smile-identity-core 2.2.5 → 2.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f2afcbbd6545c88d03ff0b594301cecbadde5254f80596f1ea0eb0618b503675
-  data.tar.gz: f61285ea5a4a1bd2100c9a7595df42f99e6d45a83bb937669fdb7850b08c2742
+  metadata.gz: 39966ea73f1a7ad317cf4bb110622c9b5c67efcf5246487b2a7a4124d418a8f6
+  data.tar.gz: cc969bff36cdb9a725e4776d0879b8159cb88b22f2e7d316a9b43848c7ddc388
 SHA512:
-  metadata.gz: 5c907e4c87b263502515cdf0481a74efa8610017d3205b3e5fcd026521ad511c2b6831b23d24485aa6fad62388cd5a207fe77b9530c77ecc0f8d75b33160e5bb
-  data.tar.gz: 696a8eb8bb44d8cb2aec5f97b4f5ecf51789f1310d85e62bdb0f99542d3242fd78980b21740871af592bf7e8616aeafa0c3f6daa40550607f22404a16342de23
+  metadata.gz: db43ee16f48ec3f8c87069f21aac2b5ba1cc509abfa54531efd4695a9d56c98beeb3d78b45ec1841e386d48c4847d116d6464545fca5bf4fbd33fafc5e508242
+  data.tar.gz: 8827bbbf277fbb9687aae8cdbf567de94e1f3deeeea9d9913a8088c4a0d47a0399d5c02a80d2acc9a218f0a577122a22e397457dbebb9075f55ebc593d07b8cc

data/.github/workflows/release.yml

@@ -10,7 +10,7 @@ jobs:
     needs: test
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
       with:
         set-safe-directory: false
     - name: Release Gem

data/.github/workflows/semgrep.yml

@@ -0,0 +1,119 @@
+name: Semgrep SAST
+
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+permissions:
+  contents: read
+  actions: read
+  security-events: write
+  pull-requests: write
+
+jobs:
+  semgrep:
+    name: Semgrep Security Scan
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    container:
+      image: semgrep/semgrep:1.157.0
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4
+
+      - name: Run Semgrep
+        continue-on-error: true
+        run: semgrep scan --config p/security-audit --sarif -o semgrep.sarif
+
+      - name: Upload SARIF to GitHub Security
+        if: always()
+        continue-on-error: true
+        uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4
+        with:
+          sarif_file: semgrep.sarif
+
+      - name: Comment findings on PR
+        if: github.event_name == 'pull_request' && always()
+        env:
+          GH_TOKEN: ${{ github.token }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+        run: |
+          python3 << 'PYEOF'
+          import json, os, urllib.request
+
+          marker = "<!-- semgrep-results -->"
+          repo = os.environ.get("GITHUB_REPOSITORY", "")
+          pr = os.environ.get("PR_NUMBER", "")
+          token = os.environ.get("GH_TOKEN", "")
+          api = f"https://api.github.com/repos/{repo}/issues/{pr}/comments"
+          headers = {
+              "Authorization": f"Bearer {token}",
+              "Accept": "application/vnd.github+json",
+              "X-GitHub-Api-Version": "2022-11-28",
+          }
+
+          findings = []
+          try:
+              with open("semgrep.sarif") as f:
+                  sarif = json.load(f)
+              for run in sarif.get("runs", []):
+                  for result in run.get("results", []):
+                      rule_id = result.get("ruleId", "unknown")
+                      message = result.get("message", {}).get("text", "")
+                      level = result.get("level", "warning")
+                      for loc in result.get("locations", []):
+                          phys = loc.get("physicalLocation", {})
+                          path = phys.get("artifactLocation", {}).get("uri", "?")
+                          line = phys.get("region", {}).get("startLine", "?")
+                          findings.append({"rule": rule_id, "message": message,
+                                           "level": level, "file": path, "line": line})
+          except (FileNotFoundError, json.JSONDecodeError):
+              pass
+
+          if findings:
+              body = f"{marker}\n## 🔍 Semgrep Security Scan Results\n\n"
+              body += f"**{len(findings)} finding(s)** detected by "
+              body += "[`p/security-audit`](https://semgrep.dev/p/security-audit) ruleset.\n\n"
+              body += "| # | Severity | Rule | File | Line | Message |\n"
+              body += "|---|----------|------|------|------|---------|\n"
+              for i, f in enumerate(findings[:25], 1):
+                  rule = f["rule"].split(".")[-1] if "." in f["rule"] else f["rule"]
+                  msg = f["message"].replace("|", "\\|").replace("\n", " ")
+                  msg = (msg[:80] + "...") if len(msg) > 80 else msg
+                  body += f'| {i} | {f["level"].upper()} | `{rule}` '
+                  body += f'| `{f["file"]}` | {f["line"]} | {msg} |\n'
+              if len(findings) > 25:
+                  body += f"\n*... and {len(findings) - 25} more. "
+                  body += "See full results in workflow logs.*\n"
+              body += "\n> ⚠️ These findings are **non-blocking**. "
+              body += "Please review and address as appropriate.\n"
+          else:
+              body = f"{marker}\n## 🔍 Semgrep Security Scan Results\n\n"
+              body += "✅ No security findings detected by "
+              body += "[`p/security-audit`](https://semgrep.dev/p/security-audit) ruleset.\n"
+
+          existing_id = None
+          try:
+              req = urllib.request.Request(api, headers=headers)
+              resp = urllib.request.urlopen(req)
+              for c in json.loads(resp.read()):
+                  if marker in c.get("body", ""):
+                      existing_id = c["id"]
+                      break
+          except Exception:
+              pass
+
+          data = json.dumps({"body": body}).encode()
+          if existing_id:
+              url = f"https://api.github.com/repos/{repo}/issues/comments/{existing_id}"
+              req = urllib.request.Request(url, data=data, headers=headers, method="PATCH")
+          else:
+              req = urllib.request.Request(api, data=data, headers=headers, method="POST")
+
+          try:
+              urllib.request.urlopen(req)
+              action = "Updated" if existing_id else "Posted"
+              print(f"{action} comment with {len(findings)} finding(s)")
+          except Exception as e:
+              print(f"Warning: Could not comment on PR: {e}")
+          PYEOF

