balanced / balanced-js Goto Github PK

Validation should be more strict and/or more informative. Examples:

/* I think there should be some sort of warning
   for trying to pass in an object, or if there is a
   clear type mismatch */
balanced.bankAccount.create({
  name: 1010001101010,
  routing_number: 123123123,
  account_number: {
    'omg': 'wtfbbq'
  }
}, function(res) {...}); // 201

/* same issue with functions, it makes the request
   though it does not serialize the `account_number`
   and thus it errors, could have been prevented */
balanced.bankAccount.create({
  name: 'foo bar',
  routing_number: 123123123,
  account_number: function(){}
}, function(res) {...}); // 400

/* it would be nice if `create` could return a promise using
   some lightweight promises lib that implements promises/A+ */
var promise = balanced.bankAccount.create({
  name: 'foo bar',
  routing_number: 123123123,
  account_number: 58294368
}); // cryptic error message due to minification, needs callback function parameter

balanced.bankAccount.create('foo'); // yay cryptic error

The extras map includes the name of the field as the key and the error message as the value. This makes it easy for people integrating balanced.js to parse the error messages.

Please ensure this is included in balanced.js for revision 1.1

Currently it just finishes and you need to open up a network inspector to see if it worked as expected.

We need to get the error messages between the current server side validation and the client side validation consistent for rev1.

e.g.

CURL

{
  "errors": [
    {
      "status": "Bad Request",
      "category_code": "request",
      "additional": null,
      "status_code": 400,
      "category_type": "request",
      "extras": {
        "cvv": "Security code is not valid for mastercard"
      },
      "request_id": "OHM2a54ac64201111e397ab026ba7d79bff",
      "description": "Invalid field [cvv] - Security code is not valid for mastercard Your request id is OHM2a54ac64201111e397ab026ba7d79bff."
    }
  ]
}

JS

{
    "error": {
        "security_code": "\"\" is not a valid credit card security code"
    },
    "status": 400
}

Please ensure that the keys and properties are consistent across both (the server is the reference, the client should emulate that fully).

Not included currently

balanced.js gives slightly different formats for errors depending on if they are generated via the library or the server.

from the server:

{
    "status": 404,
    "error": {
        "status": "Not Found",
        "category_code": "not-found",
        "category_type": "request",
        "description": "
The requested URL was not found on the server.

If you entered the URL manually please check your spelling and try again.

 Your request id is OHMc8c72f6a0f7811e39e35026ba7d79bff.",
        "request_id": "OHMc8c72f6a0f7811e39e35026ba7d79bff",
        "status_code": "404"
    }
}

from the library

{
    "error": {
        "card_number": "\"\" is not a valid credit card number",
        "expiration_month": "Missing field",
        "expiration_year": "Missing field",
        "security_code": "\"\" is not a valid credit card security code",
        "expiration": "\"-\" is not a valid credit card expiration date"
    },
    "status": 400
}

https://github.com/balanced/balanced-js/blob/rev1/Gruntfile.js#L13

Stops debugging issues like in #65

All bank account routing numbers must follow the MICR routing number format, which can be validated client side.

The helper function already exists in the v1 version of balanced.js.

A second minified version can be built but the original should not be minified.

https://github.com/PoundPay/balanced/blob/master/balanced_service/resources/bank_accounts/forms/rev1.py#L15 has the type field documented as account_type but it looks like balanced.js is expecting type https://github.com/balanced/balanced-js/blob/rev1/src/balanced.js#L310

@remear pointed out that the csc field has been renamed to card verification value (cvv) and as such we should change the method to isCardVerificationValueValid or isCVVValid

Port the old jasmine tests over to this repo and make sure they work

Other validation methods use the format of isXValid. Should validateRoutingNumber be renamed to isRoutingNumberValid to be consistent?

Line 525: unknown object 'global'. I had to add line:

var global = {};

above to fix it.

Before we bring the new version of balanced.js to the master branch we need to tag and create a github release of the current version.

