From d9522f563d9f4273b38572e94127fa407ebcef2f Mon Sep 17 00:00:00 2001 From: Simon Detheridge Date: Mon, 25 Mar 2019 15:39:38 +0000 Subject: [PATCH] Merge pull request #1631 from sharelatex/ho-remove-recurly-sign remove RecurlyWrapper.sign and recurly private api key GitOrigin-RevId: ceec49bcb9b66a6ad3cbf2b436c87cf0008ab152 --- .../Subscription/RecurlyWrapper.coffee | 30 ------ .../SubscriptionController.coffee | 31 +++--- services/web/config/settings.defaults.coffee | 1 - .../Subscription/RecurlyWrapperTests.coffee | 97 ------------------- .../SubscriptionControllerTests.coffee | 1 - 5 files changed, 12 insertions(+), 148 deletions(-) diff --git a/services/web/app/coffee/Features/Subscription/RecurlyWrapper.coffee b/services/web/app/coffee/Features/Subscription/RecurlyWrapper.coffee index 774707a2ea..2e47ea597d 100644 --- a/services/web/app/coffee/Features/Subscription/RecurlyWrapper.coffee +++ b/services/web/app/coffee/Features/Subscription/RecurlyWrapper.coffee @@ -248,36 +248,6 @@ module.exports = RecurlyWrapper = logger.log {url: options.url, method: options.method}, "got 404 response from recurly, expected as valid response" callback(error, response, body) - sign : (parameters, callback) -> - nestAttributesForQueryString = (attributes, base) -> - newAttributes = {} - for key, value of attributes - if base? - newKey = "#{base}[#{key}]" - else - newKey = key - - if typeof value == "object" - for key, value of nestAttributesForQueryString(value, newKey) - newAttributes[key] = value - else - newAttributes[newKey] = value - - return newAttributes - - crypto.randomBytes 32, (error, buffer) -> - return callback error if error? - parameters.nonce = buffer.toString "base64" - parameters.timestamp = Math.round((new Date()).getTime() / 1000) - - unsignedQuery = querystring.stringify nestAttributesForQueryString(parameters) - - signed = crypto.createHmac("sha1", Settings.apis.recurly.privateKey).update(unsignedQuery).digest("hex") - signature = "#{signed}|#{unsignedQuery}" - - callback null, signature - - getSubscriptions: (accountId, callback)-> RecurlyWrapper.apiRequest({ url: "accounts/#{accountId}/subscriptions" diff --git a/services/web/app/coffee/Features/Subscription/SubscriptionController.coffee b/services/web/app/coffee/Features/Subscription/SubscriptionController.coffee index c450f3e570..c393b0c4a4 100644 --- a/services/web/app/coffee/Features/Subscription/SubscriptionController.coffee +++ b/services/web/app/coffee/Features/Subscription/SubscriptionController.coffee @@ -64,26 +64,19 @@ module.exports = SubscriptionController = return next(err) if err? if recomendedCurrency? and !currency? currency = recomendedCurrency - RecurlyWrapper.sign { - subscription: - plan_code : req.query.planCode + res.render "subscriptions/new", + title : "subscribe" + plan_code: req.query.planCode + currency: currency + countryCode:countryCode + plan:plan + showStudentPlan: req.query.ssp + recurlyConfig: JSON.stringify currency: currency - account_code: user._id - }, (error, signature) -> - return next(error) if error? - res.render "subscriptions/new", - title : "subscribe" - plan_code: req.query.planCode - currency: currency - countryCode:countryCode - plan:plan - showStudentPlan: req.query.ssp - recurlyConfig: JSON.stringify - currency: currency - subdomain: Settings.apis.recurly.subdomain - showCouponField: req.query.scf - showVatField: req.query.svf - couponCode: req.query.cc or "" + subdomain: Settings.apis.recurly.subdomain + showCouponField: req.query.scf + showVatField: req.query.svf + couponCode: req.query.cc or "" diff --git a/services/web/config/settings.defaults.coffee b/services/web/config/settings.defaults.coffee index 786978f520..047b3b3c07 100644 --- a/services/web/config/settings.defaults.coffee +++ b/services/web/config/settings.defaults.coffee @@ -135,7 +135,6 @@ module.exports = settings = githubSync: url: "http://#{process.env['GITHUB_SYNC_HOST'] or 'localhost'}:3022" recurly: - privateKey: process.env['RECURLY_PRIVATE_KEY'] or '' apiKey: process.env['RECURLY_API_KEY'] or '' subdomain: process.env['RECURLY_SUBDOMAIN'] or '' publicKey: process.env['RECURLY_PUBLIC_KEY'] or '' diff --git a/services/web/test/unit/coffee/Subscription/RecurlyWrapperTests.coffee b/services/web/test/unit/coffee/Subscription/RecurlyWrapperTests.coffee index c4f6aff4c1..4cfe0e162e 100644 --- a/services/web/test/unit/coffee/Subscription/RecurlyWrapperTests.coffee +++ b/services/web/test/unit/coffee/Subscription/RecurlyWrapperTests.coffee @@ -128,103 +128,6 @@ describe "RecurlyWrapper", -> after -> tk.reset() - describe "sign", -> - before (done) -> - @RecurlyWrapper.sign({ - subscription : - plan_code : "gold" - name : "$$$" - }, (error, signature) => - @signature = signature - done() - ) - - it "should be signed correctly", -> - signed = @signature.split("|")[0] - query = @signature.split("|")[1] - crypto.createHmac("sha1", @settings.apis.recurly.privateKey).update(query).digest("hex").should.equal signed - - it "should be url escaped", -> - query = @signature.split("|")[1] - should.equal query.match(/\[/), null - query.match(/\%5B/).should.not.equal null - - it "should contain the passed data", -> - query = querystring.parse @signature.split("|")[1] - query["subscription[plan_code]"].should.equal "gold" - query["subscription[name]"].should.equal "$$$" - - it "should contain a nonce", -> - query = querystring.parse @signature.split("|")[1] - should.exist query["nonce"] - - it "should contain a timestamp", -> - query = querystring.parse @signature.split("|")[1] - query["timestamp"].should.equal Math.round(Date.now() / 1000) + "" - - describe "_parseXml", -> - it "should convert different data types into correct representations", (done) -> - xml = """ - - - - - gold - Gold plan - - 44f83d7cba354d5b84812419f923ea96 - active - 800 - EUR - 1 - 2011-05-27T07:00:00Z - - - 2011-06-27T07:00:00Z - 2011-07-27T07:00:00Z - - - - - ipaddresses - 10 - 150 - - - - - - - """ - @RecurlyWrapper._parseXml xml, (error, data) -> - data.subscription.plan.plan_code.should.equal "gold" - data.subscription.plan.name.should.equal "Gold plan" - data.subscription.uuid.should.equal "44f83d7cba354d5b84812419f923ea96" - data.subscription.state.should.equal "active" - data.subscription.unit_amount_in_cents.should.equal 800 - data.subscription.currency.should.equal "EUR" - data.subscription.quantity.should.equal 1 - - data.subscription.activated_at.should.deep.equal new Date("2011-05-27T07:00:00Z") - should.equal data.subscription.canceled_at, null - should.equal data.subscription.expires_at, null - - data.subscription.current_period_started_at.should.deep.equal new Date("2011-06-27T07:00:00Z") - - data.subscription.current_period_ends_at.should.deep.equal new Date("2011-07-27T07:00:00Z") - should.equal data.subscription.trial_started_at, null - should.equal data.subscription.trial_ends_at, null - - data.subscription.subscription_add_ons[0].should.deep.equal { - add_on_code: "ipaddresses" - quantity: "10" - unit_amount_in_cents: "150" - } - data.subscription.account.url.should.equal "https://api.recurly.com/v2/accounts/1" - data.subscription.url.should.equal "https://api.recurly.com/v2/subscriptions/44f83d7cba354d5b84812419f923ea96" - data.subscription.plan.url.should.equal "https://api.recurly.com/v2/plans/gold" - done() - describe "getSubscription", -> describe "with proper subscription id", -> diff --git a/services/web/test/unit/coffee/Subscription/SubscriptionControllerTests.coffee b/services/web/test/unit/coffee/Subscription/SubscriptionControllerTests.coffee index 444ceb3b7a..b19cd2bd45 100644 --- a/services/web/test/unit/coffee/Subscription/SubscriptionControllerTests.coffee +++ b/services/web/test/unit/coffee/Subscription/SubscriptionControllerTests.coffee @@ -123,7 +123,6 @@ describe "SubscriptionController", -> describe "paymentPage", -> beforeEach -> @req.headers = {} - @RecurlyWrapper.sign = sinon.stub().yields(null, @signature = "signature") @SubscriptionHandler.validateNoSubscriptionInRecurly = sinon.stub().yields(null, true) @GeoIpLookup.getCurrencyCode.callsArgWith(1, null, @stubbedCurrencyCode)