versapay 0.0.1

data/.gitignore

@@ -0,0 +1,5 @@
+*.swp
+*.gem
+.bundle
+Gemfile.lock
+pkg/*

data/.rvmrc

@@ -0,0 +1 @@
+rvm ree

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in versapay.gemspec
+gemspec

data/Rakefile

@@ -0,0 +1,26 @@
+require "bundler/gem_tasks"
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+
+
+desc 'Test the plugin'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = true
+end
+
+desc 'Generate RDoc docs'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Versapay'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+
+task :default => :test
+

data/lib/versapay/debit_agreement.rb

@@ -0,0 +1,48 @@
+require 'rest_client'
+
+module Versapay
+  class DebitAgreement
+
+    def initialize(&block)
+      yield self if block_given?
+    end
+
+    def create(email, reference = nil, message = nil)
+      args = { "email" => email, "reference" => email, "message" => message }
+      Versapay::make_request(:post, "/api/debit_agreements.json", args)
+    end
+
+    def list_sent(page = nil)
+      args = page.nil? ? {} : { :page => page }
+      Versapay::make_request(:get, "/api/debit_agreements/sent.json", args)
+    end
+
+    def list_received(page = nil)
+      args = page.nil? ? {} : { :page => page }
+      Versapay::make_request(:get, "/api/debit_agreements/received.json", args)
+    end
+
+    def view(token)
+      Versapay::make_request(:get, "/api/debit_agreements/#{token}.json")
+    end
+
+    def approve(token, fund_token = nil)
+      args = fund_token.nil? ? {} : { :fund_token => fund_token }
+      Versapay::make_request(:post, "/api/debit_agreements/#{token}/approve.json", args)
+    end
+
+    def reject(reason)
+      ags = { "rejection_reason" => reason }
+      Versapay::make_request(:post, "/api/debit_agreements/#{token}/reject.json", args)
+    end
+
+    def cancel
+      Versapay::make_request(:post, "/api/debit_agreements/#{token}/reject.json", {})
+    end
+
+    def revoke
+      Versapay::make_request(:post, "/api/debit_agreements/#{token}/reject.json", {})
+    end
+
+  end
+end

data/lib/versapay/fund_sources.rb

@@ -0,0 +1,14 @@
+require 'rest_client'
+
+module Versapay
+  class FundSources
+
+    def initialize(&block)
+      yield self if block_given?
+    end
+
+    def list
+      Versapay::make_request(:get, "/api/funds.json")
+    end
+  end
+end

data/lib/versapay/rails_helpers.rb

@@ -0,0 +1,12 @@
+module Versapay
+  module Helpers
+    # Provides a debit agreement link
+    def debit_agreement_link_to(anchor, message = "Debit agreement", opts = {})
+      link = "https://" + Versapay::site + "/authorize?api_token=#{Versapay.token}&message=#{html_escape(message).gsub(/ /, "+")}"
+      opts.each do |k, v|
+        link += "&#{k}=#{html_escape(v)}"
+      end
+      "<a href=\"#{link}\">#{anchor}</a>"
+    end
+  end
+end

data/lib/versapay/transactions.rb

@@ -0,0 +1,31 @@
+require 'rest_client'
+
+module Versapay
+  class Transactions
+
+    def initialize(&block)
+      yield self if block_given?
+    end
+
+    def create
+    end
+
+    def list(page = nil)
+      args = page.nil? ? {} : { :page => page }
+      Versapay::make_request(:get, "/api/transactions/sent.json", args)
+    end
+
+    def view(token)
+      Versapay::make_request(:get, "/api/transactions/#{token}.json")
+    end
+
+    def approve(token)
+      Versapay::make_request(:post, "/api/transactions/#{token}/approve.json")
+    end
+
+    def cancel(token)
+      Versapay::make_request(:post, "/api/transactions/#{token}/cancel.json")
+    end
+
+  end
+end

