README: Add inline link to documentation

gopass is no longer maintained, and the suggested replacement for
getting passwords from terminals is x/term.

.github/workflows/test.yml

@@ -0,0 +1,34 @@
+name: ofxgo CI Test
+
+on: [push, pull_request]
+
+jobs:
+  test:
+    strategy:
+      matrix:
+        go-version: [1.13.x, 1.16.x, 1.17.x]
+        os: [ubuntu-latest, macos-latest, windows-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Install Go
+      uses: actions/setup-go@v2
+      with:
+        go-version: ${{ matrix.go-version }}
+    - name: Checkout code
+      uses: actions/checkout@v2
+    - name: Test
+      run: go test -v -covermode=count -coverprofile="profile.cov" ./...
+    - name: Send Coverage
+      uses: shogo82148/actions-goveralls@v1
+      with:
+        path-to-profile: "profile.cov"
+        flag-name: ${{ matrix.os }}-go-${{ matrix.go-version }}
+        parallel: true
+  # notifies that all test jobs are finished.
+  finish:
+    needs: test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: shogo82148/actions-goveralls@v1
+        with:
+          parallel-finished: true

.travis.yml

@@ -1,20 +0,0 @@
-language: go
-
-os:
-  - linux
-
-go:
-  - 1.9.x
-  - 1.12.x
-  - master
-
-before_install:
-  # Fetch/build coverage reporting tools
-  - go get github.com/mattn/goveralls
-  - go install github.com/mattn/goveralls
-
-script:
-  - go test -v -covermode=count -coverprofile=coverage.out
-
-after_script:
-  - $HOME/gopath/bin/goveralls -coverprofile=coverage.out -service=travis-ci -repotoken $COVERALLS_TOKEN

README.md

@@ -1,9 +1,9 @@
 # OFXGo
 
 [![Go Report Card](https://goreportcard.com/badge/github.com/aclindsa/ofxgo)](https://goreportcard.com/report/github.com/aclindsa/ofxgo)
-[![Build Status](https://travis-ci.org/aclindsa/ofxgo.svg?branch=master)](https://travis-ci.org/aclindsa/ofxgo)
+[![Build Status](https://github.com/aclindsa/ofxgo/workflows/ofxgo%20CI%20Test/badge.svg?branch=master)](https://github.com/aclindsa/ofxgo/actions?query=workflow%3A%22ofxgo+CI+Test%22+branch%3Amaster)
 [![Coverage Status](https://coveralls.io/repos/github/aclindsa/ofxgo/badge.svg?branch=master)](https://coveralls.io/github/aclindsa/ofxgo?branch=master)
-[![GoDoc](https://godoc.org/github.com/aclindsa/ofxgo?status.svg)](https://godoc.org/github.com/aclindsa/ofxgo)
+[![PkgGoDev](https://pkg.go.dev/badge/github.com/aclindsa?ofxgo)](https://pkg.go.dev/github.com/aclindsa/ofxgo)
 
 **OFXGo** is a library for querying OFX servers and/or parsing the responses. It
 also provides an example command-line client to demonstrate the use of the
@@ -13,7 +13,7 @@ library.
 
 The main purpose of this project is to provide a library to make it easier to
 query financial information with OFX from the comfort of Golang, without having
-to marshal/unmarshal to SGML or XML. The library does *not* intend to abstract
+to marshal/unmarshal to SGML or XML. The library does _not_ intend to abstract
 away all of the details of the OFX specification, which would be difficult to do
 well. Instead, it exposes the OFX SGML/XML hierarchy as structs which mostly
 resemble it. Its primary goal is to enable the creation of other personal
@@ -26,7 +26,8 @@ created a sample command-line client which uses the library to do simple tasks
 (currently it does little more than list accounts and query for balances and
 transactions). My hope is that by studying its code, new users will be able to
 figure out how to use the library much faster than staring at the OFX
-specification (or this library's API documentation). The command-line client
+specification (or this library's [API
+documentation](https://pkg.go.dev/github.com/aclindsa/ofxgo)). The command-line client
 also serves as an easy way for me to test/debug the library with actual
 financial institutions, which frequently have 'quirks' in their implementations.
 The command-line client can be found in the [cmd/ofx
@@ -36,7 +37,7 @@ repository.
