activemerchant 1.100.0 → 1.133.0

data/lib/active_merchant/billing/gateways/qbms.rb

@@ -11,16 +11,16 @@ module ActiveMerchant #:nodoc:
       self.homepage_url = 'http://payments.intuit.com/'
       self.display_name = 'QuickBooks Merchant Services'
       self.default_currency = 'USD'
-      self.supported_cardtypes = [ :visa, :master, :discover, :american_express, :diners_club, :jcb ]
-      self.supported_countries = [ 'US' ]
+      self.supported_cardtypes = %i[visa master discover american_express diners_club jcb]
+      self.supported_countries = ['US']
 
       TYPES = {
-        :authorize => 'CustomerCreditCardAuth',
-        :capture   => 'CustomerCreditCardCapture',
-        :purchase  => 'CustomerCreditCardCharge',
-        :refund    => 'CustomerCreditCardTxnVoidOrRefund',
-        :void      => 'CustomerCreditCardTxnVoid',
-        :query     => 'MerchantAccountQuery',
+        authorize: 'CustomerCreditCardAuth',
+        capture: 'CustomerCreditCardCapture',
+        purchase: 'CustomerCreditCardCharge',
+        refund: 'CustomerCreditCardTxnVoidOrRefund',
+        void: 'CustomerCreditCardTxnVoid',
+        query: 'MerchantAccountQuery'
       }
 
       # Creates a new QbmsGateway
@@ -51,7 +51,7 @@ module ActiveMerchant #:nodoc:
       # * <tt>options</tt> -- A hash of optional parameters.
       #
       def authorize(money, creditcard, options = {})
-        commit(:authorize, money, options.merge(:credit_card => creditcard))
+        commit(:authorize, money, options.merge(credit_card: creditcard))
       end
 
       # Perform a purchase, which is essentially an authorization and capture in a single operation.
@@ -63,7 +63,7 @@ module ActiveMerchant #:nodoc:
       # * <tt>options</tt> -- A hash of optional parameters.
       #
       def purchase(money, creditcard, options = {})
-        commit(:purchase, money, options.merge(:credit_card => creditcard))
+        commit(:purchase, money, options.merge(credit_card: creditcard))
       end
 
       # Captures the funds from an authorized transaction.
@@ -74,7 +74,7 @@ module ActiveMerchant #:nodoc:
       # * <tt>authorization</tt> -- The authorization returned from the previous authorize request.
       #
       def capture(money, authorization, options = {})
-        commit(:capture, money, options.merge(:transaction_id => authorization))
+        commit(:capture, money, options.merge(transaction_id: authorization))
       end
 
       # Void a previous transaction
@@ -84,7 +84,7 @@ module ActiveMerchant #:nodoc:
       # * <tt>authorization</tt> - The authorization returned from the previous authorize request.
       #
       def void(authorization, options = {})
-        commit(:void, nil, options.merge(:transaction_id => authorization))
+        commit(:void, nil, options.merge(transaction_id: authorization))
       end
 
       # Credit an account.
@@ -105,7 +105,7 @@ module ActiveMerchant #:nodoc:
       end
 
       def refund(money, identification, options = {})
-        commit(:refund, money, options.merge(:transaction_id => identification))
+        commit(:refund, money, options.merge(transaction_id: identification))
       end
 
       # Query the merchant account status
@@ -143,12 +143,11 @@ module ActiveMerchant #:nodoc:
         message = (response[:status_message] || '').strip
 
         Response.new(success?(response), message, response,
-          :test          => test?,
-          :authorization => response[:credit_card_trans_id],
-          :fraud_review  => fraud_review?(response),
-          :avs_result    => { :code => avs_result(response) },
-          :cvv_result    => cvv_result(response)
-        )
+          test: test?,
+          authorization: response[:credit_card_trans_id],
+          fraud_review: fraud_review?(response),
+          avs_result: { code: avs_result(response) },
+          cvv_result: cvv_result(response))
       end
 
       def success?(response)
@@ -167,16 +166,16 @@ module ActiveMerchant #:nodoc:
 
         if status_code != 0
           return {
-            :status_code    => status_code,
-            :status_message => signon.attributes['statusMessage'],
+            status_code: status_code,
+            status_message: signon.attributes['statusMessage']
           }
         end
 
