solidus_signifyd 1.0.1 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d4a72f66712b1ec31d58c43b6376ec26d73fa0b3
-  data.tar.gz: 82f7c527003108aa93f77df909191963ab0643b8
+  metadata.gz: 5c7e1bb9ec394555d95c0bd04879ed53f60f36a4
+  data.tar.gz: 1ea89e5ec06118d867ba7fd1582785b64caaf129
 SHA512:
-  metadata.gz: f4ac359792627cf09505a0b68aa7ec26c7b627ef4d3de66c2d009882aac691e99a3aed2703d2828c23d8e35f436c2118997b211d615dfacf6f72d6e60c7f8b15
-  data.tar.gz: 6c96d211b2d6f697cbdd100d635eaa8b98845c5dd8116f71e43eb0125a2089dd0d3c57583be3237e7a247187ba2d4feb30dc8f419ecce50792b963a2640417f4
+  metadata.gz: 601b96f317fb0f2b439f4550c910c1bcbfafe6cd0e1419f3a651c2aa2b7cb9ae956fa717b1abcc828628f11a63c45f976d7c84cf682b5f764fe1fe0772974885
+  data.tar.gz: fb0afbf0e113611b9f45e9e0011909acfa441590681910aead26d0a01784e646bb7752b71022bdfe57c96147095bf1c2775368f319a0ce5aa75388b989495804

data/.travis.yml

@@ -0,0 +1,21 @@
+sudo: false
+cache: bundler
+language: ruby
+rvm:
+  - 2.3.1
+env:
+  matrix:
+    - SOLIDUS_BRANCH=v1.0 DB=postgres
+    - SOLIDUS_BRANCH=v1.1 DB=postgres
+    - SOLIDUS_BRANCH=v1.2 DB=postgres
+    - SOLIDUS_BRANCH=v1.3 DB=postgres
+    - SOLIDUS_BRANCH=v1.4 DB=postgres
+    - SOLIDUS_BRANCH=v2.0 DB=postgres
+    - SOLIDUS_BRANCH=master DB=postgres
+    - SOLIDUS_BRANCH=v1.0 DB=mysql
+    - SOLIDUS_BRANCH=v1.1 DB=mysql
+    - SOLIDUS_BRANCH=v1.2 DB=mysql
+    - SOLIDUS_BRANCH=v1.3 DB=mysql
+    - SOLIDUS_BRANCH=v1.4 DB=mysql
+    - SOLIDUS_BRANCH=v2.0 DB=mysql
+    - SOLIDUS_BRANCH=master DB=mysql

data/Gemfile

@@ -1,7 +1,14 @@
-source 'https://rubygems.org'
+source "https://rubygems.org"
 
-gem "solidus", github: "solidusio/solidus", branch: "master"
-gem "solidus_auth_devise", "~> 1.0"
+branch = ENV.fetch('SOLIDUS_BRANCH', 'master')
+gem "solidus", github: "solidusio/solidus", branch: branch
+
+if branch == 'master' || branch >= "v2.0"
+  gem "rails-controller-testing", group: :test
+end
+
+gem 'pg'
+gem 'mysql2'
 
 group :development, :test do
   gem "pry-rails"

data/README.md

@@ -4,7 +4,15 @@ Solidus Signifyd
 Integration with Signifyd that implements a fraud check prior to marking a
 shipment as ready to be shipped.
 
-[![Circle CI](https://circleci.com/gh/solidusio/solidus_signifyd.svg?style=shield)](https://circleci.com/gh/solidusio/solidus_signifyd/tree/master)
+[![Build Status](https://travis-ci.org/solidusio/solidus_signifyd.svg?branch=master)](https://travis-ci.org/solidusio/solidus_signifyd)
+
+* All orders are sent to SIGNIFYD for scoring when they transition to complete.
+* Risk analysis is returned from SIGNIFYD via a webhook and added to order.
+* Orders with a risk score >= 500 (default review disposition threshhold)
+    - Paid orders are marked ready to ship.
+* Orders with a risk score < 500
+    - Are cancelled.
+    - Risk analysis is displayed in admin.
 
