diff --git a/.env.example.erb b/.env.example.erb
index 86affec..0e28dda 100644
--- a/.env.example.erb
+++ b/.env.example.erb
@@ -3,3 +3,7 @@ SECRET_KEY_BASE=<%= SecureRandom.hex(64) %>
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=<%= SecureRandom.alphanumeric(32) %>
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=<%= SecureRandom.alphanumeric(32) %>
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=<%= SecureRandom.alphanumeric(32) %>
+
+# Get yours from https://bankaccountdata.gocardless.com/user-secrets
+GOCARDLESS_SECRET_ID=
+GOCARDLESS_SECRET_KEY=
diff --git a/.env.test b/.env.test
index 17ed5f7..39866a7 100644
--- a/.env.test
+++ b/.env.test
@@ -5,3 +5,6 @@ SECRET_KEY_BASE=8c6c7e76595083a2b5e0b72d70c7e0a1abe9e18a4f2e4808920d1a896c0258a3
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=ugv4fakdv28DyyCjx0KVy9Tpi2c2vgbL
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=u5YSUUdY8HKaYTbf6QWuwlPM5GnkGc4t
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=GjTAic8Ak0kkON6Ok40pZ9Jv1vRMi9HC
+
+GOCARDLESS_SECRET_ID=fake_secret_id
+GOCARDLESS_SECRET_KEY=fake_secret_key
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index f605d00..c275099 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -79,7 +79,12 @@ jobs:
env:
RAILS_ENV: test
# REDIS_URL: redis://localhost:6379/0
- run: bin/rails db:test:prepare test test:system
+ run: bin/rails db:test:prepare test:coverage
+
+ - name: Run system tests
+ env:
+ RAILS_ENV: test
+ run: bin/rails db:test:prepare test:system
- name: Keep screenshots from failed system tests
uses: actions/upload-artifact@v4
diff --git a/Gemfile b/Gemfile
index b209896..0a30531 100644
--- a/Gemfile
+++ b/Gemfile
@@ -56,10 +56,15 @@ end
group :development do
# Use console on exceptions pages [https://github.com/rails/web-console]
gem "web-console"
+ gem "csv", require: false
end
group :test do
# Use system testing [https://guides.rubyonrails.org/testing.html#system-testing]
gem "capybara"
gem "selenium-webdriver"
+ gem "webmock", require: false
+ gem "simplecov", require: false
end
+
+gem "faraday", "~> 2.12"
diff --git a/Gemfile.lock b/Gemfile.lock
index 8795943..c40d61b 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -124,22 +124,34 @@ GEM
xpath (~> 3.2)
concurrent-ruby (1.3.4)
connection_pool (2.4.1)
+ crack (1.0.0)
+ bigdecimal
+ rexml
crass (1.0.6)
+ csv (3.3.2)
date (3.4.1)
debug (1.10.0)
irb (~> 1.10)
reline (>= 0.3.8)
+ docile (1.4.1)
dotenv (3.1.7)
drb (2.2.1)
ed25519 (1.3.0)
erubi (1.13.1)
et-orbi (1.2.11)
tzinfo
+ faraday (2.12.2)
+ faraday-net_http (>= 2.0, < 3.5)
+ json
+ logger
+ faraday-net_http (3.4.0)
+ net-http (>= 0.5.0)
fugit (1.11.1)
et-orbi (~> 1, >= 1.2.11)
raabro (~> 1.4)
globalid (1.2.1)
activesupport (>= 6.1)
+ hashdiff (1.1.2)
i18n (1.14.6)
concurrent-ruby (~> 1.0)
importmap-rails (2.1.0)
@@ -181,6 +193,8 @@ GEM
mini_portile2 (2.8.8)
minitest (5.25.4)
msgpack (1.7.5)
+ net-http (0.6.0)
+ uri
net-imap (0.5.4)
date
net-protocol
@@ -291,6 +305,12 @@ GEM
rexml (~> 3.2, >= 3.2.5)
rubyzip (>= 1.2.2, < 3.0)
websocket (~> 1.0)
+ simplecov (0.22.0)
+ docile (~> 1.1)
+ simplecov-html (~> 0.11)
+ simplecov_json_formatter (~> 0.1)
+ simplecov-html (0.13.1)
+ simplecov_json_formatter (0.1.4)
solid_cable (3.0.5)
actioncable (>= 7.2)
activejob (>= 7.2)
@@ -348,6 +368,10 @@ GEM
activemodel (>= 6.0.0)
bindex (>= 0.4.0)
railties (>= 6.0.0)
+ webmock (3.24.0)
+ addressable (>= 2.8.0)
+ crack (>= 0.3.2)
+ hashdiff (>= 0.4.0, < 2.0.0)
websocket (1.2.11)
websocket-driver (0.7.6)
websocket-extensions (>= 0.1.0)
@@ -376,8 +400,10 @@ DEPENDENCIES
bootsnap
brakeman
capybara
+ csv
debug
dotenv
+ faraday (~> 2.12)
importmap-rails
jbuilder
kamal
@@ -386,6 +412,7 @@ DEPENDENCIES
rails!