data/lib/versapay/version.rb

@@ -0,0 +1,3 @@
+module Versapay
+  VERSION = "0.0.1"
+end

data/lib/versapay/webhooks.rb

@@ -0,0 +1,99 @@
+require 'openssl'
+require 'erb'
+require 'base64'
+
+class ActionController::Base
+  def self.check_versapay_signatures(key, *args)
+    before_filter lambda { |controller| check_versapay_signature(key, controller)}, *args
+  end
+
+  def self.check_versapay_signature(key, controller)
+    # Save the signature first
+    signature = controller.request.parameters["signature"]
+
+    # Only want the parameters passed from VP, and no sig
+    params = controller.request.parameters.dup
+    ["action", "controller", "signature"].each { |k| params.delete(k) }
+
+    url = controller.request.url.gsub /\?.*/, ""
+    check = Versapay::WebhookSignature.hmac(controller.request.method, url, key, params)
+    unless logger.nil?  then
+      logger.warn "============="
+      logger.warn controller.request.method
+      logger.warn url
+      logger.warn key
+      logger.warn params.inspect
+    end
+
+    if check == signature
+      true
+    else
+      raise Versapay::InvalidWebhookSignature
+    end
+  end
+end
+
+module Versapay
+  class WebhookSignature
+    include ERB::Util
+    
+    attr_reader :signature
+    alias :to_s :signature
+    
+    def self.hmac(*args)
+      new(*args).to_s
+    end
+    
+    # @param [Symbol, String] method The HTTP method of the request (:get, :post)
+    # @param [String] url The URL that the request is going to
+    # @param [String] key The private key to be used for signing
+    # @param [Hash] attributes The hash of attributes that will be sent in the request 
+    def initialize(method, url, key, attributes)
+      @method     = method
+      @url        = url
+      @key        = key
+      @attributes = attributes
+      @signature  = generate_signature
+    end
+    
+    private
+    
+    # HMAC of the request in the following format.
+    # Attributes are sorted by byte size.
+    # Finally, it is Base64'd and url encoded.
+    #
+    #  POST\n
+    #  https://secure.versapay.com/transactions\n
+    #  account_typebusinesuser[first_name]Johnuser[last_name]doe
+    #
+    def generate_signature
+      hmac = OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, @key, hmac_string)
+      url_encode Base64.encode64(hmac)
+    end
+    
+    def hmac_string
+      str =  "#{@method.to_s.upcase}\n"
+      str << "#{@url}\n"
+      str << sorted_attribute_string
+    end
+      
+    def sorted_attribute_string
+      return "" if @attributes.empty?
+      nested_keys(@attributes).join
+    end
+    
+    # Nested keys flattens nested hashes like :to_query ie. transaction[type]
+    # This is useful to support request signing when, for example, requests are sent as XML 
+    def nested_keys(hash, namespace=nil, result=[])
+      hash.stringify_keys.each do |key,value|
+        current_key = namespace ? "#{namespace}[#{key}]" : key
+        if value.is_a?(Hash)
+          nested_keys(value, current_key, result)
+        else
+          result << [current_key, value]
+        end
+      end
+      result.sort_by {|k,v| k}
+    end
+  end
+end

data/lib/versapay.rb

@@ -0,0 +1,59 @@
+require "versapay/version"
+
+require "versapay/rails_helpers"
+require "versapay/webhooks"
+require "versapay/debit_agreement"
+require "versapay/fund_sources"
+require "versapay/transactions"
+
+module Versapay
+
+  class InvalidInput < Exception; end
+  class InvalidWebhookSignature < Exception; end
+  class Unprocessable < Exception; end
+  class NotFound < Exception; end
+
+  class << self
+    attr_accessor :token, :key
+  end
+
+  @@token = "PleaseOverrideYourToken"
+  @@key = "PleaseOverriedYourKey"
+
+  def self.site
+    Rails.env.production? ? "secure.versapay.com" : "demo.versapay.com"
+  end
+
+
+  def self.make_request(method, url, args = {})
+    if method == :get then
+      RestClient.get("https://#{Versapay.token}:#{Versapay.key}@" + Versapay::site + url, {:params => args}) do |response, request, result, &block|
+        case response.code
+        when 200
+          return JSON.parse(response)
+        when 422
+          raise Versapay::Unprocessable
+        when 500
+          raise Versapay::NotFound
+        end
+      end
+    end
+
+    if method == :post then
+      RestClient.post("https://#{Versapay.token}:#{Versapay.key}@" + Versapay::site + url, args.to_json, :content_type => :json, :accept => :json) do |response, request, result, &block|
+        case response.code
+        when 200,201
+          return JSON.parse(response)
+        when 412
+          raise Versapay::InvalidInput #(JSON.parse(response))
+        when 422
+          raise Versapay::Unprocessable
+        when 500
+          raise Versapay::NotFound
+        end
+      end
+    end
+
+
+  end
+end