data/.github/workflows/test.yml

@@ -16,7 +16,7 @@ jobs:
         # See https://www.ruby-lang.org/en/downloads/ for latest stable releases.
         ruby: ['2.6', '2.7', '3.0', '3.1', '3.2']
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - uses: ruby/setup-ruby@v1
       with:
         ruby-version: ${{ matrix.ruby }}
@@ -25,7 +25,7 @@ jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - uses: ruby/setup-ruby@v1
       with:
         ruby-version: 3.2

data/CHANGELOG.md

@@ -5,6 +5,14 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+## [2.3.1] - 2026-04-24
+### Added
+- Support for optional `aliases` parameter in AML Check (`AmlCheck#submit_job`) to allow secondary names in screening requests
+
+## [2.3.0] - 2024-12-10
+### Added
+- Support for Address verification 
+
 ## [2.2.5] - 2024-06-11
 ### Fixed
 - No changes, fixed deployment issue

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    smile-identity-core (2.2.5)
+    smile-identity-core (2.3.1)
       rubyzip (~> 1.2, >= 1.2.3)
       typhoeus (~> 1.0, >= 1.0.1)
 
@@ -21,8 +21,7 @@ GEM
     rainbow (3.1.1)
     rake (12.3.3)
     regexp_parser (2.6.0)
-    rexml (3.2.8)
-      strscan (>= 3.0.9)
+    rexml (3.4.2)
     rspec (3.8.0)
       rspec-core (~> 3.8.0)
       rspec-expectations (~> 3.8.0)
@@ -60,7 +59,6 @@ GEM
       simplecov_json_formatter (~> 0.1)
     simplecov-html (0.12.3)
     simplecov_json_formatter (0.1.4)
-    strscan (3.1.0)
     typhoeus (1.4.0)
       ethon (>= 0.9.0)
     unicode-display_width (2.3.0)

data/examples/address_verification.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+require 'smile-identity-core'
+# See https://docs.usesmileid.com/products/for-individuals-kyc/address-verification for
+# more information on address verification
+
+# Initialize
+partner_id = '' # login to the Smile Identity portal to view your partner id
+api_key = '' # copy your API key from the Smile Identity portal
+sid_server = '0' # Use 0 for the sandbox server, use 1 for production server
+
+# Array of example cases for different countries
+example_cases = [
+  {
+    description: 'Example for South Africa (ZA)',
+    request_params: {
+      country: 'ZA', # (Required) Must be 'NG' or 'ZA'.
+      address: 'Cape Town', # (Required) A valid and complete address.
+      id_number: '1234567891234', # (Required for ZA) The 13-digit national ID number.
+      full_name: 'Doe Joe Leo', # (Optional) Full name for additional verification.
+      callback_url: 'https://webhook.site', # (Required) Callback URL for the response.
+    },
+  },
+  {
+    description: 'Example for Nigeria (NG)',
+    request_params: {
+      country: 'NG', # (Required) Must be 'NG' or 'ZA'.
+      address: 'Lagos', # (Required) A valid and complete address.
+      utility_number: '12345678911', # (Required for NG) Utility account number.
+      utility_provider: 'IkejaElectric', # (Required for NG) Utility provider name.
+      full_name: 'John Doe', # (Optional) Full name for additional verification.
+      callback_url: 'https://webhook.site', # (Required) Callback URL for the response.
+    },
+  },
+]
+
+# Create a connection object
+connection = SmileIdentityCore::AddressVerification.new(partner_id, api_key, sid_server)
+
+# Loop through the example cases and make requests
+example_cases.each do |example|
+  puts example[:description]
+  response = connection.submit_job(example[:request_params])
+  pp response
+end