rubocop-rails-omakase
selenium-webdriver
+ simplecov
solid_cable
solid_cache
solid_queue
@@ -395,6 +422,7 @@ DEPENDENCIES
turbo-rails
tzinfo-data
web-console
+ webmock
BUNDLED WITH
2.6.2
diff --git a/app/models/bank.rb b/app/models/bank.rb
new file mode 100644
index 0000000..232ff10
--- /dev/null
+++ b/app/models/bank.rb
@@ -0,0 +1,52 @@
+module Bank
+ extend self
+
+ SANDBOX_INSTITUTION_ID = "SANDBOXFINANCE_SFIN0000"
+
+ # https://gocardless.com/bank-account-data/coverage/
+ #
+ # `curl -sL https://docs.google.com/spreadsheets/d/1EZ5n7QDGaRIot5M86dwqd5UFSGEDTeTRzEq3D9uEDkM/export?format=csv`
+ # .then { CSV.parse it, headers: true }["Countries "]
+ # .filter { it&.length == 2 }
+ # .uniq
+ # .sort
+ # .join(" ")
+ # .then { puts "%w[#{it}]"}
+ COUNTRIES = %w[AT BE BG CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LT LU LV MT NL NO PL PT RO SE SI SK]
+
+ def connect(institution, **opts)
+ Bank::Requisition.create institution, **opts
+ end
+
+ def disconnect(requisition)
+ requisition.delete
+ end
+
+ def countries
+ COUNTRIES
+ end
+
+ def institutions(country:)
+ Bank::Institution.find_by_country country
+ end
+
+ def institution(id)
+ Bank::Institution.find id
+ end
+
+ def sandbox_institution
+ Bank::Institution.find SANDBOX_INSTITUTION_ID
+ end
+
+ def requisitions
+ Bank::Requisition.all
+ end
+
+ def accounts(requisition_id:)
+ Bank::Requisition.find(requisition_id).accounts
+ end
+
+ def account(id)
+ Bank::Account.find id
+ end
+end
diff --git a/app/models/bank/account.rb b/app/models/bank/account.rb
new file mode 100644
index 0000000..69b51fb
--- /dev/null
+++ b/app/models/bank/account.rb
@@ -0,0 +1,59 @@
+class Bank::Account
+ include Bank::Connection
+
+ attr_reader :id, :iban, :institution_id
+
+ class << self
+ def find(id)
+ connection
+ .get("accounts/#{id}/")
+ .body
+ .then { new **it }
+ end
+ end
+
+ def initialize(id:, **attrs)
+ @id = id
+ @iban = attrs[:iban]
+ @institution_id = attrs[:institution_id]
+ end
+
+ def balances
+ @balances ||= \
+ connection
+ .get("accounts/#{id}/balances/")
+ .body
+ .dig(:balances)
+ end
+
+ def details
+ @details ||= \
+ connection
+ .get("accounts/#{id}/details/")
+ .body
+ .dig(:account)
+ end
+
+ def transactions(from: nil, to: nil)
+ if from || to
+ fetch_transactions(from:, to:)
+ else
+ @transactions ||= fetch_transactions(from:, to:)
+ end
+ end
+
+ private
+ def fetch_transactions(from: nil, to: nil)
+ connection
+ .get("accounts/#{id}/transactions/", {
+ date_from: format_date(from),
+ date_to: format_date(to)
+ }.compact)
+ .body
+ .dig(:transactions, :booked)
+ end
+
+ def format_date(date_or_datetime_or_string)
+ date_or_datetime_or_string.try(:strftime, "%Y-%m-%d") || date_or_datetime_or_string
+ end
+end
diff --git a/app/models/bank/connection.rb b/app/models/bank/connection.rb
new file mode 100644
index 0000000..3a89a6e
--- /dev/null
+++ b/app/models/bank/connection.rb
@@ -0,0 +1,15 @@
+module Bank::Connection
+ extend ActiveSupport::Concern
+
+ DB_TOKEN_NAME = :bank_token
+
+ included do
+ delegate :connection, to: :class
+ end
+
+ class_methods do
+ def connection
+ @connection ||= Bank::Http.client authorized_by: DB_TOKEN_NAME
+ end
+ end
+end
diff --git a/app/models/bank/http.rb b/app/models/bank/http.rb
new file mode 100644
index 0000000..a0adfc1
--- /dev/null
+++ b/app/models/bank/http.rb
@@ -0,0 +1,30 @@
+module Bank::Http
+ extend self
+
+ URL = "https://bankaccountdata.gocardless.com/api/v2/"
+ USER_AGENT = "github.com/murdho/spendbetter"
+
+ # Create an HTTP client suitable for communicating with the bank API.
+ #
+ # [authorized_by]
+ # Name for a Token for finding and storing API tokens. Optional.
+ def client(authorized_by: nil)
+ Faraday.new do |conn|
+ conn.url_prefix = URL
+ conn.headers = { "User-Agent": USER_AGENT }
+ conn.request :json
+
+ conn.use TokenAutoRefresh, token_name: authorized_by if authorized_by
+
+ conn.response :json, parser_options: { decoder: [ Jason, :parse ] }
+ conn.response :raise_error
+
+ conn.response(:logger, Rails.logger, headers: true, bodies: true) { add_logging_filters it } if Rails.env.local?
+ end
+ end
+
+ private
+ def add_logging_filters(logger)
+ logger.filter /(Authorization:\s+).*/, '\1[REDACTED]'
+ end
+end
diff --git a/app/models/bank/http/jason.rb b/app/models/bank/http/jason.rb
new file mode 100644
index 0000000..f91c17a
--- /dev/null
+++ b/app/models/bank/http/jason.rb
@@ -0,0 +1,25 @@
+# JSON parser for converting all hash keys into underscore symbols. For example, +"transactionAmount"+ is transformed
+# into +:transaction_amount+.
+class Bank::Http::Jason
+ class << self
+ def parse(str, opts)
+ JSON
+ .parse(str, opts)
+ .then { deep_transform it }
+ end
+
+ private
+ def deep_transform(element)
+ case element
+ when Hash
+ element
+ .transform_keys { it.to_s.underscore.to_sym }
+ .transform_values { deep_transform it }
+ when Array
+ element.map { deep_transform it }
+ else
+ element
+ end
+ end
+ end
+end
diff --git a/app/models/bank/http/token_auto_refresh.rb b/app/models/bank/http/token_auto_refresh.rb
new file mode 100644
index 0000000..03cf689
--- /dev/null
+++ b/app/models/bank/http/token_auto_refresh.rb
@@ -0,0 +1,72 @@
+# Faraday middleware for automatically refreshing and storing both access and refresh tokens.
