solidus-adyen 0.1.2

data/spec/controllers/spree/adyen_notifications_controller_spec.rb

@@ -0,0 +1,118 @@
+require "spec_helper"
+
+describe Spree::AdyenNotificationsController do
+  include_context "mock adyen api", success: true
+
+  routes { Spree::Core::Engine.routes }
+
+  let(:order) { create :order }
+  let(:params) do
+    { "pspReference" => reference,
+      "eventDate" => "2013-10-21T14:45:45.93Z",
+      "merchantAccountCode" => "Test",
+      "reason" => "41061:1111:6/2016",
+      "originalReference" => "",
+      "value" => "6999",
+      "eventCode" => "AUTHORISATION",
+      "merchantReference" => order.number,
+      "operations" => "CANCEL,CAPTURE,REFUND",
+      "success" => "true",
+      "paymentMethod" => "visa",
+      "currency" => "USD",
+      "live" => "false" }
+  end
+
+  let!(:payment) do
+    create :payment, response_code: reference,
+      payment_method: payment_method
+  end
+
+  let(:payment_method) { create :hpp_gateway }
+
+  let(:reference) { "8513823667306210" }
+
+  before do
+    ENV["ADYEN_NOTIFY_USER"] = "username"
+    ENV["ADYEN_NOTIFY_PASSWD"] = "password"
+  end
+
+  describe "POST notify" do
+    subject { post :notify, params }
+
+    shared_examples "success" do
+      it "acknowledges the request" do
+        subject
+        expect(response).to have_http_status(:ok)
+        expect(response.body).to eq("[accepted]")
+      end
+    end
+
+    context "request authenticated" do
+      before { bypass_auth }
+
+      shared_examples "logs the notification" do
+        include_examples "success"
+        it "creates a notification" do
+          expect{ subject }.to change { AdyenNotification.count }.from(0).to(1)
+        end
+      end
+
+      include_examples "logs the notification"
+
+      context "when the system can't find a matching payment" do
+        let(:payment) { nil }
+        include_examples "logs the notification"
+      end
+
+      # Regression test
+      # In the event that a notification cannot be processed we need to still
+      # save the notification and acknoweldge it - otherwise Adyen will
+      # continue to notify us about the event and it will continue to error it.
+      #
+      # We cannot use an `ensure` in the controller action because the render
+      # actually completes after the action. Doing so still results in a 500.
+      #
+      # For this reason we need to save the notification on the first attempt,
+      # let the controller error, and then on the second attempt from Adyen
+      # return 200 [accepted], as the notification has already been saved.
+      context "an error occurs during processing" do
+        before { payment.void! }
+        before { params["success"] = false }
+
+        it "errors and creates a notification" do
+          expect {
+            expect { post(:notify, params) }.
+            to raise_error(StateMachines::InvalidTransition)
+
+            expect(post(:notify, params)).
+              to have_http_status(:ok).
+              and have_attributes(body: "[accepted]")
+          }.
+          to change { AdyenNotification.count }.by(1)
+        end
+      end
+    end
+
+    context "request not authenticated" do
+      it { is_expected.to have_http_status 401 }
+    end
+
+    context "notification has already been received" do
+      before { bypass_auth }
+      include_examples "success"
+
+      it "doesn't create a notification" do
+        # explict call of subject to avoid memoization
+        post :notify, params
+
+        expect{ post :notify, params }.
+          to_not change{ AdyenNotification.count }
+      end
+    end
+  end
+
+  def bypass_auth
+    @request.env["HTTP_AUTHORIZATION"] = "Basic " +
+      Base64::encode64("username:password")
+  end
+end

