Merge pull request #1631 from sharelatex/ho-remove-recurly-sign

remove RecurlyWrapper.sign and recurly private api key

GitOrigin-RevId: ceec49bcb9b66a6ad3cbf2b436c87cf0008ab152

services/web/app/coffee/Features/Subscription/RecurlyWrapper.coffee

@@ -248,36 +248,6 @@ module.exports = RecurlyWrapper =
 				logger.log {url: options.url, method: options.method}, "got 404 response from recurly, expected as valid response"
 			callback(error, response, body)
 
-	sign : (parameters, callback) ->
-		nestAttributesForQueryString = (attributes, base) ->
-			newAttributes = {}
-			for key, value of attributes
-				if base?
-					newKey = "#{base}[#{key}]"
-				else
-					newKey = key
-
-				if typeof value == "object"
-					for key, value of nestAttributesForQueryString(value, newKey)
-						newAttributes[key] = value
-				else
-					newAttributes[newKey] = value
-
-			return newAttributes
-
-		crypto.randomBytes 32, (error, buffer) ->
-			return callback error if error?
-			parameters.nonce = buffer.toString "base64"
-			parameters.timestamp = Math.round((new Date()).getTime() / 1000)
-
-			unsignedQuery = querystring.stringify nestAttributesForQueryString(parameters)
-
-			signed = crypto.createHmac("sha1", Settings.apis.recurly.privateKey).update(unsignedQuery).digest("hex")
-			signature = "#{signed}|#{unsignedQuery}"
-
-			callback null, signature
-
-
 	getSubscriptions: (accountId, callback)->
 		RecurlyWrapper.apiRequest({
 			url: "accounts/#{accountId}/subscriptions"

services/web/app/coffee/Features/Subscription/SubscriptionController.coffee

@@ -64,26 +64,19 @@ module.exports = SubscriptionController =
 							return next(err) if err?
 							if recomendedCurrency? and !currency?
 								currency = recomendedCurrency
-							RecurlyWrapper.sign {
+							res.render "subscriptions/new",
-								subscription:
+								title      : "subscribe"
-									plan_code : req.query.planCode
+								plan_code: req.query.planCode
+								currency: currency
+								countryCode:countryCode
+								plan:plan
+								showStudentPlan: req.query.ssp
+								recurlyConfig: JSON.stringify
 									currency: currency
-								account_code: user._id
+									subdomain: Settings.apis.recurly.subdomain
-							}, (error, signature) ->
+								showCouponField: req.query.scf
-								return next(error) if error?
+								showVatField: req.query.svf
-								res.render "subscriptions/new",
+								couponCode:      req.query.cc or ""
-									title      : "subscribe"
-									plan_code: req.query.planCode
-									currency: currency
-									countryCode:countryCode
-									plan:plan
-									showStudentPlan: req.query.ssp
-									recurlyConfig: JSON.stringify
-										currency: currency
-										subdomain: Settings.apis.recurly.subdomain
-									showCouponField: req.query.scf
-									showVatField: req.query.svf
-									couponCode:      req.query.cc or ""
 
 
 

services/web/config/settings.defaults.coffee

@@ -135,7 +135,6 @@ module.exports = settings =
 		githubSync:
 			url: "http://#{process.env['GITHUB_SYNC_HOST'] or 'localhost'}:3022"
 		recurly:
-			privateKey: process.env['RECURLY_PRIVATE_KEY'] or ''
 			apiKey: process.env['RECURLY_API_KEY'] or ''
 			subdomain: process.env['RECURLY_SUBDOMAIN'] or ''
 			publicKey: process.env['RECURLY_PUBLIC_KEY'] or ''

services/web/test/unit/coffee/Subscription/RecurlyWrapperTests.coffee

@@ -128,103 +128,6 @@ describe "RecurlyWrapper", ->
 	after ->
 		tk.reset()
 
