ9ACVo=\n'
+
+
+res = SmartPay::Response.new("Kah942*$7sdp0)", {
+  :merchant_reference => "Internet Order 12345",
+  :skin_code => "4aD37dJA",
+  :shopper_locale => "en_GB",
+  :auth_result => "AUTHORISED",
+  :psp_reference => "1211992213193029",
+  :merchant_sig => "ytt3QxWoEhAskUzUne0P5VA9lPw="
+})
+res.verified # => true
+```
+
+### Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Run the tests (`bundle exec rake`)
+5. Push to the branch (`git push origin my-new-feature`)
+6. Create new Pull Request

data/Rakefile

@@ -0,0 +1,26 @@
+#!/usr/bin/env rake
+
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+Bundler::GemHelper.install_tasks
+
+require 'rake/testtask'
+
+require 'gem_publisher'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+task :publish_gem do |t|
+  gem = GemPublisher.publish_if_updated("smart_pay.gemspec", :rubygems)
+  puts "Published #{gem}" if gem
+end
+
+task :default => :test

data/lib/smart_pay.rb

@@ -0,0 +1,21 @@
+require 'smart_pay/request'
+require 'smart_pay/response'
+
+module SmartPay
+
+  def self.test_mode=(test_mode)
+    @@test_mode = test_mode
+  end
+
+  def self.test_mode
+    !!@@test_mode
+  end
+
+  def self.ordered_parameters(ordered_keys, parameters)
+    [].tap do |ary|
+      ordered_keys.each do |k|
+        ary << parameters[k] if parameters[k]
+      end
+    end
+  end
+end

data/lib/smart_pay/hmac_calculator.rb

@@ -0,0 +1,28 @@
+require 'base64'
+require 'openssl'
+
+module SmartPay
+  class HmacCalculator
+    def initialize(psk, parameters)
+      @psk = psk
+      @parameters = parameters
+    end
+
+    def signature
+      raise_if_key_missing
+      hmac = OpenSSL::HMAC.digest('sha1', @psk, @parameters.join)
+      Base64.encode64(hmac)
+    end
+
+    def verify(merchant_sig)
+      raise_if_key_missing
+      "#{merchant_sig}\n" == signature
+    end
+
+    private
+
+    def raise_if_key_missing
+      raise "missing or empty pre-shared key" unless @psk && @psk.length > 0
+    end
+  end
+end

data/lib/smart_pay/request.rb

@@ -0,0 +1,25 @@
+require_relative 'hmac_calculator'
+
+module SmartPay
+  class Request
+    
+    TEST_URL = "https://test.barclaycardsmartpay.com/hpp/pay.shtml"
+    LIVE_URL = "https://live.barclaycardsmartpay.com/hpp/pay.shtml" 
+    ORDERED_KEYS = [:payment_amount, :currency_code, :ship_before_date, :merchant_reference,
+      :skin_code, :merchant_account, :session_validity, :shopper_email, :shopper_reference,
+      :allowed_methods, :blocked_methods, :shopper_statement, :billing_address_type]
+
+    def initialize(shared_key, parameters = {})
+      @shared_key = shared_key
+      @parameters = SmartPay.ordered_parameters(ORDERED_KEYS, parameters) 
+    end
+    
+    def hmac_signature
+      SmartPay::HmacCalculator.new(@shared_key, @parameters).signature
+    end
+
+    def request_url
+      SmartPay.test_mode ? TEST_URL : LIVE_URL
+    end
+  end
+end

data/lib/smart_pay/response.rb

@@ -0,0 +1,22 @@
+require_relative 'hmac_calculator'
+
+module SmartPay
+  class Response
+
+    attr_reader :parameters
+
+    ORDERED_KEYS = [:auth_result, :psp_reference, :merchant_reference,
+      :skin_code, :merchant_return_data]
+
+    def initialize(shared_key, parameters = {})
+      raise "Response signature not found" unless parameters.has_key?(:merchant_sig)
+      @shared_key = shared_key
+      @merchant_sig = parameters.delete(:merchant_sig)
+      @parameters = SmartPay.ordered_parameters(ORDERED_KEYS, parameters) 
+    end
+    
+    def verified
+      SmartPay::HmacCalculator.new(@shared_key, @parameters).verify(@merchant_sig)
+    end
+  end
+end

