activemerchant 1.114.0 → 1.120.0

data/lib/active_merchant/billing/gateways/vpos.rb

@@ -0,0 +1,172 @@
+require 'digest'
+require 'jwe'
+
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class VposGateway < Gateway
+      self.test_url = 'https://vpos.infonet.com.py:8888'
+      self.live_url = 'https://vpos.infonet.com.py'
+
+      self.supported_countries = ['PY']
+      self.default_currency = 'PYG'
+      self.supported_cardtypes = %i[visa master]
+
+      self.homepage_url = 'https://comercios.bancard.com.py'
+      self.display_name = 'vPOS'
+
+      self.money_format = :dollars
+
+      ENDPOINTS = {
+        pci_encryption_key: '/vpos/api/0.3/application/encryption-key',
+        pay_pci_buy_encrypted: '/vpos/api/0.3/pci/encrypted',
+        pci_buy_rollback: '/vpos/api/0.3/pci_buy/rollback',
+        refund: '/vpos/api/0.3/refunds'
+      }
+
+      def initialize(options = {})
+        requires!(options, :private_key, :public_key)
+        @private_key = options[:private_key]
+        @public_key = options[:public_key]
+        @shop_process_id = options[:shop_process_id] || SecureRandom.random_number(10**15)
+        super
+      end
+
+      def purchase(money, payment, options = {})
+        commerce = options[:commerce] || @options[:commerce]
+        commerce_branch = options[:commerce_branch] || @options[:commerce_branch]
+
+        token = generate_token(@shop_process_id, 'pay_pci', commerce, commerce_branch, amount(money), currency(money))
+
+        post = {}
+        post[:token] = token
+        post[:commerce] = commerce.to_s
+        post[:commerce_branch] = commerce_branch.to_s
+        post[:shop_process_id] = @shop_process_id
+        post[:number_of_payments] = options[:number_of_payments] || 1
+        post[:recursive] = options[:recursive] || false
+
+        add_invoice(post, money, options)
+        add_card_data(post, payment)
+        add_customer_data(post, options)
+
+        commit(:pay_pci_buy_encrypted, post)
+      end
+
+      def void(_authorization, options = {})
+        token = generate_token(@shop_process_id, 'rollback', '0.00')
+        post = {
+          token: token,
+          shop_process_id: @shop_process_id
+        }
+        commit(:pci_buy_rollback, post)
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        clean_transcript = remove_invalid_utf_8_byte_sequences(transcript)
+        clean_transcript.
+          gsub(/(token\\":\\")[.\-\w]+/, '\1[FILTERED]').
+          gsub(/(card_encrypted_data\\":\\")[.\-\w]+/, '\1[FILTERED]')
+      end
+
+      def remove_invalid_utf_8_byte_sequences(transcript)
+        transcript.encode('UTF-8', 'binary', undef: :replace, replace: '')
+      end
+
+      private
+
+      # Required to encrypt PAN data.
+      def one_time_public_key
+        token = generate_token('get_encription_public_key', @public_key)
+        response = commit(:pci_encryption_key, token: token)
+        OpenSSL::PKey::RSA.new(response.params['encryption_key'])
+      end
+
+      def generate_token(*elements)
+        Digest::MD5.hexdigest(@private_key + elements.join)
+      end
+
+      def add_invoice(post, money, options)
+        post[:amount] = amount(money)
+        post[:currency] = options[:currency] || currency(money)
+      end
+
+      def add_card_data(post, payment)
+        card_number = payment.number
+        cvv = payment.verification_value
+
+        payload = { card_number: card_number, 'cvv': cvv }.to_json
+
+        post[:card_encrypted_data] = JWE.encrypt(payload, one_time_public_key)
+        post[:card_month_expiration] = format(payment.month, :two_digits)
+        post[:card_year_expiration] = format(payment.year, :two_digits)
+      end
+
+      def add_customer_data(post, options)
+        post[:additional_data] = options[:additional_data] || '' # must be passed even if empty
+      end
+
+      def parse(body)
+        JSON.parse(body)
+      end
+
+      def commit(action, parameters)
+        url = build_request_url(action)
+        begin
+          response = parse(ssl_post(url, post_data(parameters)))
+        rescue ResponseError => response
+          # Errors are returned with helpful data,
+          # but get filtered out by `ssl_post` because of their HTTP status.
+          response = parse(response.response.body)
+        end
+
+        Response.new(
+          success_from(response),
+          message_from(response),
+          response,
+          authorization: authorization_from(response),
+          avs_result: nil,
+          cvv_result: nil,
+          test: test?,
+          error_code: error_code_from(response)
+        )
+      end
+
+      def success_from(response)
+        if code = response.dig('confirmation', 'response_code')
+          code == '00'
+        else
+          response['status'] == 'success'
+        end
+      end
+
+      def message_from(response)
+        response.dig('confirmation', 'extended_response_description') ||
+          response.dig('confirmation', 'response_description') ||
+          response.dig('confirmation', 'response_details') ||
+          response.dig('messages', 0, 'key')
+      end
+
+      def authorization_from(response)
+        response.dig('confirmation', 'authorization_number')
+      end
+
+      def error_code_from(response)
+        response.dig('confirmation', 'response_code') unless success_from(response)
+      end
+
+      def build_request_url(action)
+        base_url = (test? ? test_url : live_url)
+        base_url + ENDPOINTS[action]
+      end
+
+      def post_data(data)
+        { public_key: @public_key,
+          operation: data }.compact.to_json
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/gateways/webpay.rb

