activemerchant 1.123.0 → 1.126.0

data/lib/active_merchant/billing/gateways/stripe.rb

@@ -23,9 +23,9 @@ module ActiveMerchant #:nodoc:
         'unchecked' => 'P'
       }
 
-      DEFAULT_API_VERSION = '2015-04-07'
+      DEFAULT_API_VERSION = '2020-08-27'
 
-      self.supported_countries = %w(AT AU BE BG BR CA CH CY CZ DE DK EE ES FI FR GB GR HK IE IT JP LT LU LV MT MX NL NO NZ PL PT RO SE SG SI SK US)
+      self.supported_countries = %w(AE AT AU BE BG BR CA CH CY CZ DE DK EE ES FI FR GB GR HK HU IE IN IT JP LT LU LV MT MX MY NL NO NZ PL PT RO SE SG SI SK US)
       self.default_currency = 'USD'
       self.money_format = :cents
       self.supported_cardtypes = %i[visa master american_express discover jcb diners_club maestro unionpay]
@@ -48,7 +48,8 @@ module ActiveMerchant #:nodoc:
         'processing_error' => STANDARD_ERROR_CODE[:processing_error],
         'incorrect_pin' => STANDARD_ERROR_CODE[:incorrect_pin],
         'test_mode_live_card' => STANDARD_ERROR_CODE[:test_mode_live_card],
-        'pickup_card' => STANDARD_ERROR_CODE[:pickup_card]
+        'pickup_card' => STANDARD_ERROR_CODE[:pickup_card],
+        'amount_too_small' => STANDARD_ERROR_CODE[:invalid_amount]
       }
 
       BANK_ACCOUNT_HOLDER_TYPE_MAPPING = {
@@ -223,9 +224,10 @@ module ActiveMerchant #:nodoc:
 
             post[:default_card] = r.params['id'] if options[:set_default] && r.success? && !r.params['id'].blank?
 
-            r.process { update_customer(options[:customer], post) } if post.count > 0
+            r.process { update_customer(options[:customer], post.merge(expand: [:sources])) } if post.count > 0
           end
         else
+          post[:expand] = [:sources]
           commit(:post, 'customers', post.merge(params), options)
         end
       end
@@ -286,13 +288,26 @@ module ActiveMerchant #:nodoc:
           gsub(%r(((\[card\]|card)\[encrypted_pin\]=)[^&]+(&?)), '\1[FILTERED]\3').
           gsub(%r(((\[card\]|card)\[encrypted_pin_key_id\]=)[\w=]+(&?)), '\1[FILTERED]\3').
           gsub(%r(((\[card\]|card)\[number\]=)\d+), '\1[FILTERED]').
-          gsub(%r(((\[card\]|card)\[swipe_data\]=)[^&]+(&?)), '\1[FILTERED]\3')
+          gsub(%r(((\[card\]|card)\[swipe_data\]=)[^&]+(&?)), '\1[FILTERED]\3').
+          gsub(%r(((\[bank_account\]|bank_account)\[account_number\]=)\d+), '\1[FILTERED]').
+          gsub(%r(((\[payment_method_data\]|payment_method_data)\[card\]\[token\]=)[^&]+(&?)), '\1[FILTERED]\3')
       end
 
       def supports_network_tokenization?
         true
       end
 
+      # Helper method to prevent hitting the external_account limit from remote test runs
+      def delete_latest_test_external_account(account)
+        return unless test?
+
+        auth_header = { 'Authorization': "Bearer #{options[:login]}" }
+        url = "#{live_url}accounts/#{CGI.escape(account)}/external_accounts"
+        accounts_response = JSON.parse(ssl_get("#{url}?limit=100", auth_header))
+        to_delete = accounts_response['data'].reject { |ac| ac['default_for_currency'] }
+        ssl_request(:delete, "#{url}/#{to_delete.first['id']}", nil, auth_header)
+      end
+
       private
 
       class StripePaymentToken < PaymentToken
@@ -379,6 +394,7 @@ module ActiveMerchant #:nodoc:
         add_destination(post, options)
         add_level_three(post, options)
         add_connected_account(post, options)
+        add_radar_data(post, options)
         post
       end
 