 ## Library documentation
 
 Documentation can be found with the `go doc` tool, or at
-https://godoc.org/github.com/aclindsa/ofxgo
+https://pkg.go.dev/github.com/aclindsa/ofxgo
 
 ## Example Usage
 
@@ -94,9 +95,30 @@ if stmt, ok := response.Bank[0].(*ofxgo.StatementResponse); ok {
 }
 ```
 
+Similarly, if you have an OFX file available locally, you can parse it directly:
+
+```go
+func main() {
+	f, err := os.Open("./transactions.qfx")
+	if err != nil {
+		fmt.Printf("can't open file: %v\n", err)
+		return
+	}
+	defer f.Close()
+
+	resp, err := ofxgo.ParseResponse(f)
+	if err != nil {
+		fmt.Printf("can't parse response: %v\n", err)
+		return
+	}
+
+	// do something with resp (*ofxgo.Response)
+}
+```
+
 ## Requirements
 
-OFXGo requires go >= 1.9
+OFXGo requires go >= 1.12
 
 ## Using the command-line client
 

bank_test.go

@@ -284,3 +284,100 @@ func TestUnmarshalBankStatementResponse(t *testing.T) {
 	checkResponsesEqual(t, &expected, response)
 	checkResponseRoundTrip(t, response)
 }
+
+func TestPayeeValid(t *testing.T) {
+	p := Payee{
+		Name:       "Jane",
+		Addr1:      "Sesame Street",
+		City:       "Mytown",
+		State:      "AA",
+		PostalCode: "12345",
+		Phone:      "12345678901",
+	}
+	valid, err := p.Valid()
+	if !valid {
+		t.Fatalf("Unexpected error from calling Valid: %s\n", err)
+	}
+
+	// Ensure some empty fields trigger invalid response
+	badp := p
+	badp.Name = ""
+	valid, err = badp.Valid()
+	if valid || err == nil {
+		t.Fatalf("Expected error from calling Valid with empty name\n")
+	}
+
+	badp = p
+	badp.Addr1 = ""
+	valid, err = badp.Valid()
+	if valid || err == nil {
+		t.Fatalf("Expected error from calling Valid with empty address\n")
+	}
+
+	badp = p
+	badp.City = ""
+	valid, err = badp.Valid()
+	if valid || err == nil {
+		t.Fatalf("Expected error from calling Valid with empty city\n")
+	}
+
+	badp = p
+	badp.State = ""
+	valid, err = badp.Valid()
+	if valid || err == nil {
+		t.Fatalf("Expected error from calling Valid with empty state\n")
+	}
+
+	badp = p
+	badp.PostalCode = ""
+	valid, err = badp.Valid()
+	if valid || err == nil {
+		t.Fatalf("Expected error from calling Valid with empty postal code\n")
+	}
+
+	badp = p
+	badp.Phone = ""
+	valid, err = badp.Valid()
+	if valid || err == nil {
+		t.Fatalf("Expected error from calling Valid with empty phone\n")
+	}
+}
+
+func TestBalanceValid(t *testing.T) {
+	var a Amount
+	a.SetFrac64(8, 1)
+	b := Balance{
+		Name:    "Checking",
+		Desc:    "Jane's Personal Checking",
+		BalType: BalTypeDollar,
+		Value:   a,
+	}
+	valid, err := b.Valid()
+	if !valid {
+		t.Fatalf("Unexpected error from calling Valid: %s\n", err)
+	}
+
+	badb := b
+	badb.Name = ""
+	valid, err = badb.Valid()
+	if valid || err == nil {
+		t.Fatalf("Expected error from calling Valid with empty name\n")
+	}
+
+	badb = b
+	badb.Desc = ""
+	valid, err = badb.Valid()
+	if valid || err == nil {
+		t.Fatalf("Expected error from calling Valid with empty description\n")
+	}
+
+	badb = Balance{
+		Name:  "Checking",
+		Desc:  "Jane's Personal Checking",
+		Value: a,
+	}
+	valid, err = badb.Valid()
+	if valid || err == nil {
+		t.Fatalf("Expected error from calling Valid with unspecified balance type\n")
+	}
+}

basic_client.go

@@ -21,6 +21,8 @@ type BasicClient struct {
 	NoIndent bool
 	// Use carriage returns on new lines
 	CarriageReturn bool
+	// Set User-Agent header to this string, if not empty
+	UserAgent string
 }
 
 // OfxVersion returns the OFX specification version this BasicClient will marshal
@@ -61,27 +63,42 @@ func (c *BasicClient) CarriageReturnNewLines() bool {
 	return c.CarriageReturn
 }
 
+// RawRequest is a convenience wrapper around http.Post. It is exposed only for
+// when you need to read/inspect the raw HTTP response yourself.
 func (c *BasicClient) RawRequest(URL string, r io.Reader) (*http.Response, error) {
 	if !strings.HasPrefix(URL, "https://") {
 		return nil, errors.New("Refusing to send OFX request with possible plain-text password over non-https protocol")
 	}
 
-	response, err := http.Post(URL, "application/x-ofx", r)
+	request, err := http.NewRequest("POST", URL, r)
+	if err != nil {
+		return nil, err
+	}
+	request.Header.Set("Content-Type", "application/x-ofx")
+	request.Header.Add("Accept", "*/*, application/x-ofx")
+	if c.UserAgent != "" {
+		request.Header.Set("User-Agent", c.UserAgent)
+	}
+	response, err := http.DefaultClient.Do(request)
 	if err != nil {
 		return nil, err
 	}
 
 	if response.StatusCode != 200 {
-		return nil, errors.New("OFXQuery request status: " + response.Status)
+		return response, errors.New("OFXQuery request status: " + response.Status)
 	}
 
 	return response, nil
 }
 
+// RequestNoParse marshals a Request to XML, makes an HTTP request, and returns
+// the raw HTTP response
 func (c *BasicClient) RequestNoParse(r *Request) (*http.Response, error) {
 	return clientRequestNoParse(c, r)
 }
 
+// Request marshals a Request to XML, makes an HTTP request, and then
+// unmarshals the response into a Response object.