 Installation
 ------------
@@ -22,6 +30,53 @@ bundle
 bundle exec rails g solidus_signifyd:install
 ```
 
+Create a SIGNIFYD test team within the SIGNIFYD account. The API key is listed on the Teams page after a team has been created.
+
+Create SIGNIFYD notifications for each event type and provide your
+`api_spree_signifyd_orders_path`. To work with external webhook in local
+development you may need to change the rails server [default host] and enable
+port forwarding or setup a reverse SSH tunnel.
+
+```
+http://www.example.com/api/spree_signifyd/orders
+```
+
+Cases can be inspected in the SIGNIFYD web console.
+
+Configuration
+-------------
+
+### api_key
+
+Type: `string`
+
+SIGNIFYD team API key.
+
+### exclude_store_credit_orders
+
+Type: `boolean`
+Default: `false`
+
+By default, even orders which are fully paid with store credit are sent to
+SIGNIFYD. Since this could result in unnecessary charges to a user who is on a
+"flat rate" plan, we provide the option to skip these orders.
+
+### signifyd_score_threshold
+
+Type: `integer`
+Default: `500`
+
+Automatic approval is granted to orders which have a good "reviewDisposition" or
+have a score greater than the `signifyd_score_threshold`.
+
+Risky Orders
+------------
+
+Flagging a case as bad in the SIGNIFYD web console will associate
+a fraudulent case with the order's email. This will cause future orders to drop
+below the `reviewDisposition` threshhold of 500 and allow you to inspect a
+risky order.
+
 Testing
 -------
 
@@ -32,3 +87,5 @@ app can be regenerated by using `rake test_app`.
 ```shell
 bundle exec rake
 ```
+
+[default host]: http://guides.rubyonrails.org/4_2_release_notes.html#default-host-for-rails-server

data/app/controllers/spree/api/spree_signifyd/orders_controller.rb

@@ -21,7 +21,7 @@ module Spree::Api::SpreeSignifyd
     private
 
     def authorize
-      request_sha = request.headers['HTTP_HTTP_X_SIGNIFYD_HMAC_SHA256']
+      request_sha = request.headers['HTTP_X_SIGNIFYD_SEC_HMAC_SHA256']
       computed_sha = build_sha(SpreeSignifyd::Config[:api_key], request.raw_post)
 
       if !Devise.secure_compare(request_sha, computed_sha)

data/app/models/spree/signifyd_configuration.rb

@@ -1,6 +1,7 @@
 module Spree
   class SignifydConfiguration < Preferences::Configuration
     preference :api_key, :string
+    preference :exclude_store_credit_orders, :boolean, default: false
     preference :signifyd_score_threshold, :integer, default: 500 # Signifyd's recommended threshold
   end
 end

data/app/models/spree_signifyd/order_concerns.rb

@@ -3,7 +3,11 @@ module SpreeSignifyd::OrderConcerns
 
   included do
     Spree::Order.state_machine.after_transition to: :complete, unless: :approved? do |order, transition|
-      SpreeSignifyd.create_case(order_number: order.number)
+      if order.send_to_signifyd?
+        SpreeSignifyd.create_case(order_number: order.number)
+      else
+        SpreeSignifyd.approve(order: order)
+      end
     end
 
     has_one :signifyd_order_score, class_name: "SpreeSignifyd::OrderScore"
@@ -19,5 +23,18 @@ module SpreeSignifyd::OrderConcerns
     def awaiting_approval?
       !signifyd_order_score
     end
+
+    def send_to_signifyd?
+      !approved? &&
+      !(SpreeSignifyd::Config[:exclude_store_credit_orders] && paid_completely_with_store_credit?)
+    end
+
+    private
+
+    def paid_completely_with_store_credit?
+      payments.all? do |payment|
+        payment.payment_method.is_a?(Spree::PaymentMethod::StoreCredit)
+      end
+    end
