activemerchant 1.118.0 → 1.123.0

data/lib/active_merchant/billing/gateways/safe_charge.rb

@@ -143,15 +143,24 @@ module ActiveMerchant #:nodoc:
         post[:sg_Descriptor] = options[:merchant_descriptor] if options[:merchant_descriptor]
         post[:sg_MerchantPhoneNumber] = options[:merchant_phone_number] if options[:merchant_phone_number]
         post[:sg_MerchantName] = options[:merchant_name] if options[:merchant_name]
+        post[:sg_ProductID] = options[:product_id] if options[:product_id]
       end
 
       def add_payment(post, payment, options = {})
-        post[:sg_NameOnCard] = payment.name
-        post[:sg_CardNumber] = payment.number
         post[:sg_ExpMonth] = format(payment.month, :two_digits)
         post[:sg_ExpYear] = format(payment.year, :two_digits)
-        post[:sg_CVV2] = payment.verification_value
-        post[:sg_StoredCredentialMode] = (options[:stored_credential_mode] == true ? 1 : 0)
+        post[:sg_CardNumber] = payment.number
+
+        if payment.is_a?(NetworkTokenizationCreditCard) && payment.source == :network_token
+          post[:sg_CAVV] = payment.payment_cryptogram
+          post[:sg_ECI] = options[:three_d_secure] && options[:three_d_secure][:eci] || '05'
+          post[:sg_IsExternalMPI] = 1
+          post[:sg_ExternalTokenProvider] = 5
+        else
+          post[:sg_CVV2] = payment.verification_value
+          post[:sg_NameOnCard] = payment.name
+          post[:sg_StoredCredentialMode] = (options[:stored_credential_mode] == true ? 1 : 0)
+        end
       end
 
       def add_customer_details(post, payment, options)
@@ -170,14 +179,14 @@ module ActiveMerchant #:nodoc:
       end
 
       def add_external_mpi_data(post, options)
-        version = options[:three_d_secure][:ds_transaction_id] ? '2' : '1'
-
-        post[:sg_eci] = options[:three_d_secure][:eci] if options[:three_d_secure][:eci]
-        post[:sg_cavv] = options[:three_d_secure][:cavv] if options[:three_d_secure][:cavv]
-        post[:sg_dsTransID] = options[:three_d_secure][:ds_transaction_id] if version == '2'
-        post[:sg_threeDSProtocolVersion] = version
-        post[:sg_xid] = options[:three_d_secure][:xid] if version == '1'
+        post[:sg_ECI] = options[:three_d_secure][:eci] if options[:three_d_secure][:eci]
+        post[:sg_CAVV] = options[:three_d_secure][:cavv] if options[:three_d_secure][:cavv]
+        post[:sg_dsTransID] = options[:three_d_secure][:ds_transaction_id] if options[:three_d_secure][:ds_transaction_id]
+        post[:sg_threeDSProtocolVersion] = options[:three_d_secure][:ds_transaction_id] ? '2' : '1'
+        post[:sg_Xid] = options[:three_d_secure][:xid]
         post[:sg_IsExternalMPI] = 1
+        post[:sg_EnablePartialApproval] = options[:is_partial_approval]
+        post[:sg_challengePreference] = options[:three_d_secure][:challenge_preference] if options[:three_d_secure][:challenge_preference]
       end
 
       def parse(xml)

data/lib/active_merchant/billing/gateways/spreedly_core.rb

@@ -254,11 +254,20 @@ module ActiveMerchant #:nodoc:
       end
 
       def childnode_to_response(response, node, childnode)
-        name = "#{node.name.downcase}_#{childnode.name.downcase}"
-        if name == 'payment_method_data' && !childnode.elements.empty?
-          response[name.to_sym] = Hash.from_xml(childnode.to_s).values.first
+        node_name = node.name.downcase
+        childnode_name = childnode.name.downcase
+        composed_name = "#{node_name}_#{childnode_name}"
+
+        childnodes_present = !childnode.elements.empty?
+
+        if childnodes_present && composed_name == 'payment_method_data'
+          response[composed_name.to_sym] = Hash.from_xml(childnode.to_s).values.first
+        elsif childnodes_present && node_name == 'gateway_specific_response_fields'
+          response[node_name.to_sym] = {
+            childnode_name => Hash.from_xml(childnode.to_s).values.first
+          }
         else
-          response[name.to_sym] = childnode.text
+          response[composed_name.to_sym] = childnode.text
         end
       end
 