@@ -51,7 +51,7 @@ module ActiveMerchant #:nodoc:
           MultiResponse.run(:first) do |r|
             r.process { commit(:post, "customers/#{CGI.escape(options[:customer])}/", post, options) }
 
-            return r unless options[:set_default] and r.success? and !r.params['id'].blank?
+            return r unless options[:set_default] && r.success? && !r.params['id'].blank?
 
             r.process { update_customer(options[:customer], default_card: r.params['id']) }
           end
@@ -89,7 +89,7 @@ module ActiveMerchant #:nodoc:
           'Authorization' => 'Basic ' + Base64.encode64(@api_key.to_s + ':').strip,
           'User-Agent' => "Webpay/v1 ActiveMerchantBindings/#{ActiveMerchant::VERSION}",
           'X-Webpay-Client-User-Agent' => user_agent,
-          'X-Webpay-Client-User-Metadata' => {ip: options[:ip]}.to_json
+          'X-Webpay-Client-User-Metadata' => { ip: options[:ip] }.to_json
         }
       end
     end

data/lib/active_merchant/billing/gateways/wepay.rb

@@ -168,14 +168,15 @@ module ActiveMerchant #:nodoc:
         JSON.parse(response)
       end
 
-      def commit(action, params, options={})
+      def commit(action, params, options = {})
         begin
           response = parse(
             ssl_post(
               ((test? ? test_url : live_url) + action),
               params.to_json,
               headers(options)
-            ))
+            )
+          )
         rescue ResponseError => e
           response = parse(e.response.body)
         end

data/lib/active_merchant/billing/gateways/wirecard.rb

@@ -183,8 +183,7 @@ module ActiveMerchant #:nodoc:
           test: test?,
           authorization: authorization,
           avs_result: { code: avs_code(response, options) },
-          cvv_result: response[:CVCResponseCode]
-        )
+          cvv_result: response[:CVCResponseCode])
       rescue ResponseError => e
         if e.response.code == '401'
           return Response.new(false, 'Invalid Login')

data/lib/active_merchant/billing/gateways/worldpay.rb

@@ -9,7 +9,7 @@ module ActiveMerchant #:nodoc:
       self.default_currency = 'GBP'
       self.money_format = :cents
       self.supported_countries = %w(HK GB AU AD AR BE BR CA CH CN CO CR CY CZ DE DK ES FI FR GI GR HU IE IN IT JP LI LU MC MT MY MX NL NO NZ PA PE PL PT SE SG SI SM TR UM VA)
-      self.supported_cardtypes = %i[visa master american_express discover jcb maestro elo naranja cabal]
+      self.supported_cardtypes = %i[visa master american_express discover jcb maestro elo naranja cabal unionpay]
       self.currencies_without_fractions = %w(HUF IDR ISK JPY KRW)
       self.currencies_with_three_decimal_places = %w(BHD KWD OMR RSD TND)
       self.homepage_url = 'http://www.worldpay.com/'
@@ -26,6 +26,7 @@ module ActiveMerchant #:nodoc:
         'elo'              => 'ELO-SSL',
         'naranja'          => 'NARANJA-SSL',
         'cabal'            => 'CABAL-SSL',
+        'unionpay'         => 'CHINAUNIONPAY-SSL',
         'unknown'          => 'CARD-SSL'
       }
 