data/spec/controllers/spree/adyen_redirect_controller_spec.rb

@@ -0,0 +1,154 @@
+require "spec_helper"
+
+# https://docs.adyen.com/display/TD/HPP+payment+response
+RSpec.describe Spree::AdyenRedirectController, type: :controller do
+  include_context "mock adyen api", success: true
+
+  let(:order) do
+    create(
+      :order_with_line_items,
+      state: "payment",
+      store: store
+    )
+  end
+
+  let(:store) { Spree::Store.default }
+  let(:gateway) { create :hpp_gateway }
+
+  before do
+    allow(controller).to receive(:check_signature)
+  end
+
+  describe "GET confirm" do
+    subject(:action) { spree_get :confirm, params }
+
+    let(:psp_reference) { "8813824003752247" }
+    let(:payment_method) { "amex" }
+    let(:params) do
+      { merchantReference: order.number,
+        skinCode: "xxxxxxxx",
+        shopperLocale: "en_GB",
+        paymentMethod: payment_method,
+        authResult: auth_result,
+        pspReference:  psp_reference,
+        merchantSig: "erewrwerewrewrwer",
+        merchantReturnData: merchantReturnData
+      }
+    end
+    let(:merchantReturnData) { [order.guest_token, gateway.id].join("|") }
+
+    shared_examples "payments are pending" do
+      it "has pending payments" do
+        expect(order.payments).to all be_pending
+      end
+    end
+
+    shared_examples "payment is successful" do
+      it "changes the order state to completed" do
+        expect { subject }.
+          to change { order.reload.state }.
+          from("payment").
+          to("complete").
+
+          and change { order.payment_state }.
+          from(nil).
+          to("balance_due").
+
+          and change { order.shipment_state }.
+          from(nil).
+          to("pending")
+      end
+
+      it "redirects to the order complete page" do
+        is_expected.to have_http_status(:redirect).
+          and redirect_to order_path(order)
+      end
+
+      it "creates a payment" do
+        expect{ subject }.
+          to change{ order.payments.count }.
+          from(0).
+          to(1)
+      end
+
+      context "and the order cannot complete" do
+        before do
+          expect(order).to receive(complete).and_return(false)
+        end
+
+        it "voids the payment"
+      end
+    end
+
+    context "when the payment is AUTHORISED" do
+      include_examples "payment is successful"
+      include_examples "payments are pending"
+      let(:auth_result) { "AUTHORISED" }
+
+      context "and the authorisation notification has already been received" do
+        let(:payment_method) { notification.payment_method }
+
+        let(:notification) do
+          create(
+            :notification,
+            notification_type,
+            psp_reference: psp_reference,
+            merchant_reference: order.number)
+        end
+
+        shared_examples "auth received" do
+          include_examples "payment is successful"
+
+          it "processes the notification" do
+            expect { subject }.
+              to change { notification.reload.processed }.
+              from(false).
+              to(true)
+          end
+        end
+
+        context "and payment method is sofort" do
+          let(:notification_type) { :sofort_auth }
+          include_examples "auth received"
+        end
+
+        context "and payment method is ideal" do
+          let(:notification_type) { :ideal_auth }
+          include_examples "auth received"
+        end
+
+        context "and payment method is credit" do
+          let(:notification_type) { :auth }
+          include_examples "auth received"
+        end
+      end
+    end
+
+    context "when the payment is PENDING" do
+      include_examples "payment is successful"
+      include_examples "payments are pending"
+      let(:auth_result) { "PENDING" }
+    end
+
+    shared_examples "payment is not successful" do
+      it "does not change order state" do
+        expect{ subject }.to_not change{ order.state }
+      end
+
+      it "redirects to the order payment page" do
+        is_expected.to have_http_status(:redirect).
+          and redirect_to checkout_state_path("payment")
+      end
+    end
+
+    context "when the payment is CANCELLED" do
+      include_examples "payment is not successful"
+      let(:auth_result) { "CANCELLED" }
+    end
+
+    context "when the payment is REFUSED" do
+      include_examples "payment is not successful"
+      let(:auth_result) { "REFUSED" }
+    end
+  end
+end

data/spec/factories/active_merchant_billing_response.rb

@@ -0,0 +1,23 @@
+FactoryGirl.define do
+  factory(
+    :active_merchant_billing_response,
+    aliases: ["am_response"],
+    class: "ActiveMerchant::Billing::Response"
+  ) do
+    skip_create
+    params Hash.new
+    options Hash.new
+    message ""
+
+    initialize_with { new(success, message, params, options) }
+
+    trait :success do
+      success true
+    end
+
+    trait :failure do
+      success false
+      message "This is an expected failure"
+    end
+  end
+end