         response = REXML::XPath.first(xml, "//QBMSXMLMsgsRs/#{type}Rs")
 
         results = {
-          :status_code    => response.attributes['statusCode'].to_i,
-          :status_message => response.attributes['statusMessage'],
+          status_code: response.attributes['statusCode'].to_i,
+          status_message: response.attributes['statusMessage']
         }
 
         response.elements.each do |e|
@@ -195,10 +194,10 @@ module ActiveMerchant #:nodoc:
       end
 
       def build_request(type, money, parameters = {})
-        xml = Builder::XmlMarkup.new(:indent => 0)
+        xml = Builder::XmlMarkup.new(indent: 0)
 
-        xml.instruct!(:xml, :version => '1.0', :encoding => 'utf-8')
-        xml.instruct!(:qbmsxml, :version => API_VERSION)
+        xml.instruct!(:xml, version: '1.0', encoding: 'utf-8')
+        xml.instruct!(:qbmsxml, version: API_VERSION)
 
         xml.tag!('QBMSXML') do
           xml.tag!('SignonMsgsRq') do

data/lib/active_merchant/billing/gateways/quantum.rb

@@ -13,7 +13,7 @@ module ActiveMerchant #:nodoc:
       self.live_url = self.test_url = 'https://secure.quantumgateway.com/cgi/xml_requester.php'
 
       # visa, master, american_express, discover
-      self.supported_cardtypes = [:visa, :master, :american_express, :discover]
+      self.supported_cardtypes = %i[visa master american_express discover]
       self.supported_countries = ['US']
       self.default_currency = 'USD'
       self.money_format = :dollars
@@ -95,14 +95,14 @@ module ActiveMerchant #:nodoc:
       def build_capture_request(money, authorization, options)
         xml = Builder::XmlMarkup.new
         add_common_credit_card_info(xml, 'PREVIOUS_SALE')
-        transaction_id, _ = authorization_parts_from(authorization)
+        transaction_id, = authorization_parts_from(authorization)
         add_transaction_id(xml, transaction_id)
         xml.target!
       end
 
       def build_purchase_request(money, creditcard, options)
         xml = Builder::XmlMarkup.new
-        add_common_credit_card_info(xml, @options[:ignore_avs] ||  @options[:ignore_cvv] ? 'SALES' : 'AUTH_CAPTURE')
+        add_common_credit_card_info(xml, @options[:ignore_avs] || @options[:ignore_cvv] ? 'SALES' : 'AUTH_CAPTURE')
         add_address(xml, creditcard, options[:billing_address], options)
         add_purchase_data(xml, money)
         add_creditcard(xml, creditcard)
@@ -116,7 +116,7 @@ module ActiveMerchant #:nodoc:
       def build_void_request(authorization, options)
         xml = Builder::XmlMarkup.new
         add_common_credit_card_info(xml, 'VOID')
-        transaction_id, _ = authorization_parts_from(authorization)
+        transaction_id, = authorization_parts_from(authorization)
         add_transaction_id(xml, transaction_id)
         xml.target!
       end
@@ -216,11 +216,10 @@ module ActiveMerchant #:nodoc:
         end
 
         Response.new(success, message, response,
-          :test => test?,
-          :authorization => authorization,
-          :avs_result => { :code => response[:AVSResponseCode] },
-          :cvv_result => response[:CVV2ResponseCode]
-        )
+          test: test?,
+          authorization: authorization,
+          avs_result: { code: response[:AVSResponseCode] },
+          cvv_result: response[:CVV2ResponseCode])
       end
 
       # Parse the SOAP response
@@ -253,7 +252,7 @@ module ActiveMerchant #:nodoc:
         if node.has_elements?
           node.elements.each { |e| parse_element(reply, e) }
         else
-          if node.parent.name =~ /item/
+          if /item/.match?(node.parent.name)
             parent = node.parent.name + (node.parent.attributes['id'] ? '_' + node.parent.attributes['id'] : '')
             reply[(parent + '_' + node.name).to_sym] = node.text
           else
@@ -270,7 +269,6 @@ module ActiveMerchant #:nodoc:
       def authorization_parts_from(authorization)
         authorization.split(/;/)
       end
-
     end
   end
 end

