activemerchant 1.121.0 → 1.125.0

data/lib/active_merchant/billing/gateways/kushki.rb

@@ -37,6 +37,7 @@ module ActiveMerchant #:nodoc:
         post = {}
         post[:ticketNumber] = authorization
         add_invoice(action, post, amount, options)
+        add_full_response(post, options)
 
         commit(action, post)
       end
@@ -46,6 +47,7 @@ module ActiveMerchant #:nodoc:
 
         post = {}
         post[:ticketNumber] = authorization
+        add_full_response(post, options)
 
         commit(action, post)
       end
@@ -55,6 +57,7 @@ module ActiveMerchant #:nodoc:
 
         post = {}
         post[:ticketNumber] = authorization
+        add_full_response(post, options)
 
         commit(action, post)
       end
@@ -78,6 +81,8 @@ module ActiveMerchant #:nodoc:
         post = {}
         add_invoice(action, post, amount, options)
         add_payment_method(post, payment_method, options)
+        add_full_response(post, options)
+        add_metadata(post, options)
 
         commit(action, post)
       end
@@ -88,6 +93,9 @@ module ActiveMerchant #:nodoc:
         post = {}
         add_reference(post, authorization, options)
         add_invoice(action, post, amount, options)
+        add_contact_details(post, options[:contact_details]) if options[:contact_details]
+        add_full_response(post, options)
+        add_metadata(post, options)
 
         commit(action, post)
       end
@@ -98,6 +106,8 @@ module ActiveMerchant #:nodoc:
         post = {}
         add_reference(post, authorization, options)
         add_invoice(action, post, amount, options)
+        add_full_response(post, options)
+        add_metadata(post, options)
 
         commit(action, post)
       end
@@ -154,6 +164,26 @@ module ActiveMerchant #:nodoc:
         post[:token] = authorization
       end
 
+      def add_contact_details(post, contact_details_options)
+        contact_details = {}
+        contact_details[:documentType] = contact_details_options[:document_type] if contact_details_options[:document_type]
+        contact_details[:documentNumber] = contact_details_options[:document_number] if contact_details_options[:document_number]
+        contact_details[:email] = contact_details_options[:email] if contact_details_options[:email]
+        contact_details[:firstName] = contact_details_options[:first_name] if contact_details_options[:first_name]
+        contact_details[:lastName] = contact_details_options[:last_name] if contact_details_options[:last_name]
+        contact_details[:secondLastName] = contact_details_options[:second_last_name] if contact_details_options[:second_last_name]
+        contact_details[:phoneNumber] = contact_details_options[:phone_number] if contact_details_options[:phone_number]
+        post[:contactDetails] = contact_details
+      end
+
+      def add_full_response(post, options)
+        post[:fullResponse] = options[:full_response].to_s.casecmp('true').zero? if options[:full_response]
+      end
+
+      def add_metadata(post, options)
+        post[:metadata] = options[:metadata] if options[:metadata]
+      end
+
       ENDPOINT = {
         'tokenize' => 'tokens',
         'charge' => 'charges',

data/lib/active_merchant/billing/gateways/mercado_pago.rb

@@ -53,8 +53,10 @@ module ActiveMerchant #:nodoc:
       end
 
       def verify(credit_card, options = {})
+        verify_amount = 100
+        verify_amount = options[:amount].to_i if options[:amount]
         MultiResponse.run(:use_first_response) do |r|
-          r.process { authorize(100, credit_card, options) }
+          r.process { authorize(verify_amount, credit_card, options) }
           r.process(:ignore_result) { void(r.authorization, options) }
         end
       end
@@ -129,6 +131,7 @@ module ActiveMerchant #:nodoc:
 
       def add_additional_data(post, options)
         post[:sponsor_id] = options[:sponsor_id]
+        post[:metadata] = options[:metadata] if options[:metadata]
         post[:device_id] = options[:device_id] if options[:device_id]
         post[:additional_info] = {
           ip_address: options[:ip_address]
@@ -143,7 +146,7 @@ module ActiveMerchant #:nodoc:
           email: options[:email],
           first_name: payment.first_name,
           last_name: payment.last_name
-        }
+        }.merge(options[:payer] || {})
       end
 