Please verify that it's identical to what's currently running in production at https://js.balancedpayments.com/v1/balanced.js

This would prevent future issues such as #68

The request would look something like https://api.balancedpayments.com/cards?callback=asdfadsf&data=urlencode(JSON.stringify(data_for_request))
Or we could make a separate end point just for the jsonp: https://api.balancedpayments.com/jsonp/(cards|bank_accounts)&callback=asdfasdf&data=urlencode(JSON.stringify(data_for_request)

http://www.erikzaadi.com/2012/07/16/jquery-compatible-jsonp-with-nginx/

Possible nginx config to support this

location /jsonp/cards {
            log_format compression '$remote_addr - $remote_user [$time_local] '
                                   '"/jsonp/cards" $status $bytes_sent '
                       '"$http_referer" "$http_user_agent"';
            if ($args_callback) {
            echo_before_body '$args_callback(';
            echo_after_body ');'
            }
        set $upstream_api_url http://midlr_api;
            proxy_method POST;
        proxy_set_header 'Content-type' 'application/json';
        proxy_set_body $args_data;

            proxy_pass $upstream_api_url/cards;
        }

We're seeing some slowness occasionally during tokenizations.

The actual tokenization call is zippy (<2s)

[marshall@balanced-log-01:~]$ grep -r OHM6629e8960e9e11e380ca02a1fe52a36c /mnt/logs/balanced-api-0?/2013-08-26/nginx-access 
/mnt/logs/balanced-api-05/2013-08-26/nginx-access:50.18.199.26 - - [26/Aug/2013:22:25:33 +0000] "POST /v1/marketplaces/TEST-MP5m04ORxNlNDm1bB7nkcgSY/bank_accounts HTTP/1.1" 201 1063 "https://js.balancedpayments.com/proxy" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.57 Safari/537.36" 1.212 "OHM6629e8960e9e11e380ca02a1fe52a36c"

But the tokenizer has to wait aaaages before it gets the response

[marshall@balanced-log-01:~]$ grep -r OHM6629e8960e9e11e380ca02a1fe52a36c /mnt/logs/balanced-www-0?/2013-08-26/nginx-access 
/mnt/logs/balanced-www-01/2013-08-26/nginx-access:173.164.253.217 - - [26/Aug/2013:22:25:33 +0000] "POST /v1/marketplaces/TEST-MP5m04ORxNlNDm1bB7nkcgSY/bank_accounts HTTP/1.1" 201 1063 "https://js.balancedpayments.com/proxy" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.57 Safari/537.36" 17.167 "OHM6629e8960e9e11e380ca02a1fe52a36c"

This is on a test marketplace so it looks like this is general network latency between the balanced-js relay, the ELB and the balanced service (or possibly midlr but I didn't see any requests matching that OHM).

Would it be worthwhile to include the tax_id in the call to balanced.bankAccount.create?

The current version of balanced.js works like this:

1. initialize library
2. tokenize a card

We're streamlining this process by allowing cards to be tokenized at the root level (e.g. they will POST to api.balancedpayments.com/cards (not routed under marketplace).

We need to change the balanced.js library to handle this. There should be no more init call.

This must be completely tested.

Questions:

1. Should we maintain the init method for backwards compatibility or should this be a new version?

The XD library appears to be incorrectly serializing arrays when passing them from proxy to the balanced.js library.

Here's what the server returns:

{
  "cards": [
    {
      "href": "/cards/CC6AmwAOSWiNXW3YVn2Mx14b",
      "id": "CC6AmwAOSWiNXW3YVn2Mx14b",
      "links": {}
    }
  ],
  "links": {}
}

Here's what balanced.js spits out:

{
    "status": 201,
    "data": {
        "cards": {
            "0": {
                "href": "/cards/CC6AmwAOSWiNXW3YVn2Mx14b",
                "id": "CC6AmwAOSWiNXW3YVn2Mx14b"
            }
        }
    }
}

If you look closely you'll see that the cards collection has changed from a list into a hash.

I suspect the issue lies in the XD deserialization lib but I have not confirmed - https://github.com/balanced/balanced-js/blob/rev1/lib/xd.js#L4

Hello,
I am developing a Parse app, which requires payment integration. Unfortunately Parse.com doesn't support NPM, because of which I cannot do npm install and get work done. Is there a way to include say a "stand alone" js library which includes all dependencies. Right now its not working because jsonapi-client.js (one of Balanced.js's dependencies) is found to be missing.

Error: https://gist.github.com/sidharthshah/8a44fce5c8b5bd2c82cb

Any other suggestion would be appreciated.

For functions which take callbacks, such as balanced.card.create, it would be very convenient if we could send an additional context, which will be set to this. It could be called like so:

    balanced.card.create(card_data, callbackFunction, [context])

This is extremely handy for any js that tries to emulate some form of OOP (ie: backbone views).

