solidus_bolt 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 94b2a582685d844a4e3c0b9f5db529400eebffc1c546a0783f68629fa74ca74b
+  data.tar.gz: 5e9b74ce81c07973564709d65920c17ec2fc44d92076c9914eb4da440fee3251
+SHA512:
+  metadata.gz: 4ba2a650993c03f57b304f8f0b3bef38654bdba35ae24d9f155404d5994f1328f8736ce387db46ef16a27454740d9205039256c6ea3535e270c964cedb998106
+  data.tar.gz: abb020bf31418d56d460de9dc07a3e83ce54473ddbc6750e011d51a47abc37a0ffdc62c2f5b73f4417fa86a4823fec9404ea4db0be7d0f01a35333c10ca90c40

data/.circleci/config.yml

@@ -0,0 +1,41 @@
+version: 2.1
+
+orbs:
+  # Always take the latest version of the orb, this allows us to
+  # run specs against Solidus supported versions only without the need
+  # to change this configuration every time a Solidus version is released
+  # or goes EOL.
+  solidusio_extensions: solidusio/extensions@0.2.27
+
+jobs:
+  run-specs-with-postgres:
+    executor: solidusio_extensions/postgres
+    steps:
+      - solidusio_extensions/run-tests
+  run-specs-with-mysql:
+    executor: solidusio_extensions/mysql
+    steps:
+      - solidusio_extensions/run-tests
+  lint-code:
+    executor: solidusio_extensions/sqlite-memory
+    steps:
+      - solidusio_extensions/lint-code
+
+workflows:
+  "Run specs on supported Solidus versions":
+    jobs:
+      - run-specs-with-postgres
+      - run-specs-with-mysql
+      - lint-code
+
+  "Weekly run specs against master":
+    triggers:
+      - schedule:
+          cron: "0 0 * * 4" # every Thursday
+          filters:
+            branches:
+              only:
+                - master
+    jobs:
+      - run-specs-with-postgres
+      - run-specs-with-mysql

data/.gem_release.yml

@@ -0,0 +1,5 @@
+bump:
+  recurse: false
+  file: 'lib/solidus_bolt/version.rb'
+  message: Bump SolidusBolt to %{version}
+  tag: true

data/.github/stale.yml

@@ -0,0 +1,17 @@
+# Number of days of inactivity before an issue becomes stale
+daysUntilStale: 60
+# Number of days of inactivity before a stale issue is closed
+daysUntilClose: false
+# Issues with these labels will never be considered stale
+exemptLabels:
+  - pinned
+  - security
+# Label to use when marking an issue as stale
+staleLabel: stale
+# Comment to post when marking an issue as stale. Set to `false` to disable
+markComment: >
+  This issue has been automatically marked as stale because it has not had
+  recent activity. It might be closed if no further activity occurs. Thank you
+  for your contributions.
+# Comment to post when closing a stale issue. Set to `false` to disable
+closeComment: false

data/.github_changelog_generator

@@ -0,0 +1,2 @@
+issues=false
+exclude-labels=infrastructure

data/.gitignore

@@ -0,0 +1,20 @@
+*.gem
+\#*
+*~
+.#*
+.DS_Store
+.idea
+.project
+.sass-cache
+coverage
+Gemfile.lock
+tmp
+nbproject
+pkg
+*.swp
+spec/dummy
+spec/examples.txt
+/sandbox
+.rvmrc
+.ruby-version
+.ruby-gemset

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,11 @@
+require:
+  - solidus_dev_support/rubocop
+
+AllCops:
+  NewCops: disable
+
+RSpec/MultipleMemoizedHelpers:
+  Enabled: false
+
+RSpec/MultipleExpectations:
+  Max: 5

data/CHANGELOG.md

@@ -0,0 +1 @@
+# Changelog

data/Gemfile

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+git_source(:github) { |repo| "https://github.com/#{repo}.git" }
+
+branch = ENV.fetch('SOLIDUS_BRANCH', 'master')
+gem 'solidus', github: 'solidusio/solidus', branch: branch
+
+# Needed to help Bundler figure out how to resolve dependencies,
+# otherwise it takes forever to resolve them.
+# See https://github.com/bundler/bundler/issues/6677
+gem 'rails', '>0.a'
+
+# Provides basic authentication functionality for testing parts of your engine
+gem 'solidus_auth_devise'
+
+case ENV['DB']
+when 'mysql'
+  gem 'mysql2'
+when 'postgresql'
+  gem 'pg'
+else
+  gem 'sqlite3'
+end
+
+gemspec
+
+# Use a local Gemfile to include development dependencies that might not be
+# relevant for the project or for other contributors, e.g. pry-byebug.
+#
+# We use `send` instead of calling `eval_gemfile` to work around an issue with
+# how Dependabot parses projects: https://github.com/dependabot/dependabot-core/issues/1658.
+send(:eval_gemfile, 'Gemfile-local') if File.exist? 'Gemfile-local'

