activemerchant 1.121.0 → 1.125.0

data/lib/active_merchant/billing/gateways/priority.rb

@@ -0,0 +1,347 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class PriorityGateway < Gateway
+      # Sandbox and Production
+      self.test_url = 'https://sandbox.api.mxmerchant.com/checkout/v3/payment'
+      self.live_url = 'https://api.mxmerchant.com/checkout/v3/payment'
+
+      class_attribute :test_url_verify, :live_url_verify, :test_auth, :live_auth, :test_env_verify, :live_env_verify, :test_url_batch, :live_url_batch, :test_url_jwt, :live_url_jwt, :merchant
+
+      # Sandbox and Production - verify card
+      self.test_url_verify = 'https://sandbox-api2.mxmerchant.com/merchant/v1/bin'
+      self.live_url_verify = 'https://api2.mxmerchant.com/merchant/v1/bin'
+
+      # Sandbox and Production - check batch status
+      self.test_url_batch = 'https://sandbox.api.mxmerchant.com/checkout/v3/batch'
+      self.live_url_batch = 'https://api.mxmerchant.com/checkout/v3/batch'
+
+      # Sandbox and Production - generate jwt for verify card url
+      self.test_url_jwt = 'https://sandbox-api2.mxmerchant.com/security/v1/application/merchantId'
+      self.live_url_jwt = 'https://api2.mxmerchant.com/security/v1/application/merchantId'
+
+      self.supported_countries = ['US']
+      self.default_currency = 'USD'
+      self.supported_cardtypes = %i[visa master american_express discover]
+
+      self.homepage_url = 'https://mxmerchant.com/'
+      self.display_name = 'Priority'
+
+      def initialize(options = {})
+        requires!(options, :merchant_id, :key, :secret)
+        super
+      end
+
+      def basic_auth
+        Base64.strict_encode64("#{@options[:key]}:#{@options[:secret]}")
+      end
+
+      def request_headers
+        {
+          'Content-Type' => 'application/json',
+          'Authorization' => "Basic #{basic_auth}"
+        }
+      end
+
+      def request_verify_headers(jwt)
+        {
+          'Authorization' => "Bearer #{jwt}"
+        }
+      end
+
+      def purchase(amount, credit_card, options = {})
+        params = {}
+        params['amount'] = localized_amount(amount.to_f, options[:currency])
+        params['authOnly'] = false
+
+        add_credit_card(params, credit_card, 'purchase', options)
+        add_type_merchant_purchase(params, @options[:merchant_id], true, options)
+        commit('purchase', params: params, jwt: options)
+      end
+
+      def authorize(amount, credit_card, options = {})
+        params = {}
+        params['amount'] = localized_amount(amount.to_f, options[:currency])
+        params['authOnly'] = true
+
+        add_credit_card(params, credit_card, 'purchase', options)
+        add_type_merchant_purchase(params, @options[:merchant_id], false, options)
+        commit('purchase', params: params, jwt: options)
+      end
+
+      def refund(amount, authorization, options = {})
+        params = {}
+        params['merchantId'] = @options[:merchant_id]
+        params['paymentToken'] = get_hash(authorization)['payment_token'] || options[:payment_token]
+        # refund amounts must be negative
+        params['amount'] = ('-' + localized_amount(amount.to_f, options[:currency])).to_f
+        commit('refund', params: params, jwt: options)
+      end
+
+      def capture(amount, authorization, options = {})
+        params = {}
+        params['amount'] = localized_amount(amount.to_f, options[:currency])
+        params['authCode'] = options[:authCode]
+        params['merchantId'] = @options[:merchant_id]
+        params['paymentToken'] = get_hash(authorization)['payment_token']
+        params['shouldGetCreditCardLevel'] = true
+        params['source'] = options[:source]
+        params['tenderType'] = 'Card'
+
+        commit('capture', params: params, jwt: options)
+      end
+
+      def void(authorization, options = {})
+        commit('void', iid: get_hash(authorization)['id'], jwt: options)
+      end
+
+      def verify(credit_card, options)
+        jwt = options[:jwt_token]
+        commit('verify', card_number: credit_card.number, jwt: jwt)
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def get_payment_status(batch_id, options)
+        commit('get_payment_status', params: batch_id, jwt: options)
