tbk 1.0.1 → 1.0.2

data/lib/tbk/webpay/confirmation.rb

@@ -0,0 +1,122 @@
+# encoding: UTF-8
+module TBK
+  module Webpay
+    class Confirmation
+      RESPONSE_CODES = {
+        '0' => 'Transacción aprobada.',
+        '-1' => 'Rechazo de tx. en B24, No autorizada',
+        '-2' => 'Transacción debe reintentarse.',
+        '-3' => 'Error en tx.',
+        '-4' => 'Rechazo de tx. En B24, No autorizada',
+        '-5' => 'Rechazo por error de tasa.',
+        '-6' => 'Excede cupo máximo mensual.',
+        '-7' => 'Excede límite diario por transacción.',
+        '-8' => 'Rubro no autorizado.'
+      }
+
+      attr_accessor :commerce
+      attr_accessor :request_ip
+      attr_reader :raw
+      attr_reader :params
+
+      def initialize(options)
+        options = { :body => options } if options.is_a?(String)
+
+        self.commerce = options[:commerce] || TBK::Commerce.default_commerce
+        self.request_ip = options[:request_ip]
+        self.parse(options[:body])
+      end
+
+      def acknowledge
+        self.commerce.webpay_encrypt('ACK')
+      end
+
+      def reject
+        self.commerce.webpay_encrypt('ERR')
+      end
+
+      def success?
+        self.params[:TBK_RESPUESTA] == "0"
+      end
+
+      def order_id
+        self.params[:TBK_ORDEN_COMPRA]
+      end
+
+      def session_id
+        self.params[:TBK_ID_SESION]
+      end
+
+      def transaction_id
+        self.params[:TBK_ID_TRANSACCION]
+      end
+
+      def amount
+        self.params[:TBK_MONTO].to_f/100
+      end
+
+      def authorization
+        self.params[:TBK_CODIGO_AUTORIZACION]
+      end
+
+      def signature
+        self.params[:TBK_MAC]
+      end
+
+      def card_display_number
+        "XXXX-XXXX-XXXX-#{ card_last_numbers }"
+      end
+
+      def card_last_numbers
+        self.params[:TBK_FINAL_NUMERO_TARJETA]
+      end
+
+      def message
+        RESPONSE_CODES[self.params[:TBK_RESPUESTA]]
+      end
+
+      def paid_at
+        @paid_at ||= begin
+          year = Time.now.year
+          month = self.params[:TBK_FECHA_TRANSACCION][0...2].to_i
+          day = self.params[:TBK_FECHA_TRANSACCION][2...4].to_i
+          hour = self.params[:TBK_HORA_TRANSACCION][0...2].to_i
+          minutes = self.params[:TBK_HORA_TRANSACCION][2...4].to_i
+          seconds = self.params[:TBK_HORA_TRANSACCION][4...6].to_i
+
+          offset = if defined? TZInfo::Timezone
+            # Use tzinfo gem if available
+            TZInfo::Timezone.get('America/Santiago').period_for_utc(DateTime.new(year,month,day,hour,minutes,0)).utc_offset
+          else
+            -14400
+          end
+
+          Time.new(year, month, day, hour, minutes, seconds, offset)
+        end
+      end
+
+
+      protected
+        def parse(post)
+          @raw = post.to_s
+          @raw_params = {}
+          for line in @raw.split('&')
+            key, value = *line.scan( %r{^([A-Za-z0-9_.]+)\=(.*)$} ).flatten
+            @raw_params[key] = CGI.unescape(value)
+          end
+
+          @params = {}
+          decrypted_params = self.commerce.webpay_decrypt(@raw_params['TBK_PARAM'])
+          for line in decrypted_params[:body].split('#')
+            key, value = *line.scan( %r{^([A-Za-z0-9_.]+)\=(.*)$} ).flatten
+            @params[key.to_sym] = CGI.unescape(value)
+          end
+          @params[:TBK_MAC] = decrypted_params[:signature]
+
+          TBK::Webpay.logger.confirmation(self)
+
+          true
+        end
+    end
+  end
+end