 func (c *BasicClient) Request(r *Request) (*Response, error) {
 	return clientRequest(c, r)
 }

cmd/ofx/bankdownload.go

@@ -20,7 +20,7 @@ var filename, bankID, acctID, acctType string
 
 func init() {
 	defineServerFlags(downloadCommand.Flags)
-	downloadCommand.Flags.StringVar(&filename, "filename", "./download.ofx", "The file to save to")
+	downloadCommand.Flags.StringVar(&filename, "filename", "./response.ofx", "The file to save to")
 	downloadCommand.Flags.StringVar(&bankID, "bankid", "", "BankID (from `get-accounts` subcommand)")
 	downloadCommand.Flags.StringVar(&acctID, "acctid", "", "AcctID (from `get-accounts` subcommand)")
 	downloadCommand.Flags.StringVar(&acctType, "accttype", "CHECKING", "AcctType (from `get-accounts` subcommand)")

cmd/ofx/banktransactions.go

@@ -77,7 +77,7 @@ func bankTransactions() {
 
 func printTransaction(defCurrency ofxgo.CurrSymbol, tran *ofxgo.Transaction) {
 	currency := defCurrency
-	if ok, _ := tran.Currency.Valid(); ok {
+	if tran.Currency != nil {
 		currency = tran.Currency.CurSym
 	}
 

cmd/ofx/ccdownload.go

@@ -18,7 +18,7 @@ var ccDownloadCommand = command{
 
 func init() {
 	defineServerFlags(ccDownloadCommand.Flags)
-	ccDownloadCommand.Flags.StringVar(&filename, "filename", "./download.ofx", "The file to save to")
+	ccDownloadCommand.Flags.StringVar(&filename, "filename", "./response.ofx", "The file to save to")
 	ccDownloadCommand.Flags.StringVar(&acctID, "acctid", "", "AcctID (from `get-accounts` subcommand)")
 }
 

cmd/ofx/cctransactions.go

@@ -60,7 +60,7 @@ func ccTransactions() {
 		fmt.Println("Transactions:")
 		for _, tran := range stmt.BankTranList.Transactions {
 			currency := stmt.CurDef
-			if ok, _ := tran.Currency.Valid(); ok {
+			if tran.Currency != nil {
 				currency = tran.Currency.CurSym
 			}
 

cmd/ofx/command.go

@@ -3,7 +3,8 @@ package main
 import (
 	"flag"
 	"fmt"
-	"github.com/howeyc/gopass"
+	"golang.org/x/term"
+	"os"
 )
 
 type command struct {
@@ -22,6 +23,9 @@ func (c *command) usage() {
 // flags common to all server transactions
 var serverURL, username, password, org, fid, appID, appVer, ofxVersion, clientUID string
 var noIndentRequests bool
+var carriageReturn bool
+var dryrun bool
+var userAgent string
 
 func defineServerFlags(f *flag.FlagSet) {
 	f.StringVar(&serverURL, "url", "", "Financial institution's OFX Server URL (see ofxhome.com if you don't know it)")
@@ -34,6 +38,9 @@ func defineServerFlags(f *flag.FlagSet) {
 	f.StringVar(&ofxVersion, "ofxversion", "203", "OFX version to use")
 	f.StringVar(&clientUID, "clientuid", "", "Client UID (only required by a few FIs, like Chase)")
 	f.BoolVar(&noIndentRequests, "noindent", false, "Don't indent OFX requests")
+	f.BoolVar(&carriageReturn, "carriagereturn", false, "Use carriage return as line separator")
+	f.StringVar(&userAgent, "useragent", "", "Use string as User-Agent header when sending request")
+	f.BoolVar(&dryrun, "dryrun", false, "Don't send request - print content of request instead")
 }
 
 func checkServerFlags() bool {
@@ -49,7 +56,7 @@ func checkServerFlags() bool {
 
 	if ret && len(password) == 0 {
 		fmt.Printf("Password for %s: ", username)
-		pass, err := gopass.GetPasswd()
+		pass, err := term.ReadPassword(int(os.Stdin.Fd()))
 		if err != nil {
 			fmt.Printf("Error reading password: %s\n", err)
 			ret = false

cmd/ofx/invdownload.go

@@ -20,7 +20,7 @@ var brokerID string
 
 func init() {
 	defineServerFlags(invDownloadCommand.Flags)
-	invDownloadCommand.Flags.StringVar(&filename, "filename", "./download.ofx", "The file to save to")
+	invDownloadCommand.Flags.StringVar(&filename, "filename", "./response.ofx", "The file to save to")
 	invDownloadCommand.Flags.StringVar(&acctID, "acctid", "", "AcctID (from `get-accounts` subcommand)")
 	invDownloadCommand.Flags.StringVar(&brokerID, "brokerid", "", "BrokerID (from `get-accounts` subcommand)")
 }

cmd/ofx/main.go

@@ -7,6 +7,7 @@ import (
 )
 
 var commands = []command{
+	profileDownloadCommand,
 	getAccountsCommand,
 	downloadCommand,
 	ccDownloadCommand,

cmd/ofx/profiledownload.go

@@ -0,0 +1,81 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"github.com/aclindsa/ofxgo"
+	"io"
+	"os"
+)
+
+var profileDownloadCommand = command{
+	Name:        "download-profile",
+	Description: "Download a FI profile to a file",
+	Flags:       flag.NewFlagSet("download-profile", flag.ExitOnError),
+	CheckFlags:  downloadProfileCheckFlags,
+	Do:          downloadProfile,
+}
+
+func init() {
+	defineServerFlags(profileDownloadCommand.Flags)
+	profileDownloadCommand.Flags.StringVar(&filename, "filename", "./response.ofx", "The file to save to")
+}
+
+func downloadProfileCheckFlags() bool {
+	// Assume if the user didn't specify username that we should use anonymous
+	// values for it and password
+	if len(username) == 0 {
