activemerchant 1.123.0 → 1.126.0

data/lib/active_merchant/billing/gateways/airwallex.rb

@@ -0,0 +1,341 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class AirwallexGateway < Gateway
+      self.test_url = 'https://api-demo.airwallex.com/api/v1'
+      self.live_url = 'https://pci-api.airwallex.com/api/v1'
+
+      # per https://www.airwallex.com/docs/online-payments__overview, cards are accepted in all EU countries
+      self.supported_countries = %w[AT AU BE BG CY CZ DE DK EE GR ES FI FR GB HK HR HU IE IT LT LU LV MT NL PL PT RO SE SG SI SK]
+      self.default_currency = 'AUD'
+      self.supported_cardtypes = %i[visa master]
+
+      self.homepage_url = 'https://airwallex.com/'
+      self.display_name = 'Airwallex'
+
+      ENDPOINTS = {
+        login: '/authentication/login',
+        setup: '/pa/payment_intents/create',
+        sale: '/pa/payment_intents/%{id}/confirm',
+        capture: '/pa/payment_intents/%{id}/capture',
+        refund: '/pa/refunds/create',
+        void: '/pa/payment_intents/%{id}/cancel'
+      }
+
+      def initialize(options = {})
+        requires!(options, :client_id, :client_api_key)
+        @client_id = options[:client_id]
+        @client_api_key = options[:client_api_key]
+        super
+        @access_token = setup_access_token
+      end
+
+      def purchase(money, card, options = {})
+        requires!(options, :return_url)
+
+        payment_intent_id = create_payment_intent(money, options)
+        post = {
+          'request_id' => request_id(options),
+          'merchant_order_id' => merchant_order_id(options),
+          'return_url' => options[:return_url]
+        }
+        add_card(post, card, options)
+        add_descriptor(post, options)
+        add_stored_credential(post, options)
+        post['payment_method_options'] = { 'card' => { 'auto_capture' => false } } if authorization_only?(options)
+
+        add_three_ds(post, options)
+        commit(:sale, post, payment_intent_id)
+      end
+
+      def authorize(money, payment, options = {})
+        # authorize is just a purchase w/o an auto capture
+        purchase(money, payment, options.merge({ auto_capture: false }))
+      end
+
+      def capture(money, authorization, options = {})
+        raise ArgumentError, 'An authorization value must be provided.' if authorization.blank?
+
+        post = {
+          'request_id' => request_id(options),
+          'merchant_order_id' => merchant_order_id(options),
+          'amount' => amount(money)
+        }
+        add_descriptor(post, options)
+
+        commit(:capture, post, authorization)
+      end
+
+      def refund(money, authorization, options = {})
+        raise ArgumentError, 'An authorization value must be provided.' if authorization.blank?
+
+        post = {}
+        post[:amount] = amount(money)
+        post[:payment_intent_id] = authorization
+        post[:request_id] = request_id(options)
+        post[:merchant_order_id] = merchant_order_id(options)
+
+        commit(:refund, post)
+      end
+
+      def void(authorization, options = {})
+        raise ArgumentError, 'An authorization value must be provided.' if authorization.blank?
+
+        post = {}
+        post[:request_id] = request_id(options)
+        post[:merchant_order_id] = merchant_order_id(options)
+        add_descriptor(post, options)
+
+        commit(:void, post, authorization)
+      end
+
+      def verify(credit_card, options = {})
+        MultiResponse.run(:use_first_response) do |r|
+          r.process { authorize(100, credit_card, options) }
+          r.process(:ignore_result) { void(r.authorization, options) }
+        end
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(/(\\\"number\\\":\\\")\d+/, '\1[REDACTED]').
+          gsub(/(\\\"cvc\\\":\\\")\d+/, '\1[REDACTED]')
+      end
+
+      private
+
+      def request_id(options)
+        options[:request_id] || generate_timestamp
+      end
+
+      def merchant_order_id(options)
+        options[:merchant_order_id] || options[:order_id] || generate_timestamp
+      end
+
+      def generate_timestamp
+        (Time.now.to_f.round(2) * 100).to_i.to_s
+      end
+
+      def setup_access_token
+        token_headers = {
+          'Content-Type' => 'application/json',
+          'x-client-id' => @client_id,
+          'x-api-key' => @client_api_key
+        }
+        response = ssl_post(build_request_url(:login), nil, token_headers)
+        JSON.parse(response)['token']
+      end
+
+      def build_request_url(action, id = nil)
+        base_url = (test? ? test_url : live_url)
+        base_url + ENDPOINTS[action].to_s % { id: id }
+      end
+
+      def create_payment_intent(money, options = {})
+        post = {}
+        add_invoice(post, money, options)
+        add_order(post, options)
+        post[:request_id] = "#{request_id(options)}_setup"
+        post[:merchant_order_id] = "#{merchant_order_id(options)}_setup"
+        add_descriptor(post, options)
+
+        response = commit(:setup, post)
+        raise ArgumentError.new(response.message) unless response.success?
+
+        response.params['id']
+      end
+
+      def add_billing(post, card, options = {})
+        return unless has_name_info?(card)
+
+        billing = post['payment_method']['card']['billing'] || {}
+        billing['email'] = options[:email] if options[:email]
+        billing['phone'] = options[:phone] if options[:phone]
+        billing['first_name'] = card.first_name
+        billing['last_name'] = card.last_name
+        billing_address = options[:billing_address]
+        billing['address'] = build_address(billing_address) if has_required_address_info?(billing_address)
+
+        post['payment_method']['card']['billing'] = billing
+      end
+
+      def has_name_info?(card)
+        # These fields are required if billing data is sent.
+        card.first_name && card.last_name
+      end
+
+      def has_required_address_info?(address)
+        # These fields are required if address data is sent.
+        return unless address
+
+        address[:address1] && address[:country]
