activemerchant 1.119.0 → 1.124.0

data/lib/active_merchant/billing/gateways/global_collect.rb

@@ -1,10 +1,13 @@
 module ActiveMerchant #:nodoc:
   module Billing #:nodoc:
     class GlobalCollectGateway < Gateway
+      class_attribute :preproduction_url
+
       self.display_name = 'GlobalCollect'
       self.homepage_url = 'http://www.globalcollect.com/'
 
       self.test_url = 'https://eu.sandbox.api-ingenico.com'
+      self.preproduction_url = 'https://world.preprod.api-ingenico.com'
       self.live_url = 'https://api.globalcollect.com'
 
       self.supported_countries = %w[AD AE AG AI AL AM AO AR AS AT AU AW AX AZ BA BB BD BE BF BG BH BI BJ BL BM BN BO BQ BR BS BT BW BY BZ CA CC CD CF CH CI CK CL CM CN CO CR CU CV CW CX CY CZ DE DJ DK DM DO DZ EC EE EG ER ES ET FI FJ FK FM FO FR GA GB GD GE GF GH GI GL GM GN GP GQ GR GS GT GU GW GY HK HN HR HT HU ID IE IL IM IN IS IT JM JO JP KE KG KH KI KM KN KR KW KY KZ LA LB LC LI LK LR LS LT LU LV MA MC MD ME MF MG MH MK MM MN MO MP MQ MR MS MT MU MV MW MX MY MZ NA NC NE NG NI NL NO NP NR NU NZ OM PA PE PF PG PH PL PN PS PT PW QA RE RO RS RU RW SA SB SC SE SG SH SI SJ SK SL SM SN SR ST SV SZ TC TD TG TH TJ TL TM TN TO TR TT TV TW TZ UA UG US UY UZ VC VE VG VI VN WF WS ZA ZM ZW]
@@ -33,7 +36,7 @@ module ActiveMerchant #:nodoc:
         add_creator_info(post, options)
         add_fraud_fields(post, options)
         add_external_cardholder_authentication_data(post, options)
-        commit(:authorize, post)
+        commit(:authorize, post, options: options)
       end
 
       def capture(money, authorization, options = {})
@@ -41,7 +44,7 @@ module ActiveMerchant #:nodoc:
         add_order(post, money, options, capture: true)
         add_customer_data(post, options)
         add_creator_info(post, options)
-        commit(:capture, post, authorization)
+        commit(:capture, post, authorization: authorization)
       end
 
       def refund(money, authorization, options = {})
@@ -49,13 +52,13 @@ module ActiveMerchant #:nodoc:
         add_amount(post, money, options)
         add_refund_customer_data(post, options)
         add_creator_info(post, options)
-        commit(:refund, post, authorization)
+        commit(:refund, post, authorization: authorization)
       end
 
       def void(authorization, options = {})
         post = nestable_hash
         add_creator_info(post, options)
-        commit(:void, post, authorization)
+        commit(:void, post, authorization: authorization)
       end
 
       def verify(payment, options = {})
@@ -260,6 +263,8 @@ module ActiveMerchant #:nodoc:
       end
 
       def url(action, authorization)
+        return preproduction_url + uri(action, authorization) if @options[:url_override].to_s == 'preproduction'
+
         (test? ? test_url : live_url) + uri(action, authorization)
       end
 
@@ -277,9 +282,13 @@ module ActiveMerchant #:nodoc:
         end
       end
 
-      def commit(action, post, authorization = nil)
+      def idempotency_key_for_signature(options)
+        "x-gcs-idempotence-key:#{options[:idempotency_key]}" if options[:idempotency_key]
+      end
+
+      def commit(action, post, authorization: nil, options: {})
         begin
-          raw_response = ssl_post(url(action, authorization), post.to_json, headers(action, post, authorization))
+          raw_response = ssl_post(url(action, authorization), post.to_json, headers(action, post, authorization, options))
           response = parse(raw_response)
         rescue ResponseError => e
           response = parse(e.response.body) if e.response.code.to_i >= 400
@@ -306,21 +315,26 @@ module ActiveMerchant #:nodoc:
         }
       end
 