+      end
+
+      def close_batch(batch_id, options)
+        commit('close_batch', params: batch_id, jwt: options)
+      end
+
+      def create_jwt(options)
+        commit('create_jwt', params: @options[:merchant_id], jwt: options)
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r((Authorization: Basic )\w+), '\1[FILTERED]').
+          gsub(%r((number\\?"\s*:\s*\\?")[^"]*)i, '\1[FILTERED]').
+          gsub(%r((cvv\\?"\s*:\s*\\?")[^"]*)i, '\1[FILTERED]')
+      end
+
+      def add_credit_card(params, credit_card, action, options)
+        return unless credit_card&.is_a?(CreditCard)
+
+        card_details = {}
+
+        card_details['expiryMonth'] = format(credit_card.month, :two_digits).to_s
+        card_details['expiryYear'] = format(credit_card.year, :two_digits).to_s
+        card_details['expiryDate'] = exp_date(credit_card)
+        card_details['cardType'] = credit_card.brand
+        card_details['last4'] = credit_card.last_digits
+        card_details['cvv'] = credit_card.verification_value
+        card_details['number'] = credit_card.number
+
+        card_details['entryMode'] = options['entryMode'].blank? ? 'Keyed' : options['entryMode']
+
+        case action
+        when 'purchase'
+          card_details['avsStreet'] = options[:billing_address][:address1] if options[:billing_address]
+          card_details['avsZip'] =  options[:billing_address][:zip] if options[:billing_address]
+        when 'refund'
+          card_details['cardId'] = options[:card_id]
+          card_details['cardPresent'] = options[:card_present]
+          card_details['hasContract'] = options[:has_contract]
+          card_details['isCorp'] = options[:is_corp]
+          card_details['isDebit'] = options[:is_debit]
+          card_details['token'] = options[:token]
+        else
+          card_details
+        end
+
+        params['cardAccount'] = card_details
+      end
+
+      def exp_date(credit_card)
+        "#{format(credit_card.month, :two_digits)}/#{format(credit_card.year, :two_digits)}"
+      end
+
+      def purchases
+        [{ taxRate: '0.0000', additionalTaxRate: nil, discountRate: nil }]
+      end
+
+      def add_type_merchant_purchase(params, merchant, is_settle_funds, options)
+        params['cardPresent'] = false
+        params['cardPresentType'] = 'CardNotPresent'
+        params['isAuth'] = true
+        params['isSettleFunds'] = is_settle_funds
+        params['isTicket'] = false
+
+        params['merchantId'] = merchant
+        params['mxAdvantageEnabled'] = false
+        params['paymentType'] = 'Sale'
+
+        params['purchases'] = purchases
+
+        params['shouldGetCreditCardLevel'] = true
+        params['shouldVaultCard'] = true
+        params['source'] = options[:source]
+        params['sourceZip'] = options[:billing_address][:zip] if options[:billing_address]
+        params['taxExempt'] = false
+        params['tenderType'] = 'Card'
+      end
+
+      def commit(action, params: '', iid: '', card_number: nil, jwt: '')
+        response =
+          begin
+            case action
+            when 'void'
+              parse(ssl_request(:delete, url(action, params, ref_number: iid), nil, request_headers))
+            when 'verify'
+              parse(ssl_get(url(action, params, credit_card_number: card_number), request_verify_headers(jwt)))
+            when 'get_payment_status', 'create_jwt'
+              parse(ssl_get(url(action, params, ref_number: iid), request_headers))
+            when 'close_batch'
+              parse(ssl_request(:put, url(action, params, ref_number: iid), nil, request_headers))
+            else
+              parse(ssl_post(url(action, params), post_data(params), request_headers))
+            end
+          rescue ResponseError => e
+            parse(e.response.body)
+          end
+        success = success_from(response, action)
+        response = { 'code' => '204' } if response == ''
+        Response.new(
+          success,
+          message_from(response),
+          response,
+          authorization: success ? authorization_from(response) : nil,
+          error_code: success || response == '' ? nil : error_from(response),
+          test: test?
+        )
+      end
+
+      def handle_response(response)