data/examples/aml_check.rb

@@ -20,6 +20,7 @@ request_params = {
   birth_year: '1984', # yyyy
   search_existing_user: false,
   strict_match: true, # optional - default is true
+  # aliases: ['Johnny Doe', 'J. Doe'],  # optional - secondary names to broaden screening
 }
 
 # Submit the job

data/lib/smile-identity-core/address_verification.rb

@@ -0,0 +1,79 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'typhoeus'
+require_relative 'validations'
+
+module SmileIdentityCore
+  ##
+  # The Address Verification Service allows you to verify address details provided by a user,
+  # by comparing the address details provided by the user to the address details on file with the authorities database.
+  # For more info visit https://docs.usesmileid.com/
+  class AddressVerification
+    include Validations
+
+    ###
+    # Initialize Address Verification
+    # @param [String] :partner_id A unique number assigned by Smile ID to your account. Can be found in the portal
+    # @param [String] :api_key Your API key from the Smile Identity portal
+    # @param [String] :sid_server Use 0 for the sandbox server, use 1 for production server
+    def initialize(partner_id, api_key, sid_server)
+      @api_key = api_key
+      @partner_id = partner_id.to_s
+      @sid_server = sid_server
+      @url = SmileIdentityCore::ENV.determine_url(sid_server)
+    end
+
+    ###
+    # Submit Address Verification
+    # @param [Hash] params the options to create a job with.
+    # @option params [String] :country (required) The user's country (e.g., NG or ZA).
+    # @option params [String] :address (required) The user's address.
+    # @option params [String] :utility_number (required for NG) The utility account number.
+    # @option params [String] :utility_provider (required for NG) The utility provider.
+    # @option params [String] :id_number (required for ZA) The national ID number.
+    # @option params [String] :full_name (optional) The user's full name.
+    # @option params [String] :callback_url (required) The callback URL.
+    def submit_job(params)
+      @params = symbolize_keys(params)
+      submit_requests
+    end
+
+    private
+
+    def symbolize_keys(params)
+      params.is_a?(Hash) ? params.transform_keys(&:to_sym) : params
+    end
+
+    def construct_and_validate_headers
+      signature = SmileIdentityCore::Signature.new(@partner_id, @api_key).generate_iso_timestamp_signature
+      {
+        'smileid-source-sdk' => SmileIdentityCore::SOURCE_SDK,
+        'smileid-source-sdk-version' => SmileIdentityCore::VERSION,
+        'smileid-request-signature' => signature[:signature],
+        'smileid-timestamp' => signature[:timestamp],
+        'smileid-partner-id' => @partner_id,
+      }
+    end
+
+    def submit_requests
+      # Construct headers and body
+      headers = construct_and_validate_headers
+      body = @params.to_json
+
+      # Create and run the request
+      request = Typhoeus::Request.new("#{@url}/async-verify-address", method: 'POST',
+        headers: headers,
+        body: body)
+
+      # Handle the response
+      request.on_complete do |response|
+        raise " #{response.code}: #{response.body}" unless response.success?
+
+        return { success: true }.to_json
+      end
+
+      request.run
+    end
+  end
+end

data/lib/smile-identity-core/aml_check.rb

@@ -35,6 +35,8 @@ module SmileIdentityCore
     # @option opts [boolean] :search_existing_user If you intend to re-use the name and year of birth
     # @option opts [boolean] :strict_match If you want to perform a strict match on the serach criteria.
     # of a user’s previous KYC job
+    # @option opts [Array<String>] :aliases An optional list of secondary or alternative names
+    #   (e.g. maiden names, transliterations, nicknames) to include in the screening search.
     # @option opts [Hash] :optional_info Any optional data, this will be returned
     # in partner_params.
     def submit_job(params)

