From 50befdea21f4ccfd6c84df559a518dcaef3e599f Mon Sep 17 00:00:00 2001 From: Denis Odorcic Date: Fri, 15 Nov 2013 15:30:31 -0500 Subject: [PATCH 01/10] Product info shouldnt be credential2 --- lib/active_merchant/billing/integrations/payu_in/helper.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/active_merchant/billing/integrations/payu_in/helper.rb b/lib/active_merchant/billing/integrations/payu_in/helper.rb index 32048d309bc..5681851dfc4 100755 --- a/lib/active_merchant/billing/integrations/payu_in/helper.rb +++ b/lib/active_merchant/billing/integrations/payu_in/helper.rb @@ -7,7 +7,7 @@ class Helper < ActiveMerchant::Billing::Integrations::Helper mapping :amount, 'amount' mapping :account, 'key' mapping :order, 'txnid' - mapping :credential2, 'productinfo' + mapping :description, 'productinfo' mapping :customer, :first_name => 'firstname', :last_name => 'lastname', From b04343e9b2cc65925b0d96c76252b028dbeaa66e Mon Sep 17 00:00:00 2001 From: Denis Odorcic Date: Fri, 15 Nov 2013 15:32:22 -0500 Subject: [PATCH 02/10] Refactor checkum, PayuPaisa was reversing udf fields --- .../billing/integrations/payu_in.rb | 11 ++-------- .../billing/integrations/payu_in/helper.rb | 21 +++++++------------ .../integrations/payu_in/notification.rb | 6 +++--- .../payu_in_paisa/notification.rb | 10 --------- .../remote_payu_in_integration_test.rb | 4 ++-- .../helpers/payu_in_helper_test.rb | 12 +++++------ .../helpers/payu_in_paisa_helper_test.rb | 13 ++++++------ .../payu_in_notification_test.rb | 12 ++++------- .../payu_in_paisa_notification_test.rb | 16 +++++++------- test/unit/integrations/payu_in_module_test.rb | 9 ++++---- .../returns/payu_in_paisa_return_test.rb | 16 ++++++++------ .../returns/payu_in_return_test.rb | 16 ++++++++------ 12 files changed, 65 insertions(+), 81 deletions(-) diff --git a/lib/active_merchant/billing/integrations/payu_in.rb b/lib/active_merchant/billing/integrations/payu_in.rb index 74933f1c7c6..261bc93c9a5 100755 --- a/lib/active_merchant/billing/integrations/payu_in.rb +++ b/lib/active_merchant/billing/integrations/payu_in.rb @@ -27,15 +27,8 @@ def self.return(post, options = {}) Return.new(post, options) end - def self.checksum(merchant_id, secret_key, *payload_items ) - options = payload_items.pop if Hash === payload_items.last - options ||= {} - payload = if options[:reverse] then - payload_items.dup.push( merchant_id || "" ).unshift( secret_key || "" ).collect{ |x| x.to_s }.join("|") - else - payload_items.dup.unshift( merchant_id || "" ).push( secret_key || "" ).collect{ |x| x.to_s }.join("|") - end - Digest::SHA512.hexdigest( payload ) + def self.checksum(merchant_id, secret_key, payload_items ) + Digest::SHA512.hexdigest([merchant_id, *payload_items, secret_key].join("|")) end end end diff --git a/lib/active_merchant/billing/integrations/payu_in/helper.rb b/lib/active_merchant/billing/integrations/payu_in/helper.rb index 5681851dfc4..b091e3c0b7f 100755 --- a/lib/active_merchant/billing/integrations/payu_in/helper.rb +++ b/lib/active_merchant/billing/integrations/payu_in/helper.rb @@ -44,6 +44,7 @@ class Helper < ActiveMerchant::Billing::Integrations::Helper def initialize(order, account, options = {}) super + @options = options self.pg = 'CC' end @@ -51,19 +52,13 @@ def form_fields @fields.merge(mappings[:checksum] => generate_checksum) end - def generate_checksum( options = {} ) - checksum_fields = [ :order, :amount, :credential2, { :customer => [ :first_name, :email ] }, - { :user_defined => [ :var1, :var2, :var3, :var4, :var5, :var6, :var7, :var8, :var9, :var10 ] } ] - checksum_payload_items = checksum_fields.inject( [] ) do | items, field | - if Hash === field then - key = field.keys.first - field[key].inject( items ){ |s,x| items.push( @fields[ mappings[key][x] ] ) } - else - items.push( @fields[ mappings[field] ] ) - end - end - checksum_payload_items.push( options ) - PayuIn.checksum(@fields["key"], @fields["productinfo"], *checksum_payload_items ) + def generate_checksum + checksum_payload_items = [ + 'txnid', 'amount', 'productinfo', 'firstname', 'email', + 'udf1', 'udf2', 'udf3', 'udf4', 'udf5', 'udf6', 'udf7', 'udf8', 'udf9', 'udf10' + ].map { |field| @fields[field] } + + PayuIn.checksum(@fields["key"], @options[:credential2], checksum_payload_items ) end end diff --git a/lib/active_merchant/billing/integrations/payu_in/notification.rb b/lib/active_merchant/billing/integrations/payu_in/notification.rb index 932c136e7d1..14ace59a42c 100755 --- a/lib/active_merchant/billing/integrations/payu_in/notification.rb +++ b/lib/active_merchant/billing/integrations/payu_in/notification.rb @@ -148,9 +148,9 @@ def acknowledge(authcode = nil) end def checksum_ok? - fields = user_defined.dup.push( customer_email, customer_first_name, product_info, gross, invoice, :reverse => true ) - fields.unshift( transaction_status ) - unless PayuIn.checksum(@merchant_id, @secret_key, *fields ) == checksum + checksum_fields = [transaction_status, *user_defined.reverse, customer_email, customer_first_name, product_info, gross, invoice] + + unless