solidus_signifyd 0.1.1

data/app/views/spree/admin/orders/_signifyd_score.html.erb

@@ -0,0 +1,10 @@
+<tr>
+  <td><strong><%= Spree.t(:"risk.signifyd_score") %>:</strong></td>
+  <td class="align-center">
+    <% if @order.signifyd_order_score.nil? %>
+      <span class="state pending"><%= Spree.t(:"risk.awaiting_score") %></span>
+    <% else %>
+      <span class="state void"><%= @order.signifyd_order_score.score %></span>
+    <% end %>
+  </td>
+</tr>

data/bin/rails

@@ -0,0 +1,7 @@
+# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
+
+ENGINE_ROOT = File.expand_path('../..', __FILE__)
+ENGINE_PATH = File.expand_path('../../lib/spree_signifyd/engine', __FILE__)
+
+require 'rails/all'
+require 'rails/engine/commands'

data/circle.yml

@@ -0,0 +1,6 @@
+machine:
+  ruby:
+    version: 2.1.5
+test:
+  pre:
+    - bundle exec rake test_app

data/config/locales/en.yml

@@ -0,0 +1,7 @@
+en:
+  spree:
+    admin:
+      risk:
+        approved_by_admin: "Approved By Admin"
+        awaiting_score: "Awaiting Score"
+        signifyd_score: "Signifyd Score"

data/config/routes.rb

@@ -0,0 +1,7 @@
+Spree::Core::Engine.routes.draw do
+  namespace :api, defaults: { format: 'json' } do
+    namespace :spree_signifyd do
+      post '/orders', to: 'orders#update'
+    end
+  end
+end

data/db/migrate/20140819203000_add_signifyd_score_to_orders.rb

@@ -0,0 +1,5 @@
+class AddSignifydScoreToOrders < ActiveRecord::Migration
+  def change
+    add_column :spree_orders, :signifyd_score, :integer
+  end
+end

data/db/migrate/20140826202644_set_considered_risky_default_value.rb

@@ -0,0 +1,5 @@
+class SetConsideredRiskyDefaultValue < ActiveRecord::Migration
+  def change
+    change_column_default(:spree_orders, :considered_risky, true) if Spree::Order.column_names.include? "considered_risky"
+  end
+end

data/db/migrate/20150206151312_create_spree_signifyd_order_scores.rb

@@ -0,0 +1,11 @@
+class CreateSpreeSignifydOrderScores < ActiveRecord::Migration
+  def change
+    create_table :spree_signifyd_order_scores do |t|
+      t.integer :order_id
+      t.integer :score
+      t.timestamps null: true
+    end
+
+    add_index :spree_signifyd_order_scores, :order_id, unique: true
+  end
+end

data/db/migrate/20150206193231_transfer_spree_orders_signifyd_score_data.rb

@@ -0,0 +1,15 @@
+class TransferSpreeOrdersSignifydScoreData < ActiveRecord::Migration
+  disable_ddl_transaction!
+
+  def up
+    Spree::Order.connection.execute(<<-SQL)
+      insert into spree_signifyd_order_scores (order_id, score, created_at, updated_at)
+      select o.id, o.signifyd_score, '#{Time.now.to_s(:db)}', '#{Time.now.to_s(:db)}'
+      from spree_orders o
+      left join spree_signifyd_order_scores
+        on o.id = spree_signifyd_order_scores.order_id
+      where o.signifyd_score is not null -- where the order has a score...
+      and spree_signifyd_order_scores.id is null -- ...but the new table does not
+    SQL
+  end
+end

data/db/migrate/20150211202803_remove_spree_orders_signifyd_score_column.rb

@@ -0,0 +1,5 @@
+class RemoveSpreeOrdersSignifydScoreColumn < ActiveRecord::Migration
+  def change
+    remove_column :spree_orders, :signifyd_score, :integer
+  end
+end

