@@ -5,6 +5,22 @@ module Adyen extend ActionView::Helpers::TagHelper + def self.skins + @skins ||= {} + end + + def self.add_skin(name, skin_code, shared_secret) + self.skins[name] = {:name => name, :skin_code => skin_code, :shared_secret => shared_secret } + end + + def self.skin_by_name(skin_name) + self.skins[skin_name] + end + + def self.skin_by_code(skin_code) + self.skins.detect { |(name, skin)| skin[:skin_code] == skin_code }.last rescue nil + end + ACTION_URL = "https://%s.adyen.com/hpp/select.shtml" def self.url(environment = nil) @@ -34,6 +50,12 @@ module Adyen attributes[:order_data] = Adyen::Encoding.gzip_base64(attributes.delete(:order_data_raw)) if attributes[:order_data_raw] attributes[:ship_before_date] = Adyen::Formatter::DateTime.fmt_date(attributes[:ship_before_date]) attributes[:session_validity] = Adyen::Formatter::DateTime.fmt_time(attributes[:session_validity]) + + if attributes[:skin] + skin = Adyen::Form.skin_by_name(attributes.delete(:skin)) + attributes[:skin_code] ||= skin[:skin_code] + attributes[:shared_secret] ||= skin[:shared_secret] + end end def self.payment_fields(attributes = {}) @@ -60,16 +82,21 @@ module Adyen self.tag(:input, :type => 'hidden', :name => key.to_s.camelize(:lower), :value => value) }.join("\n") end + + def self.lookup_shared_secret(skin_code) + skin = skin_by_code(skin_code)[:shared_secret] rescue nil + end def self.redirect_signature_string(params) params[:authResult].to_s + params[:pspReference].to_s + params[:merchantReference].to_s + params[:skinCode].to_s end - def self.redirect_signature(params, shared_secret) + def self.redirect_signature(params, shared_secret = nil) + shared_secret ||= lookup_shared_secret(params[:skinCode]) Adyen::Encoding.hmac_base64(shared_secret, redirect_signature_string(params)) end - def self.redirect_signature_check(params, shared_secret) + def self.redirect_signature_check(params, shared_secret = nil) params[:merchantSig] == redirect_signature(params, shared_secret) end lib/adyen/form.rb @@ -2,6 +2,10 @@ require "#{File.dirname(__FILE__)}/spec_helper.rb" describe Adyen::Form do + before(:all) do + Adyen::Form.add_skin(:testing, '4aD37dJA', 'Kah942*$7sdp0)') + end + describe 'Action URLs' do before(:each) do @@ -32,9 +36,6 @@ describe Adyen::Form do before(:each) do # Example taken from integration manual - # Shared secret between you and Adyen, only valid for this skinCode! - @shared_secret = 'Kah942*$7sdp0)' - # Example get params sent back with redirect @params = { :authResult => 'AUTHORISED', :pspReference => '1211992213193029', :merchantReference => 'Internet Order 12345', :skinCode => '4aD37dJA', @@ -46,19 +47,24 @@ describe Adyen::Form do end it "should calculate the signature correctly" do - Adyen::Form.redirect_signature(@params, @shared_secret).should eql(@params[:merchantSig]) + Adyen::Form.redirect_signature(@params).should eql(@params[:merchantSig]) end - it "should check the signature correctly" do - Adyen::Form.redirect_signature_check(@params, @shared_secret).should be_true + it "should check the signature correctly with explicit shared signature" do + Adyen::Form.redirect_signature_check(@params, 'Kah942*$7sdp0)').should be_true end + it "should check the signature correctly using the stored shared secret" do + Adyen::Form.redirect_signature_check(@params).should be_true + end + + it "should detect a tampered field" do - Adyen::Form.redirect_signature_check(@params.merge(:pspReference => 'tampered'), @shared_secret).should be_false + Adyen::Form.redirect_signature_check(@params.merge(:pspReference => 'tampered')).should be_false end it "should detect a tampered signature" do - Adyen::Form.redirect_signature_check(@params.merge(:merchantSig => 'tampered'), @shared_secret).should be_false + Adyen::Form.redirect_signature_check(@params.merge(:merchantSig => 'tampered')).should be_false end end @@ -66,10 +72,10 @@ describe Adyen::Form do describe 'redirect URL generation' do before(:each) do @attributes = { :currency_code => 'GBP', :payment_amount => 10000, :ship_before_date => Date.today, - :merchant_reference => 'Internet Order 12345', :skin_code => '4aD37dJA', + :merchant_reference => 'Internet Order 12345', :skin => :testing, :merchant_account => 'TestMerchant', :session_validity => 1.hour.from_now } - @redirect_url = Adyen::Form.redirect_url(@attributes.merge(:shared_secret => 'secret')) + @redirect_url = Adyen::Form.redirect_url(@attributes) end it "should return an URL pointing to the adyen server" do @@ -93,12 +99,12 @@ describe Adyen::Form do before(:each) do @attributes = { :currency_code => 'GBP', :payment_amount => 10000, :ship_before_date => Date.today, - :merchant_reference => 'Internet Order 12345', :skin_code => '4aD37dJA', + :merchant_reference => 'Internet Order 12345', :skin => :testing, :merchant_account => 'TestMerchant', :session_validity => 1.hour.from_now } end it "should generate a valid payment form" do - content_tag(:form, Adyen::Form.hidden_fields(@attributes.merge(:shared_secret => 'secret')), + content_tag(:form, Adyen::Form.hidden_fields(@attributes), :action => Adyen::Form.url, :method => :post).should have_adyen_payment_form end end @@ -108,9 +114,10 @@ describe Adyen::Form do # This example is taken from the Adyen integration manual before(:each) do + @attributes = { :currency_code => 'GBP', :payment_amount => 10000, :ship_before_date => '2007-10-20', :merchant_reference => 'Internet Order 12345', - :skin_code => '4aD37dJA', :merchant_account => 'TestMerchant', + :skin => :testing, :merchant_account => 'TestMerchant', :session_validity => '2007-10-11T11:00:00Z' } Adyen::Form.do_attribute_transformations!(@attributes) @@ -120,9 +127,9 @@ describe Adyen::Form do signature_string = Adyen::Form.calculate_signature_string(@attributes) signature_string.should eql("10000GBP2007-10-20Internet Order 123454aD37dJATestMerchant2007-10-11T11:00:00Z") end - + it "should calculate the signature correctly" do - signature = Adyen::Form.calculate_signature(@attributes.merge(:shared_secret => 'Kah942*$7sdp0)')) + signature = Adyen::Form.calculate_signature(@attributes) signature.should eql('x58ZcRVL1H6y+XSeBGrySJ9ACVo=') end @@ -138,10 +145,8 @@ describe Adyen::Form do # Add the required recurrent payment attributes @attributes.merge!(:recurring_contract => 'DEFAULT', :shopper_reference => 'grasshopper52', :shopper_email => 'gras.shopper@somewhere.org') - signature = Adyen::Form.calculate_signature(@attributes.merge(:shared_secret => 'Kah942*$7sdp0)')) + signature = Adyen::Form.calculate_signature(@attributes) signature.should eql('F2BQEYbE+EUhiRGuPtcD16Gm7JY=') end - end - end \ No newline at end of file spec/form_spec.rb 3750690b7346e627b9a8a405a2ff2d19eee8ce4a Willem van Bergen willem@vanbergen.org http://github.com/wvanbergen/adyen/commit/045265a717b61e32b32b96e96291ff6245636509 045265a717b61e32b32b96e96291ff6245636509 2009-10-21T07:52:47-07:00 2009-10-21T07:52:47-07:00 Added support for storing skin codes and shared secrets in Adyen::Form 5cb0a0a297080336106a19384fa642e1bd1e9d3c Willem van Bergen willem@vanbergen.org