   end
 end

data/app/models/spree_signifyd/shipment_decorator.rb

@@ -2,7 +2,7 @@ module SpreeSignifyd
   module ShipmentDecorator
 
     def determine_state(order)
-      return 'pending' if (pending? || canceled?) && !order.approved?
+      return 'pending' if pending? && !order.approved?
       super(order)
     end
   end

data/app/serializers/spree_signifyd/credit_card_serializer.rb

@@ -4,7 +4,15 @@ module SpreeSignifyd
   class CreditCardSerializer < ActiveModel::Serializer
     self.root = false
 
-    attributes :cardHolderName, :last4, :expiryMonth, :expiryYear
+    attributes :cardHolderName, :last4
+
+    # this is how to conditionally include attributes in AMS
+    def attributes(*args)
+      hash = super
+      hash[:expiryMonth] = object.month.to_i if object.month
+      hash[:expiryYear] = object.year.to_i if object.year
+      hash
+    end
 
     def cardHolderName
       "#{object.first_name} #{object.last_name}"
@@ -13,13 +21,5 @@ module SpreeSignifyd
     def last4
       object.last_digits
     end
-
-    def expiryMonth
-      object.month
-    end
-
-    def expiryYear
-      object.year
-    end
   end
 end

data/app/serializers/spree_signifyd/order_serializer.rb

@@ -8,16 +8,11 @@ module SpreeSignifyd
     has_one :user, serializer: SpreeSignifyd::UserSerializer, root: "userAccount"
 
     def purchase
-      {
-        'browserIpAddress' => object.last_ip_address,
-        'orderId' => object.number,
-        'createdAt' => object.completed_at.utc.iso8601,
-        'currency' => object.currency,
-        'totalPrice' => object.total,
-        'products' => products,
-        'avsResponseCode' => latest_payment.try(:avs_response),
-        'cvvResponseCode' => latest_payment.try(:cvv_response_code)
-      }
+      build_purchase_information.tap do |purchase_info|
+        if paid_by_paypal?
+          purchase_info["paymentGateway"] = "paypal_account"
+        end
+      end
     end
 
     def recipient
@@ -41,6 +36,23 @@ module SpreeSignifyd
 
     private
 
+    def paid_by_paypal?
+      latest_payment.try!(:source).try(:cc_type) == "paypal"
+    end
+
+    def build_purchase_information
+      {
+        'browserIpAddress' => object.last_ip_address || "",
+        'orderId' => object.number,
+        'createdAt' => object.completed_at.utc.iso8601,
+        'currency' => object.currency,
+        'totalPrice' => object.total.to_f,
+        'products' => products,
+        'avsResponseCode' => latest_payment.try!(:avs_response) || "",
+        'cvvResponseCode' => latest_payment.try!(:cvv_response_code) || ""
+      }
+    end
+
     def products
       order_products = []
 

data/app/serializers/spree_signifyd/user_serializer.rb

@@ -4,7 +4,14 @@ module SpreeSignifyd
   class UserSerializer < ActiveModel::Serializer
     self.root = false
 
-    attributes :emailAddress, :username, :createdDate, :lastUpdateDate, :lastOrderId, :aggregateOrderCount, :aggregateOrderDollars
+    attributes :emailAddress, :username, :createdDate, :lastUpdateDate, :aggregateOrderCount, :aggregateOrderDollars, :phone
+
+    # this is how to conditionally include attributes in AMS
+    def attributes(*args)
+      hash = super
+      hash[:lastOrderId] = lastOrderId if lastOrderId.present?
+      hash
+    end
 
     def emailAddress
       object.email
@@ -31,7 +38,11 @@ module SpreeSignifyd
     end
 
     def aggregateOrderDollars
-      completed_orders.sum(:total)
+      completed_orders.sum(:total).to_f
+    end
+
+    def phone
