yandex-money-client 1.0.6

data/lib/yandex_money/external_payment.rb

@@ -0,0 +1,81 @@
+module YandexMoney
+  # Payments from bank cards without authorization
+  #
+  # @see http://api.yandex.com/money/doc/dg/reference/process-external-payments.xml
+  # @see https://tech.yandex.ru/money/doc/dg/reference/process-external-payments-docpage/
+  class ExternalPayment
+    include YandexMoney::Client
+
+    base_uri YandexMoney.config.money_url
+
+    def initialize(instance_id)
+      @instance_id = instance_id
+    end
+
+    # Registers instance of application
+    #
+    # @see http://api.yandex.com/money/doc/dg/reference/instance-id.xml
+    # @see https://tech.yandex.ru/money/doc/dg/reference/instance-id-docpage/
+    #
+    # @param client_id [String] An identifier of application
+    #
+    # @raise [YandexMoney::InvalidRequestError] HTTP request does not conform to protocol format. Unable to parse HTTP request, or the Authorization header is missing or has an invalid value.
+    # @raise [YandexMoney::ServerError] A technical error occurs (the server responds with the HTTP code 500 Internal Server Error). The application should repeat the request with the same parameters later.
+    #
+    # @return [RecursiveOpenStruct] A status of operation
+    def self.get_instance_id(client_id)
+      response = send_external_payment_request("/api/instance-id", client_id: client_id)
+      RecursiveOpenStruct.new response.body
+    end
+
+    # Requests a external payment
+    #
+    # @see http://api.yandex.com/money/doc/dg/reference/request-external-payment.xml
+    # @see https://tech.yandex.ru/money/doc/dg/reference/request-external-payment-docpage/
+    #
+    # @param payment_options [Hash] Method's parameters. Check out docs for more information.
+    #
+    # @raise [YandexMoney::InvalidRequestError] HTTP request does not conform to protocol format. Unable to parse HTTP request, or the Authorization header is missing or has an invalid value.
+    # @raise [YandexMoney::ServerError] A technical error occurs (the server responds with the HTTP code 500 Internal Server Error). The application should repeat the request with the same parameters later.
+    #
+    # @return [RecursiveOpenStruct] A struct, containing `payment_id` and additional information about a recipient and payer
+    def request_external_payment(payment_options)
+      payment_options[:instance_id] = @instance_id
+      response = self.class.send_external_payment_request("/api/request-external-payment", payment_options)
+      RecursiveOpenStruct.new response.body
+    end
+
+    # Confirms a payment that was created using the request-extenral-payment method
+    #
+    # @see http://api.yandex.com/money/doc/dg/reference/process-external-payment.xml
+    # @see https://tech.yandex.ru/money/doc/dg/reference/process-external-payment-docpage/
+    #
+    # @param payment_options [Hash] Method's parameters. Check out docs for more information.
+    #
+    # @raise [YandexMoney::InvalidRequestError] HTTP request does not conform to protocol format. Unable to parse HTTP request, or the Authorization header is missing or has an invalid value.
+    # @raise [YandexMoney::ServerError] A technical error occurs (the server responds with the HTTP code 500 Internal Server Error). The application should repeat the request with the same parameters later.
+    #
+    # @return [RecursiveOpenStruct] A status of payment and additional steps for authorization (if needed)
+    def process_external_payment(payment_options)
+      payment_options[:instance_id] = @instance_id
+      response = self.class.send_external_payment_request("/api/process-external-payment", payment_options)
+      RecursiveOpenStruct.new response.body
+    end
+
+    private
+
+    def self.send_external_payment_request(uri, options)
+      response = self.post(uri, headers: {
+        "Content-Type" => "application/x-www-form-urlencoded"
+      }, body: options)
+      case response.status
+      when 400 then raise YandexMoney::InvalidRequestError.new response
+      when 401 then raise YandexMoney::UnauthorizedError.new response
+      when 403 then raise YandexMoney::InsufficientScopeError response
+      when 500 then raise YandexMoney::ServerError
+      else
+        response
+      end
+    end
+  end
+end

