active_accountability_merchant 1.97.1

data/lib/active_merchant/billing/gateways/paymentez.rb

@@ -0,0 +1,300 @@
+require 'base64'
+require 'digest'
+
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class PaymentezGateway < Gateway #:nodoc:
+      self.test_url = 'https://ccapi-stg.paymentez.com/v2/'
+      self.live_url = 'https://ccapi.paymentez.com/v2/'
+
+      self.supported_countries = %w[MX EC VE CO BR CL]
+      self.default_currency = 'USD'
+      self.supported_cardtypes = %i[visa master american_express diners_club elo]
+
+      self.homepage_url = 'https://secure.paymentez.com/'
+      self.display_name = 'Paymentez'
+
+      STANDARD_ERROR_CODE_MAPPING = {
+        1 => :processing_error,
+        6 => :card_declined,
+        9 => :card_declined,
+        10 => :processing_error,
+        11 => :card_declined,
+        12 => :config_error,
+        13 => :config_error,
+        19 => :invalid_cvc,
+        20 => :config_error,
+        21 => :card_declined,
+        22 => :card_declined,
+        23 => :card_declined,
+        24 => :card_declined,
+        25 => :card_declined,
+        26 => :card_declined,
+        27 => :card_declined,
+        28 => :card_declined
+      }.freeze
+
+      CARD_MAPPING = {
+        'visa' => 'vi',
+        'master' => 'mc',
+        'american_express' => 'ax',
+        'diners_club' => 'di',
+        'elo' => 'el'
+      }.freeze
+
+      def initialize(options = {})
+        requires!(options, :application_code, :app_key)
+        super
+      end
+
+      def purchase(money, payment, options = {})
+        post = {}
+
+        add_invoice(post, money, options)
+        add_payment(post, payment)
+        add_customer_data(post, options)
+        add_extra_params(post, options)
+        action = payment.is_a?(String) ? 'debit' : 'debit_cc'
+
+        commit_transaction(action, post)
+      end
+
+      def authorize(money, payment, options = {})
+        post = {}
+
+        add_invoice(post, money, options)
+        add_payment(post, payment)
+        add_customer_data(post, options)
+        add_extra_params(post, options)
+
+        commit_transaction('authorize', post)
+      end
+
+      def capture(money, authorization, _options = {})
+        post = {
+            transaction: { id: authorization }
+        }
+        post[:order] = {amount: amount(money).to_f} if money
+
+        commit_transaction('capture', post)
+      end
+
+      def refund(money, authorization, options = {})
+        post = {transaction: {id: authorization}}
+        post[:order] = {amount: amount(money).to_f} if money
+
+        commit_transaction('refund', post)
+      end
+
+      def void(authorization, _options = {})
+        post = { transaction: { id: authorization } }
+        commit_transaction('refund', post)
+      end
+
+      def verify(credit_card, options = {})
+        MultiResponse.run do |r|
+          r.process { authorize(100, credit_card, options) }
+          r.process { void(r.authorization, options) }
+        end
+      end
+
+      def store(credit_card, options = {})
+        post = {}
+
+        add_customer_data(post, options)
+        add_payment(post, credit_card)
+
+        response = commit_card('add', post)
+        if !response.success? && !(token = extract_previous_card_token(response)).nil?
+          unstore(token, options)
+          response = commit_card('add', post)
+        end
+        response
+      end
+
+      def unstore(identification, options = {})
+        post = { card: { token: identification }, user: { id: options[:user_id] }}
+        commit_card('delete', post)
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r{(\\?"number\\?":)(\\?"[^"]+\\?")}, '\1[FILTERED]').
+          gsub(%r{(\\?"cvc\\?":)(\\?"[^"]+\\?")}, '\1[FILTERED]').