-      def headers(action, post, authorization = nil)
-        {
+      def headers(action, post, authorization = nil, options = {})
+        headers = {
           'Content-Type' => content_type,
-          'Authorization' => auth_digest(action, post, authorization),
+          'Authorization' => auth_digest(action, post, authorization, options),
           'Date' => date
         }
+
+        headers['X-GCS-Idempotence-Key'] = options[:idempotency_key] if options[:idempotency_key]
+        headers
       end
 
-      def auth_digest(action, post, authorization = nil)
+      def auth_digest(action, post, authorization = nil, options = {})
         data = <<~REQUEST
           POST
           #{content_type}
           #{date}
+          #{idempotency_key_for_signature(options)}
           #{uri(action, authorization)}
         REQUEST
+        data = data.each_line.reject { |line| line.strip == '' }.join
         digest = OpenSSL::Digest.new('sha256')
         key = @options[:secret_api_key]
         "GCS v1HMAC:#{@options[:api_key_id]}:#{Base64.strict_encode64(OpenSSL::HMAC.digest(digest, key, data))}"

data/lib/active_merchant/billing/gateways/hps.rb

@@ -39,6 +39,7 @@ module ActiveMerchant #:nodoc:
           add_descriptor_name(xml, options)
           add_card_or_token_payment(xml, card_or_token, options)
           add_three_d_secure(xml, card_or_token, options)
+          add_stored_credentials(xml, options)
         end
       end
 
@@ -52,6 +53,8 @@ module ActiveMerchant #:nodoc:
       def purchase(money, payment_method, options = {})
         if payment_method.is_a?(Check)
           commit_check_sale(money, payment_method, options)
+        elsif options.dig(:stored_credential, :reason_type) == 'recurring'
+          commit_recurring_billing_sale(money, payment_method, options)
         else
           commit_credit_sale(money, payment_method, options)
         end
@@ -131,6 +134,21 @@ module ActiveMerchant #:nodoc:
           add_descriptor_name(xml, options)
           add_card_or_token_payment(xml, card_or_token, options)
           add_three_d_secure(xml, card_or_token, options)
+          add_stored_credentials(xml, options)
+        end
+      end
+
+      def commit_recurring_billing_sale(money, card_or_token, options)
+        commit('RecurringBilling') do |xml|
+          add_amount(xml, money)
+          add_allow_dup(xml)
+          add_card_or_token_customer_data(xml, card_or_token, options)
+          add_details(xml, options)
+          add_descriptor_name(xml, options)
+          add_card_or_token_payment(xml, card_or_token, options)
+          add_three_d_secure(xml, card_or_token, options)
+          add_stored_credentials(xml, options)
+          add_stored_credentials_for_recurring_billing(xml, options)
         end
       end
 
@@ -157,7 +175,7 @@ module ActiveMerchant #:nodoc:
             xml.hps :CardHolderAddr, billing_address[:address1] if billing_address[:address1]
             xml.hps :CardHolderCity, billing_address[:city] if billing_address[:city]
             xml.hps :CardHolderState, billing_address[:state] if billing_address[:state]
-            xml.hps :CardHolderZip, billing_address[:zip] if billing_address[:zip]
+            xml.hps :CardHolderZip, alphanumeric_zip(billing_address[:zip]) if billing_address[:zip]
           end
         end
       end
@@ -265,6 +283,38 @@ module ActiveMerchant #:nodoc:
         end
       end
 
+      # We do not currently support installments on this gateway.
+      # The HPS gateway treats recurring transactions as a seperate transaction type
+      def add_stored_credentials(xml, options)
+        return unless options[:stored_credential]
+
+        xml.hps :CardOnFileData do
+          if options[:stored_credential][:initiator] == 'customer'
+            xml.hps :CardOnFile, 'C'
+          elsif options[:stored_credential][:initiator] == 'merchant'
+            xml.hps :CardOnFile, 'M'
+          else
+            return
+          end
+
+          if options[:stored_credential][:network_transaction_id]
+            xml.hps :CardBrandTxnId, options[:stored_credential][:network_transaction_id]
+          else
+            return
+          end
+        end
+      end
+
+      def add_stored_credentials_for_recurring_billing(xml, options)
+        xml.hps :RecurringData do
+          if options[:stored_credential][:reason_type] = 'recurring'
+            xml.hps :OneTime, 'N'
+          else
+            xml.hps :OneTime, 'Y'
+          end
+        end
+      end
+
       def strip_leading_zero(value)
         return value unless value[0] == '0'
 