data/lib/yandex_money/wallet.rb

@@ -0,0 +1,215 @@
+module YandexMoney
+  # Payments from the Yandex.Money wallet
+  class Wallet
+    include YandexMoney::Client
+
+    base_uri YandexMoney.config.money_url
+    default_timeout 30
+
+    attr_accessor :token
+
+    def initialize(token)
+      @token = token
+    end
+
+    # Getting information about the status of the user account.
+    #
+    # @see http://api.yandex.com/money/doc/dg/reference/account-info.xml
+    # @see https://tech.yandex.ru/money/doc/dg/reference/account-info-docpage
+    #
+    # @return [RecursiveOpenStruct] Account information
+    #
+    # @raise [YandexMoney::InvalidRequestError] HTTP request does not conform to protocol format. Unable to parse HTTP request, or the Authorization header is missing or has an invalid value.
+    # @raise [YandexMoney::UnauthorizedError] Nonexistent, expired, or revoked token specified.
+    # @raise [YandexMoney::InsufficientScopeError] The token does not have permissions for the requested operation.
+    # @raise [YandexMoney::ServerError] A technical error occurs (the server responds with the HTTP code 500 Internal Server Error). The application should repeat the request with the same parameters later.
+    def account_info
+      RecursiveOpenStruct.new send_request("/api/account-info").body
+    end
+
+    # Returns operation history of a user's wallet
+    #
+    # @see http://api.yandex.com/money/doc/dg/reference/operation-history.xml
+    # @see https://tech.yandex.ru/money/doc/dg/reference/operation-history-docpage/
+    #
+    # @param options [Hash] A hash with filter parameters according to documetation
+    # @return [Array<RecursiveOpenStruct>] An array containing user's wallet operations.
+    #
+    # @raise [YandexMoney::InvalidRequestError] HTTP request does not conform to protocol format. Unable to parse HTTP request, or the Authorization header is missing or has an invalid value.
+    # @raise [YandexMoney::UnauthorizedError] Nonexistent, expired, or revoked token specified.
+    # @raise [YandexMoney::InsufficientScopeError] The token does not have permissions for the requested operation.
+    # @raise [YandexMoney::ServerError] A technical error occurs (the server responds with the HTTP code 500 Internal Server Error). The application should repeat the request with the same parameters later.
+    def operation_history(options=nil)
+      history = RecursiveOpenStruct.new(
+        send_request("/api/operation-history", options).body
+      )
+      history.operations = history.operations.map do |operation|
+        RecursiveOpenStruct.new operation
+      end
+      history
+    end
+
+    # Returns details of operation specified by operation_id
+    #
+    # @see http://api.yandex.com/money/doc/dg/reference/operation-details.xml
+    # @see https://tech.yandex.ru/money/doc/dg/reference/operation-details-docpage/
+    #
+    # @param operation_id [String] A operation identifier
+    # @return [RecursiveOpenStruct] All details of requested operation.
+    #
+    # @raise [YandexMoney::InvalidRequestError] HTTP request does not conform to protocol format. Unable to parse HTTP request, or the Authorization header is missing or has an invalid value.
+    # @raise [YandexMoney::UnauthorizedError] Nonexistent, expired, or revoked token specified.
+    # @raise [YandexMoney::InsufficientScopeError] The token does not have permissions for the requested operation.
+    # @raise [YandexMoney::ServerError] A technical error occurs (the server responds with the HTTP code 500 Internal Server Error). The application should repeat the request with the same parameters later.
+    def operation_details(operation_id)
+      response = send_request("/api/operation-details", operation_id: operation_id)
+      RecursiveOpenStruct.new response.body
+    end
+
+    # Requests a payment
+    #
+    # @see http://api.yandex.com/money/doc/dg/reference/request-payment.xml
+    # @see https://tech.yandex.ru/money/doc/dg/reference/request-payment-docpage/
+    #
+    # @param options [Hash] A method's parameters. Check out docs for more information
+    # @return [RecursiveOpenStruct] `payment_id` and additional information about a recipient and payer.
+    #
+    # @raise [YandexMoney::InvalidRequestError] HTTP request does not conform to protocol format. Unable to parse HTTP request, or the Authorization header is missing or has an invalid value.
+    # @raise [YandexMoney::UnauthorizedError] Nonexistent, expired, or revoked token specified.
+    # @raise [YandexMoney::InsufficientScopeError] The token does not have permissions for the requested operation.
+    # @raise [YandexMoney::ServerError] A technical error occurs (the server responds with the HTTP code 500 Internal Server Error). The application should repeat the request with the same parameters later.
+    def request_payment(options)
+      send_payment_request("/api/request-payment", options)
+    end
+
+    # Confirms a payment that was created using the request-payment method.
+    #
+    # @see http://api.yandex.com/money/doc/dg/reference/process-payment.xml
+    # @see https://tech.yandex.ru/money/doc/dg/reference/process-payment-docpage/
+    #
+    # @param options [Hash] A method's parameters. Check out docs for more information
+    # @return [RecursiveOpenStruct] A status of payment and additional steps for authorization (if needed)
+    #
+    # @raise [YandexMoney::InvalidRequestError] HTTP request does not conform to protocol format. Unable to parse HTTP request, or the Authorization header is missing or has an invalid value.
+    # @raise [YandexMoney::UnauthorizedError] Nonexistent, expired, or revoked token specified.
+    # @raise [YandexMoney::InsufficientScopeError] The token does not have permissions for the requested operation.
+    # @raise [YandexMoney::ServerError] A technical error occurs (the server responds with the HTTP code 500 Internal Server Error). The application should repeat the request with the same parameters later.
+    def process_payment(options)
+      send_payment_request("/api/process-payment", options)
+    end
+
+    # Accepts incoming transfer with a protection code or deferred transfer
+    #
+    # @see http://api.yandex.com/money/doc/dg/reference/incoming-transfer-accept.xml
+    # @see https://tech.yandex.ru/money/doc/dg/reference/incoming-transfer-accept-docpage/
+    #
+    # @param operation_id [String] A operation identifier