+		username = "anonymous00000000000000000000000"
+		password = "anonymous00000000000000000000000"
+	}
+
+	ret := checkServerFlags()
+
+	if len(filename) == 0 {
+		fmt.Println("Error: Filename empty")
+		return false
+	}
+
+	return ret
+}
+
+func downloadProfile() {
+	client, query := newRequest()
+
+	uid, err := ofxgo.RandomUID()
+	if err != nil {
+		fmt.Println("Error creating uid for transaction:", err)
+		os.Exit(1)
+	}
+
+	profileRequest := ofxgo.ProfileRequest{
+		TrnUID: *uid,
+	}
+
+	query.Prof = append(query.Prof, &profileRequest)
+
+	if dryrun {
+		printRequest(client, query)
+		return
+	}
+
+	response, err := client.RequestNoParse(query)
+	if err != nil {
+		fmt.Println("Error requesting FI profile:", err)
+		os.Exit(1)
+	}
+	defer response.Body.Close()
+
+	file, err := os.Create(filename)
+	if err != nil {
+		fmt.Println("Error creating file to write to:", err)
+		os.Exit(1)
+	}
+	defer file.Close()
+
+	_, err = io.Copy(file, response.Body)
+	if err != nil {
+		fmt.Println("Error writing response to file:", err)
+		os.Exit(1)
+	}
+}

cmd/ofx/util.go

@@ -14,10 +14,12 @@ func newRequest() (ofxgo.Client, *ofxgo.Request) {
 	}
 	var client = ofxgo.GetClient(serverURL,
 		&ofxgo.BasicClient{
-			AppID:       appID,
-			AppVer:      appVer,
-			SpecVersion: ver,
-			NoIndent:    noIndentRequests,
+			AppID:          appID,
+			AppVer:         appVer,
+			SpecVersion:    ver,
+			NoIndent:       noIndentRequests,
+			CarriageReturn: carriageReturn,
+			UserAgent:      userAgent,
 		})
 
 	var query ofxgo.Request
@@ -30,3 +32,14 @@ func newRequest() (ofxgo.Client, *ofxgo.Request) {
 
 	return client, &query
 }
+
+func printRequest(c ofxgo.Client, r *ofxgo.Request) {
+	r.SetClientFields(c)
+
+	b, err := r.Marshal()
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+	fmt.Println(b)
+}

discovercard_client.go

@@ -20,7 +20,7 @@ type DiscoverCardClient struct {
 }
 
 // NewDiscoverCardClient returns a Client interface configured to handle
-// Discover Card's brand of idiosyncracy
+// Discover Card's brand of idiosyncrasy
 func NewDiscoverCardClient(bc *BasicClient) Client {
 	return &DiscoverCardClient{bc}
 }
@@ -77,6 +77,8 @@ func discoverCardHTTPPost(URL string, r io.Reader) (*http.Response, error) {
 	return http.ReadResponse(bufio.NewReader(conn), nil)
 }
 
+// RawRequest is a convenience wrapper around http.Post. It is exposed only for
+// when you need to read/inspect the raw HTTP response yourself.
 func (c *DiscoverCardClient) RawRequest(URL string, r io.Reader) (*http.Response, error) {
 	if !strings.HasPrefix(URL, "https://") {
 		return nil, errors.New("Refusing to send OFX request with possible plain-text password over non-https protocol")
@@ -94,10 +96,14 @@ func (c *DiscoverCardClient) RawRequest(URL string, r io.Reader) (*http.Response
 	return response, nil
 }
 
+// RequestNoParse marshals a Request to XML, makes an HTTP request, and returns
+// the raw HTTP response
 func (c *DiscoverCardClient) RequestNoParse(r *Request) (*http.Response, error) {
 	return clientRequestNoParse(c, r)
 }
 
+// Request marshals a Request to XML, makes an HTTP request, and then
+// unmarshals the response into a Response object.
 func (c *DiscoverCardClient) Request(r *Request) (*Response, error) {
 	return clientRequest(c, r)
 }

go.mod

@@ -1,11 +1,9 @@
 module github.com/aclindsa/ofxgo
 
 require (
-	github.com/aclindsa/xml v0.0.0-20190701095008-453d2c6090c2
-	github.com/howeyc/gopass v0.0.0-20170109162249-bf9dde6d0d2c
-	golang.org/x/crypto v0.0.0-20181001203147-e3636079e1a4 // indirect
-	golang.org/x/sys v0.0.0-20180928133829-e4b3c5e90611 // indirect
-	golang.org/x/text v0.0.0-20180911161511-905a57155faa
+	github.com/aclindsa/xml v0.0.0-20201125035057-bbd5c9ec99ac
+	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211
+	golang.org/x/text v0.3.7
 )
 
 go 1.9

go.sum

@@ -1,14 +1,9 @@
-github.com/aclindsa/xml v0.0.0-20171002130543-5d4402bb4a20 h1:wN3KlzWq56AIgOqFzYLYVih4zVyPDViCUeG5uZxJHq4=
-github.com/aclindsa/xml v0.0.0-20171002130543-5d4402bb4a20/go.mod h1:DiEHtTD+e6zS3+R95F05Bfbcsfv13wZTi2M4LfAFLBE=
-github.com/aclindsa/xml v0.0.0-20190625094425-0aa7a3409cf4 h1:STo5wlCItpgL9LFBui17kZ/N1iKQk+UztLRj2cVkSXQ=
-github.com/aclindsa/xml v0.0.0-20190625094425-0aa7a3409cf4/go.mod h1:GjqOUT8xlg5+T19lFv6yAGNrtMKkZ839Gt4e16mBXlY=
-github.com/aclindsa/xml v0.0.0-20190701095008-453d2c6090c2 h1:ICeGSGrc6fd81VtQ3nZ2h7GEOKxWYwRxjW0v0d/mgu4=
-github.com/aclindsa/xml v0.0.0-20190701095008-453d2c6090c2/go.mod h1:GjqOUT8xlg5+T19lFv6yAGNrtMKkZ839Gt4e16mBXlY=
-github.com/howeyc/gopass v0.0.0-20170109162249-bf9dde6d0d2c h1:kQWxfPIHVLbgLzphqk3QUflDy9QdksZR4ygR807bpy0=
-github.com/howeyc/gopass v0.0.0-20170109162249-bf9dde6d0d2c/go.mod h1:lADxMC39cJJqL93Duh1xhAs4I2Zs8mKS89XWXFGp9cs=
-golang.org/x/crypto v0.0.0-20181001203147-e3636079e1a4 h1:Vk3wNqEZwyGyei9yq5ekj7frek2u7HUfffJ1/opblzc=