data/lib/active_merchant/billing/gateways/quickbooks.rb

@@ -6,17 +6,14 @@ module ActiveMerchant #:nodoc:
 
       self.supported_countries = ['US']
       self.default_currency = 'USD'
-      self.supported_cardtypes = [:visa, :master, :american_express, :discover, :diners]
+      self.supported_cardtypes = %i[visa master american_express discover diners]
 
       self.homepage_url = 'http://payments.intuit.com'
       self.display_name = 'QuickBooks Payments'
-      ENDPOINT =  '/quickbooks/v4/payments/charges'
-      OAUTH_ENDPOINTS = {
-        site: 'https://oauth.intuit.com',
-        request_token_path: '/oauth/v1/get_request_token',
-        authorize_url: 'https://appcenter.intuit.com/Connect/Begin',
-        access_token_path: '/oauth/v1/get_access_token'
-      }
+      BASE = '/quickbooks/v4/payments'
+      ENDPOINT = "#{BASE}/charges"
+      VOID_ENDPOINT = "#{BASE}/txn-requests"
+      REFRESH_URI = 'https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer'
 
       # https://developer.intuit.com/docs/0150_payments/0300_developer_guides/error_handling
 
@@ -45,13 +42,21 @@ module ActiveMerchant #:nodoc:
         'PMT-5001' => STANDARD_ERROR_CODE[:card_declined],      # Merchant does not support given payment method
 
         # System Error
-        'PMT-6000' => STANDARD_ERROR_CODE[:processing_error],   # A temporary Issue prevented this request from being processed.
+        'PMT-6000' => STANDARD_ERROR_CODE[:processing_error], # A temporary Issue prevented this request from being processed.
       }
 
       FRAUD_WARNING_CODES = ['PMT-1000', 'PMT-1001', 'PMT-1002', 'PMT-1003']
 
       def initialize(options = {})
-        requires!(options, :consumer_key, :consumer_secret, :access_token, :token_secret, :realm)
+        # Quickbooks is deprecating OAuth 1.0 on December 17, 2019.
+        # OAuth 2.0 requires a client_id, client_secret, access_token, and refresh_token
+        # To maintain backwards compatibility, check for the presence of a refresh_token (only specified for OAuth 2.0)
+        # When present, validate that all OAuth 2.0 options are present
+        if options[:refresh_token]
+          requires!(options, :client_id, :client_secret, :access_token, :refresh_token)
+        else
+          requires!(options, :consumer_key, :consumer_secret, :access_token, :token_secret, :realm)
+        end
         @options = options
         super
       end
@@ -62,7 +67,8 @@ module ActiveMerchant #:nodoc:
         add_charge_data(post, payment, options)
         post[:capture] = 'true'
 
-        commit(ENDPOINT, post)
+        response = commit(ENDPOINT, post)
+        check_token_response(response, ENDPOINT, post, options)
       end
 
       def authorize(money, payment, options = {})
@@ -71,30 +77,46 @@ module ActiveMerchant #:nodoc:
         add_charge_data(post, payment, options)
         post[:capture] = 'false'
 
-        commit(ENDPOINT, post)
+        response = commit(ENDPOINT, post)
+        check_token_response(response, ENDPOINT, post, options)
       end
 
       def capture(money, authorization, options = {})
         post = {}
-        capture_uri = "#{ENDPOINT}/#{CGI.escape(authorization)}/capture"
+        authorization, = split_authorization(authorization)
         post[:amount] = localized_amount(money, currency(money))
         add_context(post, options)
 
-        commit(capture_uri, post)
+        response = commit(capture_uri(authorization), post)
+        check_token_response(response, capture_uri(authorization), post, options)
       end
 
       def refund(money, authorization, options = {})
         post = {}
         post[:amount] = localized_amount(money, currency(money))
         add_context(post, options)
+        authorization, = split_authorization(authorization)
 
-        commit(refund_uri(authorization), post)
+        response = commit(refund_uri(authorization), post)
+        check_token_response(response, refund_uri(authorization), post, options)
+      end
+
+      def void(authorization, options = {})
+        _, request_id = split_authorization(authorization)
+
+        response = commit(void_uri(request_id))
+        check_token_response(response, void_uri(request_id), {}, options)
       end
 
       def verify(credit_card, options = {})
         authorize(1.00, credit_card, options)
       end
 