Digest::SHA512.hexdigest([@secret_key, *checksum_fields, @merchant_id].join("|")) == checksum @message = 'Return checksum not matching the data provided' return false end diff --git a/lib/active_merchant/billing/integrations/payu_in_paisa/notification.rb b/lib/active_merchant/billing/integrations/payu_in_paisa/notification.rb index df4bfb7eba8..9d930f4df6a 100644 --- a/lib/active_merchant/billing/integrations/payu_in_paisa/notification.rb +++ b/lib/active_merchant/billing/integrations/payu_in_paisa/notification.rb @@ -6,16 +6,6 @@ class Notification < PayuIn::Notification def item_id params['udf2'] end - - def checksum_ok? - fields = user_defined.reverse.push( customer_email, customer_first_name, product_info, gross, invoice, :reverse => true ) - fields.unshift( transaction_status ) - unless PayuIn.checksum(@merchant_id, @secret_key, *fields ) == checksum - @message = 'Return checksum not matching the data provided' - return false - end - true - end end end end diff --git a/test/remote/integrations/remote_payu_in_integration_test.rb b/test/remote/integrations/remote_payu_in_integration_test.rb index be8aa9c8547..72680842425 100644 --- a/test/remote/integrations/remote_payu_in_integration_test.rb +++ b/test/remote/integrations/remote_payu_in_integration_test.rb @@ -4,7 +4,7 @@ class RemotePayuInIntegrationTest < Test::Unit::TestCase include ActiveMerchant::Billing::Integrations def setup - @payu_in = PayuIn::Notification.new(http_raw_data, :credential1 => 'C0Dr8m', :credential2 => '3sf0jURk') + @payu_in = PayuIn::Notification.new(http_raw_data, :credential1 => 'merchant_id', :credential2 => 'secret') end def test_raw @@ -21,6 +21,6 @@ def test_raw private def http_raw_data - "mihpayid=403993715508030204&mode=CC&status=success&unmappedstatus=captured&key=C0Dr8m&txnid=4ba4afe87f7e73468f2a&amount=10.00&discount=0.00&addedon=2013-05-10 18 32 30&productinfo=Product Info&firstname=Payu-Admin&lastname=&address1=&address2=&city=&state=&country=&zipcode=&email=test@example.com&phone=1234567890&udf1=&udf2=&udf3=&udf4=&udf5=&udf6=&udf7=&udf8=&udf9=&udf10=&hash=ef0c1b509a42b802a4938c25dc9bb9efe40b75a7dfb8bde1a6f126fa1f86cee264c5e5a17e87db85150d6d8912eafda838416e669712f1989dcb9cbdb8c24219&field1=313069903923&field2=999999&field3=59117331831301&field4=-1&field5=&field6=&field7=&field8=&PG_TYPE=HDFC&bank_ref_num=59117331831301&bankcode=CC&error=E000&cardnum=512345XXXXXX2346&cardhash=766f0227cc4b4c5f773a04cb31d8d1c5be071dd8d08fe365ecf5e2e5c947546d" + "mihpayid=403993715508030204&mode=CC&status=success&unmappedstatus=captured&key=merchant_id&txnid=4ba4afe87f7e73468f2a&amount=10.00&discount=0.00&addedon=2013-05-10 18 32 30&productinfo=Product Info&firstname=Payu-Admin&lastname=&address1=&address2=&city=&state=&country=&zipcode=&email=test@example.com&phone=1234567890&udf1=&udf2=&udf3=&udf4=&udf5=&udf6=&udf7=&udf8=&udf9=&udf10=&hash=ef0c1b509a42b802a4938c25dc9bb9efe40b75a7dfb8bde1a6f126fa1f86cee264c5e5a17e87db85150d6d8912eafda838416e669712f1989dcb9cbdb8c24219&field1=313069903923&field2=999999&field3=59117331831301&field4=-1&field5=&field6=&field7=&field8=&PG_TYPE=HDFC&bank_ref_num=59117331831301&bankcode=CC&error=E000&cardnum=512345XXXXXX2346&cardhash=766f0227cc4b4c5f773a04cb31d8d1c5be071dd8d08fe365ecf5e2e5c947546d" end end diff --git a/test/unit/integrations/helpers/payu_in_helper_test.rb b/test/unit/integrations/helpers/payu_in_helper_test.rb index 20d7f368319..81da3ce2fed 100644 --- a/test/unit/integrations/helpers/payu_in_helper_test.rb +++ b/test/unit/integrations/helpers/payu_in_helper_test.rb @@ -4,14 +4,13 @@ class PayuInHelperTest < Test::Unit::TestCase include ActiveMerchant::Billing::Integrations def setup - @helper = PayuIn::Helper.new( 'jh34h53kj4h5hj34kh5', 'C0Dr8m', :amount => '10.00', :credential2 => 'Product Info') + @helper = PayuIn::Helper.new( 'order_id', 'merchant_id', :amount => '10.00', :credential2 => 'secret_key') end def test_basic_helper_fields assert_equal '10.00', @helper.fields['amount'] - assert_equal 'C0Dr8m', @helper.fields['key'] - assert_equal 'jh34h53kj4h5hj34kh5', @helper.fields['txnid'] - assert_equal 'Product Info', @helper.fields['productinfo'] + assert_equal 'merchant_id', @helper.fields['key'] + assert_equal 'order_id', @helper.fields['txnid'] end def test_customer_fields @@ -56,11 +55,12 @@ def test_user_defined_fields end def test_add_checksum_method - options = { :mode => 'CC' } @helper.customer :first_name => 'Payu-Admin', :email => 'test@example.com' + @helper.description "Product Info" @helper.user_defined :var1 => 'var_one', :var2 => 'var_two', :var3 => 'var_three', :var4 => 'var_four', :var5 => 'var_five', :var6 => 'var_six', :var7 => 'var_seven', :var8 => 'var_eight', :var9 => 'var_nine', :var10 => 'var_ten' - assert_equal "032606d7fb5cfe357d9e6b358b4bb8db1d34e9dfa30f039cb7dec75ae6d77f7d1f67a58c123ea0ee358bf040554d5e3048066a369ae63888132e27c14e79ee5a", @helper.form_fields["hash"] + fields = ["txnid", "amount", "productinfo", "firstname", "email", "udf1", "udf2", "udf3", "udf4", "udf5", "udf6", "udf7", "udf8", "udf9", "udf10"].map { |field| @helper.fields[field] } + assert_equal Digest::SHA512.hexdigest(['merchant_id', *fields, 'secret_key'].join("|")), @helper.form_fields["hash"] end end diff --git a/test/unit/integrations/helpers/payu_in_paisa_helper_test.rb b/test/unit/integrations/helpers/payu_in_paisa_helper_test.rb index b4e9a2c2e5f..31e6e4ae4fd 100644 --- a/test/unit/integrations/helpers/payu_in_paisa_helper_test.rb +++ b/test/unit/integrations/helpers/payu_in_paisa_helper_test.rb @@ -4,14 +4,13 @@ class PayuInPaisaHelperTest < Test::Unit::TestCase include ActiveMerchant::Billing::Integrations def setup - @helper = PayuInPaisa::Helper.new( 'jh34h53kj4h5hj34kh5', 'C0Dr8m', :amount => '10.00', :credential2 => 'Product Info') + @helper = PayuInPaisa::Helper.new( 'order_id', 'merchant_id', :amount => '10.00', :credential2 => 'secret') end def test_basic_helper_fields assert_equal '10.00', @helper.fields['amount'] - assert_equal 'C0Dr8m', @helper.fields['key'] - assert_equal 'jh34h53kj4h5hj34kh5', @helper.fields['txnid'] - assert_equal 'Product Info', @helper.fields['productinfo'] + assert_equal 'merchant_id', @helper.fields['key'] + assert_equal 'order_id', @helper.fields['txnid'] end def test_customer_fields @@ -56,10 +55,12 @@ def test_user_defined_fields end def test_add_checksum_method - options = { :mode => 'CC' } @helper.customer :first_name => 'Payu-Admin', :email => 'test@example.com' @helper.user_defined :var1 => 'var_one', :var2 => 'var_two', :var3 => 'var_three', :var4 => 'var_four', :var5 => 'var_five', :var6 => 'var_six', :var7 => 'var_seven', :var8 => 'var_eight', :var9 => 'var_nine', :var10 => 'var_ten' + @helper.description 'Product Info' - assert_equal "032606d7fb5cfe357d9e6b358b4bb8db1d34e9dfa30f039cb7dec75ae6d77f7d1f67a58c123ea0ee358bf040554d5e3048066a369ae63888132e27c14e79ee5a", @helper.form_fields["hash"] + payload = 'merchant_id|order_id|10.00|Product Info|Payu-Admin|test@example.com|var_one|var_two|var_three|var_four|var_five|var_six|var_seven|var_eight|var_nine|var_ten|secret' + checksum = Digest::SHA512.hexdigest(payload) + assert_equal checksum, @helper.form_fields["hash"] end end diff --git a/test/unit/integrations/notifications/payu_in_notification_test.rb b/test/unit/integrations/notifications/payu_in_notification_test.rb index 7ca50e350e1..94f1a6772ce 100644 --- a/test/unit/integrations/notifications/payu_in_notification_test.rb +++ b/test/unit/integrations/notifications/payu_in_notification_test.rb @@ -4,7 +4,7 @@ class PayuInNotificationTest < Test::Unit::TestCase include ActiveMerchant::Billing::Integrations def setup - @payu = PayuIn::Notification.new(http_raw_data, :credential1 => 'C0Dr8m', :credential2 => '3sf0jURk') + @payu = PayuIn::Notification.new(http_raw_data, :credential1 => 'merchant_id', :credential2 => 'secret') end def test_accessors @@ -19,13 +19,13 @@ def test_accessors assert_equal true, @payu.amount_ok?(BigDecimal.new('10.00'),BigDecimal.new('0.00')) assert_equal "CC", @payu.type assert_equal "4ba4afe87f7e73468f2a", @payu.invoice - assert_equal "C0Dr8m", @payu.account + assert_equal "merchant_id", @payu.account assert_equal "0.00", @payu.discount assert_equal "test@example.com", @payu.customer_email assert_equal "1234567890", @payu.customer_phone assert_equal "Payu-Admin", @payu.customer_first_name assert_equal "", @payu.customer_last_name - assert_equal "ef0c1b509a42b802a4938c25dc9bb9efe40b75a7dfb8bde1a6f126fa1f86cee264c5e5a17e87db85150d6d8912eafda838416e669712f1989dcb9cbdb8c24219", @payu.checksum + assert_equal "d6a5544072d036dc422d1c6393a8da75233d5e30ffc848f11682f121d67cd80c0d4fed1067b99918b5a377b7dcf1c8c9c79975abdf9f444692b35bf34d494105", @payu.checksum assert_equal "E000", @payu.message assert_equal true, @payu.checksum_ok? end @@ -38,12 +38,8 @@ def test_acknowledgement assert @payu.acknowledge end - def test_respond_to_acknowledge - assert @payu.respond_to?(:acknowledge) - end - private def http_raw_data - "mihpayid=403993715508030204&mode=CC&status=success&unmappedstatus=captured&key=C0Dr8m&txnid=4ba4afe87f7e73468f2a&amount=10.00&discount=0.00&addedon=2013-05-10 18 32 30&productinfo=Product Info&firstname=Payu-Admin&lastname=&address1=&address2=&city=&state=&country=&zipcode=&email=test@example.com&phone=1234567890&udf1=&udf2=&udf3=&udf4=&udf5=&udf6=&udf7=&udf8=&udf9=&udf10=&hash=ef0c1b509a42b802a4938c25dc9bb9efe40b75a7dfb8bde1a6f126fa1f86cee264c5e5a17e87db85150d6d8912eafda838416e669712f1989dcb9cbdb8c24219&field1=313069903923&field2=999999&field3=59117331831301&field4=-1&field5=&field6=&field7=&field8=&PG_TYPE=HDFC&bank_ref_num=59117331831301&bankcode=CC&error=E000&cardnum=512345XXXXXX2346&cardhash=766f0227cc4b4c5f773a04cb31d8d1c5be071dd8d08fe365ecf5e2e5c947546d" + "mihpayid=403993715508030204&mode=CC&status=success&unmappedstatus=captured&key=merchant_id&txnid=4ba4afe87f7e73468f2a&amount=10.00&discount=0.00&addedon=2013-05-10 18 32 30&productinfo=Product