@@ -57,7 +58,7 @@ module ActiveMerchant #:nodoc:
       def purchase(money, payment_method, options = {})
         MultiResponse.run do |r|
           r.process { authorize(money, payment_method, options) }
-          r.process { capture(money, r.authorization, options.merge(authorization_validated: true)) }
+          r.process { capture(money, r.authorization, options.merge(authorization_validated: true)) } unless options[:skip_capture]
         end
       end
 
@@ -70,7 +71,7 @@ module ActiveMerchant #:nodoc:
       def capture(money, authorization, options = {})
         authorization = order_id_from_authorization(authorization.to_s)
         MultiResponse.run do |r|
-          r.process { inquire_request(authorization, options, 'AUTHORISED') } unless options[:authorization_validated]
+          r.process { inquire_request(authorization, options, 'AUTHORISED', 'CAPTURED') } unless options[:authorization_validated]
           if r.params
             authorization_currency = r.params['amount_currency_code']
             options = options.merge(currency: authorization_currency) if authorization_currency.present?
@@ -89,8 +90,10 @@ module ActiveMerchant #:nodoc:
 
       def refund(money, authorization, options = {})
         authorization = order_id_from_authorization(authorization.to_s)
+        success_criteria = %w(CAPTURED SETTLED SETTLED_BY_MERCHANT SENT_FOR_REFUND)
+        success_criteria.push('AUTHORIZED') if options[:cancel_or_refund]
         response = MultiResponse.run do |r|
-          r.process { inquire_request(authorization, options, 'CAPTURED', 'SETTLED', 'SETTLED_BY_MERCHANT') } unless options[:authorization_validated]
+          r.process { inquire_request(authorization, options, *success_criteria) } unless options[:authorization_validated]
           r.process { refund_request(money, authorization, options) }
         end
 
@@ -111,14 +114,14 @@ module ActiveMerchant #:nodoc:
         credit_request(money, payment_method, payment_details.merge(credit: true, **options))
       end
 
-      def verify(payment_method, options={})
+      def verify(payment_method, options = {})
         MultiResponse.run(:use_first_response) do |r|
           r.process { authorize(100, payment_method, options) }
           r.process(:ignore_result) { void(r.authorization, options.merge(authorization_validated: true)) }
         end
       end
 
-      def store(credit_card, options={})
+      def store(credit_card, options = {})
         requires!(options, :customer)
         store_request(credit_card, options)
       end
@@ -141,7 +144,7 @@ module ActiveMerchant #:nodoc:
       end
 
       def capture_request(money, authorization, options)
-        commit('capture', build_capture_request(money, authorization, options), :ok, options)
+        commit('capture', build_capture_request(money, authorization, options), 'CAPTURED', :ok, options)
       end
 
       def cancel_request(authorization, options)
@@ -153,7 +156,7 @@ module ActiveMerchant #:nodoc:
       end
 
       def refund_request(money, authorization, options)
-        commit('refund', build_refund_request(money, authorization, options), :ok, options)
+        commit('refund', build_refund_request(money, authorization, options), :ok, 'SENT_FOR_REFUND', options)
       end
 
       def credit_request(money, payment_method, options)
@@ -205,6 +208,7 @@ module ActiveMerchant #:nodoc:
               end
               add_payment_method(xml, money, payment_method, options)
               add_shopper(xml, options)
+              add_statement_narrative(xml, options)
               add_risk_data(xml, options[:risk_data]) if options[:risk_data]
               add_hcg_additional_data(xml, options) if options[:hcg_additional_data]
               add_instalments_data(xml, options) if options[:instalments]
@@ -236,8 +240,13 @@ module ActiveMerchant #:nodoc:
 
       def build_refund_request(money, authorization, options)
         build_order_modify_request(authorization) do |xml|
-          xml.refund do
-            add_amount(xml, money, options.merge(debit_credit_indicator: 'credit'))
+          if options[:cancel_or_refund]
+            # Worldpay docs claim amount must be passed. This causes an error.
+            xml.cancelOrRefund # { add_amount(xml, money, options.merge(debit_credit_indicator: 'credit')) }
+          else
+            xml.refund do
+              add_amount(xml, money, options.merge(debit_credit_indicator: 'credit'))
+            end
           end
         end
       end
@@ -259,7 +268,10 @@ module ActiveMerchant #:nodoc:
       end
 
       def add_additional_3ds_data(xml, options)
-        xml.additional3DSData 'dfReferenceId' => options[:session_id]
+        additional_data = { 'dfReferenceId' => options[:session_id] }
+        additional_data['challengeWindowSize'] = options[:browser_size] if options[:browser_size]
+
+        xml.additional3DSData additional_data
       end
 
       def add_3ds_exemption(xml, options)
@@ -425,14 +437,14 @@ module ActiveMerchant #:nodoc:
           )
         end
 
