webtopay 1.2.1 → 1.6.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: ff4f52a85253c3642d03c9f73fbdea3b6078a47c
+  data.tar.gz: 9bfca8246d27fc7d85e7924520acf2f476594b06
+SHA512:
+  metadata.gz: dbfac9082c0800b94d4052ab6e9c21a691c2ef2308d1634253722ec7e28cc3c1df3c8a52a93406b372b9bc6c7b59970606a1cf4bbc7f71f1641966162200a0e8
+  data.tar.gz: 12ad2c8eaad9d42bd1e1fe325b7f5f28761e1c812392c232e08bd8a296ff912528c7ee6a95b0b7860cd1d92190be8e82ed790c0dc32a53558ed835b4397cae31

data/.gitignore

@@ -2,3 +2,4 @@
 .bundle
 Gemfile.lock
 pkg/*
+spec/dummy/log/test.log

data/README.md

@@ -0,0 +1,145 @@
+# WebToPay
+
+It is a gem which could be very useful on working with https://www.webtopay.com/ (https://www.mokejimai.lt/) billing system.
+The main function of this gem is protection against forgeries that could be done by sending required parameters to the application and getting services without paying for free.
+This gem could be integrated with both billing types - MACRO (VISA, MasterCard, banks etc.) and MICRO (SMS, phone calls etc.).
+
+*It works with OpenSSL so be sure that you have installed all necessary libs or modules on your system.
+
+## Installation
+
+Add to your gemfile:
+
+```ruby
+gem "webtopay", github: 'bloomrain'
+```
+
+## Configuration
+
+Create initializer
+config/initializers/webtopay.rb
+
+```ruby
+WebToPay.configure do |config|
+  config.project_id     = 00000
+  config.sign_password  = 'your sign password'
+end
+```
+
+## Basic usage
+
+Add this to your controller:
+```ruby
+  webtopay :confirm_order, ...
+
+  def confirm_order
+    # do some ordering stuff here...
+    render text: "ok" # response with value "ok" is necessary
+  end
+```
+
+Add this in your view:
+Or if need only order confirmation button (no action in controller needed:
+```erb
+  <%= webtopay_confirm_button("Buy", {amount: 2000, p_name: "Jonas", callback_url: confirm_order_url, ... })
+```
+
+
+## Advanced usage
+
+If you want more control you can use this:
+```ruby
+  before_filter :webtopay, only:[:controller_method1, :controller_method2] ...
+```
+instead of:
+```ruby
+  webtopay :controller_method1, :controller_method2 ...
+```
+
+### Response validation
+
+By default only projectid and sign fields are validated. It is highly recommended to check that order specific params
+(like paid money amount) also matches params in response.
+To specify which fields you want to validate add this method in controller:
+
+```ruby
+  def webtopay_expected_params(webtopay_params) # webtopay_params is a hash returned from mokejimai.lt
+    order = Order.find(webtopay_params[:orderid])
+    { # hash keys should be the same as in mokejimai.lt specification
+      p_email: order.user_email,
+      amount: order.price_in_cents,
+      # ... and any other fields that we save in database
+    }
+  end
+```
+
+### On invalid response
+
+If response is invalid then exception will be raised. To change this behavior add this to controller:
+```ruby
+  def webtopay_failed_validation_response(api_response) # api_response is instance of WebToPay::Response
+    render json: api_response.errors # default behavior: raise api_response.errors.first
+  end
+```
+
+### Payment form
+
+You can generate payment form like this
+
+```erb
+<%= form_for WebToPay::Payment.new, url: order_products_path do |f| %>
+  <%= f.text_field :p_name %>
+  <%= f.text_field :p_surname %>
+  <%= f.text_field :p_email %>
+  ... any other fields you like (for complete field list please read mokejimai.lt api specification) ...
+  <%= f.submit "test paying" %>
+<% end %>
+```
+
+Then in your controller
+```ruby
+  class ProductsController < ApplicationController
+    def order
+      # do some order stuff here ...
+      @payment = WebToPay::Payment(params[:web_to_pay_payment])
+      redirect_to @payment.url
+    end
+  end
+```
+
+Or if need only order confirmation button (no action in controller needed:
+```erb
+  <%= webtopay_confirm_button("Buy", {amount: 2000, p_name: "Jonas"})
+```
+
+## Examples
+
+These code slices will protect your controller actions, which work with webtopay.com billing, against forgeries.
+
+### Usage for MICRO and MACRO billing on controller.
+
+```ruby
+  webtopay :activate_user, :confirm_cart # You can add here as many actions as you want
+
+  def activate_user
+    # write here code which do some stuff
+    render :text => "Your user has been successfully activated. Thank you!" # it sends SMS answer
+  end
+  
+  def confirm_cart
+    # write here code which do some stuff
+    render :text => "ok" # it sends successful answer to webtopay.com crawler
+  end
+```
+
+
+TODO
+===========
+
+1. Write more clear documentation with real examples
+2. Write unit tests for each billing method (requires some testing data from https://www.webtopay.com/)
+3. Validate Api request by ss2 param
+4. Check if mikro payments works well
+
+===========
+Copyright (c) 2009 Kristijonas Urbaitis, released under the MIT license

data/lib/webtopay.rb

@@ -1,10 +1,13 @@
 require 'webtopay/exception'
 require 'webtopay/configuration'
-require 'webtopay/api'
+require 'webtopay/payment'
+require 'webtopay/response'
 require 'webtopay_controller'
 require 'webtopay_helper'
 
 module WebToPay
+  API_VERSION = '1.6'
+
   class << self
     attr_accessor :config
 