Info&firstname=Payu-Admin&lastname=&address1=&address2=&city=&state=&country=&zipcode=&email=test@example.com&phone=1234567890&udf1=&udf2=&udf3=&udf4=&udf5=&udf6=&udf7=&udf8=&udf9=&udf10=&hash=d6a5544072d036dc422d1c6393a8da75233d5e30ffc848f11682f121d67cd80c0d4fed1067b99918b5a377b7dcf1c8c9c79975abdf9f444692b35bf34d494105&field1=313069903923&field2=999999&field3=59117331831301&field4=-1&field5=&field6=&field7=&field8=&PG_TYPE=HDFC&bank_ref_num=59117331831301&bankcode=CC&error=E000&cardnum=512345XXXXXX2346&cardhash=766f0227cc4b4c5f773a04cb31d8d1c5be071dd8d08fe365ecf5e2e5c947546d" end end diff --git a/test/unit/integrations/notifications/payu_in_paisa_notification_test.rb b/test/unit/integrations/notifications/payu_in_paisa_notification_test.rb index 19601829da5..40b749986ce 100644 --- a/test/unit/integrations/notifications/payu_in_paisa_notification_test.rb +++ b/test/unit/integrations/notifications/payu_in_paisa_notification_test.rb @@ -4,7 +4,7 @@ class PayuInPaisaNotificationTest < Test::Unit::TestCase include ActiveMerchant::Billing::Integrations def setup - @payu = PayuInPaisa::Notification.new(http_raw_data, :credential1 => 'C0Dr8m', :credential2 => '3sf0jURk') + @payu = PayuInPaisa::Notification.new(http_raw_data, :credential1 => 'merchant_id', :credential2 => 'secret') end def test_accessors @@ -19,13 +19,13 @@ def test_accessors assert_equal true, @payu.amount_ok?(BigDecimal.new('10.00'),BigDecimal.new('0.00')) assert_equal "CC", @payu.type assert_equal "4ba4afe87f7e73468f2a", @payu.invoice - assert_equal "C0Dr8m", @payu.account + assert_equal "merchant_id", @payu.account assert_equal "0.00", @payu.discount assert_equal "test@example.com", @payu.customer_email assert_equal "1234567890", @payu.customer_phone assert_equal "Payu-Admin", @payu.customer_first_name assert_equal "", @payu.customer_last_name - assert_equal "e35f67dc7232d12caa28b16ba31b509f62bdea1e930bb6766a4f71036cc1af34debb8afc0fdd89be50f0604c1e6bca7209dfffe6b3a893c575492edcab3444ee", @payu.checksum + assert_equal checksum, @payu.checksum assert_equal "E000", @payu.message assert_equal true, @payu.checksum_ok? end @@ -38,16 +38,16 @@ def test_acknowledgement assert @payu.acknowledge end - def test_respond_to_acknowledge - assert @payu.respond_to?(:acknowledge) - end - def test_item_id_gives_the_original_item_id assert 'original_item_id', @payu.item_id end private def http_raw_data - "mihpayid=403993715508030204&mode=CC&status=success&unmappedstatus=captured&key=C0Dr8m&txnid=4ba4afe87f7e73468f2a&amount=10.00&discount=0.00&addedon=2013-05-10 18 32 30&productinfo=Product Info&firstname=Payu-Admin&lastname=&address1=&address2=&city=&state=&country=&zipcode=&email=test@example.com&phone=1234567890&udf1=&udf2=original_item_id&udf3=&udf4=&udf5=&udf6=&udf7=&udf8=&udf9=&udf10=&hash=e35f67dc7232d12caa28b16ba31b509f62bdea1e930bb6766a4f71036cc1af34debb8afc0fdd89be50f0604c1e6bca7209dfffe6b3a893c575492edcab3444ee&field1=313069903923&field2=999999&field3=59117331831301&field4=-1&field5=&field6=&field7=&field8=&PG_TYPE=HDFC&bank_ref_num=59117331831301&bankcode=CC&error=E000&cardnum=512345XXXXXX2346&cardhash=766f0227cc4b4c5f773a04cb31d8d1c5be071dd8d08fe365ecf5e2e5c947546d" + "mihpayid=403993715508030204&mode=CC&status=success&unmappedstatus=captured&key=merchant_id&txnid=4ba4afe87f7e73468f2a&amount=10.00&discount=0.00&addedon=2013-05-10 18 32 30&productinfo=Product Info&firstname=Payu-Admin&lastname=&address1=&address2=&city=&state=&country=&zipcode=&email=test@example.com&phone=1234567890&udf1=&udf2=original_item_id&udf3=&udf4=&udf5=&udf6=&udf7=&udf8=&udf9=&udf10=&hash=#{checksum}&field1=313069903923&field2=999999&field3=59117331831301&field4=-1&field5=&field6=&field7=&field8=&PG_TYPE=HDFC&bank_ref_num=59117331831301&bankcode=CC&error=E000&cardnum=512345XXXXXX2346&cardhash=766f0227cc4b4c5f773a04cb31d8d1c5be071dd8d08fe365ecf5e2e5c947546d" + end + + def checksum + Digest::SHA512.hexdigest("secret|success|||||||||original_item_id||test@example.com|Payu-Admin|Product Info|10.00|4ba4afe87f7e73468f2a|merchant_id") end end diff --git a/test/unit/integrations/payu_in_module_test.rb b/test/unit/integrations/payu_in_module_test.rb index f563f4a425b..53441994f9c 100644 --- a/test/unit/integrations/payu_in_module_test.rb +++ b/test/unit/integrations/payu_in_module_test.rb @@ -5,8 +5,8 @@ class PayuInModuleTest < Test::Unit::TestCase def setup ActiveMerchant::Billing::Base.integration_mode = :test - @merchant_id = 'C0Dr8m' - @secret_key = '3sf0jURk' + @merchant_id = 'merchant_id' + @secret_key = 'secret' end def test_service_url_method @@ -26,7 +26,8 @@ def test_notification_method end def test_checksum_method - payu_load = "4ba4afe87f7e73468f2a|10.00|Product Info|Payu-Admin|test@example.com||||||||||" - assert_equal "cd324f64891b07d95492a2fd80ae469092e302faa3d3df5ba1b829936fd7497b6e89c3e48fd70e2a131cdd4f17d14bc20f292e9408650c085bc3bedb32f44266", PayuIn.checksum(@merchant_id, @secret_key, payu_load) + payu_load = "order_id|10.00|Product Info|Payu-Admin|test@example.com||||||||||" + checksum = Digest::SHA512.hexdigest([@merchant_id, payu_load, @secret_key].join("|")) + assert_equal