+      object.orders.order("created_at DESC").first.try!(:ship_address).try!(:phone)
     end
 
     private

data/lib/spree_signifyd.rb

@@ -3,7 +3,6 @@ require 'signifyd'
 require 'spree_signifyd/create_signifyd_case'
 require 'spree_signifyd/engine'
 require 'spree_signifyd/request_verifier'
-require 'resque'
 require 'devise'
 
 module SpreeSignifyd
@@ -20,14 +19,14 @@ module SpreeSignifyd
 
   def approve(order:)
     order.contents.approve(name: self.name)
-    order.shipments.each { |shipment| shipment.ready! if shipment.pending? }
+    order.shipments.each { |shipment| shipment.ready! if shipment.can_ready? }
     order.updater.update_shipment_state
     order.save!
   end
 
   def create_case(order_number:)
     Rails.logger.info "Queuing Signifyd case creation event: #{order_number}"
-    Resque.enqueue(SpreeSignifyd::CreateSignifydCase, order_number)
+    SpreeSignifyd::CreateSignifydCase.perform_later(order_number)
   end
 
   def score_above_threshold?(score)

data/lib/spree_signifyd/create_signifyd_case.rb

@@ -1,13 +1,12 @@
 module SpreeSignifyd
-  class CreateSignifydCase
-    @queue = :spree_backend_high
+  class CreateSignifydCase < ActiveJob::Base
+    queue_as :default
 
-    def self.perform(order_number_or_id)
+    def perform(order_number_or_id)
       Rails.logger.info "Processing Signifyd case creation event: #{order_number_or_id}"
       order = Spree::Order.find_by(number: order_number_or_id) || Spree::Order.find(order_number_or_id)
       order_data = JSON.parse(OrderSerializer.new(order).to_json)
       Signifyd::Case.create(order_data, SpreeSignifyd::Config[:api_key])
     end
-
   end
 end

data/lib/spree_signifyd/engine.rb

@@ -11,6 +11,7 @@ module SpreeSignifyd
 
     initializer "spree.signifyd.environment", before: :load_config_initializers do |app|
       SpreeSignifyd::Config = Spree::SignifydConfiguration.new
+      SpreeSignifyd::Config.use_static_preferences!
     end
 
     def self.activate

data/solidus_signifyd.gemspec

@@ -3,7 +3,7 @@
 Gem::Specification.new do |s|
   s.platform    = Gem::Platform::RUBY
   s.name        = "solidus_signifyd"
-  s.version     = "1.0.1"
+  s.version     = "1.1.0"
   s.summary     = "Solidus extension for communicating with Signifyd to check orders for fraud."
   s.description = s.summary
 
@@ -20,12 +20,12 @@ Gem::Specification.new do |s|
   s.requirements << "none"
 
   s.add_dependency "active_model_serializers", "0.9.3"
-  s.add_dependency "resque", "~> 1.25.1"
   s.add_dependency "signifyd", "~> 0.1.5"
-  s.add_dependency "solidus", "~> 1.0"
+  s.add_dependency "solidus", [">= 1.0", "< 3"]
   s.add_dependency "devise"
 
-  s.add_development_dependency "rspec-rails",  "~> 2.13"
+  s.add_development_dependency "rspec-rails",  "~> 3.4"
+  s.add_development_dependency "json-schema"
   s.add_development_dependency "simplecov"
   s.add_development_dependency "sqlite3"
   s.add_development_dependency "sass-rails"

data/spec/controllers/spree/api/spree_signifyd/orders_controller_spec.rb

@@ -38,13 +38,9 @@ module Spree::Api::SpreeSignifyd
           }
       }
 
-      before { request.headers['HTTP_HTTP_X_SIGNIFYD_HMAC_SHA256'] = signifyd_sha }
-
-      around do |example|
-        previous_api_key = SpreeSignifyd::Config[:api_key]
+      before do
+        request.headers['HTTP_X_SIGNIFYD_SEC_HMAC_SHA256'] = signifyd_sha
         SpreeSignifyd::Config[:api_key] = 'ABCDE'
-        example.run
-        SpreeSignifyd::Config[:api_key] = previous_api_key
       end
 
       routes { Spree::Core::Engine.routes }