data/lib/active_merchant/billing/gateways/stripe.rb

@@ -279,14 +279,14 @@ module ActiveMerchant #:nodoc:
         transcript.
           gsub(%r((Authorization: Basic )\w+), '\1[FILTERED]').
           gsub(%r((&?three_d_secure\[cryptogram\]=)[\w=]*(&?)), '\1[FILTERED]\2').
-          gsub(%r((card\[cryptogram\]=)[^&]+(&?)), '\1[FILTERED]\2').
-          gsub(%r((card\[cvc\]=)\d+), '\1[FILTERED]').
-          gsub(%r((card\[emv_approval_data\]=)[^&]+(&?)), '\1[FILTERED]\2').
-          gsub(%r((card\[emv_auth_data\]=)[^&]+(&?)), '\1[FILTERED]\2').
-          gsub(%r((card\[encrypted_pin\]=)[^&]+(&?)), '\1[FILTERED]\2').
-          gsub(%r((card\[encrypted_pin_key_id\]=)[\w=]+(&?)), '\1[FILTERED]\2').
-          gsub(%r((card\[number\]=)\d+), '\1[FILTERED]').
-          gsub(%r((card\[swipe_data\]=)[^&]+(&?)), '\1[FILTERED]\2')
+          gsub(%r(((\[card\]|card)\[cryptogram\]=)[^&]+(&?)), '\1[FILTERED]\3').
+          gsub(%r(((\[card\]|card)\[cvc\]=)\d+), '\1[FILTERED]').
+          gsub(%r(((\[card\]|card)\[emv_approval_data\]=)[^&]+(&?)), '\1[FILTERED]\3').
+          gsub(%r(((\[card\]|card)\[emv_auth_data\]=)[^&]+(&?)), '\1[FILTERED]\3').
+          gsub(%r(((\[card\]|card)\[encrypted_pin\]=)[^&]+(&?)), '\1[FILTERED]\3').
+          gsub(%r(((\[card\]|card)\[encrypted_pin_key_id\]=)[\w=]+(&?)), '\1[FILTERED]\3').
+          gsub(%r(((\[card\]|card)\[number\]=)\d+), '\1[FILTERED]').
+          gsub(%r(((\[card\]|card)\[swipe_data\]=)[^&]+(&?)), '\1[FILTERED]\3')
       end
 
       def supports_network_tokenization?

data/lib/active_merchant/billing/gateways/stripe_payment_intents.rb

@@ -30,6 +30,8 @@ module ActiveMerchant #:nodoc:
         add_shipping_address(post, options)
         setup_future_usage(post, options)
         add_exemption(post, options)
+        add_stored_credentials(post, options)
+        add_ntid(post, options)
         add_error_on_requires_action(post, options)
         request_three_d_secure(post, options)
 
@@ -56,16 +58,22 @@ module ActiveMerchant #:nodoc:
       end
 
       def create_payment_method(payment_method, options = {})
-        post = {}
-        post[:type] = 'card'
-        post[:card] = {}
-        post[:card][:number] = payment_method.number
-        post[:card][:exp_month] = payment_method.month
-        post[:card][:exp_year] = payment_method.year
-        post[:card][:cvc] = payment_method.verification_value if payment_method.verification_value
-        add_billing_address(post, options)
+        post_data = create_payment_method_data(payment_method, options)
+
         options = format_idempotency_key(options, 'pm')
-        commit(:post, 'payment_methods', post, options)
+        commit(:post, 'payment_methods', post_data, options)
+      end
+
+      def create_payment_method_data(payment_method, options = {})
+        post_data = {}
+        post_data[:type] = 'card'
+        post_data[:card] = {}
+        post_data[:card][:number] = payment_method.number
+        post_data[:card][:exp_month] = payment_method.month
+        post_data[:card][:exp_year] = payment_method.year
+        post_data[:card][:cvc] = payment_method.verification_value if payment_method.verification_value
+        add_billing_address(post_data, options)
+        post_data
       end
 
       def update_intent(money, intent_id, payment_method, options = {})
@@ -102,6 +110,17 @@ module ActiveMerchant #:nodoc:
         commit(:post, 'setup_intents', post, options)
       end
 