data/lib/generators/solidus_signifyd/install/install_generator.rb

@@ -0,0 +1,26 @@
+module SolidusSignifyd
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      class_option :auto_run_migrations, type: :boolean, default: false
+
+      source_root File.expand_path("../templates", __FILE__)
+
+      def add_initializer
+        copy_file "solidus_signifyd.rb", "config/initializers/solidus_signifyd.rb"
+      end
+
+      def add_migrations
+        run 'bundle exec rake railties:install:migrations FROM=solidus_signifyd'
+      end
+
+      def run_migrations
+        run_migrations = options[:auto_run_migrations] || ['', 'y', 'Y'].include?(ask 'Would you like to run the migrations now? [Y/n]')
+        if run_migrations
+          run 'bundle exec rake db:migrate'
+        else
+          puts 'Skipping rake db:migrate, don\'t forget to run it!'
+        end
+      end
+    end
+  end
+end

data/lib/generators/solidus_signifyd/install/templates/solidus_signifyd.rb

@@ -0,0 +1,3 @@
+SpreeSignifyd::Config.configure do |config|
+  config.api_key = "YOUR SIGNIFYD API KEY"
+end

data/lib/solidus_signifyd.rb

@@ -0,0 +1 @@
+require "spree_signifyd"

data/lib/spree_signifyd.rb

@@ -0,0 +1,37 @@
+require 'spree_core'
+require 'signifyd'
+require 'spree_signifyd/create_signifyd_case'
+require 'spree_signifyd/engine'
+require 'spree_signifyd/request_verifier'
+require 'resque'
+require 'devise'
+
+module SpreeSignifyd
+
+  module_function
+
+  def set_score(order:, score:)
+    if order.signifyd_order_score
+      order.signifyd_order_score.update!(score: score)
+    else
+      order.create_signifyd_order_score!(score: score)
+    end
+  end
+
+  def approve(order:)
+    order.contents.approve(name: self.name)
+    order.shipments.each { |shipment| shipment.ready! unless shipment.ready? }
+    order.updater.update_shipment_state
+    order.save!
+  end
+
+  def create_case(order_number:)
+    Rails.logger.info "Queuing Signifyd case creation event: #{order_number}"
+    Resque.enqueue(SpreeSignifyd::CreateSignifydCase, order_number)
+  end
+
+  def score_above_threshold?(score)
+    score > SpreeSignifyd::Config[:signifyd_score_threshold]
+  end
+
+end

data/lib/spree_signifyd/create_signifyd_case.rb

@@ -0,0 +1,13 @@
+module SpreeSignifyd
+  class CreateSignifydCase
+    @queue = :spree_backend_high
+
+    def self.perform(order_number_or_id)
+      Rails.logger.info "Processing Signifyd case creation event: #{order_number_or_id}"
+      order = Spree::Order.find_by(number: order_number_or_id) || Spree::Order.find(order_number_or_id)
+      order_data = JSON.parse(OrderSerializer.new(order).to_json)
+      Signifyd::Case.create(order_data, SpreeSignifyd::Config[:api_key])
+    end
+
+  end
+end

data/lib/spree_signifyd/engine.rb

@@ -0,0 +1,24 @@
+module SpreeSignifyd
+  class Engine < Rails::Engine
+    require "spree/core"
+    isolate_namespace Spree
+    engine_name "solidus_signifyd"
+
+    # use rspec for tests
+    config.generators do |g|
+      g.test_framework :rspec
+    end
+
+    initializer "spree.signifyd.environment", before: :load_config_initializers do |app|
+      SpreeSignifyd::Config = Spree::SignifydConfiguration.new
+    end
+
+    def self.activate
+      Dir.glob(File.join(File.dirname(__FILE__), "../../app/**/*_decorator*.rb")) do |c|
+        Rails.configuration.cache_classes ? require(c) : load(c)
+      end
+    end
+
+    config.to_prepare &method(:activate).to_proc
+  end
+end

data/lib/spree_signifyd/request_verifier.rb

@@ -0,0 +1,14 @@
+module SpreeSignifyd
+  module RequestVerifier
+
+    def encode_request(request_body)
+      request_body.force_encoding('ISO-8859-1').encode('UTF-8')
+    end
+
+    def build_sha(key, message)
+      sha256 = OpenSSL::Digest::SHA256.new
+      digest = OpenSSL::HMAC.digest(sha256, key, message)
+      Base64.encode64(digest).strip
+    end
+  end
+end