+        if response.code != '204' && (200...300).cover?(response.code.to_i)
+          response.body
+        elsif response.code == '204' || response == ''
+          response.body = { 'code' => '204' }
+        else
+          raise ResponseError.new(response)
+        end
+      end
+
+      def url(action, params, ref_number: '', credit_card_number: nil)
+        case action
+        when 'void'
+          base_url + "/#{ref_number}?force=true"
+        when 'verify'
+          (verify_url + '?search=') + credit_card_number.to_s[0..6]
+        when 'get_payment_status', 'close_batch'
+          batch_url + "/#{params}"
+        when 'create_jwt'
+          jwt_url + "/#{params}/token"
+        else
+          base_url + '?includeCustomerMatches=false&echo=true'
+        end
+      end
+
+      def base_url
+        test? ? test_url : live_url
+      end
+
+      def verify_url
+        test? ? self.test_url_verify : self.live_url_verify
+      end
+
+      def jwt_url
+        test? ? self.test_url_jwt : self.live_url_jwt
+      end
+
+      def batch_url
+        test? ? self.test_url_batch : self.live_url_batch
+      end
+
+      def parse(body)
+        return body if body['code'] == '204'
+
+        JSON.parse(body)
+      rescue JSON::ParserError
+        message = 'Invalid JSON response received from Priority Gateway. Please contact Priority Gateway if you continue to receive this message.'
+        message += " (The raw response returned by the API was #{body.inspect})"
+        {
+          'message' => message
+        }
+      end
+
+      def success_from(response, action)
+        success = response['status'] == 'Approved' || response['status'] == 'Open' if response['status']
+        success = response['code'] == '204' if action == 'void'
+        success = !response['bank'].empty? if action == 'verify' && response['bank']
+        success
+      end
+
+      def message_from(response)
+        return response['details'][0] if response['details'] && response['details'][0]
+
+        response['authMessage'] || response['message'] || response['status']
+      end
+
+      def authorization_from(response)
+        {
+          'payment_token' => response['paymentToken'],
+          'id' => response['id']
+        }
+      end
+
+      def error_from(response)
+        response['errorCode'] || response['status']
+      end
+
+      def post_data(params)
+        params.to_json
+      end
+
+      def add_pos_data(options)
+        pos_options = {}
+        pos_options['panCaptureMethod'] = options[:pan_capture_method]
+
+        pos_options
+      end
+
+      def add_purchases_data(options)
+        purchases = {}
+
+        purchases['dateCreated'] = options[:date_created]
+        purchases['iId'] = options[:i_id]
+        purchases['transactionIId'] = options[:transaction_i_id]
+        purchases['transactionId'] = options[:transaction_id]
+        purchases['name'] = options[:name]
+        purchases['description'] = options[:description]
+        purchases['code'] = options[:code]
+        purchases['unitOfMeasure'] = options[:unit_of_measure]
+        purchases['unitPrice'] = options[:unit_price]
+        purchases['quantity'] = options[:quantity]
+        purchases['taxRate'] = options[:tax_rate]
+        purchases['taxAmount'] = options[:tax_amount]
+        purchases['discountRate'] = options[:discount_rate]
+        purchases['discountAmount'] = options[:discount_amt]
+        purchases['extendedAmount'] = options[:extended_amt]
+        purchases['lineItemId'] = options[:line_item_id]
+
+        purchase_arr = []
+        purchase_arr[0] = purchases
+        purchase_arr
+      end
+
+      def add_risk_data(options)
+        risk = {}
+        risk['cvvResponseCode'] = options[:cvv_response_code]
+        risk['cvvResponse'] = options[:cvv_response]
+        risk['cvvMatch'] = options[:cvv_match]
+        risk['avsResponse'] = options[:avs_response]
+        risk['avsAddressMatch'] = options[:avs_address_match]
+        risk['avsZipMatch'] = options[:avs_zip_match]
+
+        risk
+      end
+
+      def get_hash(string)
+        JSON.parse(string.gsub('=>', ':'))
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/gateways/realex.rb