data/LICENSE

@@ -0,0 +1,26 @@
+Copyright (c) 2022 [name of plugin creator]
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name Solidus nor the names of its contributors may be used to
+      endorse or promote products derived from this software without specific
+      prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/README.md

@@ -0,0 +1,175 @@
+# Solidus Bolt
+
+[![CircleCI](https://circleci.com/gh/solidusio-contrib/solidus_bolt.svg?style=shield)](https://circleci.com/gh/solidusio-contrib/solidus_bolt)
+[![codecov](https://codecov.io/gh/solidusio-contrib/solidus_bolt/branch/master/graph/badge.svg)](https://codecov.io/gh/solidusio-contrib/solidus_bolt)
+
+<!-- Explain what your extension does. -->
+
+## Installation
+
+Add solidus_bolt to your Gemfile:
+
+```ruby
+gem 'solidus_bolt'
+```
+
+Bundle your dependencies and run the installation generator (before running the following command, we recommend setting up the environment variables and seeds as described in the sections below): 
+
+```shell
+bin/rails generate solidus_bolt:install
+```
+
+## Usage
+
+### Setting up Bolt Configuration
+
+Many of the API calls handled by this gem use the variables set in Bolt Configuration. Since this extension's seeds automatically generate a Bolt Configuration, the easiest and safest way to configure it would be by setting the following environment variables:
+
+```
+BOLT_BEARER_TOKEN
+BOLT_ENVIRONMENT
+BOLT_MERCHANT_PUBLIC_ID
+BOLT_DIVISION_PUBLIC_ID
+BOLT_API_KEY
+BOLT_SIGNING_SECRET
+BOLT_PUBLISHABLE_KEY
+```
+
+Alternatively you can setup the Bolt Configuration manually by visiting `/admin/bolt`
+
+### Using solidus_bolt Seeds
+
+Provided you setup the environment variables, you can simplify the setup of a Bolt application by running the [gem's seeds](https://github.com/nebulab/solidus_bolt/blob/master/db/seeds.rb). This will automatically create the following:
+
+- BoltConfiguration
+- AuthenticationMethod
+- PaymentMethod
+
+You can run solidus_bolt's seeds either by running 
+```shell
+bin/rails db:seed:solidus_bolt
+``` 
+or by adding the following line to your seed file: 
+```ruby
+SolidusBolt::Engine.load_seed if defined?(SolidusBolt)
+```
+
+### Creating a new Payment Method
+
+Assuming you've used environment variables to configure your Bolt Configuration, creating a Bolt payment method is very easy:
+
+1. Visit `/admin/payment_methods/new`
+2. Set `provider` to SolidusBolt::PaymentMethod
+3. Click "Save"
+4. Choose `bolt_credentials` from the `Preference Source` select
+5. Click `Update` to save
+
+If you've instead decided to setup the Bolt Configuration manually, follow the same process mentioned above but at step 4 pick `bolt_config_credentials` instead of `bolt_credentials`.
+
+In both cases you can alternatively create a payment method from the Rails console with:
+
+```ruby
+SolidusBolt::PaymentMethod.create(
+  name: "Bolt",
+  preference_source: "bolt_credentials" # or "bolt_config_credentials"
+)
+```
+
+The final (not recommended) option is to not select any `Preference Source` at step 4 and instead fill up the inputs manually.
+
+### How to set the webhooks
+