+          gsub(%r{(Auth-Token: )([A-Za-z0-9=]+)}, '\1[FILTERED]')
+      end
+
+      private
+
+      def add_customer_data(post, options)
+        requires!(options, :user_id, :email)
+        post[:user] ||= {}
+        post[:user][:id] = options[:user_id]
+        post[:user][:email] = options[:email]
+        post[:user][:ip_address] = options[:ip] if options[:ip]
+        post[:user][:fiscal_number] = options[:fiscal_number] if options[:fiscal_number]
+        if phone = options[:phone] || options.dig(:billing_address, :phone)
+          post[:user][:phone] = phone
+        end
+      end
+
+      def add_invoice(post, money, options)
+        post[:session_id] = options[:session_id] if options[:session_id]
+
+        post[:order] ||= {}
+        post[:order][:amount] = amount(money).to_f
+        post[:order][:vat] = options[:vat] if options[:vat]
+        post[:order][:dev_reference] = options[:dev_reference] if options[:dev_reference]
+        post[:order][:description] = options[:description] if options[:description]
+        post[:order][:discount] = options[:discount] if options[:discount]
+        post[:order][:installments] = options[:installments] if options[:installments]
+        post[:order][:installments_type] = options[:installments_type] if options[:installments_type]
+        post[:order][:taxable_amount] = options[:taxable_amount] if options[:taxable_amount]
+        post[:order][:tax_percentage] = options[:tax_percentage] if options[:tax_percentage]
+      end
+
+      def add_payment(post, payment)
+        post[:card] ||= {}
+        if payment.is_a?(String)
+          post[:card][:token] = payment
+        else
+          post[:card][:number] = payment.number
+          post[:card][:holder_name] = payment.name
+          post[:card][:expiry_month] = payment.month
+          post[:card][:expiry_year] = payment.year
+          post[:card][:cvc] = payment.verification_value
+          post[:card][:type] = CARD_MAPPING[payment.brand]
+        end
+      end
+
+      def add_extra_params(post, options)
+        extra_params = {}
+        extra_params.merge!(options[:extra_params]) if options[:extra_params]
+
+        post['extra_params'] = extra_params unless extra_params.empty?
+      end
+
+      def parse(body)
+        JSON.parse(body)
+      end
+
+      def commit_raw(object, action, parameters)
+        url = "#{(test? ? test_url : live_url)}#{object}/#{action}"
+
+        begin
+          raw_response = ssl_post(url, post_data(parameters), headers)
+        rescue ResponseError => e
+          raw_response = e.response.body
+        end
+
+        begin
+          parse(raw_response)
+        rescue JSON::ParserError
+          {'status' => 'Internal server error'}
+        end
+      end
+
+      def commit_transaction(action, parameters)
+        response = commit_raw('transaction', action, parameters)
+        Response.new(
+          success_from(response),
+          message_from(response),
+          response,
+          authorization: authorization_from(response),
+          test: test?,
+          error_code: error_code_from(response)
+        )
+      end
+
+      def commit_card(action, parameters)
+        response = commit_raw('card', action, parameters)
+        Response.new(
+          card_success_from(response),
+          card_message_from(response),
+          response,
+          authorization: card_authorization_from(response),
+          test: test?,
+          error_code: card_error_code_from(response)
+        )
+      end
+
+      def headers
+        {
+          'Auth-Token' => authentication_code,
+          'Content-Type' => 'application/json'
+        }
+      end
+
+      def success_from(response)
+        !response.include?('error') && (response['status'] || response['transaction']['status']) == 'success'
+      end
+
+      def card_success_from(response)
+        return false if response.include?('error')
+        return true if response['message'] == 'card deleted'
+        response['card']['status'] == 'valid'
+      end
+
+      def message_from(response)
+        if !success_from(response) && response['error']
+          response['error'] && response['error']['type']
+        else
+          response['transaction'] && response['transaction']['message']
+        end
+      end
+
+      def card_message_from(response)
+        if !response.include?('error')
+          response['message'] || response['card']['message']
+        else
+          response['error']['type']
+        end
+      end
+
+      def authorization_from(response)
+        response['transaction'] && response['transaction']['id']
+      end
+
+      def card_authorization_from(response)
+        response['card'] && response['card']['token']
+      end
+
+      def extract_previous_card_token(response)
+        match = /Card already added: (\d+)/.match(response.message)
+        match && match[1]