+#
+# ==== Options
+#
+# [token_name]
+# Specify name of the Token model record for finding and storing the API tokens.
+#
+# ==== Example
+#
+# Faraday.new do |conn|
+# conn.use TokenAutoRefresh, token_name: :bla_bla
+# end
+class Bank::Http::TokenAutoRefresh < Faraday::Middleware
+ attr_reader :token
+
+ def on_request(env)
+ env.request_headers["Authorization"] = "Bearer #{access_token}"
+ end
+
+ private
+ def access_token
+ find_or_initialize_token
+
+ unless token.fresh?
+ token.with_lock do
+ if token.refreshable?
+ refresh_api_token
+ else
+ create_api_token
+ end
+ end
+ end
+
+ token.access_token
+ end
+
+ def refresh_api_token
+ save_token \
+ http_client
+ .post("token/refresh/", { refresh: token.refresh_token })
+ .body
+ end
+
+ def create_api_token
+ save_token \
+ http_client
+ .post("token/new/", {
+ secret_id: Rails.configuration.spendbetter.gocardless.fetch(:secret_id),
+ secret_key: Rails.configuration.spendbetter.gocardless.fetch(:secret_key)
+ })
+ .body
+ end
+
+ def save_token(new_tokens)
+ new_tokens => { access:, refresh:, access_expires:, refresh_expires: }
+
+ token.update!(
+ access_token: access,
+ refresh_token: refresh,
+ access_expires_in: access_expires,
+ refresh_expires_in: refresh_expires
+ )
+ end
+
+ def find_or_initialize_token
+ @token = Token.find_or_initialize_by name: options.fetch(:token_name)
+ end
+
+ def http_client
+ @http_client ||= Bank::Http.client
+ end
+end
diff --git a/app/models/bank/institution.rb b/app/models/bank/institution.rb
new file mode 100644
index 0000000..939ced0
--- /dev/null
+++ b/app/models/bank/institution.rb
@@ -0,0 +1,28 @@
+class Bank::Institution
+ include Bank::Connection
+
+ attr_reader :id, :name, :transaction_total_days, :max_access_valid_for_days
+
+ class << self
+ def find_by_country(country)
+ connection
+ .get("institutions/", { country: })
+ .body
+ .map { new **it }
+ end
+
+ def find(id)
+ connection
+ .get("institutions/#{id}/")
+ .body
+ .then { new **it }
+ end
+ end
+
+ def initialize(id:, **attrs)
+ @id = id
+ @name = attrs[:name]
+ @transaction_total_days = attrs[:transaction_total_days].to_i
+ @max_access_valid_for_days = attrs[:max_access_valid_for_days].to_i
+ end
+end
diff --git a/app/models/bank/requisition.rb b/app/models/bank/requisition.rb
new file mode 100644
index 0000000..afb6de7
--- /dev/null
+++ b/app/models/bank/requisition.rb
@@ -0,0 +1,69 @@
+class Bank::Requisition
+ include Bank::Connection
+
+ attr_reader :id, :link, :account_ids, :reference_id, :institution_id
+
+ class << self
+ def all
+ connection
+ .get("requisitions/")
+ .body
+ .fetch(:results)
+ .map { new **it }
+ end
+
+ def find(id)
+ connection
+ .get("requisitions/#{id}/")
+ .body
+ .then { new **it }
+ end
+
+ def create(institution, reference_id: SecureRandom.uuid, redirect_url: "http://localhost:3000")
+ agreement_id = create_agreement(institution)
+
+ connection
+ .post("requisitions/", {
+ institution_id: institution.id,
+ agreement: agreement_id,
+ reference: reference_id,
+ redirect: redirect_url,
+ user_language: "EN"
+ })
+ .body
+ .then { new **it }
+ end
+
+ private
+ def create_agreement(institution)
+ connection
+ .post("agreements/enduser/", {
+ institution_id: institution.id,
+ max_historical_days: institution.transaction_total_days,
+ access_valid_for_days: institution.max_access_valid_for_days,
+ access_scope: %w[balances details transactions]
+ })
+ .body
+ .fetch(:id)
+ end
+ end
+
+ def initialize(id:, **attrs)
+ @id = id
+ @link = attrs[:link]
+ @account_ids = attrs[:accounts]
+ @reference_id = attrs[:reference]
+ @institution_id = attrs[:institution_id]
+ end
+
+ def accounts
+ assert @account_ids, "Cannot fetch accounts, @account_ids missing: #{self.inspect}"
+ @accounts ||= @account_ids.map { Bank::Account.find it }
+ end
+
+ def delete
+ connection
+ .delete("requisitions/#{id}/")
+ .body
+ end
+end
diff --git a/app/models/token.rb b/app/models/token.rb
new file mode 100644
index 0000000..bc7bbe8
--- /dev/null
+++ b/app/models/token.rb
@@ -0,0 +1,20 @@
+class Token < ApplicationRecord
+ encrypts :access_token
+ encrypts :refresh_token
+
+ def fresh?
+ Time.current < access_expires_at if access_token? && access_expires_at?
+ end
+
+ def refreshable?
+ Time.current < refresh_expires_at if refresh_token? && refresh_expires_at?