@@ -389,6 +439,10 @@ module ActiveMerchant #:nodoc:
         @options[:secret_api_key]&.include?('_cert_')
       end
 
+      def alphanumeric_zip(zip)
+        zip.gsub(/[^0-9a-z]/i, '')
+      end
+
       ISSUER_MESSAGES = {
         '13' => 'Must be greater than or equal 0.',
         '14' => 'The card number is incorrect.',

data/lib/active_merchant/billing/gateways/kushki.rb

@@ -37,6 +37,7 @@ module ActiveMerchant #:nodoc:
         post = {}
         post[:ticketNumber] = authorization
         add_invoice(action, post, amount, options)
+        add_full_response(post, options)
 
         commit(action, post)
       end
@@ -46,6 +47,7 @@ module ActiveMerchant #:nodoc:
 
         post = {}
         post[:ticketNumber] = authorization
+        add_full_response(post, options)
 
         commit(action, post)
       end
@@ -55,6 +57,7 @@ module ActiveMerchant #:nodoc:
 
         post = {}
         post[:ticketNumber] = authorization
+        add_full_response(post, options)
 
         commit(action, post)
       end
@@ -78,6 +81,7 @@ module ActiveMerchant #:nodoc:
         post = {}
         add_invoice(action, post, amount, options)
         add_payment_method(post, payment_method, options)
+        add_full_response(post, options)
 
         commit(action, post)
       end
@@ -88,6 +92,8 @@ module ActiveMerchant #:nodoc:
         post = {}
         add_reference(post, authorization, options)
         add_invoice(action, post, amount, options)
+        add_contact_details(post, options[:contact_details]) if options[:contact_details]
+        add_full_response(post, options)
 
         commit(action, post)
       end
@@ -98,6 +104,7 @@ module ActiveMerchant #:nodoc:
         post = {}
         add_reference(post, authorization, options)
         add_invoice(action, post, amount, options)
+        add_full_response(post, options)
 
         commit(action, post)
       end
@@ -154,6 +161,22 @@ module ActiveMerchant #:nodoc:
         post[:token] = authorization
       end
 
+      def add_contact_details(post, contact_details_options)
+        contact_details = {}
+        contact_details[:documentType] = contact_details_options[:document_type] if contact_details_options[:document_type]
+        contact_details[:documentNumber] = contact_details_options[:document_number] if contact_details_options[:document_number]
+        contact_details[:email] = contact_details_options[:email] if contact_details_options[:email]
+        contact_details[:firstName] = contact_details_options[:first_name] if contact_details_options[:first_name]
+        contact_details[:lastName] = contact_details_options[:last_name] if contact_details_options[:last_name]
+        contact_details[:secondLastName] = contact_details_options[:second_last_name] if contact_details_options[:second_last_name]
+        contact_details[:phoneNumber] = contact_details_options[:phone_number] if contact_details_options[:phone_number]
+        post[:contactDetails] = contact_details
+      end
+
+      def add_full_response(post, options)
+        post[:fullResponse] = options[:full_response].to_s.casecmp('true').zero? if options[:full_response]
+      end
+
       ENDPOINT = {
         'tokenize' => 'tokens',
         'charge' => 'charges',

data/lib/active_merchant/billing/gateways/litle.rb

@@ -494,7 +494,7 @@ module ActiveMerchant #:nodoc:
         attributes = {}
         attributes[:id] = truncate(options[:id] || options[:order_id], 24)
         attributes[:reportGroup] = options[:merchant] || 'Default Report Group'
-        attributes[:customerId] = options[:customer]
+        attributes[:customerId] = options[:customer_id]
         attributes.delete_if { |_key, value| value == nil }
         attributes
       end

