diff --git a/lib/remit.rb b/lib/remit.rb index 031a4ce..748df37 100644 --- a/lib/remit.rb +++ b/lib/remit.rb @@ -121,6 +121,7 @@ def query(request) end private :query + # signature version 2 def sign(values) keys = values.keys.sort { |a, b| a.to_s.downcase <=> b.to_s.downcase } diff --git a/lib/remit/common.rb b/lib/remit/common.rb index 2f397b8..6eeff7d 100644 --- a/lib/remit/common.rb +++ b/lib/remit/common.rb @@ -85,4 +85,25 @@ def parse(uri, secret_key, query_string) end end end + + class VerifySignature + require 'open-uri' + require 'cgi' + + attr_reader :valid + + def initialize( api, uri ) + begin + service_url = api.endpoint.to_s + "?Action=VerifySignature&" + "UrlEndPoint=" + CGI.escape(uri.split('?', 2)[0]) + + "&HttpParameters=" + CGI.escape(uri.split('?', 2)[1]) + "&Version=" + Remit::API::API_VERSION + + STDOUT.puts( "Checking signature against: #{service_url}") + + open( service_url ) {|f| @valid = ( f.read =~ %r{Success})} + rescue + STDERR.puts( $!.message ) + STDERR.puts( $!.backtrace.join("\n") ) + end + end + end end diff --git a/lib/remit/operations/pay.rb b/lib/remit/operations/pay.rb index 201978e..0f3af02 100644 --- a/lib/remit/operations/pay.rb +++ b/lib/remit/operations/pay.rb @@ -6,7 +6,7 @@ class Request < Remit::Request action :Pay parameter :caller_description parameter :caller_reference, :required => true - parameter :caller_token_id, :required => true + # parameter :caller_token_id, :required => true parameter :charge_fee_to, :required => true parameter :descriptor_policy, :type => Remit::RequestTypes::DescriptorPolicy parameter :marketplace_fixed_fee, :type => Remit::RequestTypes::Amount @@ -14,7 +14,7 @@ class Request < Remit::Request parameter :meta_data parameter :recipient_description parameter :recipient_reference - parameter :recipient_token_id, :required => true + # parameter :recipient_token_id, :true parameter :sender_description parameter :sender_reference parameter :sender_token_id, :required => true diff --git a/lib/remit/pipeline_response.rb b/lib/remit/pipeline_response.rb index 269fa36..2c1b4b4 100644 --- a/lib/remit/pipeline_response.rb +++ b/lib/remit/pipeline_response.rb @@ -11,9 +11,9 @@ def initialize(uri, secret_key) # The unescape_value method is used here because the awsSignature value # pulled from the request is filtered through the same method. #++ - def valid? + def valid?( api = nil) return false unless given_signature - Relax::Query.unescape_value(correct_signature) == given_signature + Relax::Query.unescape_value(correct_signature(api)) == given_signature end # Returns +true+ if the response returns a successful state. @@ -40,12 +40,17 @@ def request_query(reload = false) private :request_query def given_signature - request_query[:awsSignature] + request_query[:signature] end private :given_signature - def correct_signature - Remit::SignedQuery.new(@uri.path, @secret_key, request_query).sign + def correct_signature( api = nil) + return nil unless api + + Rails.logger.debug "FPS: Computed signature: " + Remit::SignedQuery.new(@uri.path, @secret_key, request_query).sign + Rails.logger.debug "FPS: Real signature: " + request_query[:signature] + # Verifign a responses signature against a webservice seems....silly? + Remit::VerifySignature.new(api, @uri.to_s).valid end private :correct_signature end diff --git a/rails/init.rb b/rails/init.rb new file mode 100644 index 0000000..69b21ac --- /dev/null +++ b/rails/init.rb @@ -0,0 +1 @@ +require File.join( File.dirname(__FILE__), '..', 'lib', 'remit.rb' ) \ No newline at end of file