data/lib/smile-identity-core/constants/job_type.rb

@@ -29,5 +29,9 @@ module SmileIdentityCore
     # with an ID authority, and uses biometric checks to confirm they
     # belong to the user.
     ENHANCED_DOCUMENT_VERIFICATION = 11
+    # Verifies the authenticity of National IDs or Utility Numbers and confirms
+    # their validity with an ID authority, and retrieves user address information
+    # from the ID authority.
+    ADDRESS_VERIFICATION = 12
   end
 end

data/lib/smile-identity-core/signature.rb

@@ -12,6 +12,25 @@ module SmileIdentityCore
     #
     # @return [Hash] containing both the signature and related timestamp
     def generate_signature(timestamp = Time.now.to_s)
+      get_signature(timestamp)
+    end
+
+    def generate_iso_timestamp_signature(timestamp = Time.now.utc.strftime('%Y-%m-%dT%H:%M:%S.%LZ'))
+      get_signature(timestamp)
+    end
+
+    # Confirms the signature against a newly generated signature based on the same timestamp
+    #
+    # @param [String] timestamp the timestamp to generate the signature from
+    # @param [String] msg_signature a previously generated signature, to be confirmed
+    # @return [Boolean] TRUE or FALSE
+    def confirm_signature(timestamp, msg_signature)
+      get_signature(timestamp)[:signature] == msg_signature
+    end
+
+    private
+
+    def get_signature(timestamp)
       hmac = OpenSSL::HMAC.new(@api_key, 'sha256')
       hmac.update(timestamp.to_s)
       hmac.update(@partner_id)
@@ -22,14 +41,5 @@ module SmileIdentityCore
         timestamp: timestamp.to_s,
       }
     end
-
-    # Confirms the signature against a newly generated signature based on the same timestamp
-    #
-    # @param [String] timestamp the timestamp to generate the signature from
-    # @param [String] msg_signature a previously generated signature, to be confirmed
-    # @return [Boolean] TRUE or FALSE
-    def confirm_signature(timestamp, msg_signature)
-      generate_signature(timestamp)[:signature] == msg_signature
-    end
   end
 end

data/lib/smile-identity-core/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
 module SmileIdentityCore
-  VERSION = '2.2.5'
+  VERSION = '2.3.1'
   SOURCE_SDK = 'Ruby'
 end

data/lib/smile-identity-core.rb

@@ -7,6 +7,7 @@ require_relative 'smile-identity-core/aml_check'
 require_relative 'smile-identity-core/signature'
 require_relative 'smile-identity-core/utilities'
 require_relative 'smile-identity-core/business_verification'
+require_relative 'smile-identity-core/address_verification'
 require_relative 'smile-identity-core/constants/env'
 require_relative 'smile-identity-core/constants/image_type'
 require_relative 'smile-identity-core/constants/job_type'

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: smile-identity-core
 version: !ruby/object:Gem::Version
-  version: 2.2.5
+  version: 2.3.1
 platform: ruby
 authors:
 - Smile Identity
-autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-06-12 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -157,6 +156,7 @@ extra_rdoc_files: []
 files:
 - ".github/dependabot.yml"
 - ".github/workflows/release.yml"
+- ".github/workflows/semgrep.yml"
 - ".github/workflows/test.yml"
 - ".gitignore"
 - ".rspec"
@@ -169,6 +169,7 @@ files:
 - Rakefile
 - bin/console
 - bin/setup
+- examples/address_verification.rb
 - examples/aml_check.rb
 - examples/biometric_kyc.rb
 - examples/business_verification.rb
@@ -183,6 +184,7 @@ files:
 - examples/get_web_token.rb
 - examples/smart_selfie_authentication.rb
 - lib/smile-identity-core.rb
+- lib/smile-identity-core/address_verification.rb
 - lib/smile-identity-core/aml_check.rb
 - lib/smile-identity-core/business_verification.rb
 - lib/smile-identity-core/constants/env.rb
@@ -204,7 +206,6 @@ metadata:
   documentation_uri: https://docs.usesmileid.com
   changelog_uri: https://github.com/smileidentity/smile-identity-core-ruby/blob/master/CHANGELOG.md
   rubygems_mfa_required: 'true'
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -219,8 +220,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.9
-signing_key:
+rubygems_version: 3.6.9
 specification_version: 4
 summary: The Smile Identity Web API allows the user to access\ most of the features
   of the Smile Identity system through direct server to server queries.