activemerchant 1.121.0 → 1.123.0

data/lib/active_merchant/billing/gateways/payment_express.rb

@@ -86,8 +86,8 @@ module ActiveMerchant #:nodoc:
         refund(money, identification, options)
       end
 
-      def verify(money, payment_source, options = {})
-        request = build_purchase_or_authorization_request(money, payment_source, options)
+      def verify(payment_source, options = {})
+        request = build_purchase_or_authorization_request(100, payment_source, options)
         commit(:validate, request)
       end
 

data/lib/active_merchant/billing/gateways/paymentez.rb

@@ -82,6 +82,7 @@ module ActiveMerchant #:nodoc:
       def refund(money, authorization, options = {})
         post = { transaction: { id: authorization } }
         post[:order] = { amount: amount(money).to_f } if money
+        add_more_info(post, options)
 
         commit_transaction('refund', post)
       end
@@ -198,6 +199,10 @@ module ActiveMerchant #:nodoc:
         extra_params[:auth_data] = auth_data
       end
 
+      def add_more_info(post, options)
+        post[:more_info] = options[:more_info] if options[:more_info]
+      end
+
       def parse(body)
         JSON.parse(body)
       end

data/lib/active_merchant/billing/gateways/paysafe.rb

@@ -0,0 +1,291 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class PaysafeGateway < Gateway
+      self.test_url = 'https://api.test.paysafe.com'
+      self.live_url = 'https://api.paysafe.com'
+
+      self.supported_countries = %w(FR)
+      self.default_currency = 'EUR'
+      self.supported_cardtypes = %i[visa master american_express discover]
+
+      self.homepage_url = 'https://www.paysafe.com/'
+      self.display_name = 'Paysafe'
+
+      def initialize(options = {})
+        requires!(options, :username, :password, :account_id)
+        super
+      end
+
+      def purchase(money, payment, options = {})
+        post = {}
+        add_invoice(post, money, options)
+        add_payment(post, payment)
+        add_billing_address(post, options)
+        add_merchant_details(post, options)
+        add_customer_data(post, payment, options) unless payment.is_a?(String)
+        add_three_d_secure(post, payment, options) if options[:three_d_secure]
+        post[:settleWithAuth] = true
+
+        commit(:post, 'auths', post, options)
+      end
+
+      def authorize(money, payment, options = {})
+        post = {}
+        add_invoice(post, money, options)
+        add_payment(post, payment)
+        add_billing_address(post, options)
+        add_merchant_details(post, options)
+        add_customer_data(post, payment, options) unless payment.is_a?(String)
+        add_three_d_secure(post, payment, options) if options[:three_d_secure]
+
+        commit(:post, 'auths', post, options)
+      end
+
+      def capture(money, authorization, options = {})
+        post = {}
+        add_invoice(post, money, options)
+
+        commit(:post, "auths/#{authorization}/settlements", post, options)
+      end
+
+      def refund(money, authorization, options = {})
+        post = {}
+        add_invoice(post, money, options)
+
+        commit(:post, "settlements/#{authorization}/refunds", post, options)
+      end
+
+      def void(authorization, options = {})
+        post = {}
+        money = options[:amount]
+        add_invoice(post, money, options)
+
+        commit(:post, "auths/#{authorization}/voidauths", post, options)
+      end
+
+      def credit(money, payment, options = {})
+        post = {}
+        add_invoice(post, money, options)
+        add_payment(post, payment)
+
+        commit(:post, 'standalonecredits', post, options)
+      end
+
+      # This is a '$0 auth' done at a specific verification endpoint at the gateway
+      def verify(payment, options = {})
+        post = {}
+        add_payment(post, payment)
+        add_billing_address(post, options)
+        add_customer_data(post, payment, options) unless payment.is_a?(String)
+
+        commit(:post, 'verifications', post, options)
+      end
+
+      def store(payment, options = {})
+        post = {}
+        add_payment(post, payment)
+        add_address_for_vaulting(post, options)
+        add_profile_data(post, payment, options)
+        add_store_data(post, payment, options)
+
+        commit(:post, 'profiles', post, options)
+      end
+
+      def redact(pm_profile_id)
+        commit_for_redact(:delete, "profiles/#{pm_profile_id}", nil, nil)
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r((Authorization: Basic )[a-zA-Z0-9:_]+), '\1[FILTERED]').
+          gsub(%r(("cardNum\\?":\\?")\d+), '\1[FILTERED]').
+          gsub(%r(("cvv\\?":\\?")\d+), '\1[FILTERED]')
+      end
+
+      private
+
+      # Customer data can be included in transactions where the payment method is a credit card
+      # but should not be sent when the payment method is a token
+      def add_customer_data(post, creditcard, options)
+        post[:profile] = {}
+        post[:profile][:firstName] = creditcard.first_name
+        post[:profile][:lastName] = creditcard.last_name
+        post[:profile][:email] = options[:email] if options[:email]
+        post[:customerIp] = options[:ip] if options[:ip]
+      end
+
+      def add_billing_address(post, options)
+        return unless options[:billing_address] || options[:address]
+
+        address = options[:billing_address] || options[:address]
+        post[:billingDetails] = {}
+        post[:billingDetails][:street] = address[:address1]
+        post[:billingDetails][:city] = address[:city]
+        post[:billingDetails][:state] = address[:state]
+        post[:billingDetails][:country] = address[:country]
+        post[:billingDetails][:zip] = address[:zip]
+        post[:billingDetails][:phone] = address[:phone]
+      end
+
+      # The add_address_for_vaulting method is applicable to the store method, as the APIs address
