activemerchant 1.117.0 → 1.123.0

data/lib/active_merchant/billing/gateways/usa_epay_transaction.rb

@@ -343,7 +343,7 @@ module ActiveMerchant #:nodoc:
         parameters[:software] = 'Active Merchant'
         parameters[:testmode] = (@options[:test] ? 1 : 0) unless parameters.has_key?(:testmode)
         seed = SecureRandom.hex(32).upcase
-        hash = Digest::SHA1.hexdigest("#{parameters[:command]}:#{@options[:password]}:#{parameters[:amount]}:#{parameters[:invoice]}:#{seed}")
+        hash = Digest::SHA1.hexdigest("#{parameters[:command]}:#{@options[:pin] || @options[:password]}:#{parameters[:amount]}:#{parameters[:invoice]}:#{seed}")
         parameters[:hash] = "s/#{seed}/#{hash}/n"
 
         parameters.collect { |key, value| "UM#{key}=#{CGI.escape(value.to_s)}" }.join('&')

data/lib/active_merchant/billing/gateways/vpos.rb

@@ -0,0 +1,220 @@
+require 'digest'
+require 'jwe'
+
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class VposGateway < Gateway
+      self.test_url = 'https://vpos.infonet.com.py:8888'
+      self.live_url = 'https://vpos.infonet.com.py'
+
+      self.supported_countries = ['PY']
+      self.default_currency = 'PYG'
+      self.supported_cardtypes = %i[visa master]
+
+      self.homepage_url = 'https://comercios.bancard.com.py'
+      self.display_name = 'vPOS'
+
+      self.money_format = :dollars
+
+      ENDPOINTS = {
+        pci_encryption_key: '/vpos/api/0.3/application/encryption-key',
+        pay_pci_buy_encrypted: '/vpos/api/0.3/pci/encrypted',
+        pci_buy_rollback: '/vpos/api/0.3/pci_buy/rollback',
+        refund: '/vpos/api/0.3/refunds'
+      }
+
+      def initialize(options = {})
+        requires!(options, :private_key, :public_key)
+        @private_key = options[:private_key]
+        @public_key = options[:public_key]
+        @shop_process_id = options[:shop_process_id] || SecureRandom.random_number(10**15)
+        super
+      end
+
+      def purchase(money, payment, options = {})
+        commerce = options[:commerce] || @options[:commerce]
+        commerce_branch = options[:commerce_branch] || @options[:commerce_branch]
+        shop_process_id = options[:shop_process_id] || @shop_process_id
+
+        token = generate_token(shop_process_id, 'pay_pci', commerce, commerce_branch, amount(money), currency(money))
+
+        post = {}
+        post[:token] = token
+        post[:commerce] = commerce.to_s
+        post[:commerce_branch] = commerce_branch.to_s
+        post[:shop_process_id] = shop_process_id
+        post[:number_of_payments] = options[:number_of_payments] || 1
+        post[:recursive] = options[:recursive] || false
+
+        add_invoice(post, money, options)
+        add_card_data(post, payment)
+        add_customer_data(post, options)
+
+        commit(:pay_pci_buy_encrypted, post)
+      end
+
+      def void(authorization, options = {})
+        _, shop_process_id = authorization.to_s.split('#')
+        token = generate_token(shop_process_id, 'rollback', '0.00')
+        post = {
+          token: token,
+          shop_process_id: shop_process_id
+        }
+        commit(:pci_buy_rollback, post)
+      end
+
+      def credit(money, payment, options = {})
+        # Not permitted for foreign cards.
+        commerce = options[:commerce] || @options[:commerce]
+        commerce_branch = options[:commerce_branch] || @options[:commerce_branch]
+
+        token = generate_token(@shop_process_id, 'refund', commerce, commerce_branch, amount(money), currency(money))
+        post = {}
+        post[:token] = token
+        post[:commerce] = commerce.to_i
+        post[:commerce_branch] = commerce_branch.to_i
+        post[:shop_process_id] = @shop_process_id
+        add_invoice(post, money, options)
+        add_card_data(post, payment)
+        add_customer_data(post, options)
+        post[:origin_shop_process_id] = options[:original_shop_process_id] if options[:original_shop_process_id]
+        commit(:refund, post)
+      end
+
+      def refund(money, authorization, options = {})
+        commerce = options[:commerce] || @options[:commerce]
+        commerce_branch = options[:commerce_branch] || @options[:commerce_branch]
+        shop_process_id = options[:shop_process_id] || @shop_process_id
+        _, original_shop_process_id = authorization.to_s.split('#')
+