data/test/basic_test.rb

@@ -0,0 +1,9 @@
+require 'test_helper'
+
+class BasicTest < ActiveSupport::TestCase
+
+  test "foo" do
+    assert_equal "0.0.1", Versapay::VERSION
+  end
+
+end

data/test/debit_agreements_test.rb

@@ -0,0 +1,68 @@
+require 'test_helper'
+
+class DebitAgreementsTest < ActionView::TestCase
+
+  def setup
+    Versapay.key = "mykey"
+    Versapay.token = "mytoken"
+  #Versapay.key = "EDe3Uflbesam5PnfNFPO"
+  #Versapay.token = "1kkOYn_uA6KWNjejFka1"
+    
+    @v = Versapay::DebitAgreement.new
+    FakeWeb.register_uri(:any, "https://demo.versapay.com", :body => "response for any HTTP method", :status => ["500", "bad test"])
+  end
+
+  test "creating a transaction with valid details" do
+    body = "{\"type\":\"debit_agreement\",\"state\":\"pending\",\"created_by_account\":\"wavepayrolltest\",\"token\":\"3HKJLAS2B12W\",\"message\":\"\",\"created_by_user\":\"1kkOYn_uA6KWNjejFka1\",\"reference\":\"test@example.com\",\"email\":\"test@example.com\",\"name\":\"\"}"
+    FakeWeb.register_uri(:post, "https://mytoken:mykey@demo.versapay.com/api/debit_agreements.json", :body => body)
+    results = @v.create("test@example.com")
+    assert_equal Hash, results.class
+    assert_equal "pending", results["state"]
+  end
+
+  test "creating a transaction with missing information" do
+    body = "{\"email\":\"invalid\"}"
+    FakeWeb.register_uri(:post, "https://mytoken:mykey@demo.versapay.com/api/debit_agreements.json", :body => body, :status => ["412", "Invalid input"])
+    assert_raises Versapay::InvalidInput do
+      results = @v.create("test")
+    end
+  end
+
+  test "viewing a transaction's details" do
+    body = "{\"type\":\"debit_agreement\",\"state\":\"approved\",\"created_by_account\":\"wavepayrolltest\",\"token\":\"83F2W2K2FJFV\",\"message\":\"blah\",\"created_by_user\":\"1kkOYn_uA6KWNjejFka1\",\"reference\":\"BAhpBg==--7e0a441bda1b04f5b985fa654d357071bb9b32d1\",\"email\":\"jimbob@smallpayroll.ca\",\"name\":\"Jim Bob\"}" 
+    FakeWeb.register_uri(:get, "https://mytoken:mykey@demo.versapay.com/api/debit_agreements/83F2W2K2FJFV.json", :body => body)
+    results = @v.view("83F2W2K2FJFV")
+
+    assert_equal Hash, results.class
+    assert_equal "debit_agreement", results["type"]
+  end
+  
+  test "viewing an invalid transaction's details" do
+    body = "Not found"
+    FakeWeb.register_uri(:get, "https://mytoken:mykey@demo.versapay.com/api/debit_agreements/83F2W2K2FXXX.json", :body => body, :status => ["500", "Not found"])
+    assert_raises Versapay::NotFound do
+      @v.view("83F2W2K2FXXX")
+    end
+  end
+  
+  test "listing sent transactions when there are none" do
+    body = "[]"
+    FakeWeb.register_uri(:get, "https://mytoken:mykey@demo.versapay.com/api/debit_agreements/sent.json", :body => body)
+    results = @v.list_sent
+    assert_equal Array, results.class
+    assert_equal 0, results.size
+
+  end
+
+  test "listing sent transactions when there are some" do
+    body = "[{\"type\":\"debit_agreement\",\"state\":\"approved\",\"created_by_account\":\"wavepayrolltest\",\"token\":\"83F2W2K2FJFV\",\"message\":\"blah\",\"created_by_user\":\"1kkOYn_uA6KWNjejFka1\",\"reference\":\"BAhpBg==--7e0a441bda1b04f5b985fa654d357071bb9b32d1\",\"email\":\"jimbob@smallpayroll.ca\",\"name\":\"Jim Bob\"},{\"type\":\"debit_agreement\",\"state\":\"approved\",\"created_by_account\":\"wavepayrolltest\",\"token\":\"6DCKWXXF1A51\",\"message\":\"blah\",\"created_by_user\":\"1kkOYn_uA6KWNjejFka1\",\"reference\":\"BAhpBg==--7e0a441bda1b04f5b985fa654d357071bb9b32d1\",\"email\":\"jimbob@smallpayroll.ca\",\"name\":\"Jim Bob\"},{\"type\":\"debit_agreement\",\"state\":\"revoked\",\"created_by_account\":\"wavepayrolltest\",\"token\":\"7VBJRS7TKLIL\",\"message\":\"blah\",\"created_by_user\":\"1kkOYn_uA6KWNjejFka1\",\"reference\":\"BAhpBg==--7e0a441bda1b04f5b985fa654d357071bb9b32d1\",\"email\":\"fredsmith@smallpayroll.ca\",\"name\":\"Fred Smith\"},{\"type\":\"debit_agreement\",\"state\":\"revoked\",\"created_by_account\":\"wavepayrolltest\",\"token\":\"6YI3MTVMY918\",\"message\":\"blah\",\"created_by_user\":\"1kkOYn_uA6KWNjejFka1\",\"reference\":null,\"email\":\"fredsmith@smallpayroll.ca\",\"name\":\"Fred Smith\"},{\"type\":\"debit_agreement\",\"state\":\"revoked\",\"created_by_account\":\"wavepayrolltest\",\"token\":\"1AYAG5T762TJ\",\"message\":\"blah\",\"created_by_user\":\"1kkOYn_uA6KWNjejFka1\",\"reference\":null,\"email\":\"fredsmith@smallpayroll.ca\",\"name\":\"Fred Smith\"},{\"type\":\"debit_agreement\",\"state\":\"cancelled\",\"created_by_account\":\"wavepayrolltest\",\"token\":\"7IN4ALWCXKJG\",\"message\":\"blah\",\"created_by_user\":\"1kkOYn_uA6KWNjejFka1\",\"reference\":null,\"email\":\"fredsmith@smallpayroll.ca\",\"name\":\"Fred Smith\"},{\"type\":\"debit_agreement\",\"state\":\"revoked\",\"created_by_account\":\"wavepayrolltest\",\"token\":\"4RQ58W5B4M1W\",\"message\":\"blah\",\"created_by_user\":\"1kkOYn_uA6KWNjejFka1\",\"reference\":null,\"email\":\"fredsmith@smallpayroll.ca\",\"name\":\"Fred Smith\"}]"
+    FakeWeb.register_uri(:get, "https://mytoken:mykey@demo.versapay.com/api/debit_agreements/sent.json", :body => body)
+    results = @v.list_sent
+    assert_equal Array, results.class
+    assert_equal 7, results.size
+  end
+
+end
+
+########
+# When testing a transaction involving a post, ensure the data is in json and the content-type is application/json