-	describe "sign", ->
-		before (done) ->
-			@RecurlyWrapper.sign({
-				subscription :
-					plan_code : "gold"
-					name      : "$$$"
-			}, (error, signature) =>
-				@signature = signature
-				done()
-			)
-
-		it "should be signed correctly", ->
-			signed = @signature.split("|")[0]
-			query = @signature.split("|")[1]
-			crypto.createHmac("sha1", @settings.apis.recurly.privateKey).update(query).digest("hex").should.equal signed
-
-		it "should be url escaped", ->
-			query = @signature.split("|")[1]
-			should.equal query.match(/\[/), null
-			query.match(/\%5B/).should.not.equal null
-
-		it "should contain the passed data", ->
-			query = querystring.parse @signature.split("|")[1]
-			query["subscription[plan_code]"].should.equal "gold"
-			query["subscription[name]"].should.equal "$$$"
-
-		it "should contain a nonce", ->
-			query = querystring.parse @signature.split("|")[1]
-			should.exist query["nonce"]
-
-		it "should contain a timestamp", ->
-			query = querystring.parse @signature.split("|")[1]
-			query["timestamp"].should.equal Math.round(Date.now() / 1000) + ""
-
-	describe "_parseXml", ->
-		it "should convert different data types into correct representations", (done) ->
-			xml = """
-				<?xml version="1.0" encoding="UTF-8"?>
-				<subscription href="https://api.recurly.com/v2/subscriptions/44f83d7cba354d5b84812419f923ea96">
-				  <account href="https://api.recurly.com/v2/accounts/1"/>
-				  <plan href="https://api.recurly.com/v2/plans/gold">
-				    <plan_code>gold</plan_code>
-				    <name>Gold plan</name>
-				  </plan>
-				  <uuid>44f83d7cba354d5b84812419f923ea96</uuid>
-				  <state>active</state>
-				  <unit_amount_in_cents type="integer">800</unit_amount_in_cents>
-				  <currency>EUR</currency>
-				  <quantity type="integer">1</quantity>
-				  <activated_at type="datetime">2011-05-27T07:00:00Z</activated_at>
-				  <canceled_at nil="nil"></canceled_at>
-				  <expires_at nil="nil"></expires_at>
-				  <current_period_started_at type="datetime">2011-06-27T07:00:00Z</current_period_started_at>
-				  <current_period_ends_at type="datetime">2011-07-27T07:00:00Z</current_period_ends_at>
-				  <trial_started_at nil="nil"></trial_started_at>
-				  <trial_ends_at nil="nil"></trial_ends_at>
-				  <subscription_add_ons type="array">
-				    <subscription_add_on>
-				      <add_on_code>ipaddresses</add_on_code>
-				      <quantity>10</quantity>
-				      <unit_amount_in_cents>150</unit_amount_in_cents>
-				    </subscription_add_on>
-				  </subscription_add_ons>
-				  <a name="cancel" href="https://api.recurly.com/v2/subscriptions/44f83d7cba354d5b84812419f923ea96/cancel" method="put"/>
-				  <a name="terminate" href="https://api.recurly.com/v2/subscriptions/44f83d7cba354d5b84812419f923ea96/terminate" method="put"/>
-				  <a name="postpone" href="https://api.recurly.com/v2/subscriptions/44f83d7cba354d5b84812419f923ea96/postpone" method="put"/>
-				</subscription>
-				"""
-			@RecurlyWrapper._parseXml xml, (error, data) ->
-				data.subscription.plan.plan_code.should.equal "gold"
-				data.subscription.plan.name.should.equal "Gold plan"
-				data.subscription.uuid.should.equal "44f83d7cba354d5b84812419f923ea96"
-				data.subscription.state.should.equal "active"
-				data.subscription.unit_amount_in_cents.should.equal 800
-				data.subscription.currency.should.equal "EUR"
-				data.subscription.quantity.should.equal 1
-
-				data.subscription.activated_at.should.deep.equal new Date("2011-05-27T07:00:00Z")
-				should.equal data.subscription.canceled_at, null
-				should.equal data.subscription.expires_at, null
-
-				data.subscription.current_period_started_at.should.deep.equal new Date("2011-06-27T07:00:00Z")
-
-				data.subscription.current_period_ends_at.should.deep.equal new Date("2011-07-27T07:00:00Z")
-				should.equal data.subscription.trial_started_at, null
-				should.equal data.subscription.trial_ends_at, null
-
-				data.subscription.subscription_add_ons[0].should.deep.equal {
-					add_on_code: "ipaddresses"
-					quantity: "10"
-					unit_amount_in_cents: "150"
-				}
-				data.subscription.account.url.should.equal "https://api.recurly.com/v2/accounts/1"
-				data.subscription.url.should.equal "https://api.recurly.com/v2/subscriptions/44f83d7cba354d5b84812419f923ea96"
-				data.subscription.plan.url.should.equal "https://api.recurly.com/v2/plans/gold"
-				done()
-
 	describe "getSubscription", ->
 
 		describe "with proper subscription id", ->

services/web/test/unit/coffee/Subscription/SubscriptionControllerTests.coffee

@@ -123,7 +123,6 @@ describe "SubscriptionController", ->
 	describe "paymentPage", ->
 		beforeEach ->
 			@req.headers = {}
-			@RecurlyWrapper.sign = sinon.stub().yields(null, @signature = "signature")
 			@SubscriptionHandler.validateNoSubscriptionInRecurly = sinon.stub().yields(null, true)
 			@GeoIpLookup.getCurrencyCode.callsArgWith(1, null, @stubbedCurrencyCode)