       def add_address(post, options)
@@ -191,7 +194,7 @@ module ActiveMerchant #:nodoc:
         post[:description] = options[:description]
         post[:installments] = options[:installments] ? options[:installments].to_i : 1
         post[:statement_descriptor] = options[:statement_descriptor] if options[:statement_descriptor]
-        post[:external_reference] = options[:order_id] || SecureRandom.hex(16)
+        post[:external_reference] = options[:order_id] || options[:external_reference] || SecureRandom.hex(16)
       end
 
       def add_payment(post, options)

data/lib/active_merchant/billing/gateways/merchant_warrior.rb

@@ -187,6 +187,8 @@ module ActiveMerchant #:nodoc:
       def parse(body)
         xml = REXML::Document.new(body)
 
+        return { response_message: 'Invalid gateway response' } unless xml.root.present?
+
         response = {}
         xml.root.elements.to_a.each do |node|
           parse_element(response, node)

data/lib/active_merchant/billing/gateways/mit.rb

@@ -0,0 +1,260 @@
+require 'json'
+require 'openssl'
+require 'digest'
+require 'base64'
+
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class MitGateway < Gateway
+      self.live_url = 'https://wpy.mitec.com.mx/ModuloUtilWS/activeCDP.htm'
+
+      self.supported_countries = ['MX']
+      self.default_currency = 'MXN'
+      self.supported_cardtypes = %i[visa master]
+
+      self.homepage_url = 'http://www.centrodepagos.com.mx/'
+      self.display_name = 'MIT Centro de pagos'
+
+      self.money_format = :dollars
+
+      def initialize(options = {})
+        requires!(options, :commerce_id, :user, :api_key, :key_session)
+        super
+      end
+
+      def purchase(money, payment, options = {})
+        MultiResponse.run do |r|
+          r.process { authorize(money, payment, options) }
+          r.process { capture(money, r.authorization, options) }
+        end
+      end
+
+      def cipher_key
+        @options[:key_session]
+      end
+
+      def decrypt(val, keyinhex)
+        # Splits the first 16 bytes (the IV bytes) in array format
+        unpacked = val.unpack('m')
+        iv_base64 = unpacked[0].bytes.slice(0, 16)
+        # Splits the second bytes (the encrypted text bytes) these would be the
+        # original message
+        full_data = unpacked[0].bytes.slice(16, unpacked[0].bytes.length)
+        # Creates the engine
+        engine = OpenSSL::Cipher::AES128.new(:CBC)
+        # Set engine as decrypt mode
+        engine.decrypt
+        # Converts the key from hex to bytes
+        engine.key = [keyinhex].pack('H*')
+        # Converts the ivBase64 array into bytes
+        engine.iv = iv_base64.pack('c*')
+        # Decrypts the texts and returns the original string
+        engine.update(full_data.pack('c*')) + engine.final
+      end
+
+      def encrypt(val, keyinhex)
+        # Creates the engine motor
+        engine = OpenSSL::Cipher::AES128.new(:CBC)
+        # Set engine as encrypt mode
+        engine.encrypt
+        # Converts the key from hex to bytes
+        engine.key = [keyinhex].pack('H*')
+        # Generates a random iv with this settings
+        iv_rand = engine.random_iv
+        # Packs IV as a Base64 string
+        iv_base64 = [iv_rand].pack('m')
+        # Converts the packed key into bytes
+        unpacked = iv_base64.unpack('m')
+        iv = unpacked[0]
+        # Sets the IV into the engine
+        engine.iv = iv
+        # Encrypts the texts and stores the bytes
+        encrypted_bytes = engine.update(val) + engine.final