data/lib/tbk/webpay/encryption.rb

@@ -0,0 +1,75 @@
+# encoding: us-ascii
+module TBK
+  module Webpay
+    module Encryption
+      # Constants
+      KEY_ID = 101
+      KEY = TBK.parse_key('webpay.101')
+      TEST_KEY = TBK.parse_key('webpay_test.101')
+      IV_PADDING = "\x10\xBB\xFF\xBF\x00\x00\x00\x00\x00\x00\x00\x00\xF4\xBF"
+
+      def webpay_key_id
+        KEY_ID
+      end
+
+      def webpay_key
+        self.production? ? KEY : TEST_KEY
+      end
+
+      def webpay_key_length
+        webpay_key.n.num_bytes
+      end
+
+      def webpay_encrypt(text)
+        signature = self.key.sign(OpenSSL::Digest::SHA512.new, text)
+
+        key = SecureRandom.random_bytes(32)
+        encripted_key = webpay_key.public_encrypt(key, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING)
+
+        iv = SecureRandom.random_bytes(16)
+
+        cipher = OpenSSL::Cipher.new('AES-256-CBC')
+        cipher.encrypt
+        cipher.key = key
+        cipher.iv = iv + IV_PADDING
+        encripted_text = cipher.update(signature + text) + cipher.final
+
+        Base64.encode64( iv + encripted_key + encripted_text).strip
+      rescue RuntimeError => error
+        raise TBK::Webpay::EncryptionError.new("Encryption failed",error)
+      end
+
+      def webpay_decrypt(encripted_text)
+        data = Base64.decode64(encripted_text)
+
+        iv = data[0...16]
+        encripted_key = data[16...(16 + self.key_bytes)]
+        key = self.key.private_decrypt(encripted_key, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING)
+
+        cipher = OpenSSL::Cipher.new('AES-256-CBC')
+        cipher.decrypt
+        cipher.key = key
+        cipher.iv = iv + IV_PADDING
+        decrypted_text = cipher.update(data[(16 + self.key_bytes)..-1]) + cipher.final
+        signature = decrypted_text[0...(webpay_key_length)]
+        text = decrypted_text[(webpay_key_length)..-1]
+
+        unless webpay_key.verify(OpenSSL::Digest::SHA512.new, signature, text)
+          raise TBK::Webpay::EncryptionError, "Invalid message signature"
+        end
+
+        {
+          :body => text,
+          :signature => signature.unpack('H*').first
+        }
+      rescue TBK::Error
+        raise
+      rescue => error
+        raise TBK::Webpay::EncryptionError.new("Decryption failed",error)
+      end
+
+    end
+  end
+
+  Commerce.send :include, Webpay::Encryption
+end

data/lib/tbk/webpay/logger.rb

@@ -0,0 +1,41 @@
+require "tbk/webpay/logger/base_logger"
+module TBK
+  module Webpay
+
+    # Get the logger class for a given Symbol
+    def self.logger_for_symbol(sym)
+      logger_class_name = "#{sym.to_s.gsub(/(^\w)|(_\w)/){ |s| s.upcase[-1] }}Logger"
+      logger_require_path = "tbk/webpay/logger/#{sym}_logger"
+
+      require logger_require_path
+
+      TBK::Webpay::Logger.const_get(logger_class_name)
+    end
+
+    def self.logger(logger=nil, &block)
+      if logger
+        klass = case logger
+                when Symbol
+                  self.logger_for_symbol(logger)
+                when Class
+                  logger
+                else
+                  raise ArgumentError, "first argument must be a Symbol or a Class"
+                end
+
+        @logger = klass.new(&block)
+      end
+
+      @logger
+    end
+    self.logger(:null)
+
+    module Config
+      def webpay_logger(logger=nil, &block)
+        TBK::Webpay.logger(logger, &block)
+      end
+    end
+
+    TBK::Config.send(:include, Config)
+  end
+end

data/lib/tbk/webpay/logger/base_logger.rb

@@ -0,0 +1,34 @@
+module TBK
+  module Webpay
+    module Logger
+      # This is an abstract class that defines the required interface of a Webpay logger
+      class BaseLogger
+
+        # Allow logger customization with a block
+        def initialize(&block)
+          block.call(self) if block
+          validate!
+        end
+
+        # Abstract method to log a payment
+        def payment(payment)
+          raise NotImplementedError, "TBK::Webpay::Logger::BaseLogger subclass must implement #payment method"
+        end
+
+        # Abstract method to log a payment confirmation
+        def confirmation(confirmation)
+          raise NotImplementedError, "TBK::Webpay::Logger::BaseLogger subclass must implement #confirmation method"
+        end
+
+        private
+          # Method to validate that the logger is propperly setted up
+          def validate!
+            if self.class == TBK::Webpay::Logger::BaseLogger
+              raise ArgumentError, "You can't use TBK::Webpay::Logger::BaseLogger directly"
+            end
+          end
+
+      end
+    end
+  end
+end