@@ -532,7 +548,6 @@ module ActiveMerchant #:nodoc:
         post[:metadata].merge!(options[:metadata]) if options[:metadata]
         post[:metadata][:email] = options[:email] if options[:email]
         post[:metadata][:order_id] = options[:order_id] if options[:order_id]
-        post.delete(:metadata) if post[:metadata].empty?
       end
 
       def add_emv_metadata(post, creditcard)
@@ -570,6 +585,14 @@ module ActiveMerchant #:nodoc:
         post[:application_fee_amount] = options[:application_fee_amount] if options[:application_fee_amount]
       end
 
+      def add_radar_data(post, options = {})
+        radar_options = {}
+        radar_options[:session] = options[:radar_session_id] if options[:radar_session_id]
+        radar_options[:skip_rules] = ['all'] if options[:skip_radar_rules]
+
+        post[:radar_options] = radar_options unless radar_options.empty?
+      end
+
       def parse(body)
         JSON.parse(body)
       end
@@ -658,7 +681,6 @@ module ActiveMerchant #:nodoc:
         card = card_from_response(response)
         avs_code = AVS_CODE_TRANSLATOR["line1: #{card['address_line1_check']}, zip: #{card['address_zip_check']}"]
         cvc_code = CVC_CODE_TRANSLATOR[card['cvc_check']]
-
         Response.new(success,
           message_from(success, response),
           response,
@@ -754,7 +776,7 @@ module ActiveMerchant #:nodoc:
             country: 'US',
             currency: 'usd',
             routing_number: bank_account.routing_number,
-            name: bank_account.name,
+            account_holder_name: bank_account.name,
             account_holder_type: account_holder_type
           }
         }

data/lib/active_merchant/billing/gateways/stripe_payment_intents.rb

@@ -5,41 +5,50 @@ module ActiveMerchant #:nodoc:
     # This gateway uses the current Stripe {Payment Intents API}[https://stripe.com/docs/api/payment_intents].
     # For the legacy API, see the Stripe gateway
     class StripePaymentIntentsGateway < StripeGateway
-      self.supported_countries = %w(AT AU BE BG BR CA CH CY CZ DE DK EE ES FI FR GB GR HK IE IT JP LT LU LV MT MX NL NO NZ PL PT RO SE SG SI SK US)
-
       ALLOWED_METHOD_STATES = %w[automatic manual].freeze
       ALLOWED_CANCELLATION_REASONS = %w[duplicate fraudulent requested_by_customer abandoned].freeze
       CREATE_INTENT_ATTRIBUTES = %i[description statement_descriptor_suffix statement_descriptor receipt_email save_payment_method]
       CONFIRM_INTENT_ATTRIBUTES = %i[receipt_email return_url save_payment_method setup_future_usage off_session]
       UPDATE_INTENT_ATTRIBUTES = %i[description statement_descriptor_suffix statement_descriptor receipt_email setup_future_usage]
-      DEFAULT_API_VERSION = '2019-05-16'
+      DEFAULT_API_VERSION = '2020-08-27'
 