+      def retrieve_setup_intent(setup_intent_id)
+        # Retrieving a setup_intent passing 'expand[]=latest_attempt' allows the caller to
+        # check for a network_transaction_id and ds_transaction_id
+        # eg (latest_attempt -> payment_method_details -> card -> network_transaction_id)
+        #
+        # Being able to retrieve these fields enables payment flows that rely on MIT exemptions, e.g: off_session
+        commit(:post, "setup_intents/#{setup_intent_id}", {
+          'expand[]': 'latest_attempt'
+        }, {})
+      end
+
       def authorize(money, payment_method, options = {})
         create_intent(money, payment_method, options.merge!(confirm: true, capture_method: 'manual'))
       end
@@ -165,7 +184,6 @@ module ActiveMerchant #:nodoc:
           if options[:customer]
             customer_id = options[:customer]
           else
-            post[:validate] = options[:validate] unless options[:validate].nil?
             post[:description] = options[:description] if options[:description]
             post[:email] = options[:email] if options[:email]
             options = format_idempotency_key(options, 'customer')
@@ -173,7 +191,9 @@ module ActiveMerchant #:nodoc:
             customer_id = customer.params['id']
           end
           options = format_idempotency_key(options, 'attach')
-          commit(:post, "payment_methods/#{params[:payment_method]}/attach", { customer: customer_id }, options)
+          attach_parameters = { customer: customer_id }
+          attach_parameters[:validate] = options[:validate] unless options[:validate].nil?
+          commit(:post, "payment_methods/#{params[:payment_method]}/attach", attach_parameters, options)
         else
           super(payment_method, options)
         end
@@ -194,6 +214,10 @@ module ActiveMerchant #:nodoc:
 
       private
 
+      def off_session_request?(options = {})
+        (options[:off_session] || options[:setup_future_usage]) && options[:confirm] == true
+      end
+
       def add_connected_account(post, options = {})
         super(post, options)
         post[:application_fee_amount] = options[:application_fee] if options[:application_fee]
@@ -201,25 +225,21 @@ module ActiveMerchant #:nodoc:
 
       def add_whitelisted_attribute(post, options, attribute)
         post[attribute] = options[attribute] if options[attribute]
-        post
       end
 
       def add_capture_method(post, options)
         capture_method = options[:capture_method].to_s
         post[:capture_method] = capture_method if ALLOWED_METHOD_STATES.include?(capture_method)
-        post
       end
 
       def add_confirmation_method(post, options)
         confirmation_method = options[:confirmation_method].to_s
         post[:confirmation_method] = confirmation_method if ALLOWED_METHOD_STATES.include?(confirmation_method)
-        post
       end
 
       def add_customer(post, options)
         customer = options[:customer].to_s
         post[:customer] = customer if customer.start_with?('cus_')
-        post
       end
 
       def add_return_url(post, options)
@@ -227,22 +247,27 @@ module ActiveMerchant #:nodoc:
 
         post[:confirm] = options[:confirm]
         post[:return_url] = options[:return_url] if options[:return_url]
-        post
       end
 
       def add_payment_method_token(post, payment_method, options)
         return if payment_method.nil?
 
         if payment_method.is_a?(ActiveMerchant::Billing::CreditCard)
-          p = create_payment_method(payment_method, options)
-          return p unless p.success?
+          if off_session_request?(options)
+            post[:payment_method_data] = create_payment_method_data(payment_method, options)
+            return
+          else
+            p = create_payment_method(payment_method, options)
+            return p unless p.success?
 