@@ -151,6 +151,7 @@ module ActiveMerchant
           else
             add_three_d_secure(xml, options)
           end
+          add_stored_credential(xml, options)
           add_comments(xml, options)
           add_address_and_customer_info(xml, options)
         end
@@ -323,6 +324,23 @@ module ActiveMerchant
         end
       end
 
+      def add_stored_credential(xml, options)
+        return unless stored_credential = options[:stored_credential]
+
+        xml.tag! 'storedcredential' do
+          xml.tag! 'type', stored_credential_type(stored_credential[:reason_type])
+          xml.tag! 'initiator', stored_credential[:initiator]
+          xml.tag! 'sequence', stored_credential[:initial_transaction] ? 'first' : 'subsequent'
+          xml.tag! 'srd', stored_credential[:network_transaction_id]
+        end
+      end
+
+      def stored_credential_type(reason)
+        return 'oneoff' if reason == 'unscheduled'
+
+        reason
+      end
+
       def format_address_code(address)
         code = [address[:zip].to_s, address[:address1].to_s + address[:address2].to_s]
         code.collect { |e| e.gsub(/\D/, '') }.reject(&:empty?).join('|')

data/lib/active_merchant/billing/gateways/redsys.rb

@@ -203,7 +203,7 @@ module ActiveMerchant #:nodoc:
         add_order(data, options[:order_id])
         add_payment(data, payment)
         add_external_mpi_fields(data, options)
-        add_threeds(data, options) if options[:execute_threed]
+        add_three_ds_data(data, options) if options[:execute_threed]
         add_stored_credential_options(data, options)
         data[:description] = options[:description]
         data[:store_in_vault] = options[:store]
@@ -222,7 +222,7 @@ module ActiveMerchant #:nodoc:
         add_order(data, options[:order_id])
         add_payment(data, payment)
         add_external_mpi_fields(data, options)
-        add_threeds(data, options) if options[:execute_threed]
+        add_three_ds_data(data, options) if options[:execute_threed]
         add_stored_credential_options(data, options)
         data[:description] = options[:description]
         data[:store_in_vault] = options[:store]
@@ -312,7 +312,7 @@ module ActiveMerchant #:nodoc:
         test? ? test_url : live_url
       end
 
-      def threeds_url
+      def webservice_url
         test? ? 'https://sis-t.redsys.es:25443/sis/services/SerClsWSEntradaV2' : 'https://sis.redsys.es/sis/services/SerClsWSEntradaV2'
       end
 
@@ -372,43 +372,51 @@ module ActiveMerchant #:nodoc:
         end
       end
 
-      def add_threeds(data, options)
-        data[:threeds] = { threeDSInfo: 'CardData' } if options[:execute_threed] == true
+      def add_three_ds_data(data, options)
+        data[:three_ds_data] = { threeDSInfo: 'CardData' } if options[:execute_threed] == true
       end
 
-      def determine_3ds_action(threeds_hash)
-        return 'iniciaPeticion' if threeds_hash[:threeDSInfo] == 'CardData'
-        return 'trataPeticion' if threeds_hash[:threeDSInfo] == 'AuthenticationData' ||
-                                  threeds_hash[:threeDSInfo] == 'ChallengeResponse'
+      def determine_peticion_type(data)
+        three_ds_info = data.dig(:three_ds_data, :threeDSInfo)
+        return 'iniciaPeticion' if three_ds_info == 'CardData'
+        return 'trataPeticion' if three_ds_info == 'AuthenticationData' ||
+                                  three_ds_info == 'ChallengeResponse' ||
+                                  data[:sca_exemption] == 'MIT'
+      end
+
+      def use_webservice_endpoint?(data, options)
+        options[:use_webservice_endpoint].to_s == 'true' || data[:three_ds_data] || data[:sca_exemption] == 'MIT'
       end
 