+      def refresh
+        response = refresh_access_token
+        response_object(response)
+      end
+
       def supports_scrubbing?
         true
       end
@@ -107,7 +129,12 @@ module ActiveMerchant #:nodoc:
           gsub(%r((oauth_signature=\")[a-zA-Z%0-9]+), '\1[FILTERED]').
           gsub(%r((oauth_token=\")\w+), '\1[FILTERED]').
           gsub(%r((number\D+)\d{16}), '\1[FILTERED]').
-          gsub(%r((cvc\D+)\d{3}), '\1[FILTERED]')
+          gsub(%r((cvc\D+)\d{3}), '\1[FILTERED]').
+          gsub(%r((Authorization: Basic )\w+), '\1[FILTERED]').
+          gsub(%r((access_token\\?":\\?")[\w\-\.]+)i, '\1[FILTERED]').
+          gsub(%r((refresh_token\\?":\\?")\w+), '\1[FILTERED]').
+          gsub(%r((refresh_token=)\w+), '\1[FILTERED]').
+          gsub(%r((Authorization: Bearer )[\w\-\.]+)i, '\1[FILTERED]\2')
       end
 
       private
@@ -124,8 +151,9 @@ module ActiveMerchant #:nodoc:
         if address = options[:billing_address] || options[:address]
           card_address[:streetAddress] = address[:address1]
           card_address[:city] = address[:city]
-          card_address[:region] = address[:state] || address[:region]
-          card_address[:country] = address[:country]
+          region = address[:state] || address[:region]
+          card_address[:region] = region if region.present?
+          card_address[:country] = address[:country] if address[:country].present?
           card_address[:postalCode] = address[:zip] if address[:zip]
         end
         post[:card][:address] = card_address
@@ -170,30 +198,30 @@ module ActiveMerchant #:nodoc:
         # The QuickBooks API returns HTTP 4xx on failed transactions, which causes a
         # ResponseError raise, so we have to inspect the response and discern between
         # a legitimate HTTP error and an actual gateway transactional error.
-        response = begin
-          case method
-          when :post
-            ssl_post(endpoint, post_data(body), headers(:post, endpoint))
-          when :get
-            ssl_request(:get, endpoint, nil, headers(:get, endpoint))
-          else
-            raise ArgumentError, "Invalid HTTP method: #{method}. Valid methods are :post and :get"
+        headers = {}
+        response =
+          begin
+            headers = headers(method, endpoint)
+            method == :post ? ssl_post(endpoint, post_data(body), headers) : ssl_request(:get, endpoint, nil, headers)
+          rescue ResponseError => e
+            extract_response_body_or_raise(e)
           end
-        rescue ResponseError => e
-          extract_response_body_or_raise(e)
-        end
 
-        response_object(response)
+        response_object(response, headers)
       end
 
-      def response_object(raw_response)
+      def response_object(raw_response, headers = {})
         parsed_response = parse(raw_response)
 
+        # Include access_token and refresh_token in params for OAuth 2.0
+        parsed_response['access_token'] = @options[:access_token] if @options[:refresh_token]
+        parsed_response['refresh_token'] = @options[:refresh_token] if @options[:refresh_token]
+
         Response.new(
           success?(parsed_response),
           message_from(parsed_response),
           parsed_response,
-          authorization: authorization_from(parsed_response),
+          authorization: authorization_from(parsed_response, headers),
           test: test?,
           cvv_result: cvv_code_from(parsed_response),
           error_code: errors_from(parsed_response),
@@ -210,7 +238,10 @@ module ActiveMerchant #:nodoc:
       end
 
       def headers(method, uri)
-        raise ArgumentError, "Invalid HTTP method: #{method}. Valid methods are :post and :get" unless [:post, :get].include?(method)
+        return oauth_v2_headers if @options[:refresh_token]
+
+        raise ArgumentError, "Invalid HTTP method: #{method}. Valid methods are :post and :get" unless %i[post get].include?(method)
+
         request_uri = URI.parse(uri)
 