+        token = generate_token(shop_process_id, 'refund', commerce, commerce_branch, amount(money), currency(money))
+        post = {}
+        post[:token] = token
+        post[:commerce] = commerce.to_i
+        post[:commerce_branch] = commerce_branch.to_i
+        post[:shop_process_id] = shop_process_id
+        add_invoice(post, money, options)
+        add_customer_data(post, options)
+        post[:origin_shop_process_id] = original_shop_process_id || options[:original_shop_process_id]
+        commit(:refund, post)
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        clean_transcript = remove_invalid_utf_8_byte_sequences(transcript)
+        clean_transcript.
+          gsub(/(token\\":\\")[.\-\w]+/, '\1[FILTERED]').
+          gsub(/(card_encrypted_data\\":\\")[.\-\w]+/, '\1[FILTERED]')
+      end
+
+      def remove_invalid_utf_8_byte_sequences(transcript)
+        transcript.encode('UTF-8', 'binary', undef: :replace, replace: '')
+      end
+
+      private
+
+      # Required to encrypt PAN data.
+      def one_time_public_key
+        token = generate_token('get_encription_public_key', @public_key)
+        response = commit(:pci_encryption_key, token: token)
+        OpenSSL::PKey::RSA.new(response.params['encryption_key'])
+      end
+
+      def generate_token(*elements)
+        Digest::MD5.hexdigest(@private_key + elements.join)
+      end
+
+      def add_invoice(post, money, options)
+        post[:amount] = amount(money)
+        post[:currency] = options[:currency] || currency(money)
+      end
+
+      def add_card_data(post, payment)
+        card_number = payment.number
+        cvv = payment.verification_value
+
+        payload = { card_number: card_number, 'cvv': cvv }.to_json
+
+        post[:card_encrypted_data] = JWE.encrypt(payload, one_time_public_key)
+        post[:card_month_expiration] = format(payment.month, :two_digits)
+        post[:card_year_expiration] = format(payment.year, :two_digits)
+      end
+
+      def add_customer_data(post, options)
+        post[:additional_data] = options[:additional_data] || '' # must be passed even if empty
+      end
+
+      def parse(body)
+        JSON.parse(body)
+      end
+
+      def commit(action, parameters)
+        url = build_request_url(action)
+        begin
+          response = parse(ssl_post(url, post_data(parameters)))
+        rescue ResponseError => response
+          # Errors are returned with helpful data,
+          # but get filtered out by `ssl_post` because of their HTTP status.
+          response = parse(response.response.body)
+        end
+
+        Response.new(
+          success_from(response),
+          message_from(response),
+          response,
+          authorization: authorization_from(response),
+          avs_result: nil,
+          cvv_result: nil,
+          test: test?,
+          error_code: error_code_from(response)
+        )
+      end
+
+      def success_from(response)
+        if code = response.dig('confirmation', 'response_code')
+          code == '00'
+        else
+          response['status'] == 'success'
+        end
+      end
+
+      def message_from(response)
+        %w(confirmation refund).each do |m|
+          message =
+            response.dig(m, 'extended_response_description') ||
+            response.dig(m, 'response_description') ||
+            response.dig(m, 'response_details')
+          return message if message
+        end
+        [response.dig('messages', 0, 'key'), response.dig('messages', 0, 'dsc')].join(':')
+      end
+
+      def authorization_from(response)
+        response_body = response.dig('confirmation') || response.dig('refund')
+        return unless response_body
+
+        authorization_number = response_body.dig('authorization_number') || response_body.dig('authorization_code')
+        shop_process_id = response_body.dig('shop_process_id')
+
+        "#{authorization_number}##{shop_process_id}"
+      end
+
+      def error_code_from(response)
+        response.dig('confirmation', 'response_code') unless success_from(response)
+      end
+
+      def build_request_url(action)
+        base_url = (test? ? test_url : live_url)
+        base_url + ENDPOINTS[action]
+      end
+
+      def post_data(data)
+        { public_key: @public_key,
+          operation: data }.compact.to_json
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/gateways/worldpay.rb