+    # @param protection_code [String] Secret code of four decimal digits. Specified for an incoming transfer proteced by a secret code. Omitted for deferred transfers
+    # @return [RecursiveOpenStruct] An information about operation result.
+    #
+    # @raise [YandexMoney::InvalidRequestError] HTTP request does not conform to protocol format. Unable to parse HTTP request, or the Authorization header is missing or has an invalid value.
+    # @raise [YandexMoney::UnauthorizedError] Nonexistent, expired, or revoked token specified.
+    # @raise [YandexMoney::InsufficientScopeError] The token does not have permissions for the requested operation.
+    # @raise [YandexMoney::ServerError] A technical error occurs (the server responds with the HTTP code 500 Internal Server Error). The application should repeat the request with the same parameters later.
+    def incoming_transfer_accept(operation_id, protection_code = nil)
+      uri = "/api/incoming-transfer-accept"
+      if protection_code
+        request_body = {
+          operation_id: operation_id,
+          protection_code: protection_code
+        }
+      else
+        request_body = { operation_id: operation_id }
+      end
+      RecursiveOpenStruct.new send_request("/api/incoming-transfer-accept", request_body).body
+    end
+
+    # Rejects incoming transfer with a protection code or deferred transfer
+    #
+    # @see http://api.yandex.com/money/doc/dg/reference/incoming-transfer-reject.xml
+    # @see https://tech.yandex.ru/money/doc/dg/reference/incoming-transfer-reject-docpage/
+    #
+    # @param operation_id [String] A operation identifier
+    # @return [RecursiveOpenStruct] An information about operation result.
+    #
+    # @raise [YandexMoney::InvalidRequestError] HTTP request does not conform to protocol format. Unable to parse HTTP request, or the Authorization header is missing or has an invalid value.
+    # @raise [YandexMoney::UnauthorizedError] Nonexistent, expired, or revoked token specified.
+    # @raise [YandexMoney::InsufficientScopeError] The token does not have permissions for the requested operation.
+    # @raise [YandexMoney::ServerError] A technical error occurs (the server responds with the HTTP code 500 Internal Server Error). The application should repeat the request with the same parameters later.
+    def incoming_transfer_reject(operation_id)
+      RecursiveOpenStruct.new send_request("/api/incoming-transfer-reject", operation_id: operation_id).body
+    end
+
+    # Request a authorization URL
+    #
+    # @note For the authorization request, the user is redirected to the Yandex.Money authorization page. The user enters his login and password, reviews the list of requested permissions and payment limits, and either approves or rejects the application's authorization request.
+    # @note The authorization result is returned as an HTTP 302 Redirect. The application must process the HTTP Redirect response.
+    # @note Attention! If a user repeats the application authorization with the same value for the client_id parameter, the previous authorization is canceled.
+    #
+    # @param client_id [String] The client_id that was assigned to the application during registration
+    # @param redirect_uri [String] URI that the OAuth server sends the authorization result to. Must have a string value that exactly matches the redirect_uri parameter specified in the application registration data. Any additional parameters required for the application can be added at the end of the string.
+    # @param scope [String] A list of requested permissions. Items in the list are separated by a space. List items are case-sensitive.
+    # @param extra_options [Hash] A list of extra parameters for request.
+    #
+    # @return [String] Url to user must be redirected
+    def self.build_obtain_token_url(client_id, redirect_uri, scope, extra_options = {})
+      uri = "#{YandexMoney.config.sp_money_url}/oauth/authorize"
+      options = {
+        client_id: client_id,
+        response_type: "code",
+        redirect_uri: redirect_uri,
+        scope: scope
+      }
+      YandexMoney::Client.post(uri, body: options.merge(extra_options)).headers['location']
+    end
+
+    # Access token request
+    #
+    # @see http://api.yandex.com/money/doc/dg/reference/obtain-access-token.xml
+    # @see https://tech.yandex.ru/money/doc/dg/reference/obtain-access-token-docpage
+    #
+    # @note If authorization was completed successfully, the application should immediately exchange the temporary authorization code for an access token. To do this, a request containing the temporary authorization code must be sent to the Yandex.Money OAuth server.
+    #
+    # @param client_id [String] The client_id that was assigned to the application during registration
+    # @param code [String] Temporary token (authorization code)
+    # @param redirect_uri [String] URI that the OAuth server sends the authorization result to. The value of this parameter must exactly match the redirect_uri value from the previous "authorize" call
+    # @param client_secret [String] A secret word for verifying the application's authenticity. Specified if the service is registered with the option to verify authenticity
+    # @return [String] Access token
+    def self.get_access_token(client_id, code, redirect_uri, client_secret=nil)
+      uri = "#{YandexMoney.config.sp_money_url}/oauth/token"
+      options = {
+        code: code,
+        client_id: client_id,
+        grant_type: "authorization_code",
+        redirect_uri: redirect_uri
+      }
+      options[:client_secret] = client_secret if client_secret
+
+      response = YandexMoney::Client.post(uri, body: options).body
+      response["access_token"]
+    end
+
+    protected
+
+    def send_request(uri, options = nil)
+      response = self.class.post(uri, headers: {
+        "Authorization" => "Bearer #{@token}",
+        "Content-Type" => "application/x-www-form-urlencoded"
+      }, body: options)
+
+      case response.status
+      when 400 then raise YandexMoney::InvalidRequestError.new response
+      when 401 then raise YandexMoney::UnauthorizedError.new response
+      when 403 then raise YandexMoney::InsufficientScopeError.new response
+      when 500 then raise YandexMoney::ServerError
+      else
+        response
+      end
+    end
+
+    def send_payment_request(uri, options)
+      response = send_request(uri, options)
+      RecursiveOpenStruct.new(response.body, recurse_over_arrays: true)
+    end
+  end
+end