checksum, PayuIn.checksum(@merchant_id, @secret_key, payu_load.split("|", -1)) end end diff --git a/test/unit/integrations/returns/payu_in_paisa_return_test.rb b/test/unit/integrations/returns/payu_in_paisa_return_test.rb index 174a682e7c2..97baca37ec0 100644 --- a/test/unit/integrations/returns/payu_in_paisa_return_test.rb +++ b/test/unit/integrations/returns/payu_in_paisa_return_test.rb @@ -4,11 +4,11 @@ class PayuInPaisaReturnTest < Test::Unit::TestCase include ActiveMerchant::Billing::Integrations def setup - @payu = PayuInPaisa::Return.new(http_raw_data_success, :credential1 => 'C0Dr8m', :credential2 => '3sf0jURk') + @payu = PayuInPaisa::Return.new(http_raw_data_success, :credential1 => 'merchant_id', :credential2 => 'secret') end def setup_failed_return - @payu = PayuInPaisa::Return.new(http_raw_data_failure, :credential1 => 'C0Dr8m', :credential2 => '3sf0jURk') + @payu = PayuInPaisa::Return.new(http_raw_data_failure, :credential1 => 'merchant_id', :credential2 => 'secret') end def test_success @@ -38,7 +38,7 @@ def test_return_has_notification assert_equal 'CC', @payu.notification.type assert_equal 'INR', notification.currency assert_equal '4ba4afe87f7e73468f2a', notification.invoice - assert_equal 'C0Dr8m', notification.account + assert_equal 'merchant_id', notification.account assert_equal '10.00', notification.gross assert_equal '0.00', notification.discount assert_equal nil, notification.offer_description @@ -48,7 +48,7 @@ def test_return_has_notification assert_equal 'Payu-Admin', notification.customer_first_name assert_equal '', notification.customer_last_name assert_equal ["", "original_item_id", "", "", "", "", "", "", "", ""], notification.user_defined - assert_equal "e35f67dc7232d12caa28b16ba31b509f62bdea1e930bb6766a4f71036cc1af34debb8afc0fdd89be50f0604c1e6bca7209dfffe6b3a893c575492edcab3444ee", notification.checksum + assert_equal checksum, notification.checksum assert_equal 'E000', notification.message assert notification.checksum_ok? end @@ -56,11 +56,15 @@ def test_return_has_notification private def http_raw_data_success - "mihpayid=403993715508030204&mode=CC&status=success&unmappedstatus=captured&key=C0Dr8m&txnid=4ba4afe87f7e73468f2a&amount=10.00&discount=0.00&addedon=2013-05-10 18 32 30&productinfo=Product Info&firstname=Payu-Admin&lastname=&address1=&address2=&city=&state=&country=&zipcode=&email=test@example.com&phone=1234567890&udf1=&udf2=original_item_id&udf3=&udf4=&udf5=&udf6=&udf7=&udf8=&udf9=&udf10=&hash=e35f67dc7232d12caa28b16ba31b509f62bdea1e930bb6766a4f71036cc1af34debb8afc0fdd89be50f0604c1e6bca7209dfffe6b3a893c575492edcab3444ee&field1=313069903923&field2=999999&field3=59117331831301&field4=-1&field5=&field6=&field7=&field8=&PG_TYPE=HDFC&bank_ref_num=59117331831301&bankcode=CC&error=E000&cardnum=512345XXXXXX2346&cardhash=766f0227cc4b4c5f773a04cb31d8d1c5be071dd8d08fe365ecf5e2e5c947546d" + "mihpayid=403993715508030204&mode=CC&status=success&unmappedstatus=captured&key=merchant_id&txnid=4ba4afe87f7e73468f2a&amount=10.00&discount=0.00&addedon=2013-05-10 18 32 30&productinfo=Product Info&firstname=Payu-Admin&lastname=&address1=&address2=&city=&state=&country=&zipcode=&email=test@example.com&phone=1234567890&udf1=&udf2=original_item_id&udf3=&udf4=&udf5=&udf6=&udf7=&udf8=&udf9=&udf10=&hash=#{checksum}&field1=313069903923&field2=999999&field3=59117331831301&field4=-1&field5=&field6=&field7=&field8=&PG_TYPE=HDFC&bank_ref_num=59117331831301&bankcode=CC&error=E000&cardnum=512345XXXXXX2346&cardhash=766f0227cc4b4c5f773a04cb31d8d1c5be071dd8d08fe365ecf5e2e5c947546d" end def http_raw_data_failure - "mihpayid=403993715508030204&mode=CC&status=failure&unmappedstatus=failed&key=C0Dr8m&txnid=8ae1034d1abf47fde1cf&amount=10.00&discount=0.00&addedon=2013-05-13 11:09:20&productinfo=Product Info&firstname=Payu-Admin&lastname=&address1=&address2=&city=&state=&country=&zipcode=&email=test@example.com&phone=1234567890&udf1=&udf2=&udf3=&udf4=&udf5=&udf6=&udf7=&udf8=&udf9=&udf10=&hash=65774f82abe64cec54be31107529b2a3eef8f6a3f97a8cb81e9769f4394b890b0e7171f8988c4df3684e7f9f337035d0fe09a844da4b76e68dd643e8ac5e5c63&field1=&field2=&field3=&field4=&field5=!ERROR!-GV00103-Invalid BrandError Code: GV00103&field6=&field7=&field8=failed in enrollment&PG_TYPE=HDFC&bank_ref_num=&bankcode=CC&error=E201&cardnum=411111XXXXXX1111&cardhash=49c73d6c44f27f7ac71b439de842f91e27fcbc3b9ce9dfbcbf1ce9a8fe790c17" + "mihpayid=403993715508030204&mode=CC&status=failure&unmappedstatus=failed&key=merchant_id&txnid=8ae1034d1abf47fde1cf&amount=10.00&discount=0.00&addedon=2013-05-13 11:09:20&productinfo=Product Info&firstname=Payu-Admin&lastname=&address1=&address2=&city=&state=&country=&zipcode=&email=test@example.com&phone=1234567890&udf1=&udf2=&udf3=&udf4=&udf5=&udf6=&udf7=&udf8=&udf9=&udf10=&hash=65774f82abe64cec54be31107529b2a3eef8f6a3f97a8cb81e9769f4394b890b0e7171f8988c4df3684e7f9f337035d0fe09a844da4b76e68dd643e8ac5e5c63&field1=&field2=&field3=&field4=&field5=!ERROR!