data/lib/active_merchant/billing/gateways/mercado_pago.rb

@@ -4,7 +4,7 @@ module ActiveMerchant #:nodoc:
       self.live_url = self.test_url = 'https://api.mercadopago.com/v1'
 
       self.supported_countries = %w[AR BR CL CO MX PE UY]
-      self.supported_cardtypes = %i[visa master american_express elo cabal naranja]
+      self.supported_cardtypes = %i[visa master american_express elo cabal naranja creditel]
 
       self.homepage_url = 'https://www.mercadopago.com/'
       self.display_name = 'Mercado Pago'
@@ -105,7 +105,7 @@ module ActiveMerchant #:nodoc:
 
       def authorize_request(money, payment, options = {})
         post = purchase_request(money, payment, options)
-        post[:capture] = false
+        post[:capture] = options[:capture] || false
         post
       end
 
@@ -129,6 +129,7 @@ module ActiveMerchant #:nodoc:
 
       def add_additional_data(post, options)
         post[:sponsor_id] = options[:sponsor_id]
+        post[:metadata] = options[:metadata] if options[:metadata]
         post[:device_id] = options[:device_id] if options[:device_id]
         post[:additional_info] = {
           ip_address: options[:ip_address]
@@ -143,7 +144,7 @@ module ActiveMerchant #:nodoc:
           email: options[:email],
           first_name: payment.first_name,
           last_name: payment.last_name
-        }
+        }.merge(options[:payer] || {})
       end
 
       def add_address(post, options)
@@ -191,7 +192,7 @@ module ActiveMerchant #:nodoc:
         post[:description] = options[:description]
         post[:installments] = options[:installments] ? options[:installments].to_i : 1
         post[:statement_descriptor] = options[:statement_descriptor] if options[:statement_descriptor]
-        post[:external_reference] = options[:order_id] || SecureRandom.hex(16)
+        post[:external_reference] = options[:order_id] || options[:external_reference] || SecureRandom.hex(16)
       end
 
       def add_payment(post, options)

data/lib/active_merchant/billing/gateways/merchant_warrior.rb

@@ -187,6 +187,8 @@ module ActiveMerchant #:nodoc:
       def parse(body)
         xml = REXML::Document.new(body)
 
+        return { response_message: 'Invalid gateway response' } unless xml.root.present?
+
         response = {}
         xml.root.elements.to_a.each do |node|
           parse_element(response, node)