data/lib/tbk/webpay/logger/null_logger.rb

@@ -0,0 +1,15 @@
+module TBK
+  module Webpay
+    module Logger
+      class NullLogger < BaseLogger
+        def payment(payment)
+          # NoOp
+        end
+
+        def confirmation(confirmation)
+          # NoOp
+        end
+      end
+    end
+  end
+end

data/lib/tbk/webpay/logger/official_logger.rb

@@ -0,0 +1,193 @@
+require 'pathname'
+
+module TBK
+  module Webpay
+    module Logger
+      class OfficialLogger < BaseLogger
+
+        def directory(directory=nil)
+          if directory
+            @directory = Pathname(directory)
+
+            # Create the directory if needed
+            Dir.mkdir(@directory) unless Dir.exists?(@directory)
+          end
+
+          @directory
+        end
+
+        def payment(payment)
+          events_log_file do |file|
+            file.write PAYMENT_FORMAT % {
+              date: now.strftime(LOG_DATE_FORMAT),
+              time: now.strftime(LOG_TIME_FORMAT),
+              pid: Process.pid,
+              commerce_id: payment.commerce.id,
+              transaction_id: payment.transaction_id,
+              request_ip: payment.request_ip,
+              token: payment.token,
+              webpay_server: (payment.commerce.test? ? 'https://certificacion.webpay.cl' : 'https://webpay.transbank.cl')
+            }
+          end
+
+          configuration_log_file do |file|
+            response_uri = URI.parse(payment.confirmation_url)
+
+            file.write CONFIGURATION_FORMAT % {
+              commerce_id: payment.commerce.id,
+              server_ip: response_uri.host,
+              server_port: response_uri.port,
+              response_path: response_uri.path,
+              webpay_server: (payment.commerce.test? ? 'https://certificacion.webpay.cl' : 'https://webpay.transbank.cl'),
+              webpay_server_port: (payment.commerce.test? ? '6433' : '433')
+            }
+          end
+        end
+
+        def confirmation(confirmation)
+          events_log_file do |file|
+            file.write CONFIRMATION_FORMAT % {
+              date: now.strftime(LOG_DATE_FORMAT),
+              time: now.strftime(LOG_TIME_FORMAT),
+              pid: Process.pid,
+              commerce_id: confirmation.commerce.id,
+              transaction_id: confirmation.transaction_id,
+              request_ip: confirmation.request_ip,
+              order_id: confirmation.order_id,
+            }
+          end
+
+          bitacora_log_file do |file|
+            file.write BITACORA_FORMAT % confirmation.params.merge({
+              commerce_id: confirmation.commerce.id
+            })
+          end
+        end
+
+        private
+          def validate!
+            unless self.directory
+              raise ArgumentError, "#{self.class} requires a directory attribute"
+            end
+          end
+
+          def now
+            offset = if defined? TZInfo::Timezone
+              # Use tzinfo gem if available
+              TZInfo::Timezone.get('America/Santiago').period_for_utc(Time.now.utc).utc_offset
+            else
+              -14400
+            end
+
+            Time.now.getlocal(offset)
+          end
+
+          def configuration_log_file(&block)
+            log_file(CONFIGURATION_FILE_NAME, 'w+', &block)
+          end
+
+          def events_log_file(&block)
+            name = EVENTS_LOG_FILE_NAME_FORMAT % now.strftime(EVENTS_LOG_FILE_DATE_FORMAT)