-GV00103-Invalid BrandError Code: GV00103&field6=&field7=&field8=failed in enrollment&PG_TYPE=HDFC&bank_ref_num=&bankcode=CC&error=E201&cardnum=411111XXXXXX1111&cardhash=49c73d6c44f27f7ac71b439de842f91e27fcbc3b9ce9dfbcbf1ce9a8fe790c17" + end + + def checksum + Digest::SHA512.hexdigest("secret|success|||||||||original_item_id||test@example.com|Payu-Admin|Product Info|10.00|4ba4afe87f7e73468f2a|merchant_id") end end diff --git a/test/unit/integrations/returns/payu_in_return_test.rb b/test/unit/integrations/returns/payu_in_return_test.rb index add0f355cfe..6e49d8f0e5d 100644 --- a/test/unit/integrations/returns/payu_in_return_test.rb +++ b/test/unit/integrations/returns/payu_in_return_test.rb @@ -4,11 +4,11 @@ class PayuInReturnTest < Test::Unit::TestCase include ActiveMerchant::Billing::Integrations def setup - @payu = PayuIn::Return.new(http_raw_data_success, :credential1 => 'C0Dr8m', :credential2 => '3sf0jURk') + @payu = PayuIn::Return.new(http_raw_data_success, :credential1 => 'merchant_id', :credential2 => 'secret') end def setup_failed_return - @payu = PayuIn::Return.new(http_raw_data_failure, :credential1 => 'C0Dr8m', :credential2 => '3sf0jURk') + @payu = PayuIn::Return.new(http_raw_data_failure, :credential1 => 'merchant_id', :credential2 => 'secret') end def test_success @@ -38,7 +38,7 @@ def test_return_has_notification assert_equal 'CC', @payu.notification.type assert_equal 'INR', notification.currency assert_equal '4ba4afe87f7e73468f2a', notification.invoice - assert_equal 'C0Dr8m', notification.account + assert_equal 'merchant_id', notification.account assert_equal '10.00', notification.gross assert_equal '0.00', notification.discount assert_equal nil, notification.offer_description @@ -48,7 +48,7 @@ def test_return_has_notification assert_equal 'Payu-Admin', notification.customer_first_name assert_equal '', notification.customer_last_name assert_equal ["", "", "", "", "", "", "", "", "", ""], notification.user_defined - assert_equal 'ef0c1b509a42b802a4938c25dc9bb9efe40b75a7dfb8bde1a6f126fa1f86cee264c5e5a17e87db85150d6d8912eafda838416e669712f1989dcb9cbdb8c24219', notification.checksum + assert_equal checksum, notification.checksum assert_equal 'E000', notification.message assert notification.checksum_ok? end @@ -56,11 +56,15 @@ def test_return_has_notification private def http_raw_data_success - "mihpayid=403993715508030204&mode=CC&status=success&unmappedstatus=captured&key=C0Dr8m&txnid=4ba4afe87f7e73468f2a&amount=10.00&discount=0.00&addedon=2013-05-10 18 32 30&productinfo=Product Info&firstname=Payu-Admin&lastname=&address1=&address2=&city=&state=&country=&zipcode=&email=test@example.com&phone=1234567890&udf1=&udf2=&udf3=&udf4=&udf5=&udf6=&udf7=&udf8=&udf9=&udf10=&hash=ef0c1b509a42b802a4938c25dc9bb9efe40b75a7dfb8bde1a6f126fa1f86cee264c5e5a17e87db85150d6d8912eafda838416e669712f1989dcb9cbdb8c24219&field1=313069903923&field2=999999&field3=59117331831301&field4=-1&field5=&field6=&field7=&field8=&PG_TYPE=HDFC&bank_ref_num=59117331831301&bankcode=CC&error=E000&cardnum=512345XXXXXX2346&cardhash=766f0227cc4b4c5f773a04cb31d8d1c5be071dd8d08fe365ecf5e2e5c947546d" + "mihpayid=403993715508030204&mode=CC&status=success&unmappedstatus=captured&key=merchant_id&txnid=4ba4afe87f7e73468f2a&amount=10.00&discount=0.00&addedon=2013-05-10 18 32 30&productinfo=Product Info&firstname=Payu-Admin&lastname=&address1=&address2=&city=&state=&country=&zipcode=&email=test@example.com&phone=1234567890&udf1=&udf2=&udf3=&udf4=&udf5=&udf6=&udf7=&udf8=&udf9=&udf10=&hash=#{checksum}&field1=313069903923&field2=999999&field3=59117331831301&field4=-1&field5=&field6=&field7=&field8=&PG_TYPE=HDFC&bank_ref_num=59117331831301&bankcode=CC&error=E000&cardnum=512345XXXXXX2346&cardhash=766f0227cc4b4c5f773a04cb31d8d1c5be071dd8d08fe365ecf5e2e5c947546d" end def http_raw_data_failure - "mihpayid=403993715508030204&mode=CC&status=failure&unmappedstatus=failed&key=C0Dr8m&txnid=8ae1034d1abf47fde1cf&amount=10.00&discount=0.00&addedon=2013-05-13 11:09:20&productinfo=Product Info&firstname=Payu-Admin&lastname=&address1=&address2=&city=&state=&country=&zipcode=&email=test@example.com&phone=1234567890&udf1=&udf2=&udf3=&udf4=&udf5=&udf6=&udf7=&udf8=&udf9=&udf10=&hash=65774f82abe64cec54be31107529b2a3eef8f6a3f97a8cb81e9769f4394b890b0e7171f8988c4df3684e7f9f337035d0fe09a844da4b76e68dd643e8ac5e5c63&field1=&field2=&field3=&field4=&field5=!ERROR!-GV00103-Invalid BrandError Code: GV00103&field6=&field7=&field8=failed in enrollment&PG_TYPE=HDFC&bank_ref_num=&bankcode=CC&error=E201&cardnum=411111XXXXXX1111&cardhash=49c73d6c44f27f7ac71b439de842f91e27fcbc3b9ce9dfbcbf1ce9a8fe790c17" + "mihpayid=403993715508030204&mode=CC&status=failure&unmappedstatus=failed&key=merchant_id&txnid=8ae1034d1abf47fde1cf&amount=10.00&discount=0.00&addedon=2013-05-13 11:09:20&productinfo=Product Info&firstname=Payu-Admin&lastname=&address1=&address2=&city=&state=&country=&zipcode=&email=test@example.com&phone=1234567890&udf1=&udf2=&udf3=&udf4=&udf5=&udf6=&udf7=&udf8=&udf9=&udf10=&hash=65774f82abe64cec54be31107529b2a3eef8f6a3f97a8cb81e9769f4394b890b0e7171f8988c4df3684e7f9f337035d0fe09a844da4b76e68dd643e8ac5e5c63&field1=&field2=&field3=&field4=&field5=!ERROR!