+      # object is formatted differently from the standard transaction billing address
+      def add_address_for_vaulting(post, options)
+        return unless options[:billing_address || options[:address]]
+
+        address = options[:billing_address] || options[:address]
+        post[:billingAddress] = {}
+        post[:billingAddress][:street] = address[:address1]
+        post[:billingAddress][:city] = address[:city]
+        post[:billingAddress][:zip] = address[:zip]
+        post[:billingAddress][:country] = address[:country]
+        post[:billingAddress][:state] = address[:state] if address[:state]
+      end
+
+      # This data is specific to creating a profile at the gateway's vault level
+      def add_profile_data(post, payment, options)
+        address = options[:billing_address] || options[:address]
+
+        post[:firstName] = payment.first_name
+        post[:lastName] = payment.last_name
+        post[:dateOfBirth] = {}
+        post[:dateOfBirth][:year] = options[:date_of_birth][:year]
+        post[:dateOfBirth][:month] = options[:date_of_birth][:month]
+        post[:dateOfBirth][:day] = options[:date_of_birth][:day]
+        post[:email] = options[:email] if options[:email]
+        post[:phone] = (address[:phone] || options[:phone]) if address[:phone] || options[:phone]
+        post[:ip] = options[:ip] if options[:ip]
+      end
+
+      def add_store_data(post, payment, options)
+        post[:merchantCustomerId] = options[:customer_id] || SecureRandom.hex(12)
+        post[:locale] = options[:locale] || 'en_US'
+        post[:card][:holderName] = payment.name
+      end
+
+      # Paysafe expects minor units so we are not calling amount method on money parameter
+      def add_invoice(post, money, options)
+        post[:amount] = money
+      end
+
+      def add_payment(post, payment)
+        if payment.is_a?(String)
+          post[:card] = {}
+          post[:card][:paymentToken] = payment
+        else
+          post[:card] = { cardExpiry: {} }
+          post[:card][:cardNum] = payment.number
+          post[:card][:cardExpiry][:month] = payment.month
+          post[:card][:cardExpiry][:year] = payment.year
+          post[:card][:cvv] = payment.verification_value
+        end
+      end
+
+      def add_merchant_details(post, options)
+        return unless options[:merchant_descriptor]
+
+        post[:merchantDescriptor] = {}
+        post[:merchantDescriptor][:dynamicDescriptor] = options[:merchant_descriptor][:dynamic_descriptor] if options[:merchant_descriptor][:dynamic_descriptor]
+        post[:merchantDescriptor][:phone] = options[:merchant_descriptor][:phone] if options[:merchant_descriptor][:phone]
+      end
+
+      def add_three_d_secure(post, payment, options)
+        three_d_secure = options[:three_d_secure]
+
+        post[:authentication] = {}
+        post[:authentication][:eci] = three_d_secure[:eci]
+        post[:authentication][:cavv] = three_d_secure[:cavv]
+        post[:authentication][:xid] = three_d_secure[:xid] if three_d_secure[:xid]
+        post[:authentication][:threeDSecureVersion] = three_d_secure[:version]
+        post[:authentication][:directoryServerTransactionId] = three_d_secure[:ds_transaction_id] unless payment.is_a?(String) || payment.brand != 'mastercard'
+      end
+
+      def parse(body)
+        JSON.parse(body)
+      end
+
+      def commit(method, action, parameters, options)
+        url = url(action)
+        raw_response = ssl_request(method, url, post_data(parameters, options), headers)
+        response = parse(raw_response)
+        success = success_from(response)
+
+        Response.new(
+          success,
+          message_from(success, response),
+          response,
+          authorization: authorization_from(response),
+          avs_result: AVSResult.new(code: response['avsResponse']),
+          cvv_result: CVVResult.new(response['cvvVerification']),
+          test: test?,
+          error_code: success ? nil : error_code_from(response)
+        )
+      end
+
+      def commit_for_redact(method, action, parameters, options)
+        url = url(action)
+        response = raw_ssl_request(method, url, post_data(parameters, options), headers)
+        success = true if response.code == '200'
+
+        Response.new(
+          success,
+          message: response.message
+        )
+      end
+
+      def headers
+        {
+          'Content-Type' => 'application/json',
+          'Authorization' => "Basic #{Base64.strict_encode64(@options[:api_key].to_s)}"
+        }
+      end
+
+      def url(action, options = {})
+        base_url = (test? ? test_url : live_url)
+
+        if action.include? 'profiles'
+          "#{base_url}/customervault/v1/#{action}"
+        else
+          "#{base_url}/cardpayments/v1/accounts/#{@options[:account_id]}/#{action}"
+        end
+      end
+
+      def success_from(response)
+        return false if response['status'] == 'FAILED' || response['error']
+
+        true
+      end
+
+      def message_from(success, response)
+        return response['status'] unless response['error']
+
+        "Error(s)- code:#{response['error']['code']}, message:#{response['error']['message']}"
+      end
+
+      def authorization_from(response)
+        response['id']
+      end
+
+      def post_data(parameters = {}, options = {})
+        return unless parameters.present?
+
+        parameters[:merchantRefNum] = options[:merchant_ref_num] || SecureRandom.hex(16).to_s
+
+        parameters.to_json
+      end
+
+      def error_code_from(response)
+        return unless response['error']
+
+        response['error']['code']
+      end
+
+      def handle_response(response)
+        response.body
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/gateways/payu_latam.rb