data/spec/factories/adyen_notification.rb

@@ -0,0 +1,91 @@
+# https://docs.adyen.com/display/TD/Notification+fields
+FactoryGirl.define do
+  factory :adyen_notification, aliases: [:notification] do
+     live false
+     psp_reference { SecureRandom.hex }
+     original_reference nil
+     merchant_reference "R000000000"
+     merchant_account_code "MyMerchantAccount"
+     event_date 30.seconds.ago
+     success true
+     payment_method "amex"
+     operations ""
+     currency "USD"
+     value 2599
+     reason ""
+     processed false
+     created_at DateTime.now
+     updated_at DateTime.now
+
+     transient do
+       payment nil
+     end
+
+     before(:create) do |record, evaluator|
+       if evaluator.payment
+         record.merchant_reference = evaluator.payment.order.number
+       end
+     end
+
+     trait :normal_event do
+       before(:create) do |record, evaluator|
+         if evaluator.payment
+           record.psp_reference = evaluator.payment.response_code
+         end
+       end
+     end
+
+     trait :modification_event do
+       before(:create) do |record, evaluator|
+         if evaluator.payment
+           record.original_reference = evaluator.payment.response_code
+         end
+       end
+     end
+
+     trait :auth do
+       normal_event
+       event_code "AUTHORISATION"
+       operations "CANCEL,CAPTURE,REFUND"
+       reason "31893:0002:8/2018"
+     end
+
+     trait :sofort_auth do
+       auth
+       event_code "AUTHORISATION"
+       payment_method "directEbanking"
+       operations nil
+       reason nil
+     end
+
+     trait :bank_auth do
+       auth
+       operations "REFUND"
+     end
+
+     trait :ideal_auth do
+       bank_auth
+       payment_method "ideal"
+     end
+
+     trait :capture do
+       modification_event
+       event_code "CAPTURE"
+     end
+
+     trait :cancel_or_refund do
+       modification_event
+       event_code "CANCEL_OR_REFUND"
+     end
+
+     trait :refund do
+       modification_event
+       event_code "REFUND"
+     end
+
+     trait :pending do
+       normal_event
+       event_code "PENDING"
+     end
+  end
+end

data/spec/factories/spree_adyen_hpp_source.rb

@@ -0,0 +1,15 @@
+FactoryGirl.define do
+  factory :spree_adyen_hpp_source, aliases: [:hpp_source], class: "Spree::Adyen::HppSource" do
+    skin_code "XXXXXXXX"
+    shopper_locale "en_GB"
+    auth_result "AUTHORISED"
+    psp_reference { SecureRandom.hex }
+    merchant_sig "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+    payment_method "amex"
+    order
+
+    trait :sofort do
+      payment_method "directEbanking"
+    end
+  end
+end

data/spec/factories/spree_gateway_adyen_hpp.rb

@@ -0,0 +1,23 @@
+FactoryGirl.define do
+  factory :spree_gateway_adyen_hpp, aliases: [:hpp_gateway],
+    class: "Spree::Gateway::AdyenHPP" do
+    name "Adyen"
+    environment "test"
+    preferences(
+      skin_code: "XXXXX",
+      shared_secret: "1234",
+      merchant_account: "XXXX",
+      days_to_ship: 3
+    )
+
+    trait :env_configured do
+      preferred_test_mode true
+      preferred_days_to_ship 1
+      preferred_api_password { ENV.fetch("ADYEN_API_PASSWORD") }
+      preferred_api_username { ENV.fetch("ADYEN_API_USERNAME") }
+      preferred_merchant_account { ENV.fetch("ADYEN_MERCHANT_ACCOUNT") }
+      preferred_shared_secret { ENV.fetch("ADYEN_SKIN_CODE") }
+      preferred_skin_code { ENV.fetch("ADYEN_SKIN_CODE") }
+    end
+  end
+end

data/spec/factories/spree_payment.rb

@@ -0,0 +1,13 @@
+FactoryGirl.define do
+  factory :hpp_payment, parent: :payment do
+    association :payment_method, factory: :hpp_gateway
+    association :source, factory: :hpp_source
+    order
+
+    before :create do |record, _|
+      # these associations/keys are awful and are making this difficult
+      record.source.order = record.order
+      record.source.merchant_reference = record.order.number
+    end
+  end
+end