@@ -16,5 +19,4 @@ module WebToPay
 end
 
 ActionController::Base.send(:include, WebToPayController)
-ActionView::Base.send(:include, WebToPayHelper)
-
+ActionView::Base.send(:include, WebToPayHelper)

data/lib/webtopay/exception.rb

@@ -1,5 +1,5 @@
 module WebToPay
-  class Exception < ::Exception
+  class Exception < ::StandardError
     # Missing field.
     E_MISSING = 1
 
@@ -22,5 +22,15 @@ module WebToPay
     E_SMS_ANSWER = 7
 
     attr_accessor :code, :field_name
+
+    def as_json(options = {})
+      {
+        error: {
+          message: message,
+          field_name: field_name,
+          code: code
+        }
+      }
+    end
   end
 end

data/lib/webtopay/payment.rb

@@ -0,0 +1,45 @@
+class WebToPay::Payment
+  ATTRIBUTES = [:projectid, :orderid, :lang, :amount, :currency, :accepturl, :cancelurl, :callbackurl,
+                :country, :paytext, :p_email, :p_name, :p_surname, :payment, :test, :version]
+  attr_accessor *ATTRIBUTES
+
+  extend ActiveModel::Naming
+  include ActiveModel::AttributeMethods
+
+  def initialize(params = {}, user_params = {})
+    self.version = WebToPay::API_VERSION
+    self.projectid = user_params[:projectid] || WebToPay.config.project_id
+    @sign_password = user_params[:sign_password] || WebToPay.config.sign_password
+
+    params.each_pair do |field, value|
+      self.public_send("#{field}=", value)
+    end
+  end
+
+  def query
+    @query ||= begin
+      query = []
+      ATTRIBUTES.each do |field|
+        value = self.public_send(field)
+        next if value.blank?
+        query << "#{field}=#{ CGI::escape value.to_s}"
+      end
+      query.join('&')
+    end
+  end
+
+  def data # encoded query
+    @data ||= Base64.encode64(query).gsub("\n", '').gsub('/', '+').gsub('_', '-')
+  end
+
+  def url
+    "https://www.mokejimai.lt/pay?data=#{CGI::escape data}&sign=#{CGI::escape sign}"
+  end
+
+  def sign
+    Digest::MD5.hexdigest(data + @sign_password)
+  end
+
+  def to_key
+  end
+end