data/test/fund_sources_test.rb

@@ -0,0 +1,24 @@
+require 'test_helper'
+
+class FundSourcesTest < ActionView::TestCase
+
+  def setup
+    Versapay.key = "mykey"
+    Versapay.token = "mytoken"
+    
+    @v = Versapay::FundSources.new
+    FakeWeb.register_uri(:any, "https://demo.versapay.com", :body => "response for any HTTP method", :status => ["500", "bad test"])
+  end
+
+  test "viewing a list of fund sources" do
+    body = "[{\"type\":\"bank_account\",\"state\":\"verified\",\"token\":\"BA8SWGUV931J\",\"name\":\"THE TORONTO-DOMINION BANK (9012)\"},{\"type\":\"balance\",\"token\":\"VPB3IRX9AZYA\",\"name\":\"VersaPay Account\"}]"
+    FakeWeb.register_uri(:get, "https://mytoken:mykey@demo.versapay.com/api/funds.json", :body => body)
+    results = @v.list
+
+    assert_equal Array, results.class
+    assert_equal "verified", results[0]["state"]
+    assert_equal "VersaPay Account", results[1]["name"]
+  end
+  
+end
+

data/test/helper_test.rb

@@ -0,0 +1,18 @@
+require 'test_helper'
+
+class HelperTest < ActionView::TestCase
+
+  tests Versapay::Helpers
+
+
+  test "creating a debit agreement link" do
+    expected = '<a href="https://demo.versapay.com/authorize?api_token=' + Versapay::token + '&message=Testing+123">test</a>'
+    assert_equal expected, debit_agreement_link_to("test", "Testing 123")
+  end
+
+  test "creating a debit agreement link with extra options" do
+    expected = '<a href="https://demo.versapay.com/authorize?api_token=' + Versapay::token + '&message=Testing+123&reference=abc123">test</a>'
+    assert_equal expected, debit_agreement_link_to("test", "Testing 123", {:reference => "abc123"})
+  end
+
+end

data/test/test_helper.rb

@@ -0,0 +1,21 @@
+require 'test/unit'
+require 'rubygems'
+require 'action_controller'
+require 'active_support'
+require 'active_support/test_case'
+require 'action_view'
+require 'action_view/test_case'
+require 'fakeweb'
+require 'awesome_print'
+
+require 'versapay'
+
+Versapay.token = "abc"
+
+module Rails
+  class << self
+    def env
+      @_env ||= ActiveSupport::StringInquirer.new(ENV["RAILS_ENV"] || ENV["RACK_ENV"] || "test")
+    end
+  end
+end

data/test/transactions.test.rb

@@ -0,0 +1,49 @@
+require 'test_helper'
+
+class TransactionsTest < ActionView::TestCase
+
+  def setup
+    Versapay.key = "mykey"
+    Versapay.token = "mytoken"
+    @v = Versapay::DebitAgreement.new
+    FakeWeb.register_uri(:any, "https://demo.versapay.com", :body => "response for any HTTP method", :status => ["500", "bad test"])
+  end
+
+  test "viewing a transaction's details" do
+    body = "{\"type\":\"debit_agreement\",\"state\":\"approved\",\"created_by_account\":\"wavepayrolltest\",\"token\":\"83F2W2K2FJFV\",\"message\":\"blah\",\"created_by_user\":\"1kkOYn_uA6KWNjejFka1\",\"reference\":\"BAhpBg==--7e0a441bda1b04f5b985fa654d357071bb9b32d1\",\"email\":\"jimbob@smallpayroll.ca\",\"name\":\"Jim Bob\"}" 
+    FakeWeb.register_uri(:get, "https://mytoken:mykey@demo.versapay.com/api/debit_agreements/83F2W2K2FJFV.json", :body => body)
+    results = @v.view("83F2W2K2FJFV")
+
+    assert_equal Hash, results.class
+    assert_equal "debit_agreement", results["type"]