data/lib/smart_pay/version.rb

@@ -0,0 +1,4 @@
+module SmartPay
+  # Changing this causes Jenkins to tag and release the gem into the wild
+  VERSION = "0.1"
+end

data/test/request_test.rb

@@ -0,0 +1,33 @@
+require 'test_helper'
+
+describe SmartPay::Request do
+  before do
+    SmartPay.test_mode = true
+    @shared_key =  "Kah942*$7sdp0)"
+    @parameters = {
+      :merchant_reference => "Internet Order 12345",
+      :payment_amount => 10000,
+      :currency_code => "GBP",
+      :ship_before_date => "2007-10-20",
+      :skin_code => "4aD37dJA",
+      :merchant_account => "TestMerchant",
+      :shopper_locale => "en_GB",
+      :order_data => "H4sIAAAAAAAAALMpsOPlCkssyswvLVZIz89PKVZIzEtRKE4tKstMTi3W4+Wy0S+wAwDOGUCXJgAAAA==",
+      :session_validity => "2007-10-11T11:00:00Z",
+      :merchant_signature => "yARtfsxD47jeXzOlEyZ0j3pg="
+    }
+  end
+
+  # Based on example in http://www.barclaycard.com/smartpay/documentation/pdf/SmartPay_HPP_IntegrationGuide.pdf
+  it "should calculate the correct hmac signature" do
+    request = SmartPay::Request.new(@shared_key, @parameters)
+    assert_equal "x58ZcRVL1H6y+XSeBGrySJ9ACVo=\n", request.hmac_signature
+  end
+
+  it "should use the appropriate request URL" do
+    SmartPay.test_mode = false
+    assert_equal SmartPay::Request::LIVE_URL, SmartPay::Request.new(nil).request_url
+    SmartPay.test_mode = true
+    assert_equal SmartPay::Request::TEST_URL, SmartPay::Request.new(nil).request_url
+  end
+end

data/test/response_test.rb

@@ -0,0 +1,20 @@
+require 'test_helper'
+
+describe SmartPay::Response do
+  before do
+    SmartPay.test_mode = true
+    @shared_key = "Kah942*$7sdp0)"
+    @parameters = {
+      :merchant_reference => "Internet Order 12345",
+      :skin_code => "4aD37dJA",
+      :shopper_locale => "en_GB",
+      :auth_result => "AUTHORISED",
+      :psp_reference => "1211992213193029",
+      :merchant_sig => "ytt3QxWoEhAskUzUne0P5VA9lPw="
+    }
+  end
+  it "should verify the response parameters" do
+    response = SmartPay::Response.new(@shared_key, @parameters)
+    assert response.verified, "Merchant signature is incorrect"
+  end
+end

metadata

@@ -0,0 +1,109 @@
+--- !ruby/object:Gem::Specification
+name: smart_pay
+version: !ruby/object:Gem::Version
+  version: '0.1'
+  prerelease: 
+platform: ruby
+authors:
+- Steve Laing
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-11-25 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rdoc
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: '3.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: '3.12'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 10.1.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 10.1.0
+- !ruby/object:Gem::Dependency
+  name: gem_publisher
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+description: 
+email: steve.laing@digital.cabinet-office.gov.uk
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/smart_pay.rb
+- lib/smart_pay/hmac_calculator.rb
+- lib/smart_pay/version.rb
+- lib/smart_pay/request.rb
+- lib/smart_pay/response.rb
+- Rakefile
+- README.md
+- test/request_test.rb
+- test/response_test.rb
+homepage: 
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: 3111097971645311082
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: 3111097971645311082
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.23
+signing_key: 
+specification_version: 3
+summary: Ruby library for handling Barclaycard Smartpay requests and responses
+test_files:
+- test/request_test.rb
+- test/response_test.rb