       def create_intent(money, payment_method, options = {})
-        post = {}
-        add_amount(post, money, options, true)
-        add_capture_method(post, options)
-        add_confirmation_method(post, options)
-        add_customer(post, options)
-        payment_method = add_payment_method_token(post, payment_method, options)
-        return payment_method if payment_method.is_a?(ActiveMerchant::Billing::Response)
-
-        add_external_three_d_secure_auth_data(post, options)
-        add_metadata(post, options)
-        add_return_url(post, options)
-        add_connected_account(post, options)
-        add_shipping_address(post, options)
-        setup_future_usage(post, options)
-        add_exemption(post, options)
-        add_stored_credentials(post, options)
-        add_ntid(post, options)
-        add_error_on_requires_action(post, options)
-        request_three_d_secure(post, options)
-
-        CREATE_INTENT_ATTRIBUTES.each do |attribute|
-          add_whitelisted_attribute(post, options, attribute)
+        MultiResponse.run do |r|
+          if payment_method.is_a?(NetworkTokenizationCreditCard)
+            r.process { tokenize_apple_google(payment_method, options) }
+            payment_method = (r.params['token']['id']) if r.success?
+          end
+          r.process do
+            post = {}
+            add_amount(post, money, options, true)
+            add_capture_method(post, options)
+            add_confirmation_method(post, options)
+            add_customer(post, options)
+
+            result = add_payment_method_token(post, payment_method, options)
+            return result if result.is_a?(ActiveMerchant::Billing::Response)
+
+            add_external_three_d_secure_auth_data(post, options)
+            add_metadata(post, options)
+            add_return_url(post, options)
+            add_connected_account(post, options)
+            add_radar_data(post, options)
+            add_shipping_address(post, options)
+            setup_future_usage(post, options)
+            add_exemption(post, options)
+            add_stored_credentials(post, options)
+            add_ntid(post, options)
+            add_claim_without_transaction_id(post, options)
+            add_error_on_requires_action(post, options)
+            add_fulfillment_date(post, options)
+            request_three_d_secure(post, options)
+
+            CREATE_INTENT_ATTRIBUTES.each do |attribute|
+              add_whitelisted_attribute(post, options, attribute)
+            end
+            commit(:post, 'payment_intents', post, options)
+          end
         end
-
-        commit(:post, 'payment_intents', post, options)
       end
 
       def show_intent(intent_id, options)
@@ -48,23 +57,25 @@ module ActiveMerchant #:nodoc:
 
       def confirm_intent(intent_id, payment_method, options = {})
         post = {}
-        payment_method = add_payment_method_token(post, payment_method, options)
-        return payment_method if payment_method.is_a?(ActiveMerchant::Billing::Response)
+        result = add_payment_method_token(post, payment_method, options)
+        return result if result.is_a?(ActiveMerchant::Billing::Response)
 
+        add_payment_method_types(post, options)
         CONFIRM_INTENT_ATTRIBUTES.each do |attribute|
           add_whitelisted_attribute(post, options, attribute)
         end
+
         commit(:post, "payment_intents/#{intent_id}/confirm", post, options)
       end
 
       def create_payment_method(payment_method, options = {})
-        post_data = create_payment_method_data(payment_method, options)
+        post_data = add_payment_method_data(payment_method, options)
 
         options = format_idempotency_key(options, 'pm')
         commit(:post, 'payment_methods', post_data, options)
       end
 
-      def create_payment_method_data(payment_method, options = {})
+      def add_payment_method_data(payment_method, options = {})
         post_data = {}
         post_data[:type] = 'card'
         post_data[:card] = {}
@@ -73,21 +84,30 @@ module ActiveMerchant #:nodoc:
         post_data[:card][:exp_year] = payment_method.year
         post_data[:card][:cvc] = payment_method.verification_value if payment_method.verification_value
         add_billing_address(post_data, options)
+        add_name_only(post_data, payment_method) if post_data[:billing_details].nil?
         post_data
       end
 
+      def add_payment_method_card_data_token(post_data, payment_method)
+        post_data.merge!({
+          payment_method_types: ['card'],
+          payment_method_data: { type: 'card', card: { token: payment_method } }
+        })
+      end
+
       def update_intent(money, intent_id, payment_method, options = {})
         post = {}
         add_amount(post, money, options)
 
-        payment_method = add_payment_method_token(post, payment_method, options)
-        return payment_method if payment_method.is_a?(ActiveMerchant::Billing::Response)
+        result = add_payment_method_token(post, payment_method, options)
+        return result if result.is_a?(ActiveMerchant::Billing::Response)
 
         add_payment_method_types(post, options)
         add_customer(post, options)
         add_metadata(post, options)
         add_shipping_address(post, options)
         add_connected_account(post, options)
+        add_fulfillment_date(post, options)
 