+      end
+
+      def build_address(address)
+        return unless address
+
+        address_data = {} # names r hard
+        address_data[:country_code] = address[:country]
+        address_data[:street] = address[:address1]
+        address_data[:city] = address[:city] if address[:city] # required per doc, not in practice
+        address_data[:postcode] = address[:zip] if address[:zip]
+        address_data[:state] = address[:state] if address[:state]
+        address_data
+      end
+
+      def add_invoice(post, money, options)
+        post[:amount] = amount(money)
+        post[:currency] = (options[:currency] || currency(money))
+      end
+
+      def add_card(post, card, options = {})
+        post['payment_method'] = {
+          'type' => 'card',
+          'card' => {
+            'expiry_month' => format(card.month, :two_digits),
+            'expiry_year' => card.year.to_s,
+            'number' => card.number.to_s,
+            'name' => card.name,
+            'cvc' => card.verification_value
+          }
+        }
+        add_billing(post, card, options)
+      end
+
+      def add_order(post, options)
+        return unless shipping_address = options[:shipping_address]
+
+        physical_address = build_shipping_address(shipping_address)
+        first_name, last_name = split_names(shipping_address[:name])
+        shipping = {}
+        shipping[:first_name] = first_name if first_name
+        shipping[:last_name] = last_name if last_name
+        shipping[:phone_number] = shipping_address[:phone_number] if shipping_address[:phone_number]
+        shipping[:address] = physical_address
+        post[:order] = { shipping: shipping }
+      end
+
+      def build_shipping_address(shipping_address)
+        address = {}
+        address[:city] = shipping_address[:city]
+        address[:country_code] = shipping_address[:country]
+        address[:postcode] = shipping_address[:zip]
+        address[:state] = shipping_address[:state]
+        address[:street] = shipping_address[:address1]
+        address
+      end
+
+      def add_stored_credential(post, options)
+        return unless stored_credential = options[:stored_credential]
+
+        external_recurring_data = post[:external_recurring_data] = {}
+
+        case stored_credential.dig(:reason_type)
+        when 'recurring', 'installment'
+          external_recurring_data[:merchant_trigger_reason] = 'scheduled'
+        when 'unscheduled'
+          external_recurring_data[:merchant_trigger_reason] = 'unscheduled'
+        end
+
+        external_recurring_data[:original_transaction_id] = stored_credential.dig(:network_transaction_id)
+        external_recurring_data[:triggered_by] = stored_credential.dig(:initiator) == 'cardholder' ? 'customer' : 'merchant'
+      end
+
+      def add_three_ds(post, options)
+        return unless three_d_secure = options[:three_d_secure]
+
+        pm_options = post.dig('payment_method_options', 'card')
+
+        external_three_ds = {
+          'version': format_three_ds_version(three_d_secure),
+          'eci': three_d_secure[:eci]
+        }.merge(three_ds_version_specific_fields(three_d_secure))
+
+        pm_options ? pm_options.merge!('external_three_ds': external_three_ds) : post['payment_method_options'] = { 'card': { 'external_three_ds': external_three_ds } }
+      end
+
+      def format_three_ds_version(three_d_secure)
+        version = three_d_secure[:version].split('.')
+
+        version.push('0') until version.length == 3
+        version.join('.')
+      end
+
+      def three_ds_version_specific_fields(three_d_secure)
+        if three_d_secure[:version].to_f >= 2
+          {
+            'authentication_value': three_d_secure[:cavv],
+            'ds_transaction_id': three_d_secure[:ds_transaction_id],
+            'three_ds_server_transaction_id': three_d_secure[:three_ds_server_trans_id]
+          }
+        else
+          {
+            'cavv': three_d_secure[:cavv],
+            'xid': three_d_secure[:xid]
+          }
+        end
+      end
+
+      def authorization_only?(options = {})
+        options.include?(:auto_capture) && options[:auto_capture] == false
+      end
+
+      def add_descriptor(post, options)
+        post[:descriptor] = options[:description] if options[:description]
+      end
+
+      def parse(body)
+        JSON.parse(body)
+      end
+
+      def commit(action, post, id = nil)
+        url = build_request_url(action, id)
+        post_headers = { 'Authorization' => "Bearer #{@access_token}", 'Content-Type' => 'application/json' }
+        response = parse(ssl_post(url, post_data(post), post_headers))
+
+        Response.new(
+          success_from(response),
+          message_from(response),
+          response,
+          authorization: authorization_from(response),
+          avs_result: AVSResult.new(code: response.dig('latest_payment_attempt', 'authentication_data', 'avs_result')),
+          cvv_result: CVVResult.new(response.dig('latest_payment_attempt', 'authentication_data', 'cvc_code')),
+          test: test?,
+          error_code: error_code_from(response)
+        )
+      end
+
+      def handle_response(response)
+        case response.code.to_i
+        when 200...300, 400, 404
+          response.body
+        else
+          raise ResponseError.new(response)
+        end
+      end
+
+      def post_data(post)
+        post.to_json
+      end
+
+      def success_from(response)
+        %w(REQUIRES_PAYMENT_METHOD SUCCEEDED RECEIVED REQUIRES_CAPTURE CANCELLED).include?(response['status'])
+      end
+
+      def message_from(response)
+        response.dig('latest_payment_attempt', 'status') || response['status'] || response['message']
+      end
+
+      def authorization_from(response)
+        response.dig('latest_payment_attempt', 'payment_intent_id')
+      end
+
+      def error_code_from(response)
+        response['provider_original_response_code'] || response['code'] unless success_from(response)
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/gateways/barclaycard_smartpay.rb