@@ -208,7 +208,7 @@ module ActiveMerchant #:nodoc:
           buyer[:merchantBuyerId] = buyer_hash[:merchant_buyer_id]
           buyer[:cnpj] = buyer_hash[:cnpj] if @options[:payment_country] == 'BR'
           buyer[:emailAddress] = buyer_hash[:email]
-          buyer[:contactPhone] = (options[:billing_address][:phone] if options[:billing_address]) || (options[:shipping_address][:phone] if options[:shipping_address]) || ''
+          buyer[:contactPhone] = (options[:billing_address][:phone] if options[:billing_address]) || (options[:shipping_address][:phone_number] if options[:shipping_address]) || ''
           buyer[:shippingAddress] = shipping_address_fields(options) if options[:shipping_address]
         else
           buyer[:fullName] = payment_method.name.strip
@@ -217,7 +217,7 @@ module ActiveMerchant #:nodoc:
           buyer[:merchantBuyerId] = options[:merchant_buyer_id]
           buyer[:cnpj] = options[:cnpj] if @options[:payment_country] == 'BR'
           buyer[:emailAddress] = options[:email]
-          buyer[:contactPhone] = (options[:billing_address][:phone] if options[:billing_address]) || (options[:shipping_address][:phone] if options[:shipping_address]) || ''
+          buyer[:contactPhone] = (options[:billing_address][:phone] if options[:billing_address]) || (options[:shipping_address][:phone_number] if options[:shipping_address]) || ''
           buyer[:shippingAddress] = shipping_address_fields(options) if options[:shipping_address]
         end
         post[:transaction][:order][:buyer] = buyer
@@ -233,7 +233,7 @@ module ActiveMerchant #:nodoc:
         shipping_address[:state] = address[:state]
         shipping_address[:country] = address[:country]
         shipping_address[:postalCode] = address[:zip]
-        shipping_address[:phone] = address[:phone]
+        shipping_address[:phone] = address[:phone_number]
         shipping_address
       end
 