+      end
+
+      def post_data(parameters = {})
+        JSON.dump(parameters)
+      end
+
+      def error_code_from(response)
+        return if success_from(response)
+        if response['transaction']
+          detail = response['transaction']['status_detail']
+          if STANDARD_ERROR_CODE_MAPPING.include?(detail)
+            return STANDARD_ERROR_CODE[STANDARD_ERROR_CODE_MAPPING[detail]]
+          end
+        elsif response['error']
+          return STANDARD_ERROR_CODE[:config_error]
+        end
+        STANDARD_ERROR_CODE[:processing_error]
+      end
+
+      def card_error_code_from(response)
+        STANDARD_ERROR_CODE[:processing_error] unless card_success_from(response)
+      end
+
+      def authentication_code
+        timestamp = Time.new.to_i
+        unique_token = Digest::SHA256.hexdigest("#{@options[:app_key]}#{timestamp}")
+        authentication_string = "#{@options[:application_code]};#{timestamp};#{unique_token}"
+        Base64.encode64(authentication_string).delete("\n")
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/gateways/paymill.rb

@@ -0,0 +1,371 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class PaymillGateway < Gateway
+      self.supported_countries = %w(AD AT BE BG CH CY CZ DE DK EE ES FI FO FR GB
+                                    GI GR HR HU IE IL IM IS IT LI LT LU LV MC MT
+                                    NL NO PL PT RO SE SI SK TR VA)
+
+      self.supported_cardtypes = [:visa, :master, :american_express, :diners_club, :discover, :union_pay, :jcb]
+      self.homepage_url = 'https://paymill.com'
+      self.display_name = 'PAYMILL'
+      self.money_format = :cents
+      self.default_currency = 'EUR'
+      self.live_url = 'https://api.paymill.com/v2/'
+
+      def initialize(options = {})
+        requires!(options, :public_key, :private_key)
+        super
+      end
+
+      def purchase(money, payment_method, options={})
+        action_with_token(:purchase, money, payment_method, options)
+      end
+
+      def authorize(money, payment_method, options = {})
+        action_with_token(:authorize, money, payment_method, options)
+      end
+
+      def capture(money, authorization, options = {})
+        post = {}
+
+        add_amount(post, money, options)
+        post[:preauthorization] = preauth(authorization)
+        post[:description] = options[:order_id]
+        post[:source] = 'active_merchant'
+        commit(:post, 'transactions', post)
+      end
+
+      def refund(money, authorization, options={})
+        post = {}
+
+        post[:amount] = amount(money)
+        post[:description] = options[:order_id]
+        commit(:post, "refunds/#{transaction_id(authorization)}", post)
+      end
+
+      def void(authorization, options={})
+        commit(:delete, "preauthorizations/#{preauth(authorization)}")
+      end
+
+      def store(credit_card, options={})
+        # The store request requires a currency and amount of at least $1 USD.
+        # This is used for an authorization that is handled internally by Paymill.
+        options[:currency] = 'USD'
+        options[:money] = 100
+
+        save_card(credit_card, options)
+      end
+
+      def supports_scrubbing
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r((Authorization: Basic )\w+), '\1[FILTERED]').
+          gsub(/(account.number=)(\d*)/, '\1[FILTERED]').
+          gsub(/(account.verification=)(\d*)/, '\1[FILTERED]')
+      end
+
+      def verify_credentials
+        begin
+          ssl_get(live_url + 'transactions/nonexistent', headers)
+        rescue ResponseError => e
+          return false if e.response.code.to_i == 401
+        end
+
+        true
+      end
+
+      private
+
+      def add_credit_card(post, credit_card, options)
+        post['account.holder'] = (credit_card.try(:name) || '')
+        post['account.number'] = credit_card.number
+        post['account.expiry.month'] = sprintf('%.2i', credit_card.month)
+        post['account.expiry.year'] = sprintf('%.4i', credit_card.year)
+        post['account.verification'] = credit_card.verification_value
+        post['account.email'] = (options[:email] || nil)
+        post['presentation.amount3D'] =  (options[:money] || nil)
+        post['presentation.currency3D'] = (options[:currency] || currency(options[:money]))
+      end
+
+      def headers
+        { 'Authorization' => ('Basic ' + Base64.strict_encode64("#{@options[:private_key]}:X").chomp) }
+      end
+
+      def commit(method, action, parameters=nil)
+        begin
+          raw_response = ssl_request(method, live_url + action, post_data(parameters), headers)
+        rescue ResponseError => e
+          begin
+            parsed = JSON.parse(e.response.body)
+          rescue JSON::ParserError
+            return Response.new(false, "Unable to parse error response: '#{e.response.body}'")
+          end