-golang.org/x/crypto v0.0.0-20181001203147-e3636079e1a4/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/sys v0.0.0-20180928133829-e4b3c5e90611 h1:O33LKL7WyJgjN9CvxfTIomjIClbd/Kq86/iipowHQU0=
-golang.org/x/sys v0.0.0-20180928133829-e4b3c5e90611/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/text v0.0.0-20180911161511-905a57155faa h1:uIJ7KxPgS7ODNO//HqlPfjWmWDGRsoONAVcEVaJNWNs=
-golang.org/x/text v0.0.0-20180911161511-905a57155faa/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+github.com/aclindsa/xml v0.0.0-20201125035057-bbd5c9ec99ac h1:xCNSfPWpcx3Sdz/+aB/Re4L8oA6Y4kRRRuTh1CHCDEw=
+github.com/aclindsa/xml v0.0.0-20201125035057-bbd5c9ec99ac/go.mod h1:GjqOUT8xlg5+T19lFv6yAGNrtMKkZ839Gt4e16mBXlY=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 h1:SrN+KX8Art/Sf4HNj6Zcz06G7VEz+7w9tdXTPOZ7+l4=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=

invstmt.go

@@ -103,7 +103,7 @@ type InvSell struct {
 	Taxes        Amount      `xml:"TAXES,omitempty"`
 	Fees         Amount      `xml:"FEES,omitempty"`
 	Load         Amount      `xml:"LOAD,omitempty"`
-	Witholding   Amount      `xml:"WITHHOLDING,omitempty"`  // Federal tax witholdings
+	Withholding  Amount      `xml:"WITHHOLDING,omitempty"`  // Federal tax withholdings
 	TaxExempt    Boolean     `xml:"TAXEXEMPT,omitempty"`    // Tax-exempt transaction
 	Total        Amount      `xml:"TOTAL"`                  // Transaction total. Buys, sells, etc.:((quan. * (price +/- markup/markdown)) +/-(commission + fees + load + taxes + penalty + withholding + statewithholding)). Distributions, interest, margin interest, misc. expense, etc.: amount. Return of cap: cost basis
 	Gain         Amount      `xml:"GAIN,omitempty"`         // Total gain
@@ -112,9 +112,9 @@ type InvSell struct {
 	SubAcctSec   subAcctType `xml:"SUBACCTSEC"`             // Sub-account type for this security. One of CASH, MARGIN, SHORT, OTHER
 	SubAcctFund  subAcctType `xml:"SUBACCTFUND"`            // Where did the money for the transaction come from or go to? CASH, MARGIN, SHORT, OTHER
 
-	LoanID          String `xml:"LOANID,omitempty"`           // For 401(k) accounts only. Indicates that the transaction was due to a loan or a loan repayment, and which loan it was
-	StateWitholding Amount `xml:"STATEWITHHOLDING,omitempty"` // State tax witholdings
-	Penalty         Amount `xml:"PENALTY,omitempty"`          // Amount withheld due to penalty
+	LoanID           String `xml:"LOANID,omitempty"`           // For 401(k) accounts only. Indicates that the transaction was due to a loan or a loan repayment, and which loan it was
+	StateWithholding Amount `xml:"STATEWITHHOLDING,omitempty"` // State tax withholdings
+	Penalty          Amount `xml:"PENALTY,omitempty"`          // Amount withheld due to penalty
 
 	Inv401kSource inv401kSource `xml:"INV401KSOURCE,omitempty"` // Source of money for this transaction. One of PRETAX, AFTERTAX, MATCH, PROFITSHARING, ROLLOVER, OTHERVEST, OTHERNONVEST for 401(k) accounts. Default if not present is OTHERNONVEST. The following cash source types are subject to vesting: MATCH, PROFITSHARING, and OTHERVEST
 }
@@ -210,7 +210,7 @@ type Income struct {
 	SubAcctSec    subAcctType   `xml:"SUBACCTSEC"`              // Sub-account type for this security. One of CASH, MARGIN, SHORT, OTHER
 	SubAcctFund   subAcctType   `xml:"SUBACCTFUND"`             // Where did the money for the transaction come from or go to? CASH, MARGIN, SHORT, OTHER
 	TaxExempt     Boolean       `xml:"TAXEXEMPT,omitempty"`     // Tax-exempt transaction
-	Witholding    Amount        `xml:"WITHHOLDING,omitempty"`   // Federal tax witholdings
+	Withholding   Amount        `xml:"WITHHOLDING,omitempty"`   // Federal tax withholdings
 	Currency      Currency      `xml:"CURRENCY,omitempty"`      // Represents the currency this transaction is in (instead of CURDEF in INVSTMTRS) if Valid()
 	OrigCurrency  Currency      `xml:"ORIGCURRENCY,omitempty"`  // Represents the currency this transaction was converted to INVSTMTRS' CURDEF from if Valid
 	Inv401kSource inv401kSource `xml:"INV401KSOURCE,omitempty"` // Source of money for this transaction. One of PRETAX, AFTERTAX, MATCH, PROFITSHARING, ROLLOVER, OTHERVEST, OTHERNONVEST for 401(k) accounts. Default if not present is OTHERNONVEST. The following cash source types are subject to vesting: MATCH, PROFITSHARING, and OTHERVEST

response.go

@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"io"
 	"reflect"
+	"regexp"
 	"strings"
 
 	"github.com/aclindsa/xml"
@@ -35,78 +36,75 @@ type Response struct {
 }
 
 func (or *Response) readSGMLHeaders(r *bufio.Reader) error {
-	var seenHeader, seenVersion bool = false, false
-	for {
-		// Some financial institutions do not properly leave an empty line after the last header.