@@ -58,7 +58,7 @@ module ActiveMerchant #:nodoc:
       def purchase(money, payment_method, options = {})
         MultiResponse.run do |r|
           r.process { authorize(money, payment_method, options) }
-          r.process { capture(money, r.authorization, options.merge(authorization_validated: true)) }
+          r.process { capture(money, r.authorization, options.merge(authorization_validated: true)) } unless options[:skip_capture]
         end
       end
 
@@ -71,7 +71,7 @@ module ActiveMerchant #:nodoc:
       def capture(money, authorization, options = {})
         authorization = order_id_from_authorization(authorization.to_s)
         MultiResponse.run do |r|
-          r.process { inquire_request(authorization, options, 'AUTHORISED') } unless options[:authorization_validated]
+          r.process { inquire_request(authorization, options, 'AUTHORISED', 'CAPTURED') } unless options[:authorization_validated]
           if r.params
             authorization_currency = r.params['amount_currency_code']
             options = options.merge(currency: authorization_currency) if authorization_currency.present?
@@ -90,8 +90,10 @@ module ActiveMerchant #:nodoc:
 
       def refund(money, authorization, options = {})
         authorization = order_id_from_authorization(authorization.to_s)
+        success_criteria = %w(CAPTURED SETTLED SETTLED_BY_MERCHANT SENT_FOR_REFUND)
+        success_criteria.push('AUTHORIZED') if options[:cancel_or_refund]
         response = MultiResponse.run do |r|
-          r.process { inquire_request(authorization, options, 'CAPTURED', 'SETTLED', 'SETTLED_BY_MERCHANT') } unless options[:authorization_validated]
+          r.process { inquire_request(authorization, options, *success_criteria) } unless options[:authorization_validated]
           r.process { refund_request(money, authorization, options) }
         end
 
@@ -113,8 +115,9 @@ module ActiveMerchant #:nodoc:
       end
 
       def verify(payment_method, options = {})
+        amount = (eligible_for_0_auth?(payment_method, options) ? 0 : 100)
         MultiResponse.run(:use_first_response) do |r|
-          r.process { authorize(100, payment_method, options) }
+          r.process { authorize(amount, payment_method, options) }
           r.process(:ignore_result) { void(r.authorization, options.merge(authorization_validated: true)) }
         end
       end
@@ -128,6 +131,10 @@ module ActiveMerchant #:nodoc:
         true
       end
 
+      def supports_network_tokenization?
+        true
+      end
+
       def scrub(transcript)
         transcript.
           gsub(%r((Authorization: Basic )\w+), '\1[FILTERED]').
@@ -138,11 +145,11 @@ module ActiveMerchant #:nodoc:
       private
 
       def authorize_request(money, payment_method, options)
-        commit('authorize', build_authorization_request(money, payment_method, options), 'AUTHORISED', options)
+        commit('authorize', build_authorization_request(money, payment_method, options), 'AUTHORISED', 'CAPTURED', options)
       end
 
       def capture_request(money, authorization, options)
-        commit('capture', build_capture_request(money, authorization, options), :ok, options)
+        commit('capture', build_capture_request(money, authorization, options), 'CAPTURED', :ok, options)
       end
 
       def cancel_request(authorization, options)
@@ -154,7 +161,7 @@ module ActiveMerchant #:nodoc:
       end
 
       def refund_request(money, authorization, options)
-        commit('refund', build_refund_request(money, authorization, options), :ok, options)
+        commit('refund', build_refund_request(money, authorization, options), :ok, 'SENT_FOR_REFUND', options)
       end
 
       def credit_request(money, payment_method, options)
@@ -206,6 +213,7 @@ module ActiveMerchant #:nodoc:
               end
               add_payment_method(xml, money, payment_method, options)
               add_shopper(xml, options)
+              add_statement_narrative(xml, options)
               add_risk_data(xml, options[:risk_data]) if options[:risk_data]
               add_hcg_additional_data(xml, options) if options[:hcg_additional_data]
               add_instalments_data(xml, options) if options[:instalments]
@@ -232,13 +240,22 @@ module ActiveMerchant #:nodoc:
       end
 
       def build_void_request(authorization, options)
-        build_order_modify_request(authorization, &:cancel)
+        if options[:cancel_or_refund]
+          build_order_modify_request(authorization, &:cancelOrRefund)
+        else
+          build_order_modify_request(authorization, &:cancel)
+        end
       end
 