+        # Concatenates the (a) IV bytes and (b) the encrypted bytes then returns a
+        # base64 representation
+        [iv << encrypted_bytes].pack('m')
+      end
+
+      def authorize(money, payment, options = {})
+        post = {
+          operation: 'Authorize',
+          commerce_id: @options[:commerce_id],
+          user: @options[:user],
+          apikey: @options[:api_key],
+          testMode: (test? ? 'YES' : 'NO')
+        }
+        add_invoice(post, money, options)
+        # Payments contains the card information
+        add_payment(post, payment)
+        add_customer_data(post, options)
+        post[:key_session] = @options[:key_session]
+
+        post_to_json = post.to_json
+        post_to_json_encrypt = encrypt(post_to_json, @options[:key_session])
+
+        final_post = '<authorization>' + post_to_json_encrypt + '</authorization><dataID>' + @options[:user] + '</dataID>'
+        json_post = {}
+        json_post[:payload] = final_post
+        commit('sale', json_post)
+      end
+
+      def capture(money, authorization, options = {})
+        post = {
+          operation: 'Capture',
+          commerce_id: @options[:commerce_id],
+          user: @options[:user],
+          apikey: @options[:api_key],
+          testMode: (test? ? 'YES' : 'NO'),
+          transaction_id: authorization,
+          amount: amount(money)
+        }
+        post[:key_session] = @options[:key_session]
+
+        post_to_json = post.to_json
+        post_to_json_encrypt = encrypt(post_to_json, @options[:key_session])
+
+        final_post = '<capture>' + post_to_json_encrypt + '</capture><dataID>' + @options[:user] + '</dataID>'
+        json_post = {}
+        json_post[:payload] = final_post
+        commit('capture', json_post)
+      end
+
+      def refund(money, authorization, options = {})
+        post = {
+          operation: 'Refund',
+          commerce_id: @options[:commerce_id],
+          user: @options[:user],
+          apikey: @options[:api_key],
+          testMode: (test? ? 'YES' : 'NO'),
+          transaction_id: authorization,
+          auth: authorization,
+          amount: amount(money)
+        }
+        post[:key_session] = @options[:key_session]
+
+        post_to_json = post.to_json
+        post_to_json_encrypt = encrypt(post_to_json, @options[:key_session])
+
+        final_post = '<refund>' + post_to_json_encrypt + '</refund><dataID>' + @options[:user] + '</dataID>'
+        json_post = {}
+        json_post[:payload] = final_post
+        commit('refund', json_post)
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        ret_transcript = transcript
+        auth_origin = ret_transcript[/<authorization>(.*?)<\/authorization>/, 1]
+        unless auth_origin.nil?
+          auth_decrypted = decrypt(auth_origin, @options[:key_session])
+          auth_json = JSON.parse(auth_decrypted)
+          auth_json['card'] = '[FILTERED]'
+          auth_json['cvv'] = '[FILTERED]'
+          auth_json['apikey'] = '[FILTERED]'
+          auth_json['key_session'] = '[FILTERED]'
+          auth_to_json = auth_json.to_json
+          auth_tagged = '<authorization>' + auth_to_json + '</authorization>'
+          ret_transcript = ret_transcript.gsub(/<authorization>(.*?)<\/authorization>/, auth_tagged)
+        end
+
+        cap_origin = ret_transcript[/<capture>(.*?)<\/capture>/, 1]
+        unless cap_origin.nil?
+          cap_decrypted = decrypt(cap_origin, @options[:key_session])
+          cap_json = JSON.parse(cap_decrypted)