+          return Response.new(false, response_message(parsed), parsed, {})
+        end
+
+        response_from(raw_response)
+      end
+
+      def response_from(raw_response)
+        parsed = JSON.parse(raw_response)
+        options = {
+          :authorization => authorization_from(parsed),
+          :test => (parsed['mode'] == 'test'),
+        }
+
+        succeeded = (parsed['data'] == []) || (parsed['data']['response_code'].to_i == 20000)
+        Response.new(succeeded, response_message(parsed), parsed, options)
+      end
+
+      def authorization_from(parsed_response)
+        parsed_data = parsed_response['data']
+        return '' unless parsed_data.kind_of?(Hash)
+
+        [
+          parsed_data['id'],
+          parsed_data['preauthorization'].try(:[], 'id')
+        ].join(';')
+      end
+
+      def action_with_token(action, money, payment_method, options)
+        options[:money] = money
+        case payment_method
+        when String
+          self.send("#{action}_with_token", money, payment_method, options)
+        else
+          MultiResponse.run do |r|
+            r.process { save_card(payment_method, options) }
+            r.process { self.send("#{action}_with_token", money, r.authorization, options) }
+          end
+        end
+      end
+
+      def purchase_with_token(money, card_token, options)
+        post = {}
+
+        add_amount(post, money, options)
+        post[:token] = card_token
+        post[:description] = options[:order_id]
+        post[:source] = 'active_merchant'
+        commit(:post, 'transactions', post)
+      end
+
+      def authorize_with_token(money, card_token, options)
+        post = {}
+
+        add_amount(post, money, options)
+        post[:token] = card_token
+        post[:description] = options[:order_id]
+        post[:source] = 'active_merchant'
+        commit(:post, 'preauthorizations', post)
+      end
+
+      def save_card(credit_card, options)
+        post = {}
+
+        add_credit_card(post, credit_card, options)
+        post['channel.id'] = @options[:public_key]
+        post['jsonPFunction'] = 'jsonPFunction'
+        post['transaction.mode'] = (test? ? 'CONNECTOR_TEST' : 'LIVE')
+
+        begin
+          raw_response = ssl_request(:get, "#{save_card_url}?#{post_data(post)}", nil, {})
+        rescue ResponseError => e
+          return Response.new(false, e.response.body)
+        end
+
+        response_for_save_from(raw_response)
+      end
+
+      def response_for_save_from(raw_response)
+        options = { :test => test? }
+
+        parser = ResponseParser.new(raw_response, options)
+        parser.generate_response
+      end
+
+      def parse_reponse(response)
+        JSON.parse(response.sub(/jsonPFunction\(/, '').sub(/\)\z/, ''))
+      end
+
+      def save_card_url
+        (test? ? 'https://test-token.paymill.com' : 'https://token-v2.paymill.de')
+      end
+
+      def post_data(params)
+        return nil unless params
+
+        no_blanks = params.reject { |key, value| value.blank? }
+        no_blanks.map { |key, value| "#{key}=#{CGI.escape(value.to_s)}" }.join('&')
+      end
+
+      def add_amount(post, money, options)
+        post[:amount] = amount(money)
+        post[:currency] = (options[:currency] || currency(money))
+      end
+
+      def preauth(authorization)
+        authorization.split(';').last
+      end
+
+      def transaction_id(authorization)
+        authorization.split(';').first
+      end
+
+      RESPONSE_CODES = {
+        10001 => 'Undefined response',
+        10002 => 'Waiting for something',
+        11000 => 'Retry request at a later time',
+
+        20000 => 'Operation successful',
+        20100 => 'Funds held by acquirer',
+        20101 => 'Funds held by acquirer because merchant is new',
+        20200 => 'Transaction reversed',
+        20201 => 'Reversed due to chargeback',
+        20202 => 'Reversed due to money-back guarantee',
+        20203 => 'Reversed due to complaint by buyer',
+        20204 => 'Payment has been refunded',
+        20300 => 'Reversal has been canceled',
+        22000 => 'Initiation of transaction successful',
+
+        30000 => 'Transaction still in progress',
+        30100 => 'Transaction has been accepted',
+        31000 => 'Transaction pending',
+        31100 => 'Pending due to address',
+        31101 => 'Pending due to uncleared eCheck',
+        31102 => 'Pending due to risk review',
+        31103 => 'Pending due regulatory review',
+        31104 => 'Pending due to unregistered/unconfirmed receiver',
+        31200 => 'Pending due to unverified account',
+        31201 => 'Pending due to non-captured funds',
+        31202 => 'Pending due to international account (accept manually)',
+        31203 => 'Pending due to currency conflict (accept manually)',
+        31204 => 'Pending due to fraud filters (accept manually)',
+
+        40000 => 'Problem with transaction data',