         UPDATE_INTENT_ATTRIBUTES.each do |attribute|
           add_whitelisted_attribute(post, options, attribute)
@@ -98,11 +118,13 @@ module ActiveMerchant #:nodoc:
       def create_setup_intent(payment_method, options = {})
         post = {}
         add_customer(post, options)
-        payment_method = add_payment_method_token(post, payment_method, options)
-        return payment_method if payment_method.is_a?(ActiveMerchant::Billing::Response)
+        result = add_payment_method_token(post, payment_method, options)
+        return result if result.is_a?(ActiveMerchant::Billing::Response)
 
         add_metadata(post, options)
         add_return_url(post, options)
+        add_fulfillment_date(post, options)
+        request_three_d_secure(post, options)
         post[:on_behalf_of] = options[:on_behalf_of] if options[:on_behalf_of]
         post[:usage] = options[:usage] if %w(on_session off_session).include?(options[:usage])
         post[:description] = options[:description] if options[:description]
@@ -174,12 +196,11 @@ module ActiveMerchant #:nodoc:
       def store(payment_method, options = {})
         params = {}
         post = {}
-
         # If customer option is provided, create a payment method and attach to customer id
         # Otherwise, create a customer, then attach
         if payment_method.is_a?(StripePaymentToken) || payment_method.is_a?(ActiveMerchant::Billing::CreditCard)
-          payment_method = add_payment_method_token(params, payment_method, options)
-          return payment_method if payment_method.is_a?(ActiveMerchant::Billing::Response)
+          result = add_payment_method_token(params, payment_method, options)
+          return result if result.is_a?(ActiveMerchant::Billing::Response)
 
           if options[:customer]
             customer_id = options[:customer]
@@ -187,6 +208,7 @@ module ActiveMerchant #:nodoc:
             post[:description] = options[:description] if options[:description]
             post[:email] = options[:email] if options[:email]
             options = format_idempotency_key(options, 'customer')
+            post[:expand] = [:sources]
             customer = commit(:post, 'customers', post, options)
             customer_id = customer.params['id']
           end
@@ -212,6 +234,16 @@ module ActiveMerchant #:nodoc:
         create_setup_intent(payment_method, options.merge!(confirm: true))
       end
 
+      def setup_purchase(money, options = {})
+        requires!(options, :payment_method_types)
+        post = {}
+        add_currency(post, options, money)
+        add_amount(post, money, options)
+        add_payment_method_types(post, options)
+        add_metadata(post, options)
+        commit(:post, 'payment_intents', post, options)
+      end
+
       private
 
       def off_session_request?(options = {})
@@ -242,6 +274,16 @@ module ActiveMerchant #:nodoc:
         post[:customer] = customer if customer.start_with?('cus_')
       end
 
+      def add_fulfillment_date(post, options)
+        post[:fulfillment_date] = options[:fulfillment_date].to_i if options[:fulfillment_date]
+      end
+
+      def add_metadata(post, options = {})
+        super
+
+        post[:metadata][:event_type] = options[:event_type] if options[:event_type]
+      end
+
       def add_return_url(post, options)
         return unless options[:confirm]
 
@@ -250,35 +292,69 @@ module ActiveMerchant #:nodoc:
       end
 
       def add_payment_method_token(post, payment_method, options)
-        return if payment_method.nil?
+        case payment_method
+        when StripePaymentToken
+          post[:payment_method_data] = {
+            type: 'card',
+            card: {
+              token: payment_method.payment_data['id'] || payment_method.payment_data
+            }
+          }
+          post[:payment_method] = payment_method.payment_data['id'] || payment_method.payment_data
+        when String
+          extract_token_from_string_and_maybe_add_customer_id(post, payment_method)
+        when ActiveMerchant::Billing::CreditCard
+          get_payment_method_data_from_card(post, payment_method, options)
+        end
+      end
 