data/solidus_signifyd.gemspec

@@ -0,0 +1,36 @@
+# encoding: UTF-8
+
+Gem::Specification.new do |s|
+  s.platform    = Gem::Platform::RUBY
+  s.name        = "solidus_signifyd"
+  s.version     = "0.1.1"
+  s.summary     = "Solidus extension for communicating with Signifyd to check orders for fraud."
+  s.description = s.summary
+
+  s.author    = "Bonobos"
+  s.email     = "engineering@bonobos.com"
+  s.homepage  = "http://www.bonobos.com"
+
+  s.required_ruby_version = ">= 2.1"
+  s.license     = %q{BSD-3}
+
+  s.files       = `git ls-files`.split("\n")
+  s.test_files  = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.require_path = "lib"
+  s.requirements << "none"
+
+  s.add_dependency "active_model_serializers", "0.9.3"
+  s.add_dependency "resque", "~> 1.25.1"
+  s.add_dependency "signifyd", "~> 0.1.5"
+  s.add_dependency "solidus", "~> 1.0.0"
+  s.add_dependency "devise"
+
+  s.add_development_dependency "rspec-rails",  "~> 2.13"
+  s.add_development_dependency "simplecov"
+  s.add_development_dependency "sqlite3"
+  s.add_development_dependency "sass-rails"
+  s.add_development_dependency "coffee-rails"
+  s.add_development_dependency "database_cleaner"
+  s.add_development_dependency "factory_girl"
+  s.add_development_dependency "ffaker"
+end