+(For latest up to date guide check [Bolt's Documentation](https://help.bolt.com/developers/guides/webhooks/))
+
+1. Login to your [Bolt Merchant Dashboard](https://merchant.bolt.com/).
+
+2. Navigate to **Developers**.
+
+3. Scroll to **Merchant API**.
+
+4. Add your webhook endpoints (by default it's your store's url plus `/webhooks/bolt`)
+
+Important use cases include:
+
+- Notifying your e-commerce store when a transaction has been approved or rejected by Bolt.
+- Sending your e-commerce store with the `transaction_id`, which is necessary for back-office operations.
+- Sending your e-commerce store more information about a transaction such as credit card details.
+
+## Development
+
+### Testing the extension
+
+First bundle your dependencies, then run `bin/rake`. `bin/rake` will default to building the dummy
+app if it does not exist, then it will run specs. The dummy app can be regenerated by using
+`bin/rake extension:test_app`.
+
+```shell
+bin/rake
+```
+
+To run [Rubocop](https://github.com/bbatsov/rubocop) static code analysis run
+
+```shell
+bundle exec rubocop
+```
+
+When testing your application's integration with this extension you may use its factories.
+Simply add this require statement to your `spec/spec_helper.rb`:
+
+```ruby
+require 'solidus_bolt/testing_support/factories'
+```
+
+Or, if you are using `FactoryBot.definition_file_paths`, you can load Solidus core
+factories along with this extension's factories using this statement:
+
+```ruby
+SolidusDevSupport::TestingSupport::Factories.load_for(SolidusBolt::Engine)
+```
+
+#### Special Tests
+
+A few tests in the test suite require some additional steps to execute successfully when they are modified. These are listed below along with the steps needed to execute these tests.
+
+- `/spec/services/solidus_bolt/accounts/detail_service_spec.rb`
+This test requires a valid `bolt_access_token` to execute successfully when modified.
+Follow the steps below to get a `bolt_access_token`.
+  1. Login as a User using a Bolt Account.
+  2. Put a `binding.pry` on any view.
+  3. Print `session['bolt_access_token']` in the pry console.
+  4. Copy the result and set the value of the environment variable `BOLT_ACCESS_TOKEN` to this result.
+
+### Running the sandbox
+
+To run this extension in a sandboxed Solidus application, you can run `bin/sandbox`. The path for
+the sandbox app is `./sandbox` and `bin/rails` will forward any Rails commands to
+`sandbox/bin/rails`.
+
+Here's an example:
+
+```
+$ bin/rails server
+=> Booting Puma
+=> Rails 6.0.2.1 application starting in development
+* Listening on tcp://127.0.0.1:3000
+Use Ctrl-C to stop
+```
+
+### Updating the changelog
+
+Before and after releases the changelog should be updated to reflect the up-to-date status of
+the project:
+
+```shell
+bin/rake changelog
+git add CHANGELOG.md
+git commit -m "Update the changelog"
+```
+
+### Releasing new versions
+
+Please refer to the dedicated [page](https://github.com/solidusio/solidus/wiki/How-to-release-extensions) on Solidus wiki.
+
+## License
+
+Copyright (c) 2022 [name of extension author], released under the New BSD License.