-		// Avoid attempting to read another header in that case.
-		next, err := r.Peek(1)
-		if err != nil {
-			return err
-		}
-		if next[0] == '<' {
-			break
+	b, err := r.ReadSlice('<')
+	if err != nil {
+		return err
+	}
+
+	s := string(b)
+	err = r.UnreadByte()
+	if err != nil {
+		return err
+	}
+
+	// According to the latest OFX SGML spec (1.6), headers should be CRLF-separated
+	// and written as KEY:VALUE. However, some banks include a whitespace after the
+	// colon (KEY: VALUE), while others include no line breaks at all. The spec doesn't
+	// require a line break after the OFX headers, but it is allowed, and will be
+	// optionally captured & discarded by the trailing `\s*`. Valid SGML headers must
+	// always be present in exactly this order, so a regular expression is acceptable.
+	headerExp := regexp.MustCompile(
+		`^OFXHEADER:\s*(?P<OFXHEADER>\d+)\s*` +
+			`DATA:\s*(?P<DATA>[A-Z]+)\s*` +
+			`VERSION:\s*(?P<VERSION>\d+)\s*` +
+			`SECURITY:\s*(?P<SECURITY>[\w]+)\s*` +
+			`ENCODING:\s*(?P<ENCODING>[A-Z0-9-]+)\s*` +
+			`CHARSET:\s*(?P<CHARSET>[\w-]+)\s*` +
+			`COMPRESSION:\s*(?P<COMPRESSION>[A-Z]+)\s*` +
+			`OLDFILEUID:\s*(?P<OLDFILEUID>[\w-]+)\s*` +
+			`NEWFILEUID:\s*(?P<NEWFILEUID>[\w-]+)\s*<$`)
+
+	matches := headerExp.FindStringSubmatch(s)
+	if len(matches) == 0 {
+		return errors.New("OFX headers malformed")
+	}
+
+	for i, name := range headerExp.SubexpNames() {
+		if i == 0 {
+			continue
 		}
 
-		line, err := r.ReadString('\n')
-		if err != nil {
-			return err
-		}
-		// r.ReadString leaves the '\n' on the end...
-		line = strings.TrimSpace(line)
-
-		if len(line) == 0 {
-			if seenHeader {
-				break
-			} else {
-				continue
-			}
-		}
-		header := strings.SplitN(line, ":", 2)
-		if header == nil || len(header) != 2 {
-			return errors.New("OFX headers malformed")
-		}
-
-		// Some OFX servers put a space after the colon
-		headervalue := strings.TrimSpace(header[1])
-
-		switch header[0] {
+		headerValue := matches[i]
+		switch name {
 		case "OFXHEADER":
-			if headervalue != "100" {
+			if headerValue != "100" {
 				return errors.New("OFXHEADER is not 100")
 			}
-			seenHeader = true
 		case "DATA":
-			if headervalue != "OFXSGML" {
+			if headerValue != "OFXSGML" {
 				return errors.New("OFX DATA header does not contain OFXSGML")
 			}
 		case "VERSION":
-			err := or.Version.FromString(headervalue)
+			err := or.Version.FromString(headerValue)
 			if err != nil {
 				return err
 			}
-			seenVersion = true
-
 			if or.Version > OfxVersion160 {
 				return errors.New("OFX VERSION > 160 in SGML header")
 			}
 		case "SECURITY":
-			if headervalue != "NONE" {
-				return errors.New("OFX SECURITY header not NONE")
+			if !(headerValue == "NONE" || headerValue == "TYPE1") {
+				return errors.New("OFX SECURITY header must be NONE or TYPE1")
 			}
 		case "COMPRESSION":
-			if headervalue != "NONE" {
+			if headerValue != "NONE" {
 				return errors.New("OFX COMPRESSION header not NONE")
 			}
 		case "ENCODING", "CHARSET", "OLDFILEUID", "NEWFILEUID":
-			// TODO check/handle these headers?
-		default:
-			return errors.New("Invalid OFX header: " + header[0])
+			// TODO: check/handle these headers?