-          payment_method = p.params['id']
+            payment_method = p.params['id']
+          end
         end
 
-        if payment_method.is_a?(StripePaymentToken)
+        case payment_method
+        when StripePaymentToken
           post[:payment_method] = payment_method.payment_data['id']
-        elsif payment_method.is_a?(String)
+        when String
           if payment_method.include?('|')
             customer_id, payment_method_id = payment_method.split('|')
             token = payment_method_id
@@ -252,6 +277,8 @@ module ActiveMerchant #:nodoc:
           end
           post[:payment_method] = token
         end
+
+        post
       end
 
       def add_payment_method_types(post, options)
@@ -259,7 +286,6 @@ module ActiveMerchant #:nodoc:
         return if payment_method_types.nil?
 
         post[:payment_method_types] = Array(payment_method_types)
-        post
       end
 
       def add_exemption(post, options = {})
@@ -270,6 +296,36 @@ module ActiveMerchant #:nodoc:
         post[:payment_method_options][:card][:moto] = true if options[:moto]
       end
 
+      # Stripe Payment Intents does not pass any parameters for cardholder/merchant initiated
+      # it also does not support installments for any country other than Mexico (reason for this is unknown)
+      # The only thing that Stripe PI requires for stored credentials to work currently is the network_transaction_id
+      # network_transaction_id is created when the card is authenticated using the field `setup_for_future_usage` with the value `off_session` see def setup_future_usage below
+
+      def add_stored_credentials(post, options = {})
+        return unless options[:stored_credential] && !options[:stored_credential].values.all?(&:nil?)
+
+        stored_credential = options[:stored_credential]
+        post[:payment_method_options] ||= {}
+        post[:payment_method_options][:card] ||= {}
+        post[:payment_method_options][:card][:mit_exemption] = {}
+
+        # Stripe PI accepts network_transaction_id and ds_transaction_id via mit field under card.
+        # The network_transaction_id can be sent in nested under stored credentials OR as its own field (add_ntid handles when it is sent in on its own)
+        # If it is sent is as its own field AND under stored credentials, the value sent under its own field is what will send.
+        post[:payment_method_options][:card][:mit_exemption][:ds_transaction_id] = stored_credential[:ds_transaction_id] if stored_credential[:ds_transaction_id]
+        post[:payment_method_options][:card][:mit_exemption][:network_transaction_id] = stored_credential[:network_transaction_id] if stored_credential[:network_transaction_id]
+      end
+
+      def add_ntid(post, options = {})
+        return unless options[:network_transaction_id]
+
+        post[:payment_method_options] ||= {}
+        post[:payment_method_options][:card] ||= {}
+        post[:payment_method_options][:card][:mit_exemption] = {}
+
+        post[:payment_method_options][:card][:mit_exemption][:network_transaction_id] = options[:network_transaction_id] if options[:network_transaction_id]
+      end
+
       def add_error_on_requires_action(post, options = {})
         return unless options[:confirm]
 
@@ -299,7 +355,7 @@ module ActiveMerchant #:nodoc:
 
       def setup_future_usage(post, options = {})
         post[:setup_future_usage] = options[:setup_future_usage] if %w(on_session off_session).include?(options[:setup_future_usage])
-        post[:off_session] = options[:off_session] if options[:off_session] && options[:confirm] == true
+        post[:off_session] = options[:off_session] if off_session_request?(options)
         post
       end
 
@@ -317,7 +373,6 @@ module ActiveMerchant #:nodoc:
         post[:billing_details][:email] = billing[:email] if billing[:email]
         post[:billing_details][:name] = billing[:name] if billing[:name]
         post[:billing_details][:phone] = billing[:phone] if billing[:phone]
-        post
       end
 
       def add_shipping_address(post, options = {})
@@ -336,7 +391,6 @@ module ActiveMerchant #:nodoc:
         post[:shipping][:carrier] = shipping[:carrier] if shipping[:carrier]
         post[:shipping][:phone] = shipping[:phone] if shipping[:phone]
         post[:shipping][:tracking_number] = shipping[:tracking_number] if shipping[:tracking_number]
-        post
       end
 
       def format_idempotency_key(options, suffix)