data/spec/account_info_spec.rb

@@ -0,0 +1,64 @@
+require "spec_helper"
+
+describe "get account info" do
+  before :all do
+    VCR.use_cassette "obtain token for get account info" do
+      @api = YandexMoney::Wallet.new(ACCESS_TOKEN)
+    end
+  end
+
+  it "should return recursive open struct" do
+    VCR.use_cassette "get account info" do
+      info = @api.account_info
+      expect(info.avatar.url).to start_with "https://avatars.yandex.net/"
+    end
+  end
+
+  # http://api.yandex.ru/money/doc/dg/reference/account-info.xml
+  it "should return account info" do
+    VCR.use_cassette "get account info" do
+      info = @api.account_info
+      expect(info.account).to eq WALLET_NUMBER
+    end
+  end
+
+  # http://api.yandex.com/money/doc/dg/reference/operation-history.xml
+  it "should return operation history" do
+    VCR.use_cassette "get operation history" do
+      history = @api.operation_history
+      expect(history.operations.count).to be_between(1, 30).inclusive
+    end
+  end
+
+  it "should return operation history with params" do
+    VCR.use_cassette "get operation history with params" do
+      history = @api.operation_history(records: 1)
+      expect(history.operations.count).to eq 1
+    end
+  end
+
+  # http://api.yandex.com/money/doc/dg/reference/operation-details.xml
+  describe "operation details" do
+    it "should return valid operation details" do
+      VCR.use_cassette "get operation details" do
+        history = @api.operation_history
+        operation_id = history.operations.first.operation_id
+        details = @api.operation_details operation_id
+        expect(details.status).to eq "success"
+      end
+    end
+
+    it "raise unauthorized exception when wrong token" do
+      VCR.use_cassette "unauthorized exception" do
+        @api = YandexMoney::Wallet.new("wrong_token")
+        expect { @api.operation_details "462449992116028008" }.to raise_error YandexMoney::UnauthorizedError
+      end
+    end
+
+    it "should raise exception if operation_id is wrong" do
+      VCR.use_cassette "get wrong operation details" do
+        expect(@api.operation_details("unknown").error).to eq "illegal_param_operation_id"
+      end
+    end
+  end
+end