 		}
 	}
 
-	if !seenVersion {
-		return errors.New("OFX VERSION header missing")
-	}
 	return nil
 }
 

response_test.go

@@ -176,8 +176,7 @@ func TestValidSamples(t *testing.T) {
 
 func TestInvalidResponse(t *testing.T) {
 	// in this example, the severity is invalid due to mixed upper and lower case letters
-	const invalidResponse = `
-OFXHEADER:100
+	const invalidResponse = `OFXHEADER:100
 DATA:OFXSGML
 VERSION:102
 SECURITY:NONE

samples/busted_responses/wellsfargo.qfx

@@ -0,0 +1 @@
+OFXHEADER:100DATA:OFXSGMLVERSION:102SECURITY:NONEENCODING:USASCIICHARSET:1252COMPRESSION:NONEOLDFILEUID:NONENEWFILEUID:NONE<OFX><SIGNONMSGSRSV1><SONRS><STATUS><CODE>0<SEVERITY>INFO<MESSAGE>SUCCESS</STATUS><DTSERVER>20210102211014.201[-8:PST]<LANGUAGE>ENG<FI><ORG>WF<FID>1000</FI><SESSCOOKIE>abc-123<INTU.BID>1000<INTU.USERID>jane_doe</SONRS></SIGNONMSGSRSV1><BANKMSGSRSV1><STMTTRNRS><TRNUID>0<STATUS><CODE>0<SEVERITY>INFO<MESSAGE>SUCCESS</STATUS><STMTRS><CURDEF>USD<BANKACCTFROM><BANKID>123456789<ACCTID>9876543210<ACCTTYPE>CHECKING</BANKACCTFROM><BANKTRANLIST><DTSTART>20201201120000.000[-8:PST]<DTEND>20201231120000.000[-8:PST]<STMTTRN><TRNTYPE>DIRECTDEBIT<DTPOSTED>20201201120000.000[-8:PST]<TRNAMT>-12.34<FITID>202012011<NAME>AE Visa Card AE EPAY<MEMO> XXXXX1234</STMTTRN></BANKTRANLIST><LEDGERBAL><BALAMT>123.45<DTASOF>20201231120000.000[-8:PST]</LEDGERBAL><AVAILBAL><BALAMT>123.45<DTASOF>20201231120000.000[-8:PST]</AVAILBAL></STMTRS></STMTTRNRS></BANKMSGSRSV1></OFX>

samples/valid_responses/moneymrkt1_v103_TYPE1.ofx

@@ -0,0 +1,75 @@
+OFXHEADER:100
+DATA:OFXSGML
+VERSION:103
+SECURITY:TYPE1
+ENCODING:USASCII
+CHARSET:1252
+COMPRESSION:NONE
+OLDFILEUID:NONE
+NEWFILEUID:NONE
+
+<OFX>
+<SIGNONMSGSRSV1><SONRS>
+<STATUS>
+<CODE>0
+<SEVERITY>INFO
+</STATUS>
+<DTSERVER>20170407001840.607[0:GMT]
+<LANGUAGE>ENG
+<FI>
+<ORG>UJKDO
+<FID>3534
+</FI>
+</SONRS>
+</SIGNONMSGSRSV1>
+<BANKMSGSRSV1>
+<STMTTRNRS>
+<TRNUID>e1707dfd-695d-4451-8d9c-0e142fdc456a
+<STATUS>
+<CODE>0
+<SEVERITY>INFO
+</STATUS>
+<STMTRS>
+<CURDEF>USD
+<BANKACCTFROM>
+<BANKID>598813374
+<ACCTID>35342483513
+<ACCTTYPE>MONEYMRKT
+</BANKACCTFROM>
+<BANKTRANLIST>
+<DTSTART>20170107011841.262[0:GMT]
+<DTEND>20170407001841.262[0:GMT]
+<STMTTRN>
+<TRNTYPE>CREDIT
+<DTPOSTED>20170117120000.000[0:GMT]
+<TRNAMT>-995.4190396554627
+<FITID>2fb2640c-cee3-4643-8ba3-ea21a4d18954
+<NAME>Dividend Earned
+</STMTTRN>
+<STMTTRN>
+<TRNTYPE>CREDIT
+<DTPOSTED>20170215120000.000[0:GMT]
+<TRNAMT>788.5385340523635
+<FITID>c9d856df-339c-47c6-9f6a-8c2e2910f62e
+<NAME>Dividend Earned
+</STMTTRN>
+<STMTTRN>
+<TRNTYPE>CREDIT
+<DTPOSTED>20170315120000.000[0:GMT]
+<TRNAMT>3070.1328011762807
+<FITID>1107ace0-048b-4c0c-b5f3-45b6be4cd71d
+<NAME>Dividend Earned
+</STMTTRN>
+</BANKTRANLIST>
+<LEDGERBAL>
+<BALAMT>2607.1664944585727
+<DTASOF>20170407001841.262[0:GMT]
+</LEDGERBAL>
+<AVAILBAL>
+<BALAMT>4503.683156768119
+<DTASOF>20170407001841.262[0:GMT]
+</AVAILBAL>
+</STMTRS>
+</STMTTRNRS>
+</BANKMSGSRSV1>
+</OFX>

signon.go

@@ -9,17 +9,18 @@ import (
 // SignonRequest identifies and authenticates a user to their FI and is
 // provided with every Request
 type SignonRequest struct {
-	XMLName   xml.Name `xml:"SONRQ"`
-	DtClient  Date     `xml:"DTCLIENT"` // Current time on client, overwritten in Client.Request()
-	UserID    String   `xml:"USERID"`
-	UserPass  String   `xml:"USERPASS,omitempty"`
-	UserKey   String   `xml:"USERKEY,omitempty"`
-	Language  String   `xml:"LANGUAGE"` // Defaults to ENG
-	Org       String   `xml:"FI>ORG"`
-	Fid       String   `xml:"FI>FID"`
-	AppID     String   `xml:"APPID"`  // Overwritten in Client.Request()
-	AppVer    String   `xml:"APPVER"` // Overwritten in Client.Request()
-	ClientUID UID      `xml:"CLIENTUID,omitempty"`
+	XMLName    xml.Name `xml:"SONRQ"`
+	DtClient   Date     `xml:"DTCLIENT"` // Current time on client, overwritten in Client.Request()
+	UserID     String   `xml:"USERID"`
+	UserPass   String   `xml:"USERPASS,omitempty"`
+	UserKey    String   `xml:"USERKEY,omitempty"`
+	GenUserKey Boolean  `xml:"GENUSERKEY,omitempty"`
+	Language   String   `xml:"LANGUAGE"` // Defaults to ENG
+	Org        String   `xml:"FI>ORG"`
+	Fid        String   `xml:"FI>FID"`
+	AppID      String   `xml:"APPID"`  // Overwritten in Client.Request()