       def build_refund_request(money, authorization, options)
         build_order_modify_request(authorization) do |xml|
-          xml.refund do
-            add_amount(xml, money, options.merge(debit_credit_indicator: 'credit'))
+          if options[:cancel_or_refund]
+            # Worldpay docs claim amount must be passed. This causes an error.
+            xml.cancelOrRefund # { add_amount(xml, money, options.merge(debit_credit_indicator: 'credit')) }
+          else
+            xml.refund do
+              add_amount(xml, money, options.merge(debit_credit_indicator: 'credit'))
+            end
           end
         end
       end
@@ -260,7 +277,10 @@ module ActiveMerchant #:nodoc:
       end
 
       def add_additional_3ds_data(xml, options)
-        xml.additional3DSData 'dfReferenceId' => options[:session_id]
+        additional_data = { 'dfReferenceId' => options[:session_id] }
+        additional_data['challengeWindowSize'] = options[:browser_size] if options[:browser_size]
+
+        xml.additional3DSData additional_data
       end
 
       def add_3ds_exemption(xml, options)
@@ -378,6 +398,8 @@ module ActiveMerchant #:nodoc:
               add_amount(xml, amount, options)
             end
           end
+        elsif options[:payment_type] == :network_token
+          add_network_tokenization_card(xml, payment_method)
         else
           xml.paymentDetails credit_fund_transfer_attribute(options) do
             if options[:payment_type] == :token
@@ -396,7 +418,6 @@ module ActiveMerchant #:nodoc:
               xml.session 'shopperIPAddress' => options[:ip] if options[:ip]
               xml.session 'id' => options[:session_id] if options[:session_id]
             end
-
             if three_d_secure = options[:three_d_secure]
               add_three_d_secure(three_d_secure, xml)
             end
@@ -404,10 +425,26 @@ module ActiveMerchant #:nodoc:
         end
       end
 
+      def add_network_tokenization_card(xml, payment_method)
+        xml.paymentDetails do
+          xml.tag! 'EMVCO_TOKEN-SSL', 'type' => 'NETWORKTOKEN' do
+            xml.tokenNumber payment_method.number
+            xml.expiryDate do
+              xml.date(
+                'month' => format(payment_method.month, :two_digits),
+                'year' => format(payment_method.year, :four_digits_year)
+              )
+            end
+            xml.cryptogram payment_method.payment_cryptogram
+            xml.eciIndicator format(payment_method.eci, :two_digits)
+          end
+        end
+      end
+
       def add_three_d_secure(three_d_secure, xml)
         xml.info3DSecure do
           xml.threeDSVersion three_d_secure[:version]
-          if /^2/.match?(three_d_secure[:version])
+          if three_d_secure[:version] && three_d_secure[:ds_transaction_id]
             xml.dsTransactionId three_d_secure[:ds_transaction_id]
           else
             xml.xid three_d_secure[:xid]
@@ -422,11 +459,11 @@ module ActiveMerchant #:nodoc:
         xml.expiryDate do
           xml.date(
             'month' => format(payment_method.month, :two_digits),
-            'year' => format(payment_method.year, :four_digits)
+            'year' => format(payment_method.year, :four_digits_year)
           )
         end
 
-        card_holder_name = options[:execute_threed] && !options[:three_ds_version]&.start_with?('2') ? '3D' : payment_method.name
+        card_holder_name = test? && options[:execute_threed] && !options[:three_ds_version]&.start_with?('2') ? '3D' : payment_method.name
         xml.cardHolderName card_holder_name
         xml.cvc payment_method.verification_value
 
@@ -482,6 +519,10 @@ module ActiveMerchant #:nodoc:
         end
       end
 
+      def add_statement_narrative(xml, options)
+        xml.statementNarrative truncate(options[:statement_narrative], 50) if options[:statement_narrative]
+      end
+
       def add_authenticated_shopper_id(xml, options)
         xml.authenticatedShopperID options[:customer] if options[:customer]
       end
@@ -535,11 +576,10 @@ module ActiveMerchant #:nodoc:
 
       def default_address
         {
-          address1: 'N/A',
           zip: '0000',
+          country: 'US',
           city: 'N/A',
-          state: 'N/A',
-          country: 'US'
+          address1: 'N/A'
         }
       end
 