-        if payment_method.is_a?(ActiveMerchant::Billing::CreditCard)
-          if off_session_request?(options)
-            post[:payment_method_data] = create_payment_method_data(payment_method, options)
-            return
-          else
-            p = create_payment_method(payment_method, options)
-            return p unless p.success?
+      def extract_token_from_string_and_maybe_add_customer_id(post, payment_method)
+        if payment_method.include?('|')
+          customer_id, payment_method = payment_method.split('|')
+          post[:customer] = customer_id
+        end
 
-            payment_method = p.params['id']
-          end
+        if payment_method.include?('tok_')
+          add_payment_method_card_data_token(post, payment_method)
+        else
+          post[:payment_method] = payment_method
         end
+      end
 
-        case payment_method
-        when StripePaymentToken
-          post[:payment_method] = payment_method.payment_data['id']
-        when String
-          if payment_method.include?('|')
-            customer_id, payment_method_id = payment_method.split('|')
-            token = payment_method_id
-            post[:customer] = customer_id
-          else
-            token = payment_method
-          end
-          post[:payment_method] = token
+      def tokenize_apple_google(payment, options = {})
+        tokenization_method = payment.source == :google_pay ? :android_pay : payment.source
+        post = {
+          card: {
+            number: payment.number,
+            exp_month: payment.month,
+            exp_year: payment.year,
+            tokenization_method: tokenization_method,
+            eci: payment.eci,
+            cryptogram: payment.payment_cryptogram
+          }
+        }
+        token_response = api_request(:post, 'tokens', post, options)
+        success = token_response['error'].nil?
+        if success && token_response['id']
+          Response.new(success, nil, token: token_response)
+        elsif token_response['error']['message']
+          Response.new(false, "The tokenization process fails. #{token_response['error']['message']}")
+        else
+          Response.new(false, "The tokenization process fails. #{token_response}")
         end
+      end
 
-        post
+      def get_payment_method_data_from_card(post, payment_method, options)
+        return create_payment_method_and_extract_token(post, payment_method, options) unless off_session_request?(options)
+
+        post[:payment_method_data] = add_payment_method_data(payment_method, options)
+      end
+
+      def create_payment_method_and_extract_token(post, payment_method, options)
+        payment_method_response = create_payment_method(payment_method, options)
+        return payment_method_response if payment_method_response.failure?
+
+        add_payment_method_token(post, payment_method_response.params['id'], options)
       end
 
       def add_payment_method_types(post, options)
@@ -326,6 +402,19 @@ module ActiveMerchant #:nodoc:
         post[:payment_method_options][:card][:mit_exemption][:network_transaction_id] = options[:network_transaction_id] if options[:network_transaction_id]
       end
 
+      def add_claim_without_transaction_id(post, options = {})
+        return if options[:stored_credential] || options[:network_transaction_id] || options[:ds_transaction_id]
+        return unless options[:claim_without_transaction_id]
+
+        post[:payment_method_options] ||= {}
+        post[:payment_method_options][:card] ||= {}
+        post[:payment_method_options][:card][:mit_exemption] = {}
+
+        # Stripe PI accepts claim_without_transaction_id for transactions without transaction ids.
+        # Gateway validation for this field occurs through a different service, before the transaction request is sent to the gateway.
+        post[:payment_method_options][:card][:mit_exemption][:claim_without_transaction_id] = options[:claim_without_transaction_id]
+      end
+
       def add_error_on_requires_action(post, options = {})
         return unless options[:confirm]
 
@@ -375,22 +464,32 @@ module ActiveMerchant #:nodoc:
         post[:billing_details][:phone] = billing[:phone] if billing[:phone]
       end
 
+      def add_name_only(post, payment_method)
+        post[:billing_details] = {} unless post[:billing_details]
+
+        name = [payment_method.first_name, payment_method.last_name].compact.join(' ')
+        post[:billing_details][:name] = name
+      end
+
       def add_shipping_address(post, options = {})
-        return unless shipping = options[:shipping]
+        return unless shipping = options[:shipping_address]
 
         post[:shipping] = {}
-        post[:shipping][:address] = {}
-        post[:shipping][:address][:line1] = shipping[:address][:line1]
-        post[:shipping][:address][:city] = shipping[:address][:city] if shipping[:address][:city]
-        post[:shipping][:address][:country] = shipping[:address][:country] if shipping[:address][:country]
-        post[:shipping][:address][:line2] = shipping[:address][:line2] if shipping[:address][:line2]
-        post[:shipping][:address][:postal_code] = shipping[:address][:postal_code] if shipping[:address][:postal_code]
-        post[:shipping][:address][:state] = shipping[:address][:state] if shipping[:address][:state]
 