data/spec/auth_spec.rb

@@ -0,0 +1,35 @@
+require "spec_helper"
+
+describe "Application authorization flow" do
+  # http://api.yandex.ru/money/doc/dg/reference/request-access-token.xml
+  it "should properly initialize without client_secret" do
+    VCR.use_cassette "init without client secret" do
+      url = YandexMoney::Wallet.build_obtain_token_url(
+        CLIENT_ID,
+        REDIRECT_URI,
+        "account-info operation-history"
+      )
+      expect(url).to start_with("https://money.yandex.ru/select-wallet.xml?requestid=")
+    end
+  end
+
+  # http://api.yandex.ru/money/doc/dg/reference/request-access-token.xml
+  it "should get token from code" do
+    VCR.use_cassette "get token from authorization code" do
+      expect(
+        YandexMoney::Wallet.get_access_token(
+          CLIENT_ID,
+          "SOME CODE",
+          REDIRECT_URI
+        )
+      ).to be nil
+    end
+  end
+
+  it "could be initialized with token" do
+    VCR.use_cassette "initialize with token" do
+      api = YandexMoney::Wallet.new(ACCESS_TOKEN)
+      expect(api.account_info.account).to eq WALLET_NUMBER
+    end
+  end
+end

data/spec/cards_spec.rb

@@ -0,0 +1,55 @@
+require "spec_helper"
+
+describe "Payments from bank cards without authorization" do
+  before :all do
+    VCR.use_cassette "obtain token for payments from bank cards without authorization" do
+    end
+  end
+  it "should fail when try to register an instance of application without connected market" do
+    VCR.use_cassette "get instance id fail" do
+      expect(
+        YandexMoney::ExternalPayment.get_instance_id(nil).status
+      ).to eq "refused"
+    end
+  end
+
+  it "should register an instance of application" do
+    VCR.use_cassette "get instance id success" do
+      expect(
+        YandexMoney::ExternalPayment.get_instance_id(CLIENT_ID)
+                                    .instance_id.length
+      ).to eq 64
+    end
+  end
+
+  it "should request external payment" do
+    VCR.use_cassette "request external payment" do
+      instance_id = YandexMoney::ExternalPayment.get_instance_id(CLIENT_ID)
+      @api = YandexMoney::ExternalPayment.new(instance_id)
+      expect(@api.request_external_payment({
+        pattern_id: "p2p",
+        to: "410011285611534",
+        amount_due: "1.00",
+        message: "test"
+      }).status).to eq("success")
+    end
+  end
+
+  it "should process external payment" do
+    VCR.use_cassette "process external payment" do
+      instance_id = YandexMoney::ExternalPayment.get_instance_id(CLIENT_ID)
+      @api = YandexMoney::ExternalPayment.new(instance_id)
+      request_id = @api.request_external_payment(
+        pattern_id: "p2p",
+        to: "410011285611534",
+        amount_due: "1.00",
+        message: "test"
+      ).request_id
+      expect(@api.process_external_payment({
+        request_id: request_id,
+        ext_auth_success_uri: "http://127.0.0.1:4567/success",
+        ext_auth_fail_uri: "http://127.0.0.1:4567/fail"
+      }).status).to eq("ext_auth_required")
+    end
+  end
+end