data/lib/active_merchant/billing/gateways/mit.rb

@@ -0,0 +1,260 @@
+require 'json'
+require 'openssl'
+require 'digest'
+require 'base64'
+
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class MitGateway < Gateway
+      self.live_url = 'https://wpy.mitec.com.mx/ModuloUtilWS/activeCDP.htm'
+
+      self.supported_countries = ['MX']
+      self.default_currency = 'MXN'
+      self.supported_cardtypes = %i[visa master]
+
+      self.homepage_url = 'http://www.centrodepagos.com.mx/'
+      self.display_name = 'MIT Centro de pagos'
+
+      self.money_format = :dollars
+
+      def initialize(options = {})
+        requires!(options, :commerce_id, :user, :api_key, :key_session)
+        super
+      end
+
+      def purchase(money, payment, options = {})
+        MultiResponse.run do |r|
+          r.process { authorize(money, payment, options) }
+          r.process { capture(money, r.authorization, options) }
+        end
+      end
+
+      def cipher_key
+        @options[:key_session]
+      end
+
+      def decrypt(val, keyinhex)
+        # Splits the first 16 bytes (the IV bytes) in array format
+        unpacked = val.unpack('m')
+        iv_base64 = unpacked[0].bytes.slice(0, 16)
+        # Splits the second bytes (the encrypted text bytes) these would be the
+        # original message
+        full_data = unpacked[0].bytes.slice(16, unpacked[0].bytes.length)
+        # Creates the engine
+        engine = OpenSSL::Cipher::AES128.new(:CBC)
+        # Set engine as decrypt mode
+        engine.decrypt
+        # Converts the key from hex to bytes
+        engine.key = [keyinhex].pack('H*')
+        # Converts the ivBase64 array into bytes
+        engine.iv = iv_base64.pack('c*')
+        # Decrypts the texts and returns the original string
+        engine.update(full_data.pack('c*')) + engine.final
+      end
+
+      def encrypt(val, keyinhex)
+        # Creates the engine motor
+        engine = OpenSSL::Cipher::AES128.new(:CBC)
+        # Set engine as encrypt mode
+        engine.encrypt
+        # Converts the key from hex to bytes
+        engine.key = [keyinhex].pack('H*')
+        # Generates a random iv with this settings
+        iv_rand = engine.random_iv
+        # Packs IV as a Base64 string
+        iv_base64 = [iv_rand].pack('m')
+        # Converts the packed key into bytes
+        unpacked = iv_base64.unpack('m')
+        iv = unpacked[0]
+        # Sets the IV into the engine
+        engine.iv = iv
+        # Encrypts the texts and stores the bytes
+        encrypted_bytes = engine.update(val) + engine.final
+        # Concatenates the (a) IV bytes and (b) the encrypted bytes then returns a
+        # base64 representation
+        [iv << encrypted_bytes].pack('m')
+      end
+
+      def authorize(money, payment, options = {})
+        post = {
+          operation: 'Authorize',
+          commerce_id: @options[:commerce_id],
+          user: @options[:user],
+          apikey: @options[:api_key],
+          testMode: (test? ? 'YES' : 'NO')
+        }
+        add_invoice(post, money, options)
+        # Payments contains the card information
+        add_payment(post, payment)
+        add_customer_data(post, options)
+        post[:key_session] = @options[:key_session]
+
+        post_to_json = post.to_json
+        post_to_json_encrypt = encrypt(post_to_json, @options[:key_session])
+
+        final_post = '<authorization>' + post_to_json_encrypt + '</authorization><dataID>' + @options[:user] + '</dataID>'
+        json_post = {}
+        json_post[:payload] = final_post
+        commit('sale', json_post)
+      end
+
+      def capture(money, authorization, options = {})
+        post = {
+          operation: 'Capture',
+          commerce_id: @options[:commerce_id],
+          user: @options[:user],
+          apikey: @options[:api_key],
+          testMode: (test? ? 'YES' : 'NO'),
+          transaction_id: authorization,
+          amount: amount(money)
+        }
+        post[:key_session] = @options[:key_session]
+
+        post_to_json = post.to_json
+        post_to_json_encrypt = encrypt(post_to_json, @options[:key_session])
+
+        final_post = '<capture>' + post_to_json_encrypt + '</capture><dataID>' + @options[:user] + '</dataID>'
+        json_post = {}
+        json_post[:payload] = final_post
+        commit('capture', json_post)
+      end
+
+      def refund(money, authorization, options = {})
+        post = {
+          operation: 'Refund',
+          commerce_id: @options[:commerce_id],
+          user: @options[:user],
+          apikey: @options[:api_key],
+          testMode: (test? ? 'YES' : 'NO'),
+          transaction_id: authorization,
+          auth: authorization,
+          amount: amount(money)
+        }
+        post[:key_session] = @options[:key_session]