data/Rakefile

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+require 'solidus_dev_support/rake_tasks'
+SolidusDevSupport::RakeTasks.install
+
+task default: 'extension:specs'

data/app/assets/javascripts/authorize_account.js

@@ -0,0 +1,74 @@
+class AuthorizeAccount {
+  constructor(emailField, pubKey, domain) {
+    this.emailField = emailField;
+    this.pubKey = pubKey;
+    this.domain = domain;
+  }
+
+  async accessRequest() {
+    const boltEmbedded = Bolt(this.pubKey);
+
+    if (this.emailField) {
+      const email = this.emailField.value
+      const encodedEmail = encodeURIComponent(email);
+      // Call the endpoint to check if the email already exist on bolt
+      const response = await fetch(this.domain + "/v1/account/exists?email=" + encodedEmail);
+      const responseAsJson = await response.json();
+      this.removeBoltLoginButton();
+
+      if(responseAsJson.has_bolt_account) {
+        // SHOW THE SIGN IN WITH BOLT BUTTON
+        const boltButton = this.createBoltLoginButton();
+        boltButton.addEventListener('click', async (e) => {
+          e.preventDefault();
+
+          this.emailField.parentNode.setAttribute("class", "email-div")
+          let authorizationComponent = boltEmbedded.create("authorization_component", {style: "callout"});
+          await authorizationComponent.mount(".email-div");
+          // start OTP modal
+          let authorizationResponse = await authorizationComponent.authorize({"email": email});
+          if (authorizationResponse) {
+
+            const authorizationCode = authorizationResponse.authorizationCode;
+            const scope = authorizationResponse.scope ;
+
+            document.location.href = `/users/auth/bolt/callback?authorization_code=${authorizationCode}&scope=${scope}`
+          }
+        });
+      }
+    }
+  }
+
+  removeBoltLoginButton() {
+    const parentNode = this.emailField.parentNode;
+    const eleList = parentNode.getElementsByClassName('bolt-ele');
+
+    while(eleList[0]) {
+      parentNode.removeChild(eleList[0]);
+    }
+  }
+
+  createBoltLoginButton() {
+    const parentNode = this.emailField.parentNode;
+    const p = document.createElement('p');
+    const button = document.createElement('button');
+
+    p.innerHTML = 'Hey, we detected that you have a Bolt acocunt. Do you want to login with your Bolt account ?';
+    p.className = 'bolt-ele';
+    button.innerHTML = 'Login with Bolt';
+    button.className = 'btn btn-primary bolt-ele';
+
+    parentNode.appendChild(p);
+    parentNode.appendChild(button);
+
+    return button;
+  }
+
+  async hasBoltAccount(email) {
+    const encodedEmail = encodeURIComponent(email);
+    // Call the endpoint to check if the email already exist on bolt
+    const response = await fetch(this.domain + "/v1/account/exists?email=" + encodedEmail);
+    const responseAsJson = await response.json();
+    return responseAsJson.has_bolt_account
+  }
+}

data/app/assets/javascripts/solidus_bolt.js

@@ -0,0 +1,91 @@
+let createBoltAccount = false;
+
+const displayBoltInput = (paymentField, boltContainer, accountCheckbox) => {
+  paymentField.mount(boltContainer);
+  const statusContainer = document.getElementById("payment-status-container");
+  statusContainer.style.display = "";
+
+  if (accountCheckbox) {
+    accountCheckbox.mount("#account-checkbox")
+  }
+}
+
+const tokenize = async (paymentField, paymentMethodId, frontend) => {
+  await paymentField.tokenize()
+  .then((result) => {
+    if (result["token"]) {
+      updateOrder(result, paymentMethodId, frontend)
+    } else {
+      console.log(`error ${result["type"]}: ${result["message"]}`);
+    }
+  });
+}
+
+const redirectToNextStep = (frontend) => {
+  if (frontend) {
+    window.location.href = '/checkout/confirm';
+  } else {
+    window.location.href = `/admin/orders/${Spree.current_order_id}/payments`
+  }
+}
+
+const updateOrder = async (card, paymentMethodId, frontend) => {
+  await fetch(`/api/checkouts/${Spree.current_order_id}`, {
+    method: 'PATCH',
+    headers: {
+      'Content-Type': 'application/json',
+      'X-Spree-Order-Token': Spree.current_order_token
+    },
+    body: JSON.stringify({
+      'order': {
+        'payments_attributes': [{
+          'payment_method_id': paymentMethodId,
+          'source_attributes': {
+            'card_token': card['token'],
+            'card_last4': card['last4'],
+            'card_bin': card['bin'],
+            'card_number': card['number'],
+            'card_expiration': card['expiration'],
+            'card_postal_code': card['postal_code'],
+            'create_bolt_account': createBoltAccount
+          }
+        }]
+      }
+    })
+  })
+  .then(() => {
+    redirectToNextStep(frontend)
+  })
+  .catch((response) => {
+    console.log('Error updating order')
+    console.log(response)
+  });
+}
+
+document.addEventListener("DOMContentLoaded", async function () {
+  const boltContainer = document.getElementById("bolt-container");
+
+  if (boltContainer) {
+    const boltEmbedded = Bolt(boltContainer.dataset.publishableKey);
+    let accountCheckbox = null;
+    const frontend = boltContainer.dataset.frontend == "true" ? true : false;
+    const paymentMethodId = boltContainer.dataset.paymentMethodId
+    const cardButton = document.getElementById("bolt-card-button");
+
+    if(boltContainer.dataset["boltUserSignedIn"] != "true") {
+      accountCheckbox = boltEmbedded.create("account_checkbox");
+      accountCheckbox.on("change", checked => createBoltAccount = checked);
+    }
+    cardButton.addEventListener("click", () => {
+      const submitButton = document.getElementById("bolt-submit-button")
+      const paymentField = boltEmbedded.create("payment_component");
+      displayBoltInput(paymentField, boltContainer, accountCheckbox);
+      cardButton.style.display = 'none';
+
+      submitButton.addEventListener("click", () => {
+        tokenize(paymentField, paymentMethodId, frontend);
+        submitButton.disabled = true;
+      })
+    })
+  }
+})