-GV00103-Invalid BrandError Code: GV00103&field6=&field7=&field8=failed in enrollment&PG_TYPE=HDFC&bank_ref_num=&bankcode=CC&error=E201&cardnum=411111XXXXXX1111&cardhash=49c73d6c44f27f7ac71b439de842f91e27fcbc3b9ce9dfbcbf1ce9a8fe790c17" + end + + def checksum + Digest::SHA512.hexdigest("secret|success|||||||||||test@example.com|Payu-Admin|Product Info|10.00|4ba4afe87f7e73468f2a|merchant_id") end end From 43cd7905b390237f1508163a16521e40df2ca5ed Mon Sep 17 00:00:00 2001 From: Denis Odorcic Date: Fri, 15 Nov 2013 15:32:45 -0500 Subject: [PATCH 03/10] Slip down user_defined method --- .../billing/integrations/payu_in/notification.rb | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/lib/active_merchant/billing/integrations/payu_in/notification.rb b/lib/active_merchant/billing/integrations/payu_in/notification.rb index 14ace59a42c..c8f98b762e1 100755 --- a/lib/active_merchant/billing/integrations/payu_in/notification.rb +++ b/lib/active_merchant/billing/integrations/payu_in/notification.rb @@ -129,10 +129,7 @@ def customer_address end def user_defined - return @user_defined if @user_defined - @user_defined = [] - 10.times{ |i| @user_defined.push( params[ "udf#{i+1}" ] ) } - @user_defined + @user_defined ||= 10.times.map { |i| params["udf#{i + 1}"] } end def checksum From 22b2615cecf8ac47fd39e1f489c94e3c3f1dfaea Mon Sep 17 00:00:00 2001 From: Denis Odorcic Date: Fri, 15 Nov 2013 15:33:37 -0500 Subject: [PATCH 04/10] PayU status should be based off status from param, checksum should be handled by acknowledge --- .../billing/integrations/payu_in/notification.rb | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/lib/active_merchant/billing/integrations/payu_in/notification.rb b/lib/active_merchant/billing/integrations/payu_in/notification.rb index c8f98b762e1..803cfe1d02b 100755 --- a/lib/active_merchant/billing/integrations/payu_in/notification.rb +++ b/lib/active_merchant/billing/integrations/payu_in/notification.rb @@ -15,18 +15,10 @@ def complete? end def status - @status ||= if checksum_ok? - if transaction_id.blank? - 'Invalid' - else - case transaction_status.downcase - when 'success' then 'Completed' - when 'failure' then 'Failed' - when 'pending' then 'Pending' - end - end - else - 'Tampered' + case transaction_status.downcase + when 'success' then 'Completed' + when 'failure' then 'Failed' + when 'pending' then 'Pending' end end From 956174ef15e3ddb477de5fdddcecb6957559f9d4 Mon Sep 17 00:00:00 2001 From: Denis Odorcic Date: Fri, 15 Nov 2013 15:34:09 -0500 Subject: [PATCH 05/10] to_s discount as it can be nil on returns --- .../billing/integrations/payu_in/notification.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/active_merchant/billing/integrations/payu_in/notification.rb b/lib/active_merchant/billing/integrations/payu_in/notification.rb index 803cfe1d02b..7881a02f9ca 100755 --- a/lib/active_merchant/billing/integrations/payu_in/notification.rb +++ b/lib/active_merchant/billing/integrations/payu_in/notification.rb @@ -28,7 +28,7 @@ def invoice_ok?( order_id ) # Order amount should be equal to gross - discount def amount_ok?( order_amount, order_discount = BigDecimal.new( '0.0' ) ) - BigDecimal.new( gross ) == order_amount && BigDecimal.new( discount ) == order_discount + BigDecimal.new( gross ) == order_amount && BigDecimal.new( discount.to_s ) == order_discount end # Status of transaction return from the PayU. List of possible values: From 706feb1c7d98e489cb5eaf54efccbc2cf69cc0bd Mon Sep 17 00:00:00 2001 From: Denis Odorcic Date: Sat, 16 Nov 2013 16:56:52 -0500 Subject: [PATCH 06/10] Fix PayuInPaisa module tests --- test/unit/integrations/payu_in_paisa_module_test.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test/unit/integrations/payu_in_paisa_module_test.rb b/test/unit/integrations/payu_in_paisa_module_test.rb index 12e63f431b3..00e3235227b 100644 --- a/test/unit/integrations/payu_in_paisa_module_test.rb +++ b/test/unit/integrations/payu_in_paisa_module_test.rb @@ -9,17 +9,17 @@ def setup def test_service_url_method ActiveMerchant::Billing::Base.integration_mode = :test - assert_equal "https://test.payu.in/_payment.php", PayuIn.service_url + assert_equal "https://test.payu.in/_payment.php", PayuInPaisa.service_url ActiveMerchant::Billing::Base.integration_mode = :production - assert_equal "https://secure.payu.in/_payment.php", PayuIn.service_url + assert_equal "https://secure.payu.in/_payment.php", PayuInPaisa.service_url end def test_return_method - assert_instance_of PayuIn::Return, PayuIn.return('name=foo', {}) + assert_instance_of PayuInPaisa::Return, PayuInPaisa.return('name=foo', {}) end def test_notification_method - assert_instance_of PayuIn::Notification, PayuIn.notification('name=foo', {}) + assert_instance_of PayuInPaisa::Notification, PayuInPaisa.notification('name=foo', {}) end end From 281848e4a4c048bd7dd5cefbd37b8ed2465079d0 Mon Sep 17 00:00:00 2001 From: Denis Odorcic Date: Sat, 16 Nov 2013 17:15:48 -0500 Subject: [PATCH 07/10] Remove super arguments --- .../billing/integrations/payu_in_paisa/helper.rb | 2 +- .../billing/integrations/payu_in_paisa/return.