         # Following the guidelines from http://nouncer.com/oauth/authentication.html
@@ -229,7 +260,7 @@ module ActiveMerchant #:nodoc:
         hmac_signature = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha1'), oauth_signing_key, oauth_signature_base_string)
 
         # append signature to required OAuth parameters
-        oauth_parameters[:oauth_signature] = CGI.escape(Base64.encode64(hmac_signature).chomp.gsub(/\n/, ''))
+        oauth_parameters[:oauth_signature] = CGI.escape(Base64.encode64(hmac_signature).chomp.delete("\n"))
 
         # prepare Authorization header string
         oauth_parameters = Hash[oauth_parameters.sort_by { |k, _| k }]
@@ -243,6 +274,45 @@ module ActiveMerchant #:nodoc:
         }
       end
 
+      def oauth_v2_headers
+        {
+          'Content-Type'      => 'application/json',
+          'Request-Id'        => generate_unique_id,
+          'Accept'            => 'application/json',
+          'Authorization'     => "Bearer #{@options[:access_token]}"
+        }
+      end
+
+      def check_token_response(response, endpoint, body = {}, options = {})
+        return response unless @options[:refresh_token]
+        return response unless options[:allow_refresh]
+        return response unless response.params['code'] == 'AuthenticationFailed'
+
+        refresh_access_token
+        commit(endpoint, body)
+      end
+
+      def refresh_access_token
+        post = {}
+        post[:grant_type] = 'refresh_token'
+        post[:refresh_token] = @options[:refresh_token]
+        data = post.collect { |key, value| "#{key}=#{CGI.escape(value.to_s)}" }.join('&')
+
+        basic_auth = Base64.strict_encode64("#{@options[:client_id]}:#{@options[:client_secret]}")
+        headers = {
+          'Content-Type'      => 'application/x-www-form-urlencoded',
+          'Accept'            => 'application/json',
+          'Authorization'     => "Basic #{basic_auth}"
+        }
+
+        response = ssl_post(REFRESH_URI, data, headers)
+        json_response = JSON.parse(response)
+
+        @options[:access_token] = json_response['access_token'] if json_response['access_token']
+        @options[:refresh_token] = json_response['refresh_token'] if json_response['refresh_token']
+        response
+      end
+
       def cvv_code_from(response)
         if response['errors'].present?
           FRAUD_WARNING_CODES.include?(response['errors'].first['code']) ? 'I' : ''
@@ -254,7 +324,7 @@ module ActiveMerchant #:nodoc:
       def success?(response)
         return FRAUD_WARNING_CODES.concat(['0']).include?(response['errors'].first['code']) if response['errors']
 
-        !['DECLINED', 'CANCELLED'].include?(response['status'])
+        !%w[DECLINED CANCELLED].include?(response['status']) && !%w[AuthenticationFailed AuthorizationFailed].include?(response['code'])
       end
 
       def message_from(response)
@@ -262,11 +332,20 @@ module ActiveMerchant #:nodoc:
       end
 
       def errors_from(response)
-        response['errors'].present? ? STANDARD_ERROR_CODE_MAPPING[response['errors'].first['code']] : ''
+        if %w[AuthenticationFailed AuthorizationFailed].include?(response['code'])
+          response['code']
+        else
+          response['errors'].present? ? STANDARD_ERROR_CODE_MAPPING[response['errors'].first['code']] : ''
+        end
+      end
+
+      def authorization_from(response, headers = {})
+        [response['id'], headers['Request-Id']].join('|')
       end
 
-      def authorization_from(response)
-        response['id']
+      def split_authorization(authorization)
+        authorization, request_id = authorization.split('|')
+        [authorization, request_id]
       end
 
       def fraud_review_status_from(response)
@@ -283,7 +362,15 @@ module ActiveMerchant #:nodoc:
       end
 
       def refund_uri(authorization)
-        "#{ENDPOINT}/#{CGI.escape(authorization)}/refunds"
+        "#{ENDPOINT}/#{CGI.escape(authorization.to_s)}/refunds"
+      end
+
+      def capture_uri(authorization)
+        "#{ENDPOINT}/#{CGI.escape(authorization.to_s)}/capture"
+      end
+
+      def void_uri(request_id)
+        "#{VOID_ENDPOINT}/#{CGI.escape(request_id.to_s)}/void"
       end
     end
   end