data/lib/webtopay/response.rb

@@ -0,0 +1,198 @@
+class WebToPay::Response
+  PREFIX = "wp_"
+  SPECS_BY_TYPE = {
+      # Array structure:
+      # * name       – request item name.
+      # * maxlen     – max allowed value for item.
+      # * required   – is this item is required in response.
+      # * mustcheck  – this item must be checked by user.
+      # * isresponse – if false, item must not be included in response array.
+      # * regexp     – regexp to test item value.
+      makro: [
+          [ :projectid,       11,     true,   true,   true,  /^\d+$/ ],
+          [ :orderid,         40,     false,  false,  true,  '' ],
+          [ :lang,            3,      false,  false,  true,  /^[a-z]{3}$/i ],
+          [ :amount,          11,     false,  false,  true,  /^\d+$/ ],
+          [ :currency,        3,      false,  false,  true,  /^[a-z]{3}$/i ],
+          [ :payment,         20,     false,  false,  true,  '' ],
+          [ :country,         2,      false,  false,  true,  /^[a-z]{2}$/i ],
+          [ :paytext,         0,      false,  false,  true,  '' ],
+          [ :ss2,             0,      true,   false,  true,  '' ],
+          [ :ss1,             0,      false,  false,  true,  '' ],
+          [ :name,            255,    false,  false,  true,  '' ],
+          [ :surename,        255,    false,  false,  true,  '' ],
+          [ :status,          255,    false,  false,  true,  '' ],
+          [ :error,           20,     false,  false,  true,  '' ],
+          [ :test,            1,      false,  false,  true,  /^[01]$/ ],
+          [ :p_email,         0,      false,  false,  true,  '' ],
+          [ :payamount,       0,      false,  false,  true,  '' ],
+          [ :paycurrency,     0,      false,  false,  true,  '' ],
+          [ :version,         9,      true,   false,  true,  /^\d+\.\d+$/ ],
+          [ :sign_password,   255,    false,  true,   false, '' ]
+      ],
+
+      # Specification array for mikro response.
+      #
+      # Array structure:
+      # * name       – request item name.
+      # * maxlen     – max allowed value for item.
+      # * required   – is this item is required in data.
+      # * mustcheck  – this item must be checked by user.
+      # * isresponse – if false, item must not be included in response array.
+      # * regexp     – regexp to test item value.
+      mikro: [
+        [ :to,              0,      true,   false,  true,  '' ],
+        [ :sms,             0,      true,   false,  true,  '' ],
+        [ :from,            0,      true,   false,  true,  '' ],
+        [ :operator,        0,      true,   false,  true,  '' ],
+        [ :amount,          0,      true,   false,  true,  '' ],
+        [ :currency,        0,      true,   false,  true,  '' ],
+        [ :country,         0,      true,   false,  true,  '' ],
+        [ :id,              0,      true,   false,  true,  '' ],
+        [ :_ss2,            0,      true,   false,  true,  '' ],
+        [ :_ss1,            0,      true,   false,  true,  '' ],
+        [ :test,            0,      true,   false,  true,  '' ],
+        [ :key,             0,      true,   false,  true,  '' ],
+        #[ :version,         9,      true,   false,  true,  /^\d+\.\d+$/ ]
+      ]
+  }
+
+  attr_reader :query, :user_data, :errors, :project_id
+  attr_accessor :data, :ss1, :ss2
+
+  def initialize(params, user_params = {})
+    params.each_pair do |field, value|
+      self.public_send("#{field}=", value)
+    end
+    @sign_password = user_params[:sign_password] || WebToPay.config.sign_password
+    @project_id = user_params[:projectid] || WebToPay.config.project_id
+    @errors = []
+  end
+
+  def query
+    @query ||= begin
+      data = self.data || ''
+      Base64.decode64( data.gsub('-', '+').gsub('_', '/') )
+    end
+  end
+
+  def query_params
+    @query_params ||= begin
+      params = CGI::parse(query)
+      params.each_pair do |key, value|
+        params[key] = value.first
+      end
+      params.merge(ss1: ss1, ss2: ss2).with_indifferent_access
+    end
+  end
+
+  def valid?(params = {})
+    @errors = []
+    params = {
+        projectid: @project_id
+    }.merge(params)
+
+    valid = custom_params_valid?(params)
+    valid &&= ss1_valid?
+    valid &&= all_required_fields_included?
+    valid &&= no_blacklisted_fields_included?
+    valid &&= payment_status_valid?
+    valid
+  end
+
+  def validate!(params = {})
+    raise errors.first unless valid?(params)
+  end
+
+  def type
+    @type ||= if query_params[:to] && query_params[:from] && query_params[:sms] && query_params[:projectid].nil?
+      :mikro
+    else
+      :makro
+    end
+  end
+
+  def specs
+    SPECS_BY_TYPE[type]
+  end
+
+  def mikro?
+    type == :mikro
+  end
+
+  def makro?
+    type == :makro
+  end
+
+  private
+  def custom_params_valid?(params)
+    valid = true
+    params.each_pair do |key, expected_value|
+      query_value = query_params[key].presence
+      if query_value.is_a?(String)
+        if expected_value.is_a?(Integer)
+          query_value = query_value.to_i
+        elsif expected_value.is_a?(Float)
+          query_value = query_value.to_f
+        end
+      end
+      if query_value != expected_value
+        @errors << WebToPay::Exception.new("\"#{key}\" is invalid. Expected \"#{expected_value}\", but was \"#{query_value}\"")
+        valid = false
+      end
+    end
+    valid
+  end
+
+  def required_response_fields
+    specs.select{|s| s[2]}.map(&:first).map(&:to_sym)
+  end
+
+  def blacklisted_response_fields
+    specs.reject{|s| s[4]}.map(&:first).map(&:to_sym)
+  end
+
+  def all_required_fields_included?
+    fields = query_params.keys.map(&:to_sym)
+    if (required_response_fields & fields).size != required_response_fields.size
+      @errors << WebToPay::Exception.new("\"#{(required_response_fields - fields).join('" , "')}\" parameter(s) not found in response query")
+      return false
+    end
+    true
+  end
+
+  def no_blacklisted_fields_included?
+    fields = query_params.keys.map(&:to_sym)
+    if (blacklisted_response_fields & fields).size != 0
+      @errors << WebToPay::Exception.new("\"#{(fields & blacklisted_response_fields).join('" , "')}\" blacklisted parameter(s) found in response query")
+      return false
+    end
+    true
+  end
+
+  def ss1_valid?
+    if self.ss1 != expected_ss1
+      @errors << WebToPay::Exception.new("ss1 param is invalid. Expected \"#{expected_ss1}\", but was \"#{self.ss1}\"")
+      return false
+    end
+    true
+  end
+
+  def payment_status_valid?
+    if makro? && query_params[:status].to_i != 1
+      e = WebToPay::Exception.new("Returned transaction status is #{query_params[:status]}, successful status should be 1.")
+      e.code = WebToPay::Exception::E_INVALID
+      @errors << e
+      return false
+    end
+    return true
+  end
+
+  def expected_ss1
+    Digest::MD5.hexdigest(expected_data + @sign_password)
+  end
+
+  def expected_data
+    Base64.encode64(query).gsub("\n", '').gsub('/', '+').gsub('_', '-')
+  end
+end