data/lib/active_merchant/billing/gateways/redsys.rb

@@ -203,7 +203,7 @@ module ActiveMerchant #:nodoc:
         add_order(data, options[:order_id])
         add_payment(data, payment)
         add_external_mpi_fields(data, options)
-        add_threeds(data, options) if options[:execute_threed]
+        add_three_ds_data(data, options) if options[:execute_threed]
         add_stored_credential_options(data, options)
         data[:description] = options[:description]
         data[:store_in_vault] = options[:store]
@@ -222,7 +222,7 @@ module ActiveMerchant #:nodoc:
         add_order(data, options[:order_id])
         add_payment(data, payment)
         add_external_mpi_fields(data, options)
-        add_threeds(data, options) if options[:execute_threed]
+        add_three_ds_data(data, options) if options[:execute_threed]
         add_stored_credential_options(data, options)
         data[:description] = options[:description]
         data[:store_in_vault] = options[:store]
@@ -312,7 +312,7 @@ module ActiveMerchant #:nodoc:
         test? ? test_url : live_url
       end
 
-      def threeds_url
+      def webservice_url
         test? ? 'https://sis-t.redsys.es:25443/sis/services/SerClsWSEntradaV2' : 'https://sis.redsys.es/sis/services/SerClsWSEntradaV2'
       end
 
@@ -372,43 +372,51 @@ module ActiveMerchant #:nodoc:
         end
       end
 
-      def add_threeds(data, options)
-        data[:threeds] = { threeDSInfo: 'CardData' } if options[:execute_threed] == true
+      def add_three_ds_data(data, options)
+        data[:three_ds_data] = { threeDSInfo: 'CardData' } if options[:execute_threed] == true
       end
 
-      def determine_3ds_action(threeds_hash)
-        return 'iniciaPeticion' if threeds_hash[:threeDSInfo] == 'CardData'
-        return 'trataPeticion' if threeds_hash[:threeDSInfo] == 'AuthenticationData' ||
-                                  threeds_hash[:threeDSInfo] == 'ChallengeResponse'
+      def determine_peticion_type(data)
+        three_ds_info = data.dig(:three_ds_data, :threeDSInfo)
+        return 'iniciaPeticion' if three_ds_info == 'CardData'
+        return 'trataPeticion' if three_ds_info == 'AuthenticationData' ||
+                                  three_ds_info == 'ChallengeResponse' ||
+                                  data[:sca_exemption] == 'MIT'
+      end
+
+      def use_webservice_endpoint?(data, options)
+        options[:use_webservice_endpoint].to_s == 'true' || data[:three_ds_data] || data[:sca_exemption] == 'MIT'
       end
 
       def commit(data, options = {})
-        if data[:threeds]
-          action = determine_3ds_action(data[:threeds])
+        xmlreq = xml_request_from(data, options)
+
+        if use_webservice_endpoint?(data, options)
+          peticion_type = determine_peticion_type(data)
+
           request = <<-REQUEST
             <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:apachesoap="http://xml.apache.org/xml-soap" xmlns:impl="http://webservice.sis.sermepa.es" xmlns:intf="http://webservice.sis.sermepa.es" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsdlsoap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >
             <soapenv:Header/>
             <soapenv:Body>
-              <intf:#{action} xmlns:intf="http://webservice.sis.sermepa.es">
+              <intf:#{peticion_type} xmlns:intf="http://webservice.sis.sermepa.es">
                 <intf:datoEntrada>
-                <![CDATA[#{xml_request_from(data, options)}]]>
+                <![CDATA[#{xmlreq}]]>
                 </intf:datoEntrada>
-              </intf:#{action}>
+              </intf:#{peticion_type}>
             </soapenv:Body>
           </soapenv:Envelope>
           REQUEST
-          parse(ssl_post(threeds_url, request, headers(action)), action)
+          parse(ssl_post(webservice_url, request, headers(peticion_type)), peticion_type)
         else
-          xmlreq = xml_request_from(data, options)
-          parse(ssl_post(url, "entrada=#{CGI.escape(xmlreq)}", headers), action)
+          parse(ssl_post(url, "entrada=#{CGI.escape(xmlreq)}", headers), peticion_type)
         end
       end
 
