solidus_signifyd 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: e7c186c4c9b430760dabce1a20c7b0d6619241de
+  data.tar.gz: fa6036cd2c018e312763b158926f201f26973adf
+SHA512:
+  metadata.gz: 49806f09e4991a97f8ac9605c8b9ecbac09384477f9391649a9f79e97c553baeee02e676cb223ed62dc16264d9992b1e45ec11f236b23ae6e68dfa52d83df917
+  data.tar.gz: 7cdc4844d2b1649be005514ad4cc213316faabda99675bfa24e614b9a32ff1d5554248cb71ea7e208cc63adbdf94216aa0d40696933a469bbb6999ca1f3a862c

data/.gitignore

@@ -0,0 +1,15 @@
+*.gem
+\#*
+*~
+.#*
+.DS_Store
+.idea
+.project
+.sass-cache
+coverage
+Gemfile.lock
+tmp
+nbproject
+pkg
+*.swp
+spec/dummy

data/.rspec

@@ -0,0 +1 @@
+--color

data/.ruby-version

@@ -0,0 +1 @@
+2.1.7

data/Gemfile

@@ -0,0 +1,10 @@
+source 'https://rubygems.org'
+
+gem "solidus", git: "git@github.com:solidusio/solidus.git", branch: "v1.0"
+gem "solidus_auth_devise", "~> 1.0"
+
+group :development, :test do
+  gem "pry-rails"
+end
+
+gemspec

data/LICENSE

@@ -0,0 +1,26 @@
+Copyright (c) 2014 Bonobos, Inc.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name Bonobos nor the names of its contributors may be used to
+      endorse or promote products derived from this software without specific
+      prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/README.md

@@ -0,0 +1,32 @@
+Solidus Signifyd
+================
+
+Integration with Signifyd that implements a fraud check prior to marking a
+shipment as ready to be shipped.
+
+Installation
+------------
+
+In your Gemfile:
+
+```ruby
+gem "solidus_signifyd"
+```
+
+Bundle your dependencies and run the installation generator:
+
+```shell
+bundle
+bundle exec rails g solidus_signifyd:install
+```
+
+Testing
+-------
+
+First bundle your dependencies, then run `rake`. `rake` will default to
+building the dummy app if it does not exist, then it will run specs. The dummy
+app can be regenerated by using `rake test_app`.
+
+```shell
+bundle exec rake
+```

data/Rakefile

@@ -0,0 +1,21 @@
+require 'bundler'
+Bundler::GemHelper.install_tasks
+
+require 'rspec/core/rake_task'
+require 'spree/testing_support/extension_rake'
+
+RSpec::Core::RakeTask.new
+
+task :default do
+  if Dir["spec/dummy"].empty?
+    Rake::Task[:test_app].invoke
+    Dir.chdir("../../")
+  end
+  Rake::Task[:spec].invoke
+end
+
+desc 'Generates a dummy app for testing'
+task :test_app do
+  ENV['LIB_NAME'] = 'solidus_signifyd'
+  Rake::Task['extension:test_app'].invoke
+end

data/app/controllers/spree/api/spree_signifyd/orders_controller.rb

@@ -0,0 +1,54 @@
+module Spree::Api::SpreeSignifyd
+  class OrdersController < ActionController::Base
+    include SpreeSignifyd::RequestVerifier
+
+    respond_to :json
+
+    before_filter :authorize, :load_order, :order_canceled_or_shipped
+
+    def update
+      SpreeSignifyd.set_score(order: @order, score: score)
+
+      if is_fraudulent?
+        @order.cancel!
+      elsif should_approve?
+        SpreeSignifyd.approve(order: @order)
+      end
+
+      render nothing: true, status: 200
+    end
+
+    private
+
+    def authorize
+      request_sha = request.headers['HTTP_HTTP_X_SIGNIFYD_HMAC_SHA256']
+      computed_sha = build_sha(SpreeSignifyd::Config[:api_key], encode_request(request.raw_post))
+
+      head 401 unless Devise.secure_compare(request_sha, computed_sha)
+    end
+
+    def load_order
+      head 404 unless @order = Spree::Order.find_by(number: body['orderId'])
+    end
+
+    def order_canceled_or_shipped
+      head 200 if @order.shipped? || @order.canceled?
+    end
+
+    def body
+      @body ||= JSON.parse(request.raw_post)
+    end
+
+    def is_fraudulent?
+      body['reviewDisposition'] == 'FRAUDULENT'
+    end
+
+    def should_approve?
+      body['reviewDisposition'] == 'GOOD' || SpreeSignifyd.score_above_threshold?(score)
+    end
+
+    def score
+      body['adjustedScore']
+    end
+  end
+end