+        # fields required by Stripe PI
+        post[:shipping][:address] = {}
+        post[:shipping][:address][:line1] = shipping[:address1]
         post[:shipping][:name] = shipping[:name]
-        post[:shipping][:carrier] = shipping[:carrier] if shipping[:carrier]
-        post[:shipping][:phone] = shipping[:phone] if shipping[:phone]
-        post[:shipping][:tracking_number] = shipping[:tracking_number] if shipping[:tracking_number]
+
+        # fields considered optional by Stripe PI
+        post[:shipping][:address][:city] = shipping[:city] if shipping[:city]
+        post[:shipping][:address][:country] = shipping[:country] if shipping[:country]
+        post[:shipping][:address][:line2] = shipping[:address2] if shipping[:address2]
+        post[:shipping][:address][:postal_code] = shipping[:zip] if shipping[:zip]
+        post[:shipping][:address][:state] = shipping[:state] if shipping[:state]
+        post[:shipping][:phone] = shipping[:phone_number] if shipping[:phone_number]
+        post[:shipping][:carrier] = (shipping[:carrier] || options[:shipping_carrier]) if shipping[:carrier] || options[:shipping_carrier]
+        post[:shipping][:tracking_number] = (shipping[:tracking_number] || options[:shipping_tracking_number]) if shipping[:tracking_number] || options[:shipping_tracking_number]
       end
 
       def format_idempotency_key(options, suffix)
@@ -408,6 +507,10 @@ module ActiveMerchant #:nodoc:
 
         super(response, options)
       end
+
+      def add_currency(post, options, money)
+        post[:currency] = options[:currency] || currency(money)
+      end
     end
   end
 end

data/lib/active_merchant/billing/gateways/trans_first_transaction_express.rb

@@ -317,7 +317,8 @@ module ActiveMerchant #:nodoc:
           gsub(%r((<[^>]+pan>)[^<]+(<))i, '\1[FILTERED]\2').
           gsub(%r((<[^>]+sec>)[^<]+(<))i, '\1[FILTERED]\2').
           gsub(%r((<[^>]+id>)[^<]+(<))i, '\1[FILTERED]\2').
-          gsub(%r((<[^>]+regKey>)[^<]+(<))i, '\1[FILTERED]\2')
+          gsub(%r((<[^>]+regKey>)[^<]+(<))i, '\1[FILTERED]\2').
+          gsub(%r((<[^>]+acctNr>)[^<]+(<))i, '\1[FILTERED]\2')
       end
 
       private

data/lib/active_merchant/billing/gateways/trust_commerce.rb

@@ -331,7 +331,8 @@ module ActiveMerchant #:nodoc:
           gsub(%r((Authorization: Basic )\w+), '\1[FILTERED]').
           gsub(%r((&?cc=)\d*(&?)), '\1[FILTERED]\2').
           gsub(%r((&?password=)[^&]+(&?)), '\1[FILTERED]\2').
-          gsub(%r((&?cvv=)\d*(&?)), '\1[FILTERED]\2')
+          gsub(%r((&?cvv=)\d*(&?)), '\1[FILTERED]\2').
+          gsub(%r((&?account=)\d*(&?)), '\1[FILTERED]\2')
       end
 
       private

data/lib/active_merchant/billing/gateways/usa_epay_transaction.rb

@@ -16,7 +16,8 @@ module ActiveMerchant #:nodoc:
         refund: 'cc:refund',
         void: 'cc:void',
         void_release: 'cc:void:release',
-        check_purchase: 'check:sale'
+        check_purchase: 'check:sale',
+        store: 'cc:save'
       }
 