+ end
+
+ def access_expires_in=(seconds)
+ self.access_expires_at = Time.current + seconds.to_i
+ end
+
+ def refresh_expires_in=(seconds)
+ self.refresh_expires_at = Time.current + seconds.to_i
+ end
+end
diff --git a/config/application.rb b/config/application.rb
index 64ed434..4dcbb0b 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -27,5 +27,7 @@ class Application < Rails::Application
config.active_record.encryption.primary_key = ENV["ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY"]
config.active_record.encryption.deterministic_key = ENV["ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY"]
config.active_record.encryption.key_derivation_salt = ENV["ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT"]
+
+ config.spendbetter = config_for(:spendbetter)
end
end
diff --git a/config/environments/test.rb b/config/environments/test.rb
index c2095b1..7c8d6ee 100644
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@@ -50,4 +50,6 @@
# Raise error when a before_action's only/except options reference missing actions.
config.action_controller.raise_on_missing_callback_actions = true
+
+ config.active_record.encryption.encrypt_fixtures = true
end
diff --git a/config/initializers/core_ext.rb b/config/initializers/core_ext.rb
new file mode 100644
index 0000000..3b7bb12
--- /dev/null
+++ b/config/initializers/core_ext.rb
@@ -0,0 +1,10 @@
+class Object
+ AssertionFailed = Class.new(StandardError)
+
+ def assert(test, message = nil)
+ unless test
+ message ||= "Expected #{test.inspect} to be truthy."
+ raise AssertionFailed, message
+ end
+ end
+end
diff --git a/config/routes.rb b/config/routes.rb
index 2d13cc5..e39726a 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -13,5 +13,5 @@
resources :entries
# Defines the root path route ("/")
- # root "posts#index"
+ root "folders#index"
end
diff --git a/config/spendbetter.yml b/config/spendbetter.yml
new file mode 100644
index 0000000..e676161
--- /dev/null
+++ b/config/spendbetter.yml
@@ -0,0 +1,13 @@
+default: &default
+ gocardless:
+ secret_id: <%= ENV["GOCARDLESS_SECRET_ID"] %>
+ secret_key: <%= ENV["GOCARDLESS_SECRET_KEY"] %>
+
+development:
+ <<: *default
+
+test:
+ <<: *default
+
+production:
+ <<: *default
diff --git a/db/migrate/20241226170308_create_tokens.rb b/db/migrate/20241226170308_create_tokens.rb
new file mode 100644
index 0000000..31d34da
--- /dev/null
+++ b/db/migrate/20241226170308_create_tokens.rb
@@ -0,0 +1,13 @@
+class CreateTokens < ActiveRecord::Migration[8.1]
+ def change
+ create_table :tokens do |t|
+ t.string :name, null: false, index: { unique: true }
+ t.string :access_token, null: false
+ t.string :refresh_token, null: false
+ t.datetime :access_expires_at, null: false
+ t.datetime :refresh_expires_at, null: false
+
+ t.timestamps
+ end
+ end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 8feea8b..e734892 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
#
# It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema[8.1].define(version: 2024_12_26_080651) do
+ActiveRecord::Schema[8.1].define(version: 2024_12_26_170308) do
create_table "entries", force: :cascade do |t|
t.date "date"
t.decimal "amount", null: false
@@ -30,5 +30,16 @@
t.datetime "updated_at", null: false
end
+ create_table "tokens", force: :cascade do |t|
+ t.string "name", null: false
+ t.string "access_token", null: false
+ t.string "refresh_token", null: false
+ t.datetime "access_expires_at", null: false
+ t.datetime "refresh_expires_at", null: false
+ t.datetime "created_at", null: false
+ t.datetime "updated_at", null: false
+ t.index ["name"], name: "index_tokens_on_name", unique: true
+ end
+
add_foreign_key "entries", "folders"
end
diff --git a/lib/tasks/test.rake b/lib/tasks/test.rake
new file mode 100644
index 0000000..7fcde7c
--- /dev/null
+++ b/lib/tasks/test.rake
@@ -0,0 +1,7 @@
+namespace :test do
+ desc "Run tests with coverage enabled"
+ task coverage: :environment do
+ ENV["COVERAGE"] = "true"
+ Rake::Task["test"].invoke
+ end
+end
diff --git a/test/application_system_test_case.rb b/test/application_system_test_case.rb
index cee29fd..22b199e 100644
--- a/test/application_system_test_case.rb
+++ b/test/application_system_test_case.rb
@@ -2,4 +2,6 @@
class ApplicationSystemTestCase < ActionDispatch::SystemTestCase
driven_by :selenium, using: :headless_chrome, screen_size: [ 1400, 1400 ]
+
+ WebMock.disable_net_connect! allow_localhost: true
end
diff --git a/test/fixtures/tokens.yml b/test/fixtures/tokens.yml
new file mode 100644
index 0000000..4a13a43
--- /dev/null
+++ b/test/fixtures/tokens.yml
@@ -0,0 +1,22 @@
+# Read about fixtures at https://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
+
+fresh:
+ name: a fresh one
+ access_token: fresh_access_token
+ refresh_token: fresh_refresh_token
+ access_expires_at: <%= Time.current + 1.hour %>
+ refresh_expires_at: <%= Time.current + 1.day %>
+
+refreshable:
+ name: a refreshable one
+ access_token: expired_access_token
+ refresh_token: fresh_refresh_token
+ access_expires_at: <%= Time.current - 1.hour %>
+ refresh_expires_at: <%= Time.current + 1.day %>
+
+expired:
+ name: an expired one
+ access_token: expired_access_token
+ refresh_token: expired_refresh_token
+ access_expires_at: <%= Time.current - 1.day %>
+ refresh_expires_at: <%= Time.current - 1.hour %>
diff --git a/test/lib/core_ext/object_test.rb b/test/lib/core_ext/object_test.rb
new file mode 100644
index 0000000..63f83d6
--- /dev/null
+++ b/test/lib/core_ext/object_test.rb
@@ -0,0 +1,17 @@
+require "test_helper"
+
+class ObjectTest < ActiveSupport::TestCase
+ setup do
+ @obj = Object.new
+ end
+
+ test "assert" do
+ assert_nothing_raised do
+ @obj.assert true, "something's afoot"
+ end
+
+ assert_raises AssertionFailed, match: /something's afoot/ do
+ @obj.assert false, "something's afoot"
+ end
+ end
+end
diff --git a/test/models/bank/account_test.rb b/test/models/bank/account_test.rb
new file mode 100644
index 0000000..608e176
--- /dev/null
+++ b/test/models/bank/account_test.rb
@@ -0,0 +1,33 @@
+require "test_helper"
+require "test_helpers/bank_request_stubs"
+
+class Bank::AccountTest < ActiveSupport::TestCase
+ include BankRequestStubs
+
+ setup do
+ stub_token_requests
+ @account = Bank::Account.new **SANDBOX_ACCOUNT_ONE
+ end
+
+ test "balances" do
+ stub_account_balances_request SANDBOX_ACCOUNT_ONE, SANDBOX_ACCOUNT_ONE_BALANCES
+ assert_equal SANDBOX_ACCOUNT_ONE_BALANCES, @account.balances
+ end
+
+ test "details" do
+ stub_account_details_request SANDBOX_ACCOUNT_ONE, SANDBOX_ACCOUNT_ONE_DETAILS
+ assert_equal SANDBOX_ACCOUNT_ONE_DETAILS, @account.details
+ end
+
+ test "transactions" do
+ stub_account_transactions_request SANDBOX_ACCOUNT_ONE, SANDBOX_ACCOUNT_ONE_TRANSACTIONS
+ assert_equal SANDBOX_ACCOUNT_ONE_TRANSACTIONS, @account.transactions
+ end
+
+ test "transactions from/to" do
+ stub_account_transactions_request \
+ SANDBOX_ACCOUNT_ONE, SANDBOX_ACCOUNT_ONE_TRANSACTIONS[1..], from: "2024-12-20", to: "2024-12-27"
+ transactions = @account.transactions(from: "2024-12-20", to: "2024-12-27")
+ assert_equal SANDBOX_ACCOUNT_ONE_TRANSACTIONS[1..], transactions
+ end
+end
diff --git a/test/models/bank/http_test.rb b/test/models/bank/http_test.rb
new file mode 100644
index 0000000..15e9500
--- /dev/null
+++ b/test/models/bank/http_test.rb
@@ -0,0 +1,40 @@
+require "test_helper"
+require "test_helpers/bank_request_stubs"
+
+class Bank::HttpTest < ActiveSupport::TestCase
+ include BankRequestStubs
+
+ test "with fresh token" do
+ stub_request :get, Bank::Http::URL
+
+ token = tokens(:fresh)
+ Bank::Http.client(authorized_by: token.name).get
+
+ assert_requested :get, Bank::Http::URL, headers: { Authorization: "Bearer fresh_access_token" }
+ assert token.reload.fresh?
+ end
+
+ test "with refreshable token" do
+ stub_request :get, Bank::Http::URL
+ stub_refresh_api_token_request
+
+ token = tokens(:refreshable)
+ Bank::Http.client(authorized_by: token.name).get
+
+ assert_requested :post, /token\/refresh/, body: { refresh: "fresh_refresh_token" }
+ assert_requested :get, Bank::Http::URL, headers: { Authorization: "Bearer fresh_access_token" }
+ assert token.reload.fresh?
+ end
+
+ test "with expired token" do
+ stub_request :get, Bank::Http::URL
+ stub_create_api_token_request
+
+ token = tokens(:expired)
+ Bank::Http.client(authorized_by: token.name).get
+
+ assert_requested :post, /token\/new/, body: { secret_id: "fake_secret_id", secret_key: "fake_secret_key" }
+ assert_requested :get, Bank::Http::URL, headers: { Authorization: "Bearer fresh_access_token" }
+ assert token.reload.fresh?
+ end
+end
diff --git a/test/models/bank_test.rb b/test/models/bank_test.rb
new file mode 100644
index 0000000..a154b6b
--- /dev/null
+++ b/test/models/bank_test.rb
@@ -0,0 +1,95 @@
+require "test_helper"
+require "test_helpers/bank_request_stubs"
+
+class BankTest < ActiveSupport::TestCase
+ include BankRequestStubs
+
+ setup do
+ stub_token_requests
+ end
+
+ test "connect" do
+ stub_create_agreement_request institution: SANDBOX_INSTITUTION
+ stub_create_requisition_request institution: SANDBOX_INSTITUTION, agreement: SANDBOX_AGREEMENT
+
+ requisition = Bank.connect Bank::Institution.new **SANDBOX_INSTITUTION
+ assert_equal "780bcb92-c6cb-4cd8-9974-e0374177f7cd", requisition.id
+ assert_equal "SANDBOXFINANCE_SFIN0000", requisition.institution_id
+ end
+
+ test "disconnect" do