+  end
+  
+  test "viewing an invalid transaction's details" do
+    body = "Not found"
+    FakeWeb.register_uri(:get, "https://mytoken:mykey@demo.versapay.com/api/debit_agreements/83F2W2K2FXXX.json", :body => body, :status => ["500", "Not found"])
+    assert_raises Versapay::NotFound do
+      @v.view("83F2W2K2FXXX")
+    end
+  end
+  
+  test "listing sent transactions when there are none" do
+    body = "[]"
+    FakeWeb.register_uri(:get, "https://mytoken:mykey@demo.versapay.com/api/debit_agreements/sent.json", :body => body)
+    results = @v.list_sent
+    assert_equal Array, results.class
+    assert_equal 0, results.size
+
+  end
+
+  test "listing sent transactions when there are some" do
+    body = "[{\"type\":\"debit_agreement\",\"state\":\"approved\",\"created_by_account\":\"wavepayrolltest\",\"token\":\"83F2W2K2FJFV\",\"message\":\"blah\",\"created_by_user\":\"1kkOYn_uA6KWNjejFka1\",\"reference\":\"BAhpBg==--7e0a441bda1b04f5b985fa654d357071bb9b32d1\",\"email\":\"jimbob@smallpayroll.ca\",\"name\":\"Jim Bob\"},{\"type\":\"debit_agreement\",\"state\":\"approved\",\"created_by_account\":\"wavepayrolltest\",\"token\":\"6DCKWXXF1A51\",\"message\":\"blah\",\"created_by_user\":\"1kkOYn_uA6KWNjejFka1\",\"reference\":\"BAhpBg==--7e0a441bda1b04f5b985fa654d357071bb9b32d1\",\"email\":\"jimbob@smallpayroll.ca\",\"name\":\"Jim Bob\"},{\"type\":\"debit_agreement\",\"state\":\"revoked\",\"created_by_account\":\"wavepayrolltest\",\"token\":\"7VBJRS7TKLIL\",\"message\":\"blah\",\"created_by_user\":\"1kkOYn_uA6KWNjejFka1\",\"reference\":\"BAhpBg==--7e0a441bda1b04f5b985fa654d357071bb9b32d1\",\"email\":\"fredsmith@smallpayroll.ca\",\"name\":\"Fred Smith\"},{\"type\":\"debit_agreement\",\"state\":\"revoked\",\"created_by_account\":\"wavepayrolltest\",\"token\":\"6YI3MTVMY918\",\"message\":\"blah\",\"created_by_user\":\"1kkOYn_uA6KWNjejFka1\",\"reference\":null,\"email\":\"fredsmith@smallpayroll.ca\",\"name\":\"Fred Smith\"},{\"type\":\"debit_agreement\",\"state\":\"revoked\",\"created_by_account\":\"wavepayrolltest\",\"token\":\"1AYAG5T762TJ\",\"message\":\"blah\",\"created_by_user\":\"1kkOYn_uA6KWNjejFka1\",\"reference\":null,\"email\":\"fredsmith@smallpayroll.ca\",\"name\":\"Fred Smith\"},{\"type\":\"debit_agreement\",\"state\":\"cancelled\",\"created_by_account\":\"wavepayrolltest\",\"token\":\"7IN4ALWCXKJG\",\"message\":\"blah\",\"created_by_user\":\"1kkOYn_uA6KWNjejFka1\",\"reference\":null,\"email\":\"fredsmith@smallpayroll.ca\",\"name\":\"Fred Smith\"},{\"type\":\"debit_agreement\",\"state\":\"revoked\",\"created_by_account\":\"wavepayrolltest\",\"token\":\"4RQ58W5B4M1W\",\"message\":\"blah\",\"created_by_user\":\"1kkOYn_uA6KWNjejFka1\",\"reference\":null,\"email\":\"fredsmith@smallpayroll.ca\",\"name\":\"Fred Smith\"}]"
+    FakeWeb.register_uri(:get, "https://mytoken:mykey@demo.versapay.com/api/debit_agreements/sent.json", :body => body)
+    results = @v.list_sent
+    assert_equal Array, results.class
+    assert_equal 7, results.size
+  end
+
+end
+
+########
+# When testing a transaction involving a post, ensure the data is in json and the content-type is application/json