       STANDARD_ERROR_CODE_MAPPING = {
@@ -43,14 +44,14 @@ module ActiveMerchant #:nodoc:
         super
       end
 
-      def authorize(money, credit_card, options = {})
+      def authorize(money, payment, options = {})
         post = {}
 
         add_amount(post, money)
         add_invoice(post, options)
-        add_payment(post, credit_card)
-        unless credit_card.track_data.present?
-          add_address(post, credit_card, options)
+        add_payment(post, payment)
+        unless payment.is_a?(CreditCard) && payment.track_data.present?
+          add_address(post, payment, options)
           add_customer_data(post, options)
         end
         add_split_payments(post, options)
@@ -97,6 +98,12 @@ module ActiveMerchant #:nodoc:
         commit(:refund, post)
       end
 
+      def store(payment, options = {})
+        post = {}
+        add_payment(post, payment, options)
+        commit(:store, post)
+      end
+
       def verify(creditcard, options = {})
         MultiResponse.run(:use_first_response) do |r|
           r.process { authorize(1, creditcard, options) }
@@ -213,6 +220,8 @@ module ActiveMerchant #:nodoc:
         elsif payment.respond_to?(:track_data) && payment.track_data.present?
           post[:magstripe] = payment.track_data
           post[:cardpresent] = true
+        elsif payment.is_a?(String)
+          post[:card]   = payment
         else
           post[:card]   = payment.number
           post[:cvv2]   = payment.verification_value if payment.verification_value?
@@ -299,6 +308,7 @@ module ActiveMerchant #:nodoc:
           status: fields['UMstatus'],
           auth_code: fields['UMauthCode'],
           ref_num: fields['UMrefNum'],
+          card_ref: fields['UMcardRef'],
           batch: fields['UMbatch'],
           avs_result: fields['UMavsResult'],
           avs_result_code: fields['UMavsResultCode'],
@@ -321,7 +331,7 @@ module ActiveMerchant #:nodoc:
         error_code = (STANDARD_ERROR_CODE_MAPPING[response[:error_code]] || STANDARD_ERROR_CODE[:processing_error]) unless approved
         Response.new(approved, message_from(response), response,
           test: test?,
-          authorization: response[:ref_num],
+          authorization: authorization_from(action, response),
           cvv_result: response[:cvv2_result_code],
           avs_result: { code: response[:avs_result_code] },
           error_code: error_code)
@@ -337,6 +347,10 @@ module ActiveMerchant #:nodoc:
         end
       end
 
+      def authorization_from(action, response)
+        return (action == :store ? response[:card_ref] : response[:ref_num])
+      end
+
       def post_data(action, parameters = {})
         parameters[:command]  = TRANSACTIONS[action]
         parameters[:key]      = @options[:login]

data/lib/active_merchant/billing/gateways/visanet_peru.rb

@@ -90,8 +90,8 @@ module ActiveMerchant #:nodoc:
       CURRENCY_CODES['PEN'] = 604
 
       def add_invoice(params, money, options)
-        # Visanet Peru expects a 9-digit numeric purchaseNumber
-        params[:purchaseNumber] = (SecureRandom.random_number(900_000_000) + 100_000_000).to_s
+        # Visanet Peru expects a 12-digit alphanumeric purchaseNumber
+        params[:purchaseNumber] = generate_purchase_number_stamp
         params[:externalTransactionId] = options[:order_id]
         params[:amount] = amount(money)
         params[:currencyId] = CURRENCY_CODES[options[:currency] || currency(money)]
@@ -142,6 +142,10 @@ module ActiveMerchant #:nodoc:
         authorization.split('|')
       end
 
+      def generate_purchase_number_stamp
+        (Time.now.to_f.round(2) * 100).to_i.to_s
+      end
+
       def commit(action, params, options = {})
         raw_response = ssl_request(method(action), url(action, params, options), params.to_json, headers)
         response = parse(raw_response)