@@ -79,9 +75,9 @@ module Spree::Api::SpreeSignifyd
         context "the order has been shipped" do
 
           it "returns without trying to act on the order" do
-            Spree::Order.any_instance.stub(:shipped?).and_return(true)
+            allow_any_instance_of(Spree::Order).to receive(:shipped?).and_return(true)
             expect(SpreeSignifyd).not_to receive(:approve)
-            expect(Spree::Order.any_instance).not_to receive(:cancel!)
+            expect_any_instance_of(Spree::Order).not_to receive(:cancel!)
             expect { subject }.not_to raise_error
             expect(response.status).to eq(200)
           end
@@ -92,7 +88,7 @@ module Spree::Api::SpreeSignifyd
 
           it "returns without trying to act on the order" do
             expect(SpreeSignifyd).not_to receive(:approve)
-            expect(Spree::Order.any_instance).not_to receive(:cancel!)
+            expect_any_instance_of(Spree::Order).not_to receive(:cancel!)
             expect { subject }.not_to raise_error
             expect(response.status).to eq(200)
           end
@@ -121,7 +117,7 @@ module Spree::Api::SpreeSignifyd
             after(:each) { body['reviewDiposition'] = @original_review_disposition }
 
             it 'cancels the order' do
-              Spree::Order.any_instance.should_receive(:cancel!)
+              expect_any_instance_of(Spree::Order).to receive(:cancel!)
               subject
             end
           end

data/spec/lib/spree_signifyd/create_signifyd_case_spec.rb

@@ -7,13 +7,13 @@ module SpreeSignifyd
       let(:json) { JSON.parse(OrderSerializer.new(order).to_json) }
 
       it "calls Signifyd::Case#create with the correct params" do
-        Signifyd::Case.should_receive(:create).with(json, SpreeSignifyd::Config[:api_key])
-        CreateSignifydCase.perform(order.id)
+        expect(Signifyd::Case).to receive(:create).with(json, SpreeSignifyd::Config[:api_key])
+        CreateSignifydCase.perform_now(order.id)
       end
 
       it "calls Signifyd::Case#create with the correct params" do
-        Signifyd::Case.should_receive(:create).with(json, SpreeSignifyd::Config[:api_key])
-        CreateSignifydCase.perform(order.number)
+        expect(Signifyd::Case).to receive(:create).with(json, SpreeSignifyd::Config[:api_key])
+        CreateSignifydCase.perform_now(order.number)
       end
     end
   end

data/spec/lib/spree_signifyd_spec.rb

@@ -50,7 +50,7 @@ module SpreeSignifyd
       end
 
       it 'readies all of the shipments' do
-        order.shipments.each { |shipment| shipment.should_receive(:ready!) }
+        order.shipments.each { |shipment| expect(shipment).to receive(:ready!) }
         approve
       end
 
@@ -61,12 +61,23 @@ module SpreeSignifyd
           expect { approve }.to change { order.approved_at }
         end
       end
+
+      context "with backordered stock" do
+        before do
+          order.inventory_units.first.update(state: 'backordered')
+          order.reload
+        end
+
+        it "does not attempt invalid state changes" do
+          approve
+          expect(order.reload.shipments.first).to be_pending
+        end
+      end
     end
 
     describe ".create_case" do
       it 'enqueues in resque' do
-        expect(Resque).to receive(:enqueue).with(SpreeSignifyd::CreateSignifydCase, 111)
-        SpreeSignifyd.create_case(order_number: 111)
+        expect { SpreeSignifyd.create_case(order_number: 111) }.to have_enqueued_job(SpreeSignifyd::CreateSignifydCase)
       end
     end