+          cap_json['apikey'] = '[FILTERED]'
+          cap_json['key_session'] = '[FILTERED]'
+          cap_to_json = cap_json.to_json
+          cap_tagged = '<capture>' + cap_to_json + '</capture>'
+          ret_transcript = ret_transcript.gsub(/<capture>(.*?)<\/capture>/, cap_tagged)
+        end
+
+        ref_origin = ret_transcript[/<refund>(.*?)<\/refund>/, 1]
+        unless ref_origin.nil?
+          ref_decrypted = decrypt(ref_origin, @options[:key_session])
+          ref_json = JSON.parse(ref_decrypted)
+          ref_json['apikey'] = '[FILTERED]'
+          ref_json['key_session'] = '[FILTERED]'
+          ref_to_json = ref_json.to_json
+          ref_tagged = '<refund>' + ref_to_json + '</refund>'
+          ret_transcript = ret_transcript.gsub(/<refund>(.*?)<\/refund>/, ref_tagged)
+        end
+
+        res_origin = ret_transcript[/#{Regexp.escape('reading ')}(.*?)#{Regexp.escape('read')}/m, 1]
+        loop do
+          break if res_origin.nil?
+
+          resp_origin = res_origin[/#{Regexp.escape('"')}(.*?)#{Regexp.escape('"')}/m, 1]
+          resp_decrypted = decrypt(resp_origin, @options[:key_session])
+          ret_transcript[/#{Regexp.escape('reading ')}(.*?)#{Regexp.escape('read')}/m, 1] = resp_decrypted
+          ret_transcript = ret_transcript.sub('reading ', 'response: ')
+          res_origin = ret_transcript[/#{Regexp.escape('reading ')}(.*?)#{Regexp.escape('read')}/m, 1]
+        end
+
+        ret_transcript
+      end
+
+      private
+
+      def add_customer_data(post, options)
+        post[:email] = options[:email] || 'nadie@mit.test'
+      end
+
+      def add_invoice(post, money, options)
+        post[:amount] = amount(money)
+        post[:currency] = (options[:currency] || currency(money))
+        post[:reference] = options[:order_id]
+        post[:transaction_id] = options[:order_id]
+      end
+
+      def add_payment(post, payment)
+        post[:installments] = 1
+        post[:card] = payment.number
+        post[:expmonth] = payment.month
+        post[:expyear] = payment.year
+        post[:cvv] = payment.verification_value
+        post[:name_client] = [payment.first_name, payment.last_name].join(' ')
+      end
+
+      def commit(action, parameters)
+        json_str = JSON.generate(parameters)
+        cleaned_str = json_str.gsub('\n', '')
+        raw_response = ssl_post(live_url, cleaned_str, { 'Content-type' => 'application/json' })
+        response = JSON.parse(decrypt(raw_response, @options[:key_session]))
+
+        Response.new(
+          success_from(response),
+          message_from(response),
+          response,
+          authorization: authorization_from(response),
+          avs_result: AVSResult.new(code: response['some_avs_response_key']),
+          cvv_result: CVVResult.new(response['some_cvv_response_key']),
+          test: test?,
+          error_code: error_code_from(response)
+        )
+      end
+
+      def success_from(response)
+        response['response'] == 'approved'
+      end
+
+      def message_from(response)
+        response['response']
+      end
+
+      def authorization_from(response)
+        response['reference']
+      end
+
+      def post_data(action, parameters = {})
+        parameters.collect { |key, value| "#{key}=#{CGI.escape(value.to_s)}" }.join('&')
+      end
+
+      def error_code_from(response)
+        response['message'].split(' -- ', 2)[0] unless success_from(response)
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/gateways/moka.rb

