Contents

module Spree::Api::SpreeSignifyd
  class OrdersController < ActionController::Base
    include SpreeSignifyd::RequestVerifier

    respond_to :json

    before_filter :authorize, :load_order, :order_canceled_or_shipped

    def update
      SpreeSignifyd.set_score(order: @order, score: score)

      if is_fraudulent?
        @order.cancel!
      elsif should_approve?
        SpreeSignifyd.approve(order: @order)
      end

      render nothing: true, status: 200
    end

    private

    def authorize
      request_sha = request.headers['HTTP_HTTP_X_SIGNIFYD_HMAC_SHA256']
      computed_sha = build_sha(SpreeSignifyd::Config[:api_key], encode_request(request.raw_post))

      head 401 unless Devise.secure_compare(request_sha, computed_sha)
    end

    def load_order
      head 404 unless @order = Spree::Order.find_by(number: body['orderId'])
    end

    def order_canceled_or_shipped
      head 200 if @order.shipped? || @order.canceled?
    end

    def body
      @body ||= JSON.parse(request.raw_post)
    end

    def is_fraudulent?
      body['reviewDisposition'] == 'FRAUDULENT'
    end

    def should_approve?
      body['reviewDisposition'] == 'GOOD' || SpreeSignifyd.score_above_threshold?(score)
    end

    def score
      body['adjustedScore']
    end
  end
end

Version data entries

2 entries across 2 versions & 1 rubygems

Version	Path
solidus_signifyd-1.0.0	app/controllers/spree/api/spree_signifyd/orders_controller.rb
solidus_signifyd-0.1.1	app/controllers/spree/api/spree_signifyd/orders_controller.rb