data/lib/active_merchant/billing/gateways/usa_epay_transaction.rb

@@ -343,7 +343,7 @@ module ActiveMerchant #:nodoc:
         parameters[:software] = 'Active Merchant'
         parameters[:testmode] = (@options[:test] ? 1 : 0) unless parameters.has_key?(:testmode)
         seed = SecureRandom.hex(32).upcase
-        hash = Digest::SHA1.hexdigest("#{parameters[:command]}:#{@options[:password]}:#{parameters[:amount]}:#{parameters[:invoice]}:#{seed}")
+        hash = Digest::SHA1.hexdigest("#{parameters[:command]}:#{@options[:pin] || @options[:password]}:#{parameters[:amount]}:#{parameters[:invoice]}:#{seed}")
         parameters[:hash] = "s/#{seed}/#{hash}/n"
 
         parameters.collect { |key, value| "UM#{key}=#{CGI.escape(value.to_s)}" }.join('&')

data/lib/active_merchant/billing/gateways/vpos.rb

@@ -0,0 +1,220 @@
+require 'digest'
+require 'jwe'
+
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class VposGateway < Gateway
+      self.test_url = 'https://vpos.infonet.com.py:8888'
+      self.live_url = 'https://vpos.infonet.com.py'
+
+      self.supported_countries = ['PY']
+      self.default_currency = 'PYG'
+      self.supported_cardtypes = %i[visa master]
+
+      self.homepage_url = 'https://comercios.bancard.com.py'
+      self.display_name = 'vPOS'
+
+      self.money_format = :dollars
+
+      ENDPOINTS = {
+        pci_encryption_key: '/vpos/api/0.3/application/encryption-key',
+        pay_pci_buy_encrypted: '/vpos/api/0.3/pci/encrypted',
+        pci_buy_rollback: '/vpos/api/0.3/pci_buy/rollback',
+        refund: '/vpos/api/0.3/refunds'
+      }
+
+      def initialize(options = {})
+        requires!(options, :private_key, :public_key)
+        @private_key = options[:private_key]
+        @public_key = options[:public_key]
+        @shop_process_id = options[:shop_process_id] || SecureRandom.random_number(10**15)
+        super
+      end
+
+      def purchase(money, payment, options = {})
+        commerce = options[:commerce] || @options[:commerce]
+        commerce_branch = options[:commerce_branch] || @options[:commerce_branch]
+        shop_process_id = options[:shop_process_id] || @shop_process_id
+
+        token = generate_token(shop_process_id, 'pay_pci', commerce, commerce_branch, amount(money), currency(money))
+
+        post = {}
+        post[:token] = token
+        post[:commerce] = commerce.to_s
+        post[:commerce_branch] = commerce_branch.to_s
+        post[:shop_process_id] = shop_process_id
+        post[:number_of_payments] = options[:number_of_payments] || 1
+        post[:recursive] = options[:recursive] || false
+
+        add_invoice(post, money, options)
+        add_card_data(post, payment)
+        add_customer_data(post, options)
+
+        commit(:pay_pci_buy_encrypted, post)
+      end
+
+      def void(authorization, options = {})
+        _, shop_process_id = authorization.to_s.split('#')
+        token = generate_token(shop_process_id, 'rollback', '0.00')
+        post = {
+          token: token,
+          shop_process_id: shop_process_id
+        }
+        commit(:pci_buy_rollback, post)
+      end
+
+      def credit(money, payment, options = {})
+        # Not permitted for foreign cards.
+        commerce = options[:commerce] || @options[:commerce]
+        commerce_branch = options[:commerce_branch] || @options[:commerce_branch]
+
+        token = generate_token(@shop_process_id, 'refund', commerce, commerce_branch, amount(money), currency(money))
+        post = {}
+        post[:token] = token
+        post[:commerce] = commerce.to_i
+        post[:commerce_branch] = commerce_branch.to_i
+        post[:shop_process_id] = @shop_process_id
+        add_invoice(post, money, options)
+        add_card_data(post, payment)
+        add_customer_data(post, options)
+        post[:origin_shop_process_id] = options[:original_shop_process_id] if options[:original_shop_process_id]
+        commit(:refund, post)
+      end
+
+      def refund(money, authorization, options = {})
+        commerce = options[:commerce] || @options[:commerce]
+        commerce_branch = options[:commerce_branch] || @options[:commerce_branch]
+        shop_process_id = options[:shop_process_id] || @shop_process_id
+        _, original_shop_process_id = authorization.to_s.split('#')
+