+
+            log_file(name, &block)
+          end
+
+          def bitacora_log_file(&block)
+            name = BITACORA_LOG_FILE_NAME_FORMAT % now.strftime(BITACORA_LOG_FILE_DATE_FORMAT)
+
+            log_file(name, &block)
+          end
+
+          def log_file(name, mode='a+', &block)
+            path = self.directory.join(name)
+
+            File.open(path, mode, &block)
+          end
+
+        # Formats
+        # Here comes an ugly part.
+        # Check https://github.com/sagmor/tbk/pull/21#issuecomment-38714753 for the source of this formats.
+
+        LOG_DATE_FORMAT = "%d%m%Y".freeze
+        LOG_TIME_FORMAT = "%H%M%S".freeze
+        CONFIGURATION_FILE_NAME = "tbk_config.dat".freeze
+        EVENTS_LOG_FILE_NAME_FORMAT = "TBK_EVN%s.log".freeze
+        EVENTS_LOG_FILE_DATE_FORMAT = "%Y%m%d".freeze
+        BITACORA_LOG_FILE_NAME_FORMAT = "tbk_bitacora_TR_NORMAL_%s.log".freeze
+        BITACORA_LOG_FILE_DATE_FORMAT = "%m%d".freeze
+        PAYMENT_FORMAT = <<EOF.freeze
+          ;%<pid>-12s;   ;Filtro    ;Inicio                                  ;%<date>-14s;%<date>-6s;%<request_ip>-15s;OK ;                    ;Inicio de filtrado
+          ;%<pid>-12s;   ;Filtro    ;tbk_param.txt                           ;%<date>-14s;%<date>-6s;%<request_ip>-15s;OK ;                    ;Archivo parseado
+          ;%<pid>-12s;   ;Filtro    ;Terminado                               ;%<date>-14s;%<date>-6s;%<request_ip>-15s;OK ;                    ;Datos Filtrados con exito
+%<transaction_id>-10s;%<pid>-12s;   ;pago      ;inicio                                  ;%<date>-14s;%<date>-6s;%<request_ip>-15s;OK ;%<commerce_id>-20s;Parseo realizado
+%<transaction_id>-10s;%<pid>-12s;   ;pago      ;%<webpay_server>-40s;%<date>-14s;%<date>-6s;%<request_ip>-15s;OK ;%<commerce_id>-20s;Datos en datos/tbk_config.dat
+%<transaction_id>-10s;%<pid>-12s;   ;pago      ;%<webpay_server>-40s;%<date>-14s;%<date>-6s;%<request_ip>-15s;OK ;%<commerce_id>-20s;Mac generado
+%<transaction_id>-10s;%<pid>-12s;   ;pago      ;%<webpay_server>-40s;%<date>-14s;%<date>-6s;%<request_ip>-15s;OK ;%<commerce_id>-20s;Construccion TBK_PARAM
+%<transaction_id>-10s;%<pid>-12s;   ;pago      ;%<webpay_server>-40s;%<date>-14s;%<date>-6s;%<request_ip>-15s;OK ;%<commerce_id>-20s;TBK_PARAM encriptado
+%<transaction_id>-10s;%<pid>-12s;   ;pago      ;%<webpay_server>-40s;%<date>-14s;%<date>-6s;%<request_ip>-15s;OK ;%<commerce_id>-20s;Datos listos para ser enviados
+%<transaction_id>-10s;%<pid>-12s;   ;pago      ;%<webpay_server>-40s;%<date>-14s;%<date>-6s;%<request_ip>-15s;OK ;%<commerce_id>-20s;Medio 1: Transaccion segura
+%<transaction_id>-10s;%<pid>-12s;   ;pago      ;%<webpay_server>-40s;%<date>-14s;%<date>-6s;%<request_ip>-15s;OK ;%<commerce_id>-20s;Datos validados
+%<transaction_id>-10s;%<pid>-12s;   ;pago      ;%<webpay_server>-40s;%<date>-14s;%<date>-6s;%<request_ip>-15s;OK ;%<commerce_id>-20s;Token=%<token>s
+%<transaction_id>-10s;%<pid>-12s;   ;pago      ;%<webpay_server>-40s;%<date>-14s;%<date>-6s;%<request_ip>-15s;OK ;%<commerce_id>-20s;Redireccion web
+%<transaction_id>-10s;%<pid>-12s;   ;pago      ;%<webpay_server>-40s;%<date>-14s;%<date>-6s;%<request_ip>-15s;OK ;%<commerce_id>-20s;Todo OK
+EOF
+
+        CONFIRMATION_FORMAT = <<EOF.freeze
+          ;%<pid>-12s;   ;resultado ;Desencriptando                          ;%<date>-14s;%<date>-6s;%<request_ip>-15s;OK ;                    ;TBK_PARAM desencriptado