+        40001 => 'Problem with payment data',
+        40002 => 'Invalid checksum',
+        40100 => 'Problem with credit card data',
+        40101 => 'Problem with CVV',
+        40102 => 'Card expired or not yet valid',
+        40103 => 'Card limit exceeded',
+        40104 => 'Card is not valid',
+        40105 => 'Expiry date not valid',
+        40106 => 'Credit card brand required',
+        40200 => 'Problem with bank account data',
+        40201 => 'Bank account data combination mismatch',
+        40202 => 'User authentication failed',
+        40300 => 'Problem with 3-D Secure data',
+        40301 => 'Currency/amount mismatch',
+        40400 => 'Problem with input data',
+        40401 => 'Amount too low or zero',
+        40402 => 'Usage field too long',
+        40403 => 'Currency not allowed',
+        40410 => 'Problem with shopping cart data',
+        40420 => 'Problem with address data',
+        40500 => 'Permission error with acquirer API',
+        40510 => 'Rate limit reached for acquirer API',
+        42000 => 'Initiation of transaction failed',
+        42410 => 'Initiation of transaction expired',
+
+        50000 => 'Problem with back end',
+        50001 => 'Country blacklisted',
+        50002 => 'IP address blacklisted',
+        50004 => 'Live mode not allowed',
+        50005 => 'Insufficient permissions (API key)',
+        50100 => 'Technical error with credit card',
+        50101 => 'Error limit exceeded',
+        50102 => 'Card declined',
+        50103 => 'Manipulation or stolen card',
+        50104 => 'Card restricted',
+        50105 => 'Invalid configuration data',
+        50200 => 'Technical error with bank account',
+        50201 => 'Account blacklisted',
+        50300 => 'Technical error with 3-D Secure',
+        50400 => 'Declined because of risk issues',
+        50401 => 'Checksum was wrong',
+        50402 => 'Bank account number was invalid (formal check)',
+        50403 => 'Technical error with risk check',
+        50404 => 'Unknown error with risk check',
+        50405 => 'Unknown bank code',
+        50406 => 'Open chargeback',
+        50407 => 'Historical chargeback',
+        50408 => 'Institution / public bank account (NCA)',
+        50409 => 'KUNO/Fraud',
+        50410 => 'Personal Account Protection (PAP)',
+        50420 => 'Rejected due to acquirer fraud settings',
+        50430 => 'Rejected due to acquirer risk settings',
+        50440 => 'Failed due to restrictions with acquirer account',
+        50450 => 'Failed due to restrictions with user account',
+        50500 => 'General timeout',
+        50501 => 'Timeout on side of the acquirer',
+        50502 => 'Risk management transaction timeout',
+        50600 => 'Duplicate operation',
+        50700 => 'Cancelled by user',
+        50710 => 'Failed due to funding source',
+        50711 => 'Payment method not usable, use other payment method',
+        50712 => 'Limit of funding source was exceeded',
+        50713 => 'Means of payment not reusable (canceled by user)',
+        50714 => 'Means of payment not reusable (expired)',
+        50720 => 'Rejected by acquirer',
+        50730 => 'Transaction denied by merchant',
+        50800 => 'Preauthorisation failed',
+        50810 => 'Authorisation has been voided',
+        50820 => 'Authorisation period expired'
+      }
+
+      def response_message(parsed_response)
+        return parsed_response['error'] if parsed_response['error']
+        return 'Transaction approved.' if parsed_response['data'] == []
+
+        code = parsed_response['data']['response_code'].to_i
+        RESPONSE_CODES[code] || code.to_s
+      end
+
+      class ResponseParser
+        attr_reader :raw_response, :parsed, :succeeded, :message, :options
+
+        def initialize(raw_response='', options={})
+          @raw_response = raw_response
+          @options = options
+        end
+
+        def generate_response
+          parse_response
+          if parsed['error']
+            handle_response_parse_error
+          else
+            handle_response_correct_parsing
+          end
+
+          Response.new(succeeded, message, parsed, options)
+        end
+
+        private
+
+        def parse_response
+          @parsed = JSON.parse(raw_response.sub(/jsonPFunction\(/, '').sub(/\)\z/, ''))
+        end
+
+        def handle_response_parse_error
+          @succeeded = false
+          @message = parsed['error']['message']
+        end
+
+        def handle_response_correct_parsing
+          @message = parsed['transaction']['processing']['return']['message']
+          if @succeeded = is_ack?
+            @options[:authorization] = parsed['transaction']['identification']['uniqueId']
+          end
+        end
+
+        def is_ack?
+          parsed['transaction']['processing']['result'] == 'ACK'
+        end
+      end
+    end
+  end
+end