-        card_holder_name = options[:execute_threed] && !options[:three_ds_version]&.start_with?('2') ? '3D' : payment_method.name
+        card_holder_name = test? && options[:execute_threed] && !options[:three_ds_version]&.start_with?('2') ? '3D' : payment_method.name
         xml.cardHolderName card_holder_name
         xml.cvc payment_method.verification_value
 
         add_address(xml, (options[:billing_address] || options[:address]), options)
       end
 
-      def add_stored_credential_options(xml, options={})
+      def add_stored_credential_options(xml, options = {})
         if options[:stored_credential]
           add_stored_credential_using_normalized_fields(xml, options)
         else
@@ -481,6 +493,10 @@ module ActiveMerchant #:nodoc:
         end
       end
 
+      def add_statement_narrative(xml, options)
+        xml.statementNarrative truncate(options[:statement_narrative], 50) if options[:statement_narrative]
+      end
+
       def add_authenticated_shopper_id(xml, options)
         xml.authenticatedShopperID options[:customer] if options[:customer]
       end
@@ -510,7 +526,7 @@ module ActiveMerchant #:nodoc:
       def add_hcg_additional_data(xml, options)
         xml.hcgAdditionalData do
           options[:hcg_additional_data].each do |k, v|
-            xml.param({name: k.to_s}, v)
+            xml.param({ name: k.to_s }, v)
           end
         end
       end
@@ -534,11 +550,10 @@ module ActiveMerchant #:nodoc:
 
       def default_address
         {
-          address1: 'N/A',
           zip: '0000',
+          country: 'US',
           city: 'N/A',
-          state: 'N/A',
-          country: 'US'
+          address1: 'N/A'
         }
       end
 
@@ -546,7 +561,7 @@ module ActiveMerchant #:nodoc:
         xml = xml.strip.gsub(/\&/, '&')
         doc = Nokogiri::XML(xml, &:strict)
         doc.remove_namespaces!
-        resp_params = {action: action}
+        resp_params = { action: action }
 
         parse_elements(doc.root, resp_params)
         resp_params
@@ -568,6 +583,8 @@ module ActiveMerchant #:nodoc:
       end
 
       def headers(options)
+        idempotency_key = options[:idempotency_key]
+
         headers = {
           'Content-Type' => 'text/xml',
           'Authorization' => encoded_credentials
@@ -575,6 +592,8 @@ module ActiveMerchant #:nodoc:
         if options[:cookie]
           headers['Cookie'] = options[:cookie] if options[:cookie]
         end
+
+        headers['Idempotency-Key'] = idempotency_key if idempotency_key
         headers
       end
 
@@ -646,7 +665,9 @@ module ActiveMerchant #:nodoc:
       #   - An array of strings if one of many responses could be considered a
       #     success.
       def success_criteria_success?(raw, success_criteria)
-        success_criteria.include?(raw[:last_event]) || raw[:ok].present?
+        return if raw[:error]
+
+        raw[:ok].present? || (success_criteria.include?(raw[:last_event]) if raw[:last_event])
       end
 
       def action_success?(action, raw)
@@ -683,11 +704,11 @@ module ActiveMerchant #:nodoc:
       end
 
       def order_id_from(raw)
-        pair = raw.detect { |k, v| k.to_s =~ /_order_code$/ }
+        pair = raw.detect { |k, _v| k.to_s =~ /_order_code$/ }
         (pair ? pair.last : nil)
       end
 
-      def authorization_from_token_details(options={})
+      def authorization_from_token_details(options = {})
         [options[:order_id], options[:token_id], options[:token_scope], options[:customer]].join('|')
       end
 
@@ -727,7 +748,7 @@ module ActiveMerchant #:nodoc:
       def credit_fund_transfer_attribute(options)
         return unless options[:credit]
 
