Merge pull request #56 from Adyen/develop

4.0.2 - Mask PCI data, paymentLinks endpoint

Author: Colin Rood

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @crrood @hbkwong @KadoBOT @Aleffio @rikterbeek

CODE_OF_CONDUCT.md

@@ -0,0 +1,76 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, sex characteristics, gender identity and expression,
+level of experience, education, socio-economic status, nationality, personal
+appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+ advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+ address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+ professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at [email protected]. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see
+https://www.contributor-covenant.org/faq

Gemfile

@@ -2,11 +2,11 @@
 
 source "https://rubygems.org"
 
-ruby "> 2.1.0"
+ruby ">= 2.1.0"
 
 gem "faraday"
 
 gem "bundler", :group => :development
 gem "webmock", :group => :development
 gem "rspec", :group => :development
-gem "activesupport", :group => :development
+gem "activesupport", :group => :development

README.md

@@ -77,6 +77,7 @@ adyen.checkout.version = 50
 - payment_methods
 - payments
 - payments.details
+- payment_links
 
 **checkout utility:**
 - origin_keys

docs/checkout.html

@@ -41,6 +41,8 @@ <h2 id="availablemethods">Available methods</h2>
         <li>payments</li>
 
         <li>payments.details</li>
+
+        <li>payment_links</li>
         </ul>
 
         <h2 id="authentication">Authentication</h2>
@@ -99,7 +101,22 @@ <h2 id="usagecheckoutapi">Usage - Checkout API</h2>
 
         <p>A successful call to payment_methods will return a list of supported payment methods along with redirect URL's so that you can send your shoppers directly to the issuer's site without losing control of front-end styling / logic.</p>
 
+        You can also create a link to Adyen's hosted payment form:
+
+        <pre><code class="ruby language-ruby">response = adyen.checkout.payment_links('{
+  "amount": {
+    "value": 1500,
+    "currency": "EUR"
+  },
+  "countryCode": "US",
+  "merchantAccount": "YOUR_MERCHANT_ACCOUNT",
+  "reference": "YOUR_REFERENCE"
+}')</code></pre>
+
+        <p>A successful call to payment_links will return a url, which directs a user to Adyen's hosted payment form.</p>
       </section>
+
+
       <footer>
         <p>This project is maintained by <a href="https://github.com/Adyen">Adyen</a></p>
         <p><small>Hosted on GitHub Pages &mdash; Theme by <a href="https://github.com/orderedlist">orderedlist</a></small></p>

lib/adyen/errors.rb

@@ -3,19 +3,61 @@ class AdyenError < StandardError
     attr_reader :code, :response, :request, :msg
 
     def initialize(request = nil, response = nil, msg = nil, code = nil)
+      mask_fields(request)
+
+      # components of formatted error message
       attributes = {
         code: code,
+        msg: msg,
         request: request,
-        response: response,
-        msg: msg
+        response: response
       }.select { |_k, v| v }.map { |k, v| "#{k}:#{v}" }.join(', ')
       message = "#{self.class.name} #{attributes}"
       super(message)
+
+      # internal variables
       @code = code
       @response = response
       @request = request
       @msg = msg
     end
+
+    # mask PCI data in request
+    def mask_fields(request)
+      return if request.nil?
+
+      # sensitive fields
+      fields_to_mask = [
+        :expiryMonth,
+        :expiryYear,
+        :encryptedCardNumber,
+        :encryptedExpiryMonth,
+        :encryptedExpiryYear,
+        :encryptedSecurityCode
+      ]
+
+      # convert to hash if necessary
+      request = request.is_a?(Hash) ? request : JSON.parse(request)
+
+      # iterate through request to find fields to mask
+      request.each do |k, v|
+        if request[k].is_a?(Hash)
+          # recursively traverse multi-level hashes
+          mask_fields(request[k])
+        else
+          if k == :number
+            # show first 6 and last 4 for cards
+            request[k] = "#{v[0,6]}******#{v[12,16]}"
+          elsif k == :cvc
+            # show length of cvc for debugging
+            request[k] = "*" * v.length
+          elsif fields_to_mask.include? k
+            # generic mask for other fields
+            request[k] = "***"
+          end
+        end
+      end
+    end
   end
 
   class AuthenticationError < AdyenError

lib/adyen/services/checkout.rb

@@ -8,7 +8,8 @@ def initialize(client, version = DEFAULT_VERSION)
       service = 'Checkout'
       method_names = [
         :payment_methods,
-        :payment_session
+        :payment_session,
+        :payment_links
       ]
 
       super(client, version, service, method_names)

lib/adyen/version.rb

@@ -1,4 +1,4 @@
 module Adyen
   NAME = "adyen-ruby-api-library"
-  VERSION = "4.0.1".freeze
+  VERSION = "4.0.2".freeze
 end

renovate.json

@@ -0,0 +1,5 @@
+{
+  "extends": [
+    "config:base"
+  ]
+}

spec/checkout_spec.rb

@@ -110,6 +110,7 @@
   # format is defined in spec_helper
   test_sets = [
     ["payment_session", "publicKeyToken", "8115054323780109"],
+    ["payment_links", "url", "https://checkoutshopper-test.adyen.com"],
     ["payments", "resultCode", "Authorised"]
   ]