data/spec/lib/spree/adyen/form_spec.rb

@@ -0,0 +1,214 @@
+require "spec_helper"
+
+RSpec.describe Spree::Adyen::Form do
+  let(:order) { create :order, total: 39.98 }
+  let(:payment_method) { create :hpp_gateway, preferences: preferences }
+  let(:preferences){
+    {server: "test",
+     test_mode: true,
+     api_username: "username",
+     api_password: "password",
+     merchant_account: "account",
+     skin_code: "XXXXXX",
+     shared_secret: "1234567890",
+     days_to_ship: 3}
+  }
+
+  describe "directory_url" do
+    let(:expected) do
+      redirect_params = {
+        currency_code: order.currency,
+        ship_before_date: 3.days.from_now,
+        session_validity: 10.minutes.from_now,
+        recurring: false,
+        merchant_reference: order.number.to_s,
+        merchant_account: payment_method.merchant_account,
+        skin_code: payment_method.skin_code,
+        shared_secret: payment_method.shared_secret,
+        country_code: order.billing_address.country.iso,
+        merchant_return_data: merchant_return_data,
+        payment_amount: 3998
+      }
+
+       ::Adyen::Form.redirect_url(redirect_params)
+    end
+
+    let(:merchant_return_data) do
+      [order.guest_token, payment_method.id].join("|")
+    end
+
+    subject { described_class.directory_url order, payment_method  }
+
+    it "has the same query options as Adyen gem's" do
+      expect(hash_query subject).to eq hash_query expected
+    end
+
+    it "has the proper protocol" do
+      expect(URI(subject).scheme).to eq "https"
+    end
+
+    it "the right host" do
+      expect(URI(subject).host).to eq "test.adyen.com"
+    end
+
+    context "when in production" do
+      before do
+        payment_method.preferences[:server] = "live"
+      end
+
+      it "has the proper protocol and host" do
+        expect(URI(subject).host).to eq "live.adyen.com"
+      end
+    end
+  end
+
+  describe "payment_methods" do
+    let(:adyen_response) { '{ "test": "response" }' }
+    let(:fake_directory_url) { "www.directory-url.com" }
+
+    before do
+      allow(described_class).to receive(:directory_url).
+        and_return(fake_directory_url)
+      allow(::Net::HTTP).to receive(:get).
+        with(fake_directory_url).
+        and_return(adyen_response)
+    end
+
+    subject { described_class.send(:payment_methods, order, payment_method) }
+
+    it "calls form_payment_methods_and_urls with adyen response" do
+      expect(described_class).to receive(:form_payment_methods_and_urls).
+        with({ "test" => "response" }, order, payment_method)
+      subject
+    end
+  end
+
+  describe "form_payment_methods_and_urls" do
+    let(:payment_url) { "www.test-url.com" }
+    let(:issuer_payment_url) { "www.issuer-test-url.com" }
+
+    before do
+      allow(described_class).to receive(:details_url).
+        and_return(payment_url)
+      allow(described_class).to receive(:details_url_with_issuer).
+        and_return(issuer_payment_url)
+
+    end
+
+    subject { described_class.send(
+      :form_payment_methods_and_urls,
+      adyen_response,
+      order,
+      payment_method
+    ) }
+
+    context "payment method without issuers" do
+      let(:adyen_response) {
+        {
+          "paymentMethods" => [
+            {
+              "brandCode" => "paypal",
+              "name" => "PayPal"
+            }
+          ]
+        }
+      }
+
+      it "returns processed response with urls" do
+        expect(subject).to eq [
+          {
+            name: "PayPal",
+            brand_code: "paypal",
+            payment_url: payment_url,
+            issuers: []
+          }
+        ]
+      end
+    end
+
+    context "payment method with issuers" do
+      let(:adyen_response) {
+        {
+          "paymentMethods" => [
+            {
+              "brandCode" => "ideal",
+              "name" => "iDEAL",
+              "issuers" => [
+                {
+                  "name" => "issuer01",
+                  "issuerId" => "1157"
+                },
+                {
+                  "name" => "issuer02",
+                  "issuerId" => "1184"
+                }
+              ]
+            }
+          ]
+        }
+      }
+
+      it "returns processed response with urls" do
+        expect(subject).to eq [
+          {
+            name: "iDEAL",
+            brand_code: "ideal",
+            payment_url: payment_url,
+            issuers: [
+              {
+                name: "issuer01",
+                payment_url: issuer_payment_url
+              },
+              {
+                name: "issuer02",
+                payment_url: issuer_payment_url
+              }
+            ]
+          }
+        ]
+      end
+    end
+  end
+
+  describe "details_url" do
+    let(:brand_code) { "paypal" }
+    subject {
+      described_class.details_url(order, payment_method, brand_code)
+    }
+
+    it "calls endpoint url with the expected params" do
+      expect(described_class).to receive(:endpoint_url).
+        with("details", order, payment_method, { brandCode: "paypal" })
+      subject
+    end
+  end
+
+  describe "details_url_with_issuer" do
+    let(:issuer_id) { "1654" }
+    let(:brand_code) { "paypal" }
+
+    subject {
+      described_class.details_url_with_issuer(
+        order,
+        payment_method,
+        brand_code,
+        issuer_id
+      )
+    }
+
+    it "calls endpoint url with the expected params" do
+      expect(described_class).to receive(:endpoint_url).
+        with(
+          "details",
+          order,
+          payment_method,
+          { brandCode: "paypal", issuerId: "1654" }
+        )
+      subject
+    end
+  end
+
+  def hash_query url
+    CGI::parse URI(url).query
+  end
+end