data/app/assets/javascripts/spree/backend/solidus_bolt.js

@@ -0,0 +1,4 @@
+// Placeholder manifest file.
+// the installer will append this file to the app vendored assets here: vendor/assets/javascripts/spree/backend/all.js'
+
+//= require solidus_bolt

data/app/assets/javascripts/spree/frontend/solidus_bolt.js

@@ -0,0 +1,18 @@
+// Placeholder manifest file.
+// the installer will append this file to the app vendored assets here: vendor/assets/javascripts/spree/frontend/all.js'
+
+//= require solidus_bolt
+//= require authorize_account
+
+const publishableKey = document.querySelector("meta[name=bolt-publishable-key]").getAttribute("content");
+const domain = document.querySelector("meta[name=bolt-domain]").getAttribute("content");
+
+document.addEventListener('DOMContentLoaded', function () {
+  const emailField = document.getElementById('spree_user_email');
+  if (emailField) {
+    emailField.onblur = async function () {
+      const authorize = new AuthorizeAccount(emailField, publishableKey, domain);
+      await authorize.accessRequest();
+    }
+  }
+})

data/app/assets/stylesheets/spree/backend/solidus_bolt.css

@@ -0,0 +1,4 @@
+/*
+Placeholder manifest file.
+the installer will append this file to the app vendored assets here: 'vendor/assets/stylesheets/spree/backend/all.css'
+*/

data/app/assets/stylesheets/spree/frontend/solidus_bolt.css

@@ -0,0 +1,4 @@
+/*
+Placeholder manifest file.
+the installer will append this file to the app vendored assets here: 'vendor/assets/stylesheets/spree/frontend/all.css'
+*/

data/app/controllers/solidus_bolt/accounts_controller.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module SolidusBolt
+  class AccountsController < BaseController
+    def create
+      Spree::User.find_by!(email: permitted_params[:email])
+
+      head :ok
+    end
+
+    private
+
+    def permitted_params
+      params[:account]
+    end
+  end
+end

data/app/controllers/solidus_bolt/base_controller.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require 'base64'
+
+module SolidusBolt
+  class BaseController < ::Spree::Api::BaseController
+    skip_before_action :authenticate_user
+    skip_before_action :verify_authenticity_token
+    before_action :verify_bolt_request
+
+    private
+
+    def verify_bolt_request
+      hmac_header = request.headers['X-Bolt-Hmac-Sha256']
+      signing_secret = SolidusBolt::BoltConfiguration.fetch&.signing_secret || ''
+      computed_hmac = Base64.encode64(OpenSSL::HMAC.digest("SHA256", signing_secret, permitted_params.to_json)).strip
+
+      return render json: { error: 'Unauthorized request' }, status: :unauthorized unless hmac_header == computed_hmac
+    end
+  end
+end

data/app/controllers/solidus_bolt/webhooks_controller.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module SolidusBolt
+  class WebhooksController < BaseController
+    def update
+      ::SolidusBolt::Sorter.call(permitted_params)
+
+      render json: {}, status: :ok
+    rescue StandardError => e
+      error_message = e.to_s
+      logger.error error_message
+      render json: { error: error_message }, status: :unprocessable_entity
+    end
+
+    private
+
+    def permitted_params
+      params[:webhook]
+    end
+  end
+end

data/app/controllers/spree/admin/bolt_webhooks_controller.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module Spree
+  module Admin
+    class BoltWebhooksController < Spree::Admin::BaseController
+      def new; end
+
+      def create
+        response = SolidusBolt::Webhooks::CreateService.call(
+          event: bolt_webhook_params[:event],
+          url: bolt_webhook_params[:webhook_url]
+        )
+        flash[:success] = "Successfully created webhook. Webhook ID #{response['webhook_id']}"
+
+        render :new
+      rescue SolidusBolt::ServerError => e
+        flash[:error] = e.message
+
+        render :new
+      end
+
+      private
+
+      def bolt_webhook_params
+        params
+          .require(:bolt_webhook)
+          .permit(
+            :event,
+            :webhook_url,
+          )
+      end
+    end
+  end
+end