@@ -651,7 +691,9 @@ module ActiveMerchant #:nodoc:
       #   - An array of strings if one of many responses could be considered a
       #     success.
       def success_criteria_success?(raw, success_criteria)
-        success_criteria.include?(raw[:last_event]) || raw[:ok].present?
+        return if raw[:error]
+
+        raw[:ok].present? || (success_criteria.include?(raw[:last_event]) if raw[:last_event])
       end
 
       def action_success?(action, raw)
@@ -714,7 +756,9 @@ module ActiveMerchant #:nodoc:
 
       def payment_details_from(payment_method)
         payment_details = {}
-        if payment_method.respond_to?(:number)
+        if payment_method.is_a?(NetworkTokenizationCreditCard) && payment_method.source == :network_token
+          payment_details[:payment_type] = :network_token
+        elsif payment_method.respond_to?(:number)
           payment_details[:payment_type] = :credit
         else
           token_details = token_details_from_authorization(payment_method)
@@ -750,6 +794,10 @@ module ActiveMerchant #:nodoc:
       def card_code_for(payment_method)
         CARD_CODES[card_brand(payment_method)] || CARD_CODES['unknown']
       end
+
+      def eligible_for_0_auth?(payment_method, options = {})
+        payment_method.is_a?(CreditCard) && %w(visa master).include?(payment_method.brand) && options[:zero_dollar_auth]
+      end
     end
   end
 end

data/lib/active_merchant/billing/response.rb

@@ -4,7 +4,7 @@ module ActiveMerchant #:nodoc:
     end
 
     class Response
-      attr_reader :params, :message, :test, :authorization, :avs_result, :cvv_result, :error_code, :emv_authorization
+      attr_reader :params, :message, :test, :authorization, :avs_result, :cvv_result, :error_code, :emv_authorization, :network_transaction_id
 
       def success?
         @success
@@ -25,6 +25,7 @@ module ActiveMerchant #:nodoc:
         @fraud_review = options[:fraud_review]
         @error_code = options[:error_code]
         @emv_authorization = options[:emv_authorization]
+        @network_transaction_id = options[:network_transaction_id]
 
         @avs_result = if options[:avs_result].kind_of?(AVSResult)
                         options[:avs_result].to_hash

data/lib/active_merchant/billing/three_d_secure_eci_mapper.rb

@@ -0,0 +1,27 @@
+module ActiveMerchant
+  module Billing
+    module ThreeDSecureEciMapper
+      NON_THREE_D_SECURE_TRANSACTION = :non_three_d_secure_transaction
+      ATTEMPTED_AUTHENTICATION_TRANSACTION = :attempted_authentication_transaction
+      FULLY_AUTHENTICATED_TRANSACTION = :fully_authenticated_transaction
+
+      ECI_00_01_02_MAP = { '00' => NON_THREE_D_SECURE_TRANSACTION, '01' => ATTEMPTED_AUTHENTICATION_TRANSACTION, '02' => FULLY_AUTHENTICATED_TRANSACTION }.freeze
+      ECI_05_06_07_MAP = { '05' => FULLY_AUTHENTICATED_TRANSACTION, '06' => ATTEMPTED_AUTHENTICATION_TRANSACTION, '07' => NON_THREE_D_SECURE_TRANSACTION }.freeze
+      BRAND_TO_ECI_MAP = {
+        american_express: ECI_05_06_07_MAP,
+        dankort: ECI_05_06_07_MAP,
+        diners_club: ECI_05_06_07_MAP,
+        discover: ECI_05_06_07_MAP,
+        elo: ECI_05_06_07_MAP,
+        jcb: ECI_05_06_07_MAP,
+        maestro: ECI_00_01_02_MAP,
+        master: ECI_00_01_02_MAP,
+        visa: ECI_05_06_07_MAP
+      }.freeze
+
+      def self.map(brand, eci)
+        BRAND_TO_ECI_MAP.dig(brand, eci)
+      end
+    end
+  end
+end

data/lib/active_merchant/billing.rb

@@ -13,3 +13,4 @@ require 'active_merchant/billing/apple_pay_payment_token'
 require 'active_merchant/billing/response'
 require 'active_merchant/billing/gateways'
 require 'active_merchant/billing/gateway'
+require 'active_merchant/billing/three_d_secure_eci_mapper'

data/lib/active_merchant/version.rb

@@ -1,3 +1,3 @@
 module ActiveMerchant
-  VERSION = '1.117.0'
+  VERSION = '1.123.0'
 end