+ stub_delete_requisition_request SANDBOX_REQUISITION
+
+ Bank.disconnect Bank::Requisition.new **SANDBOX_REQUISITION
+ assert_requested :delete, /requisitions\/780bcb92-c6cb-4cd8-9974-e0374177f7cd/
+ end
+
+ test "countries" do
+ assert_equal 30, Bank.countries.count
+ assert_equal Bank::COUNTRIES, Bank.countries
+ end
+
+ test "institutions" do
+ stub_institutions_request country: "XX"
+
+ institutions = Bank.institutions country: "XX"
+ assert_equal 1, institutions.count
+ assert_equal "SANDBOXFINANCE_SFIN0000", institutions.first.id
+ end
+
+ test "institution" do
+ stub_institution_request SANDBOX_INSTITUTION
+
+ institution = Bank.institution SANDBOX_INSTITUTION_ID
+ assert_equal "SANDBOXFINANCE_SFIN0000", institution.id
+ end
+
+ test "sandbox institution" do
+ stub_institution_request SANDBOX_INSTITUTION
+
+ institution = Bank.sandbox_institution
+ assert_equal "SANDBOXFINANCE_SFIN0000", institution.id
+ assert_equal 180, institution.max_access_valid_for_days
+ assert_equal "Sandbox Finance", institution.name
+ assert_equal 90, institution.transaction_total_days
+ end
+
+ test "requisitions" do
+ stub_requisitions_request
+
+ requisitions = Bank.requisitions
+ assert_equal 1, requisitions.count
+
+ requisitions.first.tap do
+ assert_equal "780bcb92-c6cb-4cd8-9974-e0374177f7cd", it.id
+ assert_equal "SANDBOXFINANCE_SFIN0000", it.institution_id
+ assert_equal "be233689-b8b9-4c24-8b1f-9c4a7d522ea3", it.reference_id
+ assert_match /ob.gocardless.com\/ob-psd2\/start\/.*\/SANDBOXFINANCE_SFIN0000/, it.link
+ assert_equal %w[68d5b037-0706-41b7-ad63-5e62df8684d9 9daf5886-2d46-464b-9f2b-65accac9295e], it.account_ids
+ end
+ end
+
+ test "accounts" do
+ stub_accounts_request SANDBOX_REQUISITION, SANDBOX_ACCOUNT_ONE, SANDBOX_ACCOUNT_TWO
+
+ accounts = Bank.accounts requisition_id: SANDBOX_REQUISITION_ID
+ assert_equal 2, accounts.count
+
+ assert_equal "68d5b037-0706-41b7-ad63-5e62df8684d9", accounts.first.id
+ assert_equal "GL3510230000010234", accounts.first.iban
+ assert_equal "SANDBOXFINANCE_SFIN0000", accounts.first.institution_id
+
+ assert_equal "9daf5886-2d46-464b-9f2b-65accac9295e", accounts.last.id
+ assert_equal "GL2981370000081378", accounts.last.iban
+ assert_equal "SANDBOXFINANCE_SFIN0000", accounts.last.institution_id
+ end
+
+ test "account" do
+ stub_account_request SANDBOX_ACCOUNT_ONE
+
+ account = Bank.account SANDBOX_ACCOUNT_ONE_ID
+ assert_equal "68d5b037-0706-41b7-ad63-5e62df8684d9", account.id
+ assert_equal "GL3510230000010234", account.iban
+ assert_equal "SANDBOXFINANCE_SFIN0000", account.institution_id
+ end
+end
diff --git a/test/models/token_test.rb b/test/models/token_test.rb
new file mode 100644
index 0000000..47024c8
--- /dev/null
+++ b/test/models/token_test.rb
@@ -0,0 +1,34 @@
+require "test_helper"
+
+class TokenTest < ActiveSupport::TestCase
+ test "encryption" do
+ assert_includes Token.encrypted_attributes, :access_token
+ assert_includes Token.encrypted_attributes, :refresh_token
+ end
+
+ test "fresh?" do
+ assert tokens(:fresh).fresh?
+ assert_not tokens(:refreshable).fresh?
+ assert_not tokens(:expired).fresh?
+ assert_not Token.new.fresh?
+ end
+
+ test "refreshable?" do
+ assert tokens(:fresh).refreshable?
+ assert tokens(:refreshable).refreshable?
+ assert_not tokens(:expired).refreshable?
+ assert_not Token.new.refreshable?
+ end
+
+ test "access_expires_in=" do
+ freeze_time
+ token = Token.new access_expires_in: "3600"
+ assert_equal Time.current + 1.hour, token.access_expires_at
+ end
+
+ test "refresh_expires_in=" do
+ freeze_time
+ token = Token.new refresh_expires_in: "3600"
+ assert_equal Time.current + 1.hour, token.refresh_expires_at
+ end
+end
diff --git a/test/test_helper.rb b/test/test_helper.rb
index 0c22470..5b1c80e 100644
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -1,6 +1,12 @@
+if ENV["COVERAGE"]
+ require "simplecov"
+ SimpleCov.start
+end
+
ENV["RAILS_ENV"] ||= "test"
require_relative "../config/environment"
require "rails/test_help"
+require "webmock/minitest"
module ActiveSupport
class TestCase
diff --git a/test/test_helpers/bank/client_request_stubs.rb b/test/test_helpers/bank/client_request_stubs.rb
new file mode 100644
index 0000000..5468d10
--- /dev/null
+++ b/test/test_helpers/bank/client_request_stubs.rb
@@ -0,0 +1,47 @@
+module Bank::ClientRequestStubs
+ DEFAULT_REQUEST_HEADERS = {
+ "Content-Type": "application/json",
+ "User-Agent": "github.com/murdho/spendbetter"
+ }
+
+ DEFAULT_RESPONSE_HEADERS = {
+ "Content-Type": "application/json"
+ }
+
+ def stub_create_api_token_request
+ stub_request(:post, "https://bankaccountdata.gocardless.com/api/v2/token/new/")
+ .with(
+ headers: DEFAULT_REQUEST_HEADERS,