data/test/webhook_test.rb

@@ -0,0 +1,75 @@
+require 'test_helper'
+
+class WebhookTest < ActionView::TestCase
+
+  test "signature generation" do
+    params = {
+                "created_by_user" => "699cMPe6BAyqvVsZA5mo",
+                "email" => "user@example.com",
+                "from_fund" => "THE TORONTO-DOMINION BANK",
+                "link_url" => "",
+                "message" => "",
+                "type" => "transaction",
+                "state" => "completed",
+                "to_account" => "Example user",
+                "amount_in_cents" => "500",
+                "token" => "5TH3ACC3AU21",
+                "from_account" => "First1 Last1",
+                "transaction_type" => "send_money",
+                "transaction_reference" => "",
+    }
+
+    method = :post
+    url = "http://example.com/versapay"
+    key = "v7aJHjbbxASKiwDW5wq6"
+
+    assert_equal "w17XQBan8r%2BdtdvGQpa5HRAF8fRXJwKV9yUo4KXLl8E%3D%0A", Versapay::WebhookSignature.hmac(method, url, key, params)
+    assert_equal "w17XQBan8r%2BdtdvGQpa5HRAF8fRXJwKV9yUo4KXLl8E%3D%0A", Versapay::WebhookSignature.new(method, url, key, params).signature
+  end
+
+  test "signature generation 2" do
+    params = {
+      "name"  =>  "Fred Smith",
+      "reference" => "",
+      "token" => "7IN4ALWCXKJG",
+      "created_by_account"  => "wavepayrolltest",
+      "type"  => "debit_agreement",
+      "created_by_user" => "1kkOYn_uA6KWNjejFka1",
+      "message" => "blah",
+      "state" => "cancelled",
+      "email" => "fredsmith@smallpayroll.ca"
+      
+    }
+
+    method = :post
+    url = "http://home.ertw.com:3434/webhooks/versapay"
+    key = "76pppukB4HHkWt1U_V4-"
+    assert_equal "qL2vrB4nva8E1xh%2FDe83yCvXBNpQqoRTOi0p4gVI9xo%3D%0A", Versapay::WebhookSignature.hmac(method, url, key, params)
+  end
+
+  class TestController < ActionController::Base
+    check_versapay_signatures "v7aJHjbbxASKiwDW5wq6"
+
+    def index
+      render :text => "success"
+    end
+  end
+
+  def setup
+    @controller = TestController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+    ActionController::Routing::Routes.add_named_route :foo, '/foo', :controller => 'webhook_test/test', :action => 'index'
+  end
+
+  test "a valid webhook signature" do
+    post :index, { "blah" => "aaa", "signature" => "1Sz%2BgPS%2FO8%2BjwyBm7XQbNJ5f2DxHc3Qliysa8BKJ7aE%3D%0A" }
+    assert_equal "success", @response.body
+  end
+  
+  test "an invalid webhook signature" do
+    post :index, { "blah" => "aab", "signature" => "1Sz%2BgPS%2FO8%2BjwyBm7XQbNJ5f2DxHc3Qliysa8BKJ7aE%3D%0A" }
+    assert_not_equal "success", @response.body
+  end
+
+end