data/app/models/spree/order_decorator.rb

@@ -0,0 +1 @@
+Spree::Order.include SpreeSignifyd::OrderConcerns

data/app/models/spree/signifyd_configuration.rb

@@ -0,0 +1,6 @@
+module Spree
+  class SignifydConfiguration < Preferences::Configuration
+    preference :api_key, :string
+    preference :signifyd_score_threshold, :integer, default: 500 # Signifyd's recommended threshold
+  end
+end

data/app/models/spree_signifyd/order_concerns.rb

@@ -0,0 +1,23 @@
+module SpreeSignifyd::OrderConcerns
+  extend ActiveSupport::Concern
+
+  included do
+    Spree::Order.state_machine.after_transition to: :complete, unless: :approved? do |order, transition|
+      SpreeSignifyd.create_case(order_number: order.number)
+    end
+
+    has_one :signifyd_order_score, class_name: "SpreeSignifyd::OrderScore"
+
+    prepend(InstanceMethods)
+  end
+
+  module InstanceMethods
+    def is_risky?
+      !(awaiting_approval? || approved?)
+    end
+
+    def awaiting_approval?
+      !signifyd_order_score
+    end
+  end
+end

data/app/models/spree_signifyd/order_score.rb

@@ -0,0 +1,9 @@
+module SpreeSignifyd
+  class OrderScore < ActiveRecord::Base
+    self.table_name = :spree_signifyd_order_scores
+
+    belongs_to :order, class_name: "Spree::Order"
+    validates :score, numericality: true
+    validates :order, presence: true
+  end
+end

data/app/models/spree_signifyd/shipment_decorator.rb

@@ -0,0 +1,11 @@
+module SpreeSignifyd
+  module ShipmentDecorator
+
+    def determine_state(order)
+      return 'pending' if (pending? || canceled?) && !order.approved?
+      super(order)
+    end
+  end
+end
+
+Spree::Shipment.prepend SpreeSignifyd::ShipmentDecorator

data/app/overrides/admin_order_signifyd_risk_analysis.rb

@@ -0,0 +1,6 @@
+Deface::Override.new(
+  virtual_path: "spree/admin/orders/_risk_analysis",
+  name: "admin_order_signifyd_risk_analysis",
+  insert_bottom: "[data-hook='order_details_adjustments']",
+  partial: "spree/admin/orders/signifyd_score",
+)

data/app/serializers/spree_signifyd/address_serializer.rb

@@ -0,0 +1,20 @@
+require 'active_model/serializer'
+
+module SpreeSignifyd
+  class AddressSerializer < ActiveModel::Serializer
+    self.root = false
+
+    attributes :address
+
+    def address
+      {
+        'streetAddress' => object.address1,
+        'unit' => object.address2,
+        'city' => object.city,
+        'provinceCode' => object.state_text,
+        'postalCode' => object.zipcode,
+        'countryCode' => object.country.iso
+      }
+    end
+  end
+end

data/app/serializers/spree_signifyd/billing_address_serializer.rb

@@ -0,0 +1,13 @@
+require 'active_model/serializer'
+
+module SpreeSignifyd
+  class BillingAddressSerializer < AddressSerializer
+    self.root = false
+
+    def attributes
+      hash = {}
+      hash['billingAddress'] = address
+      hash
+    end
+  end
+end

data/app/serializers/spree_signifyd/credit_card_serializer.rb

@@ -0,0 +1,25 @@
+require 'active_model/serializer'
+
+module SpreeSignifyd
+  class CreditCardSerializer < ActiveModel::Serializer
+    self.root = false
+
+    attributes :cardHolderName, :last4, :expiryMonth, :expiryYear
+
+    def cardHolderName
+      "#{object.first_name} #{object.last_name}"
+    end
+
+    def last4
+      object.last_digits
+    end
+
+    def expiryMonth
+      object.month
+    end
+
+    def expiryYear
+      object.year
+    end
+  end
+end