       def commit(data, options = {})
-        if data[:threeds]
-          action = determine_3ds_action(data[:threeds])
+        xmlreq = xml_request_from(data, options)
+
+        if use_webservice_endpoint?(data, options)
+          peticion_type = determine_peticion_type(data)
+
           request = <<-REQUEST
             <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:apachesoap="http://xml.apache.org/xml-soap" xmlns:impl="http://webservice.sis.sermepa.es" xmlns:intf="http://webservice.sis.sermepa.es" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsdlsoap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >
             <soapenv:Header/>
             <soapenv:Body>
-              <intf:#{action} xmlns:intf="http://webservice.sis.sermepa.es">
+              <intf:#{peticion_type} xmlns:intf="http://webservice.sis.sermepa.es">
                 <intf:datoEntrada>
-                <![CDATA[#{xml_request_from(data, options)}]]>
+                <![CDATA[#{xmlreq}]]>
                 </intf:datoEntrada>
-              </intf:#{action}>
+              </intf:#{peticion_type}>
             </soapenv:Body>
           </soapenv:Envelope>
           REQUEST
-          parse(ssl_post(threeds_url, request, headers(action)), action)
+          parse(ssl_post(webservice_url, request, headers(peticion_type)), peticion_type)
         else
-          xmlreq = xml_request_from(data, options)
-          parse(ssl_post(url, "entrada=#{CGI.escape(xmlreq)}", headers), action)
+          parse(ssl_post(url, "entrada=#{CGI.escape(xmlreq)}", headers), peticion_type)
         end
       end
 
-      def headers(action = nil)
-        if action
+      def headers(peticion_type = nil)
+        if peticion_type
           {
             'Content-Type' => 'text/xml',
-            'SOAPAction' => action
+            'SOAPAction' => peticion_type
           }
         else
           {
@@ -470,14 +478,9 @@ module ActiveMerchant #:nodoc:
         xml.target!
       end
 
-      # Template Method to allow AM API clients to override decision to escape, based on their own criteria.
-      def escape_special_chars?(data, options = {})
-        data[:threeds]
-      end
-
       def build_merchant_data(xml, data, options = {})
         # See https://sis-t.redsys.es:25443/sis/services/SerClsWSEntradaV2/wsdl/SerClsWSEntradaV2.wsdl
-        # (which results from calling #threeds_url + '?WSDL', https://sis-t.redsys.es:25443/sis/services/SerClsWSEntradaV2?WSDL)
+        # (which results from calling #webservice_url + '?WSDL', https://sis-t.redsys.es:25443/sis/services/SerClsWSEntradaV2?WSDL)
         xml.DATOSENTRADA do
           # Basic elements
           xml.DS_Version 0.1
@@ -485,7 +488,7 @@ module ActiveMerchant #:nodoc:
           xml.DS_MERCHANT_AMOUNT             data[:amount]
           xml.DS_MERCHANT_ORDER              data[:order_id]
           xml.DS_MERCHANT_TRANSACTIONTYPE    data[:action]
-          if data[:description] && escape_special_chars?(data, options)
+          if data[:description] && use_webservice_endpoint?(data, options)
             xml.DS_MERCHANT_PRODUCTDESCRIPTION CGI.escape(data[:description])
           else
             xml.DS_MERCHANT_PRODUCTDESCRIPTION data[:description]
@@ -494,17 +497,17 @@ module ActiveMerchant #:nodoc:
           xml.DS_MERCHANT_MERCHANTCODE       @options[:login]
           xml.DS_MERCHANT_MERCHANTSIGNATURE  build_signature(data) unless sha256_authentication?
 
-          action = determine_3ds_action(data[:threeds]) if data[:threeds]
-          if action == 'iniciaPeticion' && data[:sca_exemption]
+          peticion_type = determine_peticion_type(data) if data[:three_ds_data]
+          if peticion_type == 'iniciaPeticion' && data[:sca_exemption]
             xml.DS_MERCHANT_EXCEP_SCA 'Y'
           else
             xml.DS_MERCHANT_EXCEP_SCA data[:sca_exemption] if data[:sca_exemption]
-            xml.DS_MERCHANT_DIRECTPAYMENT data[:sca_exemption_direct_payment_enabled] if data[:sca_exemption_direct_payment_enabled]
+            xml.DS_MERCHANT_DIRECTPAYMENT data[:sca_exemption_direct_payment_enabled] || 'true' if data[:sca_exemption] == 'MIT'
           end
 