@@ -0,0 +1,290 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class MokaGateway < Gateway
+      self.test_url = 'https://service.refmoka.com'
+      self.live_url = 'https://service.moka.com'
+
+      self.supported_countries = %w[GB TR US]
+      self.default_currency = 'TRY'
+      self.money_format = :dollars
+      self.supported_cardtypes = %i[visa master american_express discover]
+
+      self.homepage_url = 'http://developer.moka.com/'
+      self.display_name = 'Moka'
+
+      ERROR_CODE_MAPPING = {
+        '000' =>	'General error',
+        '001' =>	'3D Not authenticated',
+        '002' =>	'Limit is insufficient',
+        '003' =>	'Credit card number format is wrong',
+        '004' =>	'General decline',
+        '005' =>	'This process is invalid for the card owner',
+        '006' =>	'Expiration date is wrong',
+        '007' =>	'Invalid transaction',
+        '008' =>	'Connection with the bank not established',
+        '009' =>	'Undefined error code',
+        '010' =>	'Bank SSL error',
+        '011' =>	'Call the bank for the manual authentication',
+        '012' =>	'Card info is wrong - Kart Number or CVV2',
+        '013' =>	'3D secure is not supported other than Visa MC cards',
+        '014' =>	'Invalid account number',
+        '015' =>	'CVV is wrong',
+        '016' =>	'Authentication process is not present',
+        '017' =>	'System error',
+        '018' =>	'Stolen card',
+        '019' =>	'Lost card',
+        '020' =>	'Card with limited properties',
+        '021' =>	'Timeout',
+        '022' =>	'Invalid merchant',
+        '023' =>	'False authentication',
+        '024' =>	'3D authorization is successful but the process cannot be completed',
+        '025' =>	'3D authorization failure',
+        '026' =>	'Either the issuer bank or the card is not enrolled to the 3D process',
+        '027' =>	'The bank did not allow the process',
+        '028' =>	'Fraud suspect',
+        '029' =>	'The card is closed to the e-commerce operations'
+      }
+
+      def initialize(options = {})
+        requires!(options, :dealer_code, :username, :password)
+        super
+      end
+
+      def purchase(money, payment, options = {})
+        post = {}
+        post[:PaymentDealerRequest] = {}
+        options[:pre_auth] = 0
+        add_auth_purchase(post, money, payment, options)
+        add_3ds_data(post, options) if options[:execute_threed]
+
+        action = options[:execute_threed] ? 'three_ds_purchase' : 'purchase'
+        commit(action, post)
+      end
+
+      def authorize(money, payment, options = {})
+        post = {}
+        post[:PaymentDealerRequest] = {}
+        options[:pre_auth] = 1
+        add_auth_purchase(post, money, payment, options)
+        add_3ds_data(post, options) if options[:execute_threed]
+
+        action = options[:execute_threed] ? 'three_ds_authorize' : 'authorize'
+        commit(action, post)
+      end
+
+      def capture(money, authorization, options = {})
+        post = {}
+        post[:PaymentDealerRequest] = {}
+        add_payment_dealer_authentication(post)
+        add_transaction_reference(post, authorization)
+        add_invoice(post, money, options)
+
+        commit('capture', post)
+      end
+
+      def refund(money, authorization, options = {})
+        post = {}
+        post[:PaymentDealerRequest] = {}
+        add_payment_dealer_authentication(post)
+        add_transaction_reference(post, authorization)
+        add_void_refund_reason(post)
+        add_amount(post, money)
+
+        commit('refund', post)
+      end
+
+      def void(authorization, options = {})
+        post = {}
+        post[:PaymentDealerRequest] = {}
+        add_payment_dealer_authentication(post)
+        add_transaction_reference(post, authorization)
+        add_void_refund_reason(post)
+
+        commit('void', post)
+      end
+
+      def verify(credit_card, options = {})
+        MultiResponse.run(:use_first_response) do |r|
+          r.process { authorize(100, credit_card, options) }
+          r.process(:ignore_result) { void(r.authorization, options) }
+        end
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r(("CardNumber\\?":\\?")[^"]*)i, '\1[FILTERED]').
+          gsub(%r(("CvcNumber\\?":\\?")[^"]*)i, '\1[FILTERED]').
+          gsub(%r(("DealerCode\\?":\\?"?)[^"?]*)i, '\1[FILTERED]').
+          gsub(%r(("Username\\?":\\?")[^"]*)i, '\1[FILTERED]').
+          gsub(%r(("Password\\?":\\?")[^"]*)i, '\1[FILTERED]').
+          gsub(%r(("CheckKey\\?":\\?")[^"]*)i, '\1[FILTERED]')
+      end
+
+      private
+
+      def add_auth_purchase(post, money, payment, options)
+        add_payment_dealer_authentication(post)
+        add_invoice(post, money, options)
+        add_payment(post, payment)
+        add_additional_auth_purchase_data(post, options)
+        add_additional_transaction_data(post, options)
+        add_buyer_information(post, payment, options)
+        add_basket_product(post, options[:basket_product]) if options[:basket_product]
+      end
+
+      def add_3ds_data(post, options)
+        post[:PaymentDealerRequest][:ReturnHash] = 1
+        post[:PaymentDealerRequest][:RedirectUrl] = options[:redirect_url] || ''