data/app/serializers/spree_signifyd/delivery_address_serializer.rb

@@ -0,0 +1,14 @@
+require 'active_model/serializer'
+
+module SpreeSignifyd
+  class DeliveryAddressSerializer < AddressSerializer
+    self.root = false
+
+    def attributes
+      hash = {}
+      hash['deliveryAddress'] = address
+      hash['fullName'] = object.full_name
+      hash
+    end
+  end
+end

data/app/serializers/spree_signifyd/line_item_serializer.rb

@@ -0,0 +1,25 @@
+require 'active_model/serializer'
+
+module SpreeSignifyd
+  class LineItemSerializer < ActiveModel::Serializer
+    self.root = false
+
+    attributes :itemId, :itemName, :itemQuantity, :itemPrice
+
+    def itemId
+      object.variant_id
+    end
+
+    def itemName
+      object.name
+    end
+
+    def itemQuantity
+      object.quantity
+    end
+
+    def itemPrice
+      object.price
+    end
+  end
+end

data/app/serializers/spree_signifyd/order_serializer.rb

@@ -0,0 +1,59 @@
+require 'active_model/serializer'
+
+module SpreeSignifyd
+  class OrderSerializer < ActiveModel::Serializer
+    self.root = false
+
+    attributes :purchase, :recipient, :card
+    has_one :user, serializer: SpreeSignifyd::UserSerializer, root: "userAccount"
+
+    def purchase
+      {
+        'browserIpAddress' => object.last_ip_address,
+        'orderId' => object.number,
+        'createdAt' => object.completed_at.utc.iso8601,
+        'currency' => object.currency,
+        'totalPrice' => object.total,
+        'products' => products,
+        'avsResponseCode' => latest_payment.try(:avs_response),
+        'cvvResponseCode' => latest_payment.try(:cvv_response_code)
+      }
+    end
+
+    def recipient
+      recipient = SpreeSignifyd::DeliveryAddressSerializer.new(object.ship_address).serializable_object
+      recipient[:confirmationEmail] = object.email
+      recipient[:fullName] = object.ship_address.full_name
+      recipient
+    end
+
+    def card
+      payment_source = latest_payment.try(:source)
+      card = {}
+
+      if payment_source.present? && payment_source.instance_of?(Spree::CreditCard)
+        card = CreditCardSerializer.new(payment_source).serializable_object
+        card.merge!(SpreeSignifyd::BillingAddressSerializer.new(object.bill_address).serializable_object)
+      end
+
+      card
+    end
+
+    private
+
+    def products
+      order_products = []
+
+      object.line_items.each do |li|
+        serialized_line_item = SpreeSignifyd::LineItemSerializer.new(li).serializable_object
+        order_products << serialized_line_item
+      end
+
+      order_products
+    end
+
+    def latest_payment
+      object.payments.order(:created_at, :id).last
+    end
+  end
+end

data/app/serializers/spree_signifyd/user_serializer.rb

@@ -0,0 +1,44 @@
+require 'active_model/serializer'
+
+module SpreeSignifyd
+  class UserSerializer < ActiveModel::Serializer
+    self.root = false
+
+    attributes :emailAddress, :username, :createdDate, :lastUpdateDate, :lastOrderId, :aggregateOrderCount, :aggregateOrderDollars
+
+    def emailAddress
+      object.email
+    end
+
+    def username
+      object.email
+    end
+
+    def createdDate
+      object.created_at.utc.iso8601
+    end
+
+    def lastUpdateDate
+      object.updated_at.utc.iso8601
+    end
+
+    def lastOrderId
+      completed_orders.order("completed_at DESC").second.try(:number)
+    end
+
+    def aggregateOrderCount
+      completed_orders.count
+    end
+
+    def aggregateOrderDollars
+      completed_orders.sum(:total)
+    end
+
+    private
+
+    def completed_orders
+      @order ||= object.orders.complete
+    end
+
+  end
+end