-      def headers(action = nil)
-        if action
+      def headers(peticion_type = nil)
+        if peticion_type
           {
             'Content-Type' => 'text/xml',
-            'SOAPAction' => action
+            'SOAPAction' => peticion_type
           }
         else
           {
@@ -470,14 +478,9 @@ module ActiveMerchant #:nodoc:
         xml.target!
       end
 
-      # Template Method to allow AM API clients to override decision to escape, based on their own criteria.
-      def escape_special_chars?(data, options = {})
-        data[:threeds]
-      end
-
       def build_merchant_data(xml, data, options = {})
         # See https://sis-t.redsys.es:25443/sis/services/SerClsWSEntradaV2/wsdl/SerClsWSEntradaV2.wsdl
-        # (which results from calling #threeds_url + '?WSDL', https://sis-t.redsys.es:25443/sis/services/SerClsWSEntradaV2?WSDL)
+        # (which results from calling #webservice_url + '?WSDL', https://sis-t.redsys.es:25443/sis/services/SerClsWSEntradaV2?WSDL)
         xml.DATOSENTRADA do
           # Basic elements
           xml.DS_Version 0.1
@@ -485,7 +488,7 @@ module ActiveMerchant #:nodoc:
           xml.DS_MERCHANT_AMOUNT             data[:amount]
           xml.DS_MERCHANT_ORDER              data[:order_id]
           xml.DS_MERCHANT_TRANSACTIONTYPE    data[:action]
-          if data[:description] && escape_special_chars?(data, options)
+          if data[:description] && use_webservice_endpoint?(data, options)
             xml.DS_MERCHANT_PRODUCTDESCRIPTION CGI.escape(data[:description])
           else
             xml.DS_MERCHANT_PRODUCTDESCRIPTION data[:description]
@@ -494,17 +497,17 @@ module ActiveMerchant #:nodoc:
           xml.DS_MERCHANT_MERCHANTCODE       @options[:login]
           xml.DS_MERCHANT_MERCHANTSIGNATURE  build_signature(data) unless sha256_authentication?
 
-          action = determine_3ds_action(data[:threeds]) if data[:threeds]
-          if action == 'iniciaPeticion' && data[:sca_exemption]
+          peticion_type = determine_peticion_type(data) if data[:three_ds_data]
+          if peticion_type == 'iniciaPeticion' && data[:sca_exemption]
             xml.DS_MERCHANT_EXCEP_SCA 'Y'
           else
             xml.DS_MERCHANT_EXCEP_SCA data[:sca_exemption] if data[:sca_exemption]
-            xml.DS_MERCHANT_DIRECTPAYMENT data[:sca_exemption_direct_payment_enabled] if data[:sca_exemption_direct_payment_enabled]
+            xml.DS_MERCHANT_DIRECTPAYMENT data[:sca_exemption_direct_payment_enabled] || 'true' if data[:sca_exemption] == 'MIT'
           end
 
           # Only when card is present
           if data[:card]
-            if data[:card][:name] && escape_special_chars?(data, options)
+            if data[:card][:name] && use_webservice_endpoint?(data, options)
               xml.DS_MERCHANT_TITULAR    CGI.escape(data[:card][:name])
             else
               xml.DS_MERCHANT_TITULAR    data[:card][:name]
@@ -525,7 +528,7 @@ module ActiveMerchant #:nodoc:
           # Requires account configuration to be able to use
           xml.DS_MERCHANT_DIRECTPAYMENT 'moto' if options.dig(:moto) && options.dig(:metadata, :manual_entry)
 
-          xml.DS_MERCHANT_EMV3DS data[:threeds].to_json if data[:threeds]
+          xml.DS_MERCHANT_EMV3DS data[:three_ds_data].to_json if data[:three_ds_data]
 
           if options[:stored_credential]
             xml.DS_MERCHANT_COF_INI data[:DS_MERCHANT_COF_INI]