+
+        post_to_json = post.to_json
+        post_to_json_encrypt = encrypt(post_to_json, @options[:key_session])
+
+        final_post = '<refund>' + post_to_json_encrypt + '</refund><dataID>' + @options[:user] + '</dataID>'
+        json_post = {}
+        json_post[:payload] = final_post
+        commit('refund', json_post)
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        ret_transcript = transcript
+        auth_origin = ret_transcript[/<authorization>(.*?)<\/authorization>/, 1]
+        unless auth_origin.nil?
+          auth_decrypted = decrypt(auth_origin, @options[:key_session])
+          auth_json = JSON.parse(auth_decrypted)
+          auth_json['card'] = '[FILTERED]'
+          auth_json['cvv'] = '[FILTERED]'
+          auth_json['apikey'] = '[FILTERED]'
+          auth_json['key_session'] = '[FILTERED]'
+          auth_to_json = auth_json.to_json
+          auth_tagged = '<authorization>' + auth_to_json + '</authorization>'
+          ret_transcript = ret_transcript.gsub(/<authorization>(.*?)<\/authorization>/, auth_tagged)
+        end
+
+        cap_origin = ret_transcript[/<capture>(.*?)<\/capture>/, 1]
+        unless cap_origin.nil?
+          cap_decrypted = decrypt(cap_origin, @options[:key_session])
+          cap_json = JSON.parse(cap_decrypted)
+          cap_json['apikey'] = '[FILTERED]'
+          cap_json['key_session'] = '[FILTERED]'
+          cap_to_json = cap_json.to_json
+          cap_tagged = '<capture>' + cap_to_json + '</capture>'
+          ret_transcript = ret_transcript.gsub(/<capture>(.*?)<\/capture>/, cap_tagged)
+        end
+
+        ref_origin = ret_transcript[/<refund>(.*?)<\/refund>/, 1]
+        unless ref_origin.nil?
+          ref_decrypted = decrypt(ref_origin, @options[:key_session])
+          ref_json = JSON.parse(ref_decrypted)
+          ref_json['apikey'] = '[FILTERED]'
+          ref_json['key_session'] = '[FILTERED]'
+          ref_to_json = ref_json.to_json
+          ref_tagged = '<refund>' + ref_to_json + '</refund>'
+          ret_transcript = ret_transcript.gsub(/<refund>(.*?)<\/refund>/, ref_tagged)
+        end
+
+        res_origin = ret_transcript[/#{Regexp.escape('reading ')}(.*?)#{Regexp.escape('read')}/m, 1]
+        loop do
+          break if res_origin.nil?
+
+          resp_origin = res_origin[/#{Regexp.escape('"')}(.*?)#{Regexp.escape('"')}/m, 1]
+          resp_decrypted = decrypt(resp_origin, @options[:key_session])
+          ret_transcript[/#{Regexp.escape('reading ')}(.*?)#{Regexp.escape('read')}/m, 1] = resp_decrypted
+          ret_transcript = ret_transcript.sub('reading ', 'response: ')
+          res_origin = ret_transcript[/#{Regexp.escape('reading ')}(.*?)#{Regexp.escape('read')}/m, 1]
+        end
+
+        ret_transcript
+      end
+
+      private
+
+      def add_customer_data(post, options)
+        post[:email] = options[:email] || 'nadie@mit.test'
+      end
+
+      def add_invoice(post, money, options)
+        post[:amount] = amount(money)
+        post[:currency] = (options[:currency] || currency(money))
+        post[:reference] = options[:order_id]
+        post[:transaction_id] = options[:order_id]
+      end
+
+      def add_payment(post, payment)
+        post[:installments] = 1
+        post[:card] = payment.number
+        post[:expmonth] = payment.month
+        post[:expyear] = payment.year
+        post[:cvv] = payment.verification_value
+        post[:name_client] = [payment.first_name, payment.last_name].join(' ')
+      end
+
+      def commit(action, parameters)
+        json_str = JSON.generate(parameters)
+        cleaned_str = json_str.gsub('\n', '')
+        raw_response = ssl_post(live_url, cleaned_str, { 'Content-type' => 'application/json' })
+        response = JSON.parse(decrypt(raw_response, @options[:key_session]))
+
+        Response.new(
+          success_from(response),
+          message_from(response),
+          response,
+          authorization: authorization_from(response),
+          avs_result: AVSResult.new(code: response['some_avs_response_key']),
+          cvv_result: CVVResult.new(response['some_cvv_response_key']),
+          test: test?,
+          error_code: error_code_from(response)
+        )
+      end
+
+      def success_from(response)
+        response['response'] == 'approved'
+      end
+
+      def message_from(response)
+        response['response']
+      end
+
+      def authorization_from(response)
+        response['reference']
+      end
+
+      def post_data(action, parameters = {})
+        parameters.collect { |key, value| "#{key}=#{CGI.escape(value.to_s)}" }.join('&')
+      end
+
+      def error_code_from(response)
+        response['message'].split(' -- ', 2)[0] unless success_from(response)
+      end
+    end
+  end
+end