form_spec.rb in wvanbergen-adyen-0.1.0

- old
+ new
@@ -26,9 +26,44 @@
     it "should generate correct live url if explicitely asked for" do
       Adyen::Form.url(:live).should eql('https://live.adyen.com/hpp/select.shtml')
     end
   end  
   
+  describe 'redirect signature check' do
+    before(:each) do
+      # Example taken from integration manual
+      
+      # Shared secret between you and Adyen, only valid for this skinCode!
+      @shared_secret = 'Kah942*$7sdp0)' 
+      
+      # Example get params sent back with redirect
+      @params = { :authResult => 'AUTHORISED', :pspReference => '1211992213193029',
+        :merchantReference => 'Internet Order 12345', :skinCode => '4aD37dJA',
+        :merchantSig => 'ytt3QxWoEhAskUzUne0P5VA9lPw='}
+    end
+    
+    it "should calculate the signature string correctly" do
+      Adyen::Form.redirect_signature_string(@params).should eql('AUTHORISED1211992213193029Internet Order 123454aD37dJA')
+    end
+    
+    it "should calculate the signature correctly" do
+      Adyen::Form.redirect_signature(@params, @shared_secret).should eql(@params[:merchantSig])
+    end
+    
+    it "should check the signature correctly" do
+      Adyen::Form.redirect_signature_check(@params, @shared_secret).should be_true
+    end    
+    
+    it "should detect a tampered field" do
+      Adyen::Form.redirect_signature_check(@params.merge(:pspReference => 'tampered'), @shared_secret).should be_false
+    end    
+
+    it "should detect a tampered signature" do
+      Adyen::Form.redirect_signature_check(@params.merge(:merchantSig => 'tampered'), @shared_secret).should be_false
+    end    
+
+  end
+  
   describe 'hidden fields generation' do
     
     include ActionView::Helpers::TagHelper
   
     before(:each) do
\ No newline at end of file