Write a README that will define the interface for the js client of the ACH API.

in the balanced.js docs
it says in the general validation area
balanced.bankAccount.validate({bank_code, account_number, name})
it should be balanced.bankAccount.validate({bank_code: bank_code, account_number: account_number, name: name})

A thought after reading #85

In the future, might it be possible to allow the marketplace owner (..or connecting user?) to set `send_limit_amount' to minimize risk?

We recently deployed a change to allow CORs requests for card/bank account tokenization.

We should support this instead since it will simplify the client.

http://jsfiddle.net/mjallday/HJab2/1/

Add a validation function to ensure the account number is all digits.

Implement travis so we can build and run tests.

It is trying to make a JSONP request to the api server. It gets a 401 Authorization Required response.

URL:
https://api.balancedpayments.com/jsonp/cards?callback=balanced_jsonp_40716435480862856&data=%7B%22number%22:%224242424242424242%22,%22expiration_month%22:3,%22expiration_year%22:2015,%22security_code%22:%22123%22,%22name%22:%22Tarun%20Chaudhry%22,%22postal_code%22:%2295014%22,%22meta%22:%7B%22capabilities_system_timezone%22:-8,%22capabilities_user_agent%22:%22Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_9_0)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/31.0.1650.57%20Safari/537.36%22,%22capabilities_language%22:%22en-US%22,%22capabilities_kp%22:36,%22capabilities_cli%22:0,%22capabilities_loaded%22:1386294521720,%22capabilities_screen_width%22:1920,%22capabilities_screen_length%22:1080,%22capabilities_hist%22:2,%22capabilities_cookie%22:%221383350633531.36316291126422584.58!0%22,%22capabilities_cl%22:true,%22capabilities_ps%22:true,%22capabilities_submitted%22:1386295111455,%22capabilities_scrollX%22:0,%22capabilities_scrollY%22:0%7D%7D

cURL:

curl 'https://api.balancedpayments.com/jsonp/cards?callback=balanced_jsonp_40716435480862856&data=%7B%22number%22:%224242424242424242%22,%22expiration_month%22:3,%22expiration_year%22:2015,%22security_code%22:%22123%22,%22name%22:%22Tarun%20Chaudhry%22,%22postal_code%22:%2295014%22,%22meta%22:%7B%22capabilities_system_timezone%22:-8,%22capabilities_user_agent%22:%22Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_9_0)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/31.0.1650.57%20Safari/537.36%22,%22capabilities_language%22:%22en-US%22,%22capabilities_kp%22:36,%22capabilities_cli%22:0,%22capabilities_loaded%22:1386294521720,%22capabilities_screen_width%22:1920,%22capabilities_screen_length%22:1080,%22capabilities_hist%22:2,%22capabilities_cookie%22:%221383350633531.36316291126422584.58!0%22,%22capabilities_cl%22:true,%22capabilities_ps%22:true,%22capabilities_submitted%22:1386295111455,%22capabilities_scrollX%22:0,%22capabilities_scrollY%22:0%7D%7D' -H 'Host: api.balancedpayments.com' -H 'Authorization: Basic MY_MARKETPLACE_AUTH' -H 'Cookie: csrftoken=CRSF_TOKEN; existing=1; session=SESSION_COOKIE'

Response:
balanced_jsonp_40716435480862856(
{"status":401,"header":{"X-Balanced-Guru":"OHMe84c2f585e1911e3a84c02a1fe53e539","Content-Type":"application/json","www-authenticate":"Basic realm="

The server could not verify that you are authorized to access the URL requested. You either supplied the wrong credentials (e.g. a bad password), or your browser doesn't understand how to supply the credentials required.</p>

In case you are allowed to request the document, please check your user-id and password and try again.</p>"","x-newrelic-app-data":"PxQFWFNXCQYTVVhWAwQDVUYdFhE1AwE2QgNWEVlbQFtcCxY0QwgcAQVEUxJETxgDHERRTAcDBF5TBQYHVlJSWgNRDFsOFBQDA1ABTRFDB1dQBVVQV1RaAFZVUQMEARVKRFdXXxEDPg==","access-control-allow-origin":"*","Content-Length":600,"access-control-allow-headers":"Content-Type","x-balanced-host":"balanced-api-05","access-control-allow-methods":"POST, OPTIONS","X-Midlr-Version":"2","x-balanced-version":"aadda5908f9c6479980e9e4b1fc747ed1255abcb"},"body":"{\n "status": "Unauthorized",\n "category_code": "authentication-required",\n "category_type": "permission",\n "description": "

The server could not verify that you are authorized to access the URL requested. You either supplied the wrong credentials (e.g. a bad password), or your browser doesn't understand how to supply the credentials required.</p>

In case you are allowed to request the document, please check your user-id and password and try again.</p> Your request id is OHMe84c2f585e1911e3a84c02a1fe53e539.",\n "request_id": "OHMe84c2f585e1911e3a84c02a1fe53e539",\n "status_code": 401\n}"}
);

This is from the dashboard.