+        token = generate_token(shop_process_id, 'refund', commerce, commerce_branch, amount(money), currency(money))
+        post = {}
+        post[:token] = token
+        post[:commerce] = commerce.to_i
+        post[:commerce_branch] = commerce_branch.to_i
+        post[:shop_process_id] = shop_process_id
+        add_invoice(post, money, options)
+        add_customer_data(post, options)
+        post[:origin_shop_process_id] = original_shop_process_id || options[:original_shop_process_id]
+        commit(:refund, post)
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        clean_transcript = remove_invalid_utf_8_byte_sequences(transcript)
+        clean_transcript.
+          gsub(/(token\\":\\")[.\-\w]+/, '\1[FILTERED]').
+          gsub(/(card_encrypted_data\\":\\")[.\-\w]+/, '\1[FILTERED]')
+      end
+
+      def remove_invalid_utf_8_byte_sequences(transcript)
+        transcript.encode('UTF-8', 'binary', undef: :replace, replace: '')
+      end
+
+      private
+
+      # Required to encrypt PAN data.
+      def one_time_public_key
+        token = generate_token('get_encription_public_key', @public_key)
+        response = commit(:pci_encryption_key, token: token)
+        OpenSSL::PKey::RSA.new(response.params['encryption_key'])
+      end
+
+      def generate_token(*elements)
+        Digest::MD5.hexdigest(@private_key + elements.join)
+      end
+
+      def add_invoice(post, money, options)
+        post[:amount] = amount(money)
+        post[:currency] = options[:currency] || currency(money)
+      end
+
+      def add_card_data(post, payment)
+        card_number = payment.number
+        cvv = payment.verification_value
+
+        payload = { card_number: card_number, 'cvv': cvv }.to_json
+
+        post[:card_encrypted_data] = JWE.encrypt(payload, one_time_public_key)
+        post[:card_month_expiration] = format(payment.month, :two_digits)
+        post[:card_year_expiration] = format(payment.year, :two_digits)
+      end
+
+      def add_customer_data(post, options)
+        post[:additional_data] = options[:additional_data] || '' # must be passed even if empty
+      end
+
+      def parse(body)
+        JSON.parse(body)
+      end
+
+      def commit(action, parameters)
+        url = build_request_url(action)
+        begin
+          response = parse(ssl_post(url, post_data(parameters)))
+        rescue ResponseError => response
+          # Errors are returned with helpful data,
+          # but get filtered out by `ssl_post` because of their HTTP status.
+          response = parse(response.response.body)
+        end
+
+        Response.new(
+          success_from(response),
+          message_from(response),
+          response,
+          authorization: authorization_from(response),
+          avs_result: nil,
+          cvv_result: nil,
+          test: test?,
+          error_code: error_code_from(response)
+        )
+      end
+
+      def success_from(response)
+        if code = response.dig('confirmation', 'response_code')
+          code == '00'
+        else
+          response['status'] == 'success'
+        end
+      end
+
+      def message_from(response)
+        %w(confirmation refund).each do |m|
+          message =
+            response.dig(m, 'extended_response_description') ||
+            response.dig(m, 'response_description') ||
+            response.dig(m, 'response_details')
+          return message if message
+        end
+        [response.dig('messages', 0, 'key'), response.dig('messages', 0, 'dsc')].join(':')
+      end
+
+      def authorization_from(response)
+        response_body = response.dig('confirmation') || response.dig('refund')
+        return unless response_body
+
+        authorization_number = response_body.dig('authorization_number') || response_body.dig('authorization_code')
+        shop_process_id = response_body.dig('shop_process_id')
+
+        "#{authorization_number}##{shop_process_id}"
+      end
+
+      def error_code_from(response)
+        response.dig('confirmation', 'response_code') unless success_from(response)
+      end
+
+      def build_request_url(action)
+        base_url = (test? ? test_url : live_url)
+        base_url + ENDPOINTS[action]
+      end
+
+      def post_data(data)
+        { public_key: @public_key,
+          operation: data }.compact.to_json
+      end
+    end
+  end
+end