+ body: { secret_id: "fake_secret_id", secret_key: "fake_secret_key" }
+ )
+ .to_return(
+ status: 200,
+ headers: DEFAULT_RESPONSE_HEADERS,
+ body: {
+ access: "brand_new_access_token",
+ refresh: "brand_new_refresh_token",
+ access_expires: "123",
+ refresh_expires: "456"
+
+ }.to_json
+ )
+ end
+
+ def stub_refresh_api_token_request
+ stub_request(:post, "#{Bank::Client::URL}token/refresh/")
+ .with(
+ headers: DEFAULT_REQUEST_HEADERS,
+ body: { refresh: "bank_client_refresh_token" }
+ )
+ .to_return(
+ status: 200,
+ headers: DEFAULT_RESPONSE_HEADERS,
+ body: {
+ access: "refreshed_access_token",
+ refresh: "refreshed_refresh_token",
+ access_expires: "321",
+ refresh_expires: "654"
+ }.to_json
+ )
+ end
+end
diff --git a/test/test_helpers/bank_fixtures.rb b/test/test_helpers/bank_fixtures.rb
new file mode 100644
index 0000000..55e6bca
--- /dev/null
+++ b/test/test_helpers/bank_fixtures.rb
@@ -0,0 +1,119 @@
+module BankFixtures
+ SANDBOX_INSTITUTION = {
+ id: "SANDBOXFINANCE_SFIN0000",
+ name: "Sandbox Finance",
+ bic: "SFIN0000",
+ transaction_total_days: "90",
+ countries: [ "XX" ],
+ logo: "https://cdn-logos.gocardless.com/ais/SANDBOXFINANCE_SFIN0000.png",
+ max_access_valid_for_days: "180",
+ supported_payments: {},
+ supported_features: [],
+ identification_codes: []
+ }
+
+ SANDBOX_INSTITUTION_ID = Bank::SANDBOX_INSTITUTION_ID
+
+ SANDBOX_AGREEMENT = {
+ id: "d915bfed-bbff-43c9-bf5a-4d62bdadbe29",
+ created: "2024-12-29T15:22:12.231989Z",
+ institution_id: "SANDBOXFINANCE_SFIN0000",
+ max_historical_days: 90,
+ access_valid_for_days: 180,
+ access_scope: [ "balances", "details", "transactions" ],
+ accepted: nil
+ }
+
+ SANDBOX_REQUISITION = {
+ id: "780bcb92-c6cb-4cd8-9974-e0374177f7cd",
+ created: "2024-12-27T21:34:20.658531Z",
+ redirect: "http://localhost:3000",
+ status: "LN",
+ institution_id: "SANDBOXFINANCE_SFIN0000",
+ agreement: "d915bfed-bbff-43c9-bf5a-4d62bdadbe29",
+ reference: "be233689-b8b9-4c24-8b1f-9c4a7d522ea3",
+ accounts: [ "68d5b037-0706-41b7-ad63-5e62df8684d9", "9daf5886-2d46-464b-9f2b-65accac9295e" ],
+ user_language: "EN",
+ link: "https://ob.gocardless.com/ob-psd2/start/15321acf-7c3f-49d2-b19c-b8f749d91d7d/SANDBOXFINANCE_SFIN0000",
+ ssn: nil,
+ account_selection: false,
+ redirect_immediate: false
+ }
+
+ SANDBOX_REQUISITION_ID = SANDBOX_REQUISITION.fetch(:id)
+
+ SANDBOX_ACCOUNT_ONE = {
+ id: "68d5b037-0706-41b7-ad63-5e62df8684d9",
+ created: "2024-01-07T17:20:30.855119Z",
+ last_accessed: "2024-12-27T21:38:15.277931Z",
+ iban: "GL3510230000010234",
+ institution_id: "SANDBOXFINANCE_SFIN0000",
+ status: "READY",
+ owner_name: "John Doe",
+ bban: nil
+ }
+
+ SANDBOX_ACCOUNT_ONE_ID = SANDBOX_ACCOUNT_ONE.fetch(:id)
+
+ SANDBOX_ACCOUNT_ONE_BALANCES = [
+ {
+ balance_amount: { amount: "1913.12", currency: "EUR" },
+ balance_type: "expected", reference_date: "2024-12-29"
+ },
+ {
+ balance_amount: { amount: "1913.12", currency: "EUR" },
+ balance_type: "interimAvailable", reference_date: "2024-12-29"
+ }
+ ]
+
+ SANDBOX_ACCOUNT_ONE_DETAILS = {
+ resource_id: "01F3NS4YV94RA29YCH8R0F6BMF",
+ iban: "GL3510230000010234",
+ currency: "EUR",
+ owner_name: "John Doe",
+ name: "Main Account",
+ product: "Checkings",
+ cash_account_type: "CACC"
+ }
+
+ SANDBOX_ACCOUNT_ONE_TRANSACTIONS = [
+ {
+ transaction_id: "2024122801773517-1",
+ entry_reference: "2024122801773517-1",
+ booking_date: "2024-12-28",
+ value_date: "2024-12-28",
+ transaction_amount: { amount: "-95.35", currency: "EUR" },
+ creditor_name: "Freshto Ideal",
+ remittance_information_unstructured: "Freshto Ideal Clerkenwell",
+ bank_transaction_code: "PMNT",
+ proprietary_bank_transaction_code: "PURCHASE",
+ internal_transaction_id: "fe956029a01f42f53e6ddec7058780f8"
+ },
+ {
+ transaction_id: "2024122801773516-1",
+ entry_reference: "2024122801773516-1",
+ booking_date: "2024-12-27",
+ value_date: "2024-12-27",
+ transaction_amount: { amount: "15.00", currency: "EUR" },
+ debtor_name: "Jennifer Houston",
+ debtor_account: { iban: "IE96BOFI900017816198" },
+ remittance_information_unstructured: "Cab sharing, thank you!",
+ bank_transaction_code: "PMNT",
+ proprietary_bank_transaction_code: "TRANSFER",
+ internal_transaction_id: "7e369a9f8826501041598e5bd05aca38"
+ }
+ ]
+
+ SANDBOX_ACCOUNT_TWO = {
+ id: "9daf5886-2d46-464b-9f2b-65accac9295e",
+ created: "2024-12-27T21:34:42.396133Z",
+ last_accessed: nil,
+ iban: "GL2981370000081378",
+ institution_id: "SANDBOXFINANCE_SFIN0000",
+ status: "READY",
+ owner_name: "Jane Doe",
+ bban: nil
+ }
+
+ SANDBOX_ACCOUNT_TWO_ID = SANDBOX_ACCOUNT_TWO.fetch(:id)
+end
diff --git a/test/test_helpers/bank_request_stubs.rb b/test/test_helpers/bank_request_stubs.rb
new file mode 100644