+          ;%<pid>-12s;   ;resultado ;Validacion                              ;%<date>-14s;%<date>-6s;%<request_ip>-15s;OK ;                    ;Entidad emisora de los datos validada
+          ;%<pid>-12s;   ;resultado ;%<order_id>-40s;%<date>-14s;%<date>-6s;%<request_ip>-15s;OK ;                    ;Parseo de los datos
+          ;%<pid>-12s;   ;resultado ;%<order_id>-40s;%<date>-14s;%<date>-6s;%<request_ip>-15s;OK ;                    ;http://127.0.0.1/webpay/notify
+%<transaction_id>-10s;%<pid>-12s;   ;transacc  ;%<transaction_id>-40s;%<date>-14s;%<date>-6s;%<request_ip>-15s;OK ;%<commerce_id>-20s;conectandose al port :(80)
+%<transaction_id>-10s;%<pid>-12s;   ;resultado ;logro abrir_conexion                    ;%<date>-14s;%<date>-6s;%<request_ip>-15s; 0 ;%<commerce_id>-20s;Abrio socket para conex-com
+%<transaction_id>-10s;%<pid>-12s;   ;transacc  ;%<transaction_id>-40s;%<date>-14s;%<date>-6s;%<request_ip>-15s;OK ;%<commerce_id>-20s;POST a url http://127.0.0.1/webpay/notify
+%<transaction_id>-10s;%<pid>-12s;   ;transacc  ;%<transaction_id>-40s;%<date>-14s;%<date>-6s;%<request_ip>-15s;OK ;%<commerce_id>-20s;mensaje enviado
+          ;%<pid>-12s;   ;check_mac ;                                        ;%<date>-14s;%<date>-6s;EMPTY          ;OK ;                    ;Todo OK
+%<transaction_id>-10s;%<pid>-12s;   ;transacc  ;%<transaction_id>-40s;%<date>-14s;%<date>-6s;%<request_ip>-15s;OK ;%<commerce_id>-20s;Llego ACK del Comercio
+%<transaction_id>-10s;%<pid>-12s;   ;resultado ;%<order_id>-40s;%<date>-14s;%<date>-6s;%<request_ip>-15s;OK ;%<commerce_id>-20s;tienda acepto transaccion
+%<transaction_id>-10s;%<pid>-12s;   ;resultado ;%<order_id>-40s;%<date>-14s;%<date>-6s;%<request_ip>-15s;OK ;%<commerce_id>-20s;respuesta enviada a TBK (ACK)
+%<transaction_id>-10s;%<pid>-12s;   ;resultado ;%<order_id>-40s;%<date>-14s;%<date>-6s;%<request_ip>-15s;OK ;%<commerce_id>-20s;Todo OK
+EOF
+
+        BITACORA_FORMAT = %w{
+          ACK;
+          TBK_ORDEN_COMPRA=%<TBK_ORDEN_COMPRA>s;
+          TBK_CODIGO_COMERCIO=%<commerce_id>s;
+          TBK_TIPO_TRANSACCION=%<TBK_TIPO_TRANSACCION>s;
+          TBK_RESPUESTA=%<TBK_RESPUESTA>s;
+          TBK_MONTO=%<TBK_MONTO>s;
+          TBK_CODIGO_AUTORIZACION=%<TBK_CODIGO_AUTORIZACION>s;
+          TBK_FINAL_NUMERO_TARJETA=%<TBK_FINAL_NUMERO_TARJETA>s;
+          TBK_FECHA_CONTABLE=%<TBK_FECHA_CONTABLE>s;
+          TBK_FECHA_TRANSACCION=%<TBK_FECHA_TRANSACCION>s;
+          TBK_HORA_TRANSACCION=%<TBK_HORA_TRANSACCION>s;
+          TBK_ID_SESION=%<TBK_ID_SESION>s;
+          TBK_ID_TRANSACCION=%<TBK_ID_TRANSACCION>s;
+          TBK_TIPO_PAGO=%<TBK_TIPO_PAGO>s;
+          TBK_NUMERO_CUOTAS=%<TBK_NUMERO_CUOTAS>s;
+          TBK_VCI=%<TBK_VCI>s;
+          TBK_MAC=%<TBK_MAC>s
+        }.join(' ').freeze
+
+        CONFIGURATION_FORMAT = <<EOF.freeze
+IDCOMERCIO = %<commerce_id>s
+MEDCOM = 1
+TBK_KEY_ID = 101
+PARAMVERIFCOM = 1
+URLCGICOM = %<response_path>s
+SERVERCOM = %<server_ip>s
+PORTCOM = %<server_port>s
+WHITELISTCOM = ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz 0123456789./:=&?_
+HOST = %<server_ip>s
+WPORT = %<server_port>s
+URLCGITRA = /filtroUnificado/bp_revision.cgi
+URLCGIMEDTRA = /filtroUnificado/bp_validacion.cgi
+SERVERTRA = %<webpay_server>s
+PORTTRA = %<webpay_server_port>s
+PREFIJO_CONF_TR = HTML_
+HTML_TR_NORMAL = http://127.0.0.1/webpay/notify
+EOF
+
+      end
+    end
+  end
+end