+	AppVer     String   `xml:"APPVER"` // Overwritten in Client.Request()
+	ClientUID  UID      `xml:"CLIENTUID,omitempty"`
 }
 
 // Name returns the name of the top-level transaction XML/SGML element

types_test.go

@@ -155,7 +155,7 @@ func TestAmountEqual(t *testing.T) {
 func TestMarshalDate(t *testing.T) {
 	var d *Date
 	UTC := time.FixedZone("UTC", 0)
-	GMT_nodesc := time.FixedZone("", 0)
+	GMTNodesc := time.FixedZone("", 0)
 	EST := time.FixedZone("EST", -5*60*60)
 	NPT := time.FixedZone("NPT", (5*60+45)*60)
 	IST := time.FixedZone("IST", (5*60+30)*60)
@@ -183,7 +183,7 @@ func TestMarshalDate(t *testing.T) {
 	marshalHelper(t, "20170314000026.053[-3.50:NST]", d)
 
 	// Time zone without textual description
-	d = NewDate(2017, 3, 14, 15, 9, 26, 53*1000*1000, GMT_nodesc)
+	d = NewDate(2017, 3, 14, 15, 9, 26, 53*1000*1000, GMTNodesc)
 	marshalHelper(t, "20170314150926.053[0]", d)
 }
 
@@ -195,7 +195,7 @@ func TestUnmarshalDate(t *testing.T) {
 	NPT := time.FixedZone("NPT", (5*60+45)*60)
 	IST := time.FixedZone("IST", (5*60+30)*60)
 	NST := time.FixedZone("NST", -(3*60+30)*60)
-	NST_nodesc := time.FixedZone("", -(3*60+30)*60)
+	NSTNodesc := time.FixedZone("", -(3*60+30)*60)
 
 	eq := func(a, b interface{}) bool {
 		if dateA, ok := a.(*Date); ok {
@@ -245,7 +245,7 @@ func TestUnmarshalDate(t *testing.T) {
 	d = NewDate(2017, 3, 14, 15, 9, 26, 53*1000*1000, GMT)
 	unmarshalHelper2(t, "20170314150926.053[0]", d, &overwritten, eq)
 	// but not for others:
-	d = NewDate(2017, 3, 14, 0, 0, 26, 53*1000*1000, NST_nodesc)
+	d = NewDate(2017, 3, 14, 0, 0, 26, 53*1000*1000, NSTNodesc)
 	unmarshalHelper2(t, "20170314000026.053[-3.50]", d, &overwritten, eq)
 
 	// Make sure we handle poorly-formatted dates (from Vanguard)
@@ -316,6 +316,13 @@ func TestUnmarshalString(t *testing.T) {
 	unmarshalHelper(t, "Some Name\n  ", &s, &overwritten)
 }
 
+func TestStringString(t *testing.T) {
+	var s String = "foobar"
+	if s.String() != "foobar" {
+		t.Fatalf("Unexpected result when returning String.String(): %s\n", s.String())
+	}
+}
+
 func TestMarshalBoolean(t *testing.T) {
 	var b Boolean = true
 	marshalHelper(t, "Y", &b)
@@ -333,6 +340,17 @@ func TestUnmarshalBoolean(t *testing.T) {
 	unmarshalHelper(t, "N\n \t", &b, &overwritten)
 }
 
+func TestStringBoolean(t *testing.T) {
+	var b Boolean = true
+	if b.String() != "true" {
+		t.Fatalf("Unexpected string for Boolean.String() for true: %s\n", b.String())
+	}
+	b = false
+	if b.String() != "false" {
+		t.Fatalf("Unexpected string for Boolean.String() for false: %s\n", b.String())
+	}
+}
+
 func TestMarshalUID(t *testing.T) {
 	var u UID = "d1cf3d3d-9ef9-4a97-b180-81706829cb04"
 	marshalHelper(t, "d1cf3d3d-9ef9-4a97-b180-81706829cb04", &u)

vanguard_client.go

@@ -15,7 +15,7 @@ type VanguardClient struct {
 }
 
 // NewVanguardClient returns a Client interface configured to handle Vanguard's
-// brand of idiosyncracy
+// brand of idiosyncrasy
 func NewVanguardClient(bc *BasicClient) Client {
 	return &VanguardClient{bc}
 }
@@ -47,6 +47,8 @@ func rawRequestCookies(URL string, r io.Reader, cookies []*http.Cookie) (*http.R
 	return response, nil
 }
 
+// RequestNoParse marshals a Request to XML, makes an HTTP request, and returns
+// the raw HTTP response
 func (c *VanguardClient) RequestNoParse(r *Request) (*http.Response, error) {
 	r.SetClientFields(c)
 
@@ -62,7 +64,7 @@ func (c *VanguardClient) RequestNoParse(r *Request) (*http.Response, error) {
 	// Fortunately, the initial response contains the cookie we need, so if we
 	// detect an empty response with cookies set that didn't have any errors,
 	// re-try the request while sending their cookies back to them.
-	if err == nil && response.ContentLength <= 0 && len(response.Cookies()) > 0 {
+	if response != nil && response.ContentLength <= 0 && len(response.Cookies()) > 0 {
 		b, err = r.Marshal()
 		if err != nil {
 			return nil, err
@@ -74,6 +76,8 @@ func (c *VanguardClient) RequestNoParse(r *Request) (*http.Response, error) {
 	return response, err
 }
 
+// Request marshals a Request to XML, makes an HTTP request, and then
+// unmarshals the response into a Response object.
 func (c *VanguardClient) Request(r *Request) (*Response, error) {
 	return clientRequest(c, r)
 }