data/versapay.gemspec

@@ -0,0 +1,28 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "versapay/version"
+
+Gem::Specification.new do |s|
+  s.name        = "versapay"
+  s.version     = Versapay::VERSION
+  s.authors     = ["Sean Walberg"]
+  s.email       = ["sean@ertw.com"]
+  s.homepage    = ""
+  s.summary     = %q{A gem to use the Versapay API}
+  s.description = %q{A gem to use the Versapay API}
+
+  s.rubyforge_project = "versapay"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  # specify any dependencies here; for example:
+  s.add_development_dependency "rails", "2.3.11"
+  s.add_development_dependency "activesupport", "2.3.11"
+  s.add_development_dependency "fakeweb"
+  s.add_development_dependency "awesome_print"
+  s.add_runtime_dependency "json"
+  s.add_runtime_dependency "rest-client"
+end

metadata

@@ -0,0 +1,179 @@
+--- !ruby/object:Gem::Specification 
+name: versapay
+version: !ruby/object:Gem::Version 
+  hash: 29
+  prerelease: 
+  segments: 
+  - 0
+  - 0
+  - 1
+  version: 0.0.1
+platform: ruby
+authors: 
+- Sean Walberg
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-09-08 00:00:00 -05:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rails
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - "="
+      - !ruby/object:Gem::Version 
+        hash: 21
+        segments: 
+        - 2
+        - 3
+        - 11
+        version: 2.3.11
+  type: :development
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: activesupport
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - "="
+      - !ruby/object:Gem::Version 
+        hash: 21
+        segments: 
+        - 2
+        - 3
+        - 11
+        version: 2.3.11
+  type: :development
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: fakeweb
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency 
+  name: awesome_print
+  prerelease: false
+  requirement: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id004
+- !ruby/object:Gem::Dependency 
+  name: json
+  prerelease: false
+  requirement: &id005 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id005
+- !ruby/object:Gem::Dependency 
+  name: rest-client
+  prerelease: false
+  requirement: &id006 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id006
+description: A gem to use the Versapay API
+email: 
+- sean@ertw.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- .gitignore
+- .rvmrc
+- Gemfile
+- Rakefile
+- lib/versapay.rb
+- lib/versapay/debit_agreement.rb
+- lib/versapay/fund_sources.rb
+- lib/versapay/rails_helpers.rb
+- lib/versapay/transactions.rb
+- lib/versapay/version.rb
+- lib/versapay/webhooks.rb
+- test/basic_test.rb
+- test/debit_agreements_test.rb
+- test/fund_sources_test.rb
+- test/helper_test.rb
+- test/test_helper.rb
+- test/transactions.test.rb
+- test/webhook_test.rb
+- versapay.gemspec
+has_rdoc: true
+homepage: ""
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: versapay
+rubygems_version: 1.6.2
+signing_key: 
+specification_version: 3
+summary: A gem to use the Versapay API
+test_files: 
+- test/basic_test.rb
+- test/debit_agreements_test.rb
+- test/fund_sources_test.rb
+- test/helper_test.rb
+- test/test_helper.rb
+- test/transactions.test.rb
+- test/webhook_test.rb