           # Only when card is present
           if data[:card]
-            if data[:card][:name] && escape_special_chars?(data, options)
+            if data[:card][:name] && use_webservice_endpoint?(data, options)
               xml.DS_MERCHANT_TITULAR    CGI.escape(data[:card][:name])
             else
               xml.DS_MERCHANT_TITULAR    data[:card][:name]
@@ -525,7 +528,7 @@ module ActiveMerchant #:nodoc:
           # Requires account configuration to be able to use
           xml.DS_MERCHANT_DIRECTPAYMENT 'moto' if options.dig(:moto) && options.dig(:metadata, :manual_entry)
 
-          xml.DS_MERCHANT_EMV3DS data[:threeds].to_json if data[:threeds]
+          xml.DS_MERCHANT_EMV3DS data[:three_ds_data].to_json if data[:three_ds_data]
 
           if options[:stored_credential]
             xml.DS_MERCHANT_COF_INI data[:DS_MERCHANT_COF_INI]

data/lib/active_merchant/billing/gateways/safe_charge.rb

@@ -62,6 +62,7 @@ module ActiveMerchant #:nodoc:
         post[:sg_CCToken] = token
         post[:sg_ExpMonth] = exp_month
         post[:sg_ExpYear] = exp_year
+        post[:sg_Email] = options[:email]
 
         commit(post)
       end
@@ -126,9 +127,11 @@ module ActiveMerchant #:nodoc:
       private
 
       def add_transaction_data(trans_type, post, money, options)
+        currency = options[:currency] || currency(money)
+
         post[:sg_TransType] = trans_type
-        post[:sg_Currency] = (options[:currency] || currency(money))
-        post[:sg_Amount] = amount(money)
+        post[:sg_Currency] = currency
+        post[:sg_Amount] = localized_amount(money, currency)
         post[:sg_ClientLoginID] = @options[:client_login_id]
         post[:sg_ClientPassword] = @options[:client_password]
         post[:sg_ResponseFormat] = '4'
@@ -143,6 +146,8 @@ module ActiveMerchant #:nodoc:
         post[:sg_Descriptor] = options[:merchant_descriptor] if options[:merchant_descriptor]
         post[:sg_MerchantPhoneNumber] = options[:merchant_phone_number] if options[:merchant_phone_number]
         post[:sg_MerchantName] = options[:merchant_name] if options[:merchant_name]
+        post[:sg_ProductID] = options[:product_id] if options[:product_id]
+        post[:sg_NotUseCVV] = options[:not_use_cvv].to_s == 'true' ? 1 : 0 unless options[:not_use_cvv].nil?
       end
 
       def add_payment(post, payment, options = {})
@@ -185,6 +190,7 @@ module ActiveMerchant #:nodoc:
         post[:sg_Xid] = options[:three_d_secure][:xid]
         post[:sg_IsExternalMPI] = 1
         post[:sg_EnablePartialApproval] = options[:is_partial_approval]
+        post[:sg_challengePreference] = options[:three_d_secure][:challenge_preference] if options[:three_d_secure][:challenge_preference]
       end
 
       def parse(xml)

data/lib/active_merchant/billing/gateways/spreedly_core.rb

@@ -254,11 +254,20 @@ module ActiveMerchant #:nodoc:
       end
 
       def childnode_to_response(response, node, childnode)
-        name = "#{node.name.downcase}_#{childnode.name.downcase}"
-        if name == 'payment_method_data' && !childnode.elements.empty?
-          response[name.to_sym] = Hash.from_xml(childnode.to_s).values.first
+        node_name = node.name.downcase
+        childnode_name = childnode.name.downcase
+        composed_name = "#{node_name}_#{childnode_name}"
+
+        childnodes_present = !childnode.elements.empty?
+
+        if childnodes_present && composed_name == 'payment_method_data'
+          response[composed_name.to_sym] = Hash.from_xml(childnode.to_s).values.first
+        elsif childnodes_present && node_name == 'gateway_specific_response_fields'
+          response[node_name.to_sym] = {
+            childnode_name => Hash.from_xml(childnode.to_s).values.first
+          }
         else
-          response[name.to_sym] = childnode.text
+          response[composed_name.to_sym] = childnode.text
         end
       end