Please tweak the library to build versioned libraries.

they should end up being deployed like this:

https://js.balancedpayments.com/{major}.{minor}.{build}/balanced.js where major is the API revision, minor is incremented whenever we change the balanced.js interface in a non-backwards compatible manner and build is incremented anytime we change anything in the library.

Take our existing dashboard build system and port this to this repo.

I want to be able to run:

• grunt build
• grunt test

and have it build the js for prod and run a test suite respectively.

If the /example dir was copied into the build dir then we could run a single server rather than running an example and the js file on separate servers.

In attempting to run tests on linux I have found that the testing framework is very brittle

1. it requires that google-chrome be in my path otherwise it crashes, it did not look at the fact that chromium is in my path, and it should not fail if someone does not have chrome or firefox not installed.
2. when using grunt serve it looks like it tries to make a mac specific open call after starting the server, but when that fails the grunt task fails and stops the server

security_code should be cvv

https://github.com/balanced/balanced-js#balancedjs that first link should point to https://docs.balancedpayments.com/1.1/guides/balanced-js/

Cross-browser testing:

http://leanstack.io/browserstack/

The current library which is not open source.

Let's port that code over here and make the existing tests work. It uses jasmine for integration testing, is that still the best way to do this?

Don't port the fabfile, we should deploy the same way we deploy the dashboard.

• Unify dev and non-dev files.

http://jsfiddle.net/an5Cz/20/

Throws a 400 error.

In src/balanced.js line 226 and 315, you're not checking hasOwnProperty when iterating through object properties. Since Ember.js adds extensions to arrays, ec will be >0 for an empty array, causing all creates to fail.

It is now account_type.

Changing the type parameter has no effect. Changing account_type works.

Dupe of #72

bower install balanced-js

It'd be nice to version this dependency.

Balanced.js should exist as a package in modern-day browser package managers such as bower.io or component.io

We need a bower.json file and a component.json file to do this properly.

I'm attempting to set up catches for errors using the numbers specified here: https://docs.balancedpayments.com/1.1/overview/resources/#test-credit-card-numbers

However balanced-js never seems to return any errors for these cards.

Error messages do not all come at the same time.

If the user forgets to enter name, routing number, or account number, then the errors say those fields are missing. However, balanced.js won't notify of a missing type field until the other 3 fields are filled.

Another problem is that balanced.js won't validate routing numbers until after type is selected (using test numbers from the docs). If this due to different number validations for checking and savings account, please state clearly in the docs.

Error messages are not consistent

There are these:

 account_number: "Missing field"
 bank_code: ""123" is not a valid bank code"
 name: "Missing field"

Then there's this:

category_code: "request"
category_type: "request"
description: "Invalid field [type] - "None" must be a string Your request id is OHMc47b762c47af11e3925902a1fe53e539."
extras: Object
request_id: "OHMc47b762c47af11e3925902a1fe53e539"
status: "Bad Request"
status_code: "400"

And this:

category_code: "invalid-routing-number"
category_type: "request"
description: "Routing number is invalid. Your request id is OHMd2a442ba47af11e3b00702a1fe53e539."
extras: Object
request_id: "OHMd2a442ba47af11e3b00702a1fe53e539"
status: "Bad Request"
status_code: "400"

This needs 3 ways to check errors: by checking the key, by searching the description string for [type], and by checking the category_code value.

As above.

should live at https://js.balancedpayments.com/0.0.1/balanced.js

According to the docs, a postal_code requires a country_code but not a street address.

However, if you try a balanced.card.create with valid card info and a postal_code set, you will get back an error that the street_address is not set.

We would like to include a postal code for fraud protection purposes, but do not want to discourage users by also requiring a street address.

When trying to tokenize the bank account and routing number with an input field with type "number", it breaks because it is not a string.

This is the error message:
TypeError: Object 9900000000 has no method 'match'