Sign upLogin

tylerhunt/remit

View on GitHub
Star
lib/remit/inbound_request.rb

Summary

Maintainability
A
1 hr
Test Coverage
require 'remit/common'

module Remit

  class InboundRequest
    include ConvertKey
    extend SignatureUtilsForOutbound

    protected :convert_key

    attr_reader :supplied_signature
    attr_reader :allow_sigv1
    
    # BJM: need to access sometimes from the app
    attr_reader :hash_params
    # signature key name
    SIGNATURE_KEY = 'signature'

    ##
    # +request_url+ is the full request path up to the query string, as from request.url in the controller
    # +params+ is the full params hash from the controller
    # +client+ is a fully instantiated Remit::API with access keys and sandbox settings
    #
    # Only clean params hash is params is sent as a hash.
    # Assume caller has cleaned string if string is sent as params
    def initialize(request_url, params, client, options = {})
      if params.is_a?(String)
        @string_params = params
        @hash_params = Hash.from_url_params(params)
      else
        unless options.kind_of?(Hash)
          options = {}
        end
        options[:skip_param_keys] ||= []
        #this is a bit of helpful sugar for rails framework users
        options[:skip_param_keys] |= ['action','controller']

        if params.respond_to?(:reject)
          params.reject! {|key, val| options[:skip_param_keys].include?(key) }
        else
          params = {}
        end
        @hash_params      = params
        @string_params    = InboundRequest.get_http_params(@hash_params)
      end
      #puts "Params are: #{params.inspect}"
      @request_url        = request_url
      @client             = client
      @supplied_signature = @hash_params[self.class::SIGNATURE_KEY]
      @allow_sigv1        = options[:allow_sigv1] || false
    end
    
    def valid?
      if @hash_params['signatureVersion'].to_i == 2
        #puts "\nhash_params: #{@hash_params.inspect}\n"
        #puts "\nstring_params: #{@string_params.inspect}\n"
        return false unless InboundRequest.check_parameters(@hash_params)
        verify_request = Remit::VerifySignature::Request.new(
          :url_end_point => @request_url,#InboundRequest.urlencode(@request_url),
          :version => Remit::API::API_VERSION,
          :http_parameters => @string_params
        )
        #puts "\nurl_end_point#{@request_url.inspect}\n"
        #puts "\nhttp_parameters: #{verify_request.http_parameters.inspect}\n"
        result = @client.verify_signature(verify_request)
        #puts "\nresult: #{result.raw.inspect}\n"
        result.verify_signature_result.verification_status == 'Success'
      elsif @hash_params['signatureVersion'].nil? and self.allow_sigv1
        self.supplied_signature == Remit::API.signature_v1(URI.parse(@request_url).path, @hash_params, @client.secret_key).gsub('+', ' ')
      else
        false
      end
    end
    
    def method_missing(method, *args, &block) #:nodoc:
      return @hash_params[method.to_s] if @hash_params.has_key?(method.to_s)
      return @hash_params[method.to_sym] if @hash_params.has_key?(method.to_sym)
      key = self.convert_key(method)
      return @hash_params[key] if @hash_params.has_key?(key)
      return @hash_params[key.to_s] if @hash_params.has_key?(key.to_s)
      super
    end
  end

end