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/active_merchant/billing/integrations/payu_in_paisa/helper.rb b/lib/active_merchant/billing/integrations/payu_in_paisa/helper.rb index d87c596d1c9..b46561c176e 100644 --- a/lib/active_merchant/billing/integrations/payu_in_paisa/helper.rb +++ b/lib/active_merchant/billing/integrations/payu_in_paisa/helper.rb @@ -7,7 +7,7 @@ class Helper < PayuIn::Helper mapping :service_provider, 'service_provider' def initialize(order, account, options = {}) - super order, account, options + super self.service_provider = 'payu_paisa' self.user_defined = { :var2 => order } end diff --git a/lib/active_merchant/billing/integrations/payu_in_paisa/return.rb b/lib/active_merchant/billing/integrations/payu_in_paisa/return.rb index b5bfce0af52..8b22eb7b08a 100644 --- a/lib/active_merchant/billing/integrations/payu_in_paisa/return.rb +++ b/lib/active_merchant/billing/integrations/payu_in_paisa/return.rb @@ -5,7 +5,7 @@ module PayuInPaisa class Return < PayuIn::Return def initialize(query_string, options = {}) - super query_string, options + super @notification = Notification.new(query_string, options) end end From 2fa18992e82ff949a5ea5b5c122ba0c344dfa40e Mon Sep 17 00:00:00 2001 From: Denis Odorcic Date: Mon, 18 Nov 2013 14:37:17 -0500 Subject: [PATCH 08/10] Sanitize field values before generating the form fields --- .../billing/integrations/payu_in/helper.rb | 7 +++++++ test/unit/integrations/helpers/payu_in_helper_test.rb | 8 ++++++++ 2 files changed, 15 insertions(+) diff --git a/lib/active_merchant/billing/integrations/payu_in/helper.rb b/lib/active_merchant/billing/integrations/payu_in/helper.rb index b091e3c0b7f..68a6d839658 100755 --- a/lib/active_merchant/billing/integrations/payu_in/helper.rb +++ b/lib/active_merchant/billing/integrations/payu_in/helper.rb @@ -49,6 +49,7 @@ def initialize(order, account, options = {}) end def form_fields + sanitize_fields @fields.merge(mappings[:checksum] => generate_checksum) end @@ -61,6 +62,12 @@ def generate_checksum PayuIn.checksum(@fields["key"], @options[:credential2], checksum_payload_items ) end + def sanitize_fields + ['address1', 'address2', 'city', 'state', 'country', 'productinfo', 'email', 'phone'].each do |field| + @fields[field].gsub!(/[^a-zA-Z0-9\-_@\/\s.]/, '') if @fields[field] + end + end + end end diff --git a/test/unit/integrations/helpers/payu_in_helper_test.rb b/test/unit/integrations/helpers/payu_in_helper_test.rb index 81da3ce2fed..2d210a59440 100644 --- a/test/unit/integrations/helpers/payu_in_helper_test.rb +++ b/test/unit/integrations/helpers/payu_in_helper_test.rb @@ -63,4 +63,12 @@ def test_add_checksum_method assert_equal Digest::SHA512.hexdigest(['merchant_id', *fields, 'secret_key'].join("|")), @helper.form_fields["hash"] end + def test_sanitize_fields_in_form_fields + @helper.description '{[Valid Description!]}' + @helper.form_fields + + assert_equal 'Valid Description', @helper.fields['productinfo'] + assert_nil @helper.fields['email'] + end + end From 99a074a5f39c776730d26e4929a0f0a4e5c1f9df Mon Sep 17 00:00:00 2001 From: Denis Odorcic Date: Mon, 18 Nov 2013 15:06:02 -0500 Subject: [PATCH 09/10] Move payu in test credentials to fixtures --- test/fixtures.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/test/fixtures.yml b/test/fixtures.yml index af3af91dd42..a90f8b1e15a 100644 --- a/test/fixtures.yml +++ b/test/fixtures.yml @@ -372,6 +372,10 @@ paypal_signature: password: PASSWORD signature: SIGNATURE +payu_in: + login: C0Dr8m + secret: 3sf0jURk + payway: username: password: From 6f54aecdc4ce654d88a47fc26dcb5e291226f86b Mon Sep 17 00:00:00 2001 From: Denis Odorcic Date: Tue, 3 Dec 2013 18:55:10 -0500 Subject: [PATCH 10/10] Move ordered checksum fields into a constant in the PayU helper --- .../billing/integrations/payu_in/helper.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/active_merchant/billing/integrations/payu_in/helper.rb b/lib/active_merchant/billing/integrations/payu_in/helper.rb index 68a6d839658..6ac746e9015 100755 --- a/lib/active_merchant/billing/integrations/payu_in/helper.rb +++ b/lib/active_merchant/billing/integrations/payu_in/helper.rb @@ -4,6 +4,9 @@ module Integrations #:nodoc: module PayuIn class Helper < ActiveMerchant::Billing::Integrations::Helper + CHECKSUM_FIELDS = [ 'txnid', 'amount', 'productinfo', 'firstname', 'email', 'udf1', 'udf2', 'udf3', 'udf4', + 'udf5', 'udf6', 'udf7', 'udf8', 'udf9', 'udf10'] + mapping :amount, 'amount' mapping :account, 'key' mapping :order, 'txnid' @@ -54,10 +57,7 @@ def form_fields end def generate_checksum - checksum_payload_items = [ - 'txnid', 'amount', 'productinfo', 'firstname', 'email', - 'udf1', 'udf2', 'udf3', 'udf4', 'udf5', 'udf6', 'udf7', 'udf8', 'udf9', 'udf10' - ].map { |field| @fields[field] } + checksum_payload_items = CHECKSUM_FIELDS.map { |field| @fields[field] } PayuIn.checksum(@fields["key"], @options[:credential2], checksum_payload_items ) end