data/spec/controllers/spree/api/spree_signifyd/orders_controller_spec.rb

@@ -0,0 +1,202 @@
+require 'spec_helper'
+
+module Spree::Api::SpreeSignifyd
+
+  describe OrdersController do
+    describe 'POST #update' do
+
+      let(:order_number) { "19418" }
+      let!(:order) { create(:completed_order_with_totals, number: order_number) }
+      let!(:user) { create(:user) }
+      let(:signifyd_sha) { 'sdGXFLSPZi5hTt8ZCVR9FeNMrsfmOblEIkpV2cCVLxM=' }
+
+      let(:body) {
+        {
+          "analysisUrl" => "https://signifyd.com/v2/cases/1/analysis",
+          "entriesUrl" => "https://signifyd.com/v2/cases/1/entries",
+          "notesUrl" => "https://signifyd.com/v2/cases/1/notes",
+          "orderUrl" => "https://signifyd.com/v2/cases/1/order",
+          "status" => "DISMISSED",
+          "uuid" => "709b9107-eda0-4cdd-bdac-a82f51a8a3f3",
+          "headline" => "John Smith",
+          "reviewDisposition" => nil,
+          "associatedTeam" => {
+            "teamName" => "anyTeam",
+            "teamId" => 26,
+            "getAutoDismiss" => true,
+            "getTeamDismissalDays" => 2
+            },
+            "orderId" => order_number,
+            "orderDate" => "2013-06-17T06:20:47-0700",
+            "orderAmount" => 365.99,
+            "createdAt" => "2013-11-05T14:23:26-0800",
+            "updatedAt" => "2013-11-05T14:23:26-0800",
+            "adjustedScore" => 262.6666666666667,
+            "investigationId" => 1,
+            "score" => 262.6666666666667,
+            "caseId" => 1
+          }
+      }
+
+      before { request.headers['HTTP_HTTP_X_SIGNIFYD_HMAC_SHA256'] = signifyd_sha }
+
+      around do |example|
+        previous_api_key = SpreeSignifyd::Config[:api_key]
+        SpreeSignifyd::Config[:api_key] = 'ABCDE'
+        example.run
+        SpreeSignifyd::Config[:api_key] = previous_api_key
+      end
+
+      routes { Spree::Core::Engine.routes }
+
+      subject { post :update, body.to_json }
+
+      context "invalid sha" do
+        let(:signifyd_sha) { "INVALID" }
+
+        it "does not set signifyd_score" do
+          subject
+          order.reload
+          expect(order.signifyd_order_score).to eq nil
+        end
+
+        it "responds with 401" do
+          subject
+          expect(response.code.to_i).to eq 401
+        end
+      end
+
+      context "valid sha" do
+        context "invalid order number" do
+          before(:each) { order.destroy! }
+
+          it "responds with a 404" do
+            subject
+            expect(response.code.to_i).to eq 404
+          end
+        end
+
+        context "the order has been shipped" do
+
+          it "returns without trying to act on the order" do
+            Spree::Order.any_instance.stub(:shipped?).and_return(true)
+            expect(SpreeSignifyd).not_to receive(:approve)
+            expect(Spree::Order.any_instance).not_to receive(:cancel!)
+            expect { subject }.not_to raise_error
+            expect(response.status).to eq(200)
+          end
+        end
+
+        context "the order has been canceled" do
+          before(:each) { order.cancel! }
+
+          it "returns without trying to act on the order" do
+            expect(SpreeSignifyd).not_to receive(:approve)
+            expect(Spree::Order.any_instance).not_to receive(:cancel!)
+            expect { subject }.not_to raise_error
+            expect(response.status).to eq(200)
+          end
+        end
+
+        context "valid order number" do
+          it "sets the order's signifyd_score" do
+            subject
+            order.reload
+            expect(order.signifyd_order_score.score).to eq 262
+          end
+
+          it "responds with 200" do
+            subject
+            expect(response.code.to_i).to eq 200
+          end
+
+          context "reviewDisposition is FRAUDULENT" do
+            let(:signifyd_sha) { "ulHF48lbFO3M6UBMSi1tAroJWADeSggrr6V7ND8hBx0=" }
+
+            before(:each) do
+              @original_review_disposition = body['reviewDiposition']
+              body['reviewDisposition'] = 'FRAUDULENT'
+            end
+
+            after(:each) { body['reviewDiposition'] = @original_review_disposition }
+
+            it 'cancels the order' do
+              Spree::Order.any_instance.should_receive(:cancel!)
+              subject
+            end
+          end
+
+          context "reviewDisposition is not FRAUDULENT" do
+            context "the order has already been approved" do
+
+              before(:each) { order.update_attribute(:approved_at, Time.now) }
+
+              it "does not call approve" do
+                expect(SpreeSignifyd).not_to receive(:approve)
+                subject
+              end
+            end
+
+            context "the order has not yet been approved" do
+              context "the reviewDisposition is GOOD" do
+                let(:signifyd_sha) { "wZIjgRQoDMWe0W4VoE5TJEoHf8ZcY9UeXY1lnGP+pfg=" }
+
+                before(:each) do
+                  @original_review_disposition = body['reviewDisposition']
+                  body['reviewDisposition'] = 'GOOD'
+                end
+
+                after(:each) { body['reviewDisposition'] = @original_review_disposition }
+
+                it "calls approve" do
+                  expect(SpreeSignifyd).to receive(:approve).with(order: order)
+                  subject
+                end
+              end
+
+              context "the reviewDisposition is not GOOD" do
+                it "does not call approve" do
+                  expect(SpreeSignifyd).not_to receive(:approve)
+                  subject
+                end
+              end
+
+              context "the order is not risky" do
+                let(:signifyd_sha) { "ZI7bSCavfy6pWogJZ7nq2LbLLojcfcy9kjF02WHO4nM=" }
+
+                before(:each) do
+                  @original_score = body['adjustedScore']
+                  body['adjustedScore'] = SpreeSignifyd::Config[:signifyd_score_threshold] + 1
+                end
+
+                after(:each) { body['adjustedScore'] = @original_score }
+
+                it "approves the order" do
+                  expect(SpreeSignifyd).to receive(:approve).with(order: order)
+                  subject
+                end
+              end
+
+              context "the order is risky" do
+
+                let(:signifyd_sha) { "YcEDVtPBAXcgQ9fJgBMSoBWy9CVpc6pnN6YzCbtD85E=" }
+
+                before(:each) do
+                  @original_score = body['adjustedScore']
+                  body['adjustedScore'] = SpreeSignifyd::Config[:signifyd_score_threshold] - 1
+                end
+
+                after(:each) { body['adjustedScore'] = @original_score }
+
+                it "does not approve the order" do
+                  expect(SpreeSignifyd).not_to receive(:approve)
+                  subject
+                end
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end