Yandex.Money notification validator

Table of Contents

• Features
• Requirements
• Setup
• Usage
• Tests
• Credits

Features

Checks integrity of Yandex.Money payment notification by comparing SHA of strigified params including a secret shared with Yandex.

Here are the official docs for the notification service and validating notifications specifically.

Requirements

• Ruby 2.5.0 or higher.
• An account in Yandex.Money
• A notifications secret key (obtained from Yandex.Money somewehre in the settings)
• Rails is assumed but not required

Setup

Add the following to your Gemfile:

gem "integral-yandex-money-notification_validator"

Usage

Intended to use in a Rails controller like so:

class YandexMoneyReceiptsController < ApplicationController

  def create
    secret    = "YOUR_YANDEX_MONEY_NOTIFICATIONS_SHARED_SECRET"
    validator = Integral::Yandex::Money::NotificationValidator.new(params: params, secret: secret)

    if validator.valid?
      # Do your thing here, for example create a new `YandexMoneyReceipt` record in DB
    else
      render text: validator.errors.join(". "), status: :bad_request and return
    end
  end

end

params are supposed to be an ActionController::Parameters or just a Hash.

validator.errors returns an Array of message strings — most often only 1 message, but who knows.

secret is recommended to be kept in an ENV variable, Rails credentials or elsewhere secure.

Tests

To test, run:

bundle exec rake

Credits

Developed by Sergey Pedan at Integral Design.