-        {'action' => 'REFUND'}
+        { 'action' => 'REFUND' }
       end
 
       def encoded_credentials

data/lib/active_merchant/billing/gateways/worldpay_online_payments.rb

@@ -13,14 +13,14 @@ module ActiveMerchant #:nodoc:
       self.homepage_url = 'http://online.worldpay.com'
       self.display_name = 'Worldpay Online Payments'
 
-      def initialize(options={})
+      def initialize(options = {})
         requires!(options, :client_key, :service_key)
         @client_key = options[:client_key]
         @service_key = options[:service_key]
         super
       end
 
-      def authorize(money, credit_card, options={})
+      def authorize(money, credit_card, options = {})
         response = create_token(true, credit_card.first_name + ' ' + credit_card.last_name, credit_card.month, credit_card.year, credit_card.number, credit_card.verification_value)
         if response.success?
           options[:authorizeOnly] = true
@@ -30,9 +30,9 @@ module ActiveMerchant #:nodoc:
         response
       end
 
-      def capture(money, authorization, options={})
+      def capture(money, authorization, options = {})
         if authorization
-          commit(:post, "orders/#{CGI.escape(authorization)}/capture", {'captureAmount' => money}, options, 'capture')
+          commit(:post, "orders/#{CGI.escape(authorization)}/capture", { 'captureAmount' => money }, options, 'capture')
         else
           Response.new(false,
             'FAILED',
@@ -41,12 +41,11 @@ module ActiveMerchant #:nodoc:
             authorization: false,
             avs_result: {},
             cvv_result: {},
-            error_code: false
-          )
+            error_code: false)
         end
       end
 
-      def purchase(money, credit_card, options={})
+      def purchase(money, credit_card, options = {})
         response = create_token(true, credit_card.first_name + ' ' + credit_card.last_name, credit_card.month, credit_card.year, credit_card.number, credit_card.verification_value)
         if response.success?
           post = create_post_for_auth_or_purchase(response.authorization, money, options)
@@ -55,18 +54,18 @@ module ActiveMerchant #:nodoc:
         response
       end
 
-      def refund(money, orderCode, options={})
-        obj = money ? {'refundAmount' => money} : {}
+      def refund(money, orderCode, options = {})
+        obj = money ? { 'refundAmount' => money } : {}
         commit(:post, "orders/#{CGI.escape(orderCode)}/refund", obj, options, 'refund')
       end
 
-      def void(orderCode, options={})
+      def void(orderCode, options = {})
         response = commit(:delete, "orders/#{CGI.escape(orderCode)}", nil, options, 'void')
         response = refund(nil, orderCode) if !response.success? && (response.params && response.params['customCode'] != 'ORDER_NOT_FOUND')
         response
       end
 
-      def verify(credit_card, options={})
+      def verify(credit_card, options = {})
         authorize(0, credit_card, options)
       end
 
@@ -85,7 +84,7 @@ module ActiveMerchant #:nodoc:
           },
           'clientKey' => @client_key
         }
-        token_response = commit(:post, 'tokens', obj, {'Authorization' => @service_key}, 'token')
+        token_response = commit(:post, 'tokens', obj, { 'Authorization' => @service_key }, 'token')
         token_response
       end
 
@@ -121,13 +120,13 @@ module ActiveMerchant #:nodoc:
           'Content-Type' => 'application/json',
           'User-Agent' => "Worldpay/v1 ActiveMerchantBindings/#{ActiveMerchant::VERSION}",
           'X-Worldpay-Client-User-Agent' => user_agent,
-          'X-Worldpay-Client-User-Metadata' => {ip: options[:ip]}.to_json
+          'X-Worldpay-Client-User-Metadata' => { ip: options[:ip] }.to_json
         }
         headers['Authorization'] = options['Authorization'] if options['Authorization']
         headers
       end
 
-      def commit(method, url, parameters=nil, options = {}, type = false)
+      def commit(method, url, parameters = nil, options = {}, type = false)
         raw_response = response = nil
         success = false
         begin
@@ -178,8 +177,7 @@ module ActiveMerchant #:nodoc:
           authorization: authorization,
           avs_result: {},
           cvv_result: {},
-          error_code: success ? nil : response['customCode']
-        )
+          error_code: success ? nil : response['customCode'])
       end
 
       def test?