index 0000000..5afb966
--- /dev/null
+++ b/test/test_helpers/bank_request_stubs.rb
@@ -0,0 +1,178 @@
+require "test_helpers/bank_fixtures"
+
+module BankRequestStubs
+ extend ActiveSupport::Concern
+
+ include BankFixtures
+
+ DEFAULT_RESPONSE_HEADERS = {
+ "Content-Type": "application/json"
+ }
+
+ def stub_token_requests
+ stub_refresh_api_token_request
+ stub_create_api_token_request
+ end
+
+ def stub_refresh_api_token_request
+ stub_request(:post, "#{Bank::Http::URL}token/refresh/")
+ .with(body: { refresh: "fresh_refresh_token" })
+ .to_return(
+ status: 200,
+ headers: DEFAULT_RESPONSE_HEADERS,
+ body: {
+ access: "fresh_access_token",
+ refresh: "fresh_refresh_token",
+ access_expires: "321",
+ refresh_expires: "654"
+ }.to_json
+ )
+ end
+
+ def stub_create_api_token_request
+ stub_request(:post, "#{Bank::Http::URL}token/new/")
+ .with(body: { secret_id: "fake_secret_id", secret_key: "fake_secret_key" })
+ .to_return(
+ status: 200,
+ headers: DEFAULT_RESPONSE_HEADERS,
+ body: {
+ access: "fresh_access_token",
+ refresh: "fresh_refresh_token",
+ access_expires: "123",
+ refresh_expires: "456"
+
+ }.to_json
+ )
+ end
+
+ def stub_institutions_request(country:)
+ stub_request(:get, "#{Bank::Http::URL}institutions/")
+ .with(query: { country: })
+ .to_return(
+ status: 200,
+ headers: DEFAULT_RESPONSE_HEADERS,
+ body: [ SANDBOX_INSTITUTION ].to_json
+ )
+ end
+
+ def stub_institution_request(institution)
+ stub_request(:get, "#{Bank::Http::URL}institutions/#{institution.fetch(:id)}/")
+ .to_return(
+ status: 200,
+ headers: DEFAULT_RESPONSE_HEADERS,
+ body: institution.to_json
+ )
+ end
+
+ def stub_create_agreement_request(institution:)
+ stub_request(:post, "#{Bank::Http::URL}agreements/enduser/")
+ .with(
+ body: {
+ institution_id: institution.fetch(:id),
+ max_historical_days: institution.fetch(:transaction_total_days).to_i,
+ access_valid_for_days: institution.fetch(:max_access_valid_for_days).to_i,
+ access_scope: %w[balances details transactions]
+ }
+ )
+ .to_return(
+ status: 200,
+ headers: DEFAULT_RESPONSE_HEADERS,
+ body: SANDBOX_AGREEMENT.to_json
+ )
+ end
+
+ def stub_create_requisition_request(institution:, agreement:)
+ stub_request(:post, "#{Bank::Http::URL}requisitions/")
+ .with(
+ body: {
+ institution_id: institution.fetch(:id),
+ agreement: agreement.fetch(:id),
+ reference: /^\h{8}-(\h{4}-){3}\h{12}$/, # Any UUID
+ redirect: "http://localhost:3000", # Placeholder value for now
+ user_language: "EN"
+ }
+ )
+ .to_return(
+ status: 200,
+ headers: DEFAULT_RESPONSE_HEADERS,
+ body: SANDBOX_REQUISITION.to_json
+ )
+ end
+
+ def stub_requisitions_request
+ stub_request(:get, "#{Bank::Http::URL}requisitions/")
+ .to_return(
+ status: 200,
+ headers: DEFAULT_RESPONSE_HEADERS,
+ body: {
+ count: 1,
+ next: nil,
+ previous: nil,
+ results: [ SANDBOX_REQUISITION ]
+ }.to_json
+ )
+ end
+
+ def stub_accounts_request(requisition, *accounts)
+ stub_requisition_request requisition
+ accounts.each { stub_account_request it }
+ end
+
+ def stub_requisition_request(requisition)
+ stub_request(:get, "#{Bank::Http::URL}requisitions/#{requisition.fetch(:id)}/")
+ .to_return(
+ status: 200,
+ headers: DEFAULT_RESPONSE_HEADERS,
+ body: requisition.to_json
+ )
+ end
+
+ def stub_delete_requisition_request(requisition)
+ stub_request(:delete, "#{Bank::Http::URL}requisitions/#{requisition.fetch(:id)}/")
+ .to_return(
+ status: 200,
+ headers: DEFAULT_RESPONSE_HEADERS,
+ body: {
+ summary: "Requisition deleted",
+ detail: "Requisition #{requisition.fetch(:id)} deleted with all its End User Agreements"
+ }.to_json
+ )
+ end
+
+ def stub_account_request(account)
+ stub_request(:get, "#{Bank::Http::URL}accounts/#{account.fetch(:id)}/")
+ .to_return(
+ status: 200,
+ headers: DEFAULT_RESPONSE_HEADERS,
+ body: account.to_json
+ )
+ end
+
+ def stub_account_balances_request(account, balances)
+ stub_request(:get, "#{Bank::Http::URL}accounts/#{account.fetch(:id)}/balances/")
+ .to_return(
+ status: 200,
+ headers: DEFAULT_RESPONSE_HEADERS,
+ body: { balances: }.to_json
+ )
+ end
+
+ def stub_account_details_request(account, details)
+ stub_request(:get, "#{Bank::Http::URL}accounts/#{account.fetch(:id)}/details/")
+ .to_return(
+ status: 200,
+ headers: DEFAULT_RESPONSE_HEADERS,
+ body: { account: details }.to_json
+ )
+ end
+
+ def stub_account_transactions_request(account, transactions, from: nil, to: nil)
+ stub_request(:get, "#{Bank::Http::URL}accounts/#{account.fetch(:id)}/transactions/")
+ .with(query: { date_from: from, date_to: to }.compact)
+ .to_return(
+ status: 200,
+ headers: DEFAULT_RESPONSE_HEADERS,
+ body: { transactions: { booked: transactions } }.to_json
+ )
+ end
+end