+        post[:PaymentDealerRequest][:RedirectType] = options[:redirect_type] || 0
+      end
+
+      def add_payment_dealer_authentication(post)
+        post[:PaymentDealerAuthentication] = {
+          DealerCode: @options[:dealer_code],
+          Username: @options[:username],
+          Password: @options[:password],
+          CheckKey: check_key
+        }
+      end
+
+      def check_key
+        str = "#{@options[:dealer_code]}MK#{@options[:username]}PD#{@options[:password]}"
+        Digest::SHA256.hexdigest(str)
+      end
+
+      def add_invoice(post, money, options)
+        post[:PaymentDealerRequest][:Amount] = amount(money) || 0
+        post[:PaymentDealerRequest][:Currency] = options[:currency] || 'TL'
+      end
+
+      def add_payment(post, card)
+        post[:PaymentDealerRequest][:CardHolderFullName] = card.name
+        post[:PaymentDealerRequest][:CardNumber] = card.number
+        post[:PaymentDealerRequest][:ExpMonth] = card.month.to_s.rjust(2, '0')
+        post[:PaymentDealerRequest][:ExpYear] = card.year
+        post[:PaymentDealerRequest][:CvcNumber] = card.verification_value || ''
+      end
+
+      def add_amount(post, money)
+        post[:PaymentDealerRequest][:Amount] = amount(money) || 0
+      end
+
+      def add_additional_auth_purchase_data(post, options)
+        post[:PaymentDealerRequest][:IsPreAuth] = options[:pre_auth]
+        post[:PaymentDealerRequest][:Description] = options[:description] if options[:description]
+        post[:PaymentDealerRequest][:InstallmentNumber] = options[:installment_number].to_i if options[:installment_number]
+        post[:SubMerchantName] = options[:sub_merchant_name] if options[:sub_merchant_name]
+        post[:IsPoolPayment] = options[:is_pool_payment] || 0
+      end
+
+      def add_buyer_information(post, card, options)
+        obj = {}
+
+        obj[:BuyerFullName] = card.name || ''
+        obj[:BuyerEmail] = options[:email] if options[:email]
+        obj[:BuyerAddress] = options[:billing_address][:address1] if options[:billing_address]
+        obj[:BuyerGsmNumber] = options[:billing_address][:phone] if options[:billing_address]
+
+        post[:PaymentDealerRequest][:BuyerInformation] = obj
+      end
+
+      def add_basket_product(post, basket_options)
+        basket = []
+
+        basket_options.each do |product|
+          obj = {}
+          obj[:ProductId] = product[:product_id] if product[:product_id]
+          obj[:ProductCode] = product[:product_code] if product[:product_code]
+          obj[:UnitPrice] = amount(product[:unit_price]) if product[:unit_price]
+          obj[:Quantity] = product[:quantity] if product[:quantity]
+          basket << obj
+        end
+
+        post[:PaymentDealerRequest][:BasketProduct] = basket
+      end
+
+      def add_additional_transaction_data(post, options)
+        post[:PaymentDealerRequest][:ClientIP] = options[:ip] if options[:ip]
+        post[:PaymentDealerRequest][:OtherTrxCode] = options[:order_id] if options[:order_id]
+      end
+
+      def add_transaction_reference(post, authorization)
+        post[:PaymentDealerRequest][:VirtualPosOrderId] = authorization
+      end
+
+      def add_void_refund_reason(post)
+        post[:PaymentDealerRequest][:VoidRefundReason] = 2
+      end
+
+      def commit(action, parameters)
+        response = parse(ssl_post(url(action), post_data(parameters), request_headers))
+        Response.new(
+          success_from(response),
+          message_from(response),
+          response,
+          authorization: authorization_from(response),
+          test: test?,
+          error_code: error_code_from(response)
+        )
+      end
+
+      def url(action)
+        host = (test? ? test_url : live_url)
+        endpoint = endpoint(action)
+
+        "#{host}/PaymentDealer/#{endpoint}"
+      end
+
+      def endpoint(action)
+        case action
+        when 'three_ds_authorize', 'three_ds_purchase'
+          'DoDirectPaymentThreeD'
+        when 'purchase', 'authorize'
+          'DoDirectPayment'
+        when 'capture'
+          'DoCapture'
+        when 'void'
+          'DoVoid'
+        when 'refund'
+          'DoCreateRefundRequest'
+        end
+      end
+
+      def request_headers
+        { 'Content-Type' => 'application/json' }
+      end
+
+      def post_data(parameters = {})
+        JSON.generate(parameters)
+      end
+
+      def parse(body)
+        JSON.parse(body)
+      end
+
+      def success_from(response)
+        return response.dig('Data', 'IsSuccessful') if response.dig('Data', 'IsSuccessful').to_s.present?
+
+        response['ResultCode']&.casecmp('success') == 0
+      end
+
+      def message_from(response)
+        response.dig('Data', 'ResultMessage').presence || response['ResultCode']
+      end
+
+      def authorization_from(response)
+        response.dig('Data', 'VirtualPosOrderId')
+      end
+
+      def error_code_from(response)
+        codes = [response['ResultCode'], response.dig('Data', 'ResultCode')].flatten
+        codes.reject! { |code| code.blank? || code.casecmp('success').zero? }
+        codes.map { |code| ERROR_CODE_MAPPING[code] || code }.join(', ')
+      end
+    end
+  end
+end