@@ -6,9 +6,10 @@ module ActiveMerchant #:nodoc:
 
       self.supported_countries = %w[AL AD AM AT AZ BY BE BA BG HR CY CZ DK EE FI FR DE GR HU IS IE IT KZ LV LI LT LU MK MT MD MC ME NL NO PL PT RO RU SM RS SK SI ES SE CH TR UA GB VA]
       self.default_currency = 'EUR'
-      self.currencies_with_three_decimal_places = %w(BHD KWD OMR RSD TND)
+      self.currencies_with_three_decimal_places = %w(BHD KWD OMR RSD TND IQD JOD LYD)
       self.money_format = :cents
       self.supported_cardtypes = %i[visa master american_express discover diners_club jcb dankort maestro]
+      self.currencies_without_fractions = %w(CVE DJF GNF IDR JPY KMF KRW PYG RWF UGX VND VUV XAF XOF XPF)
 
       self.homepage_url = 'https://www.barclaycardsmartpay.com/'
       self.display_name = 'Barclaycard Smartpay'

data/lib/active_merchant/billing/gateways/blue_pay.rb

@@ -483,7 +483,7 @@ module ActiveMerchant #:nodoc:
         return unless reason_type = options.dig(:stored_credential, :reason_type)
 
         case reason_type
-        when 'recurring' || 'installment'
+        when 'recurring', 'installment'
           'Y'
         when 'unscheduled'
           'N'

data/lib/active_merchant/billing/gateways/blue_snap.rb

@@ -78,7 +78,7 @@ module ActiveMerchant
       def purchase(money, payment_method, options = {})
         payment_method_details = PaymentMethodDetails.new(payment_method)
 
-        commit(:purchase, :post, payment_method_details) do |doc|
+        commit(:purchase, options, :post, payment_method_details) do |doc|
           if payment_method_details.alt_transaction?
             add_alt_transaction_purchase(doc, money, payment_method_details, options)
           else
@@ -88,13 +88,13 @@ module ActiveMerchant
       end
 
       def authorize(money, payment_method, options = {})
-        commit(:authorize) do |doc|
+        commit(:authorize, options) do |doc|
           add_auth_purchase(doc, money, payment_method, options)
         end
       end
 
       def capture(money, authorization, options = {})
-        commit(:capture, :put) do |doc|
+        commit(:capture, options, :put) do |doc|
           add_authorization(doc, authorization)
           add_order(doc, options)
           add_amount(doc, money, options) if options[:include_capture_amount] == true
@@ -102,15 +102,16 @@ module ActiveMerchant
       end
 
       def refund(money, authorization, options = {})
-        commit(:refund, :put) do |doc|
-          add_authorization(doc, authorization)
-          add_amount(doc, money, options)
-          add_order(doc, options)
+        options[:endpoint] = options[:merchant_transaction_id] ? "/refund/merchant/#{options[:merchant_transaction_id]}" : "/refund/#{authorization}"
+        commit(:refund, options, :post) do |doc|
+          add_amount(doc, money, options) if money
+          %i[reason cancel_subscription tax_amount].each { |field| send_when_present(doc, field, options) }
+          add_metadata(doc, options)
         end
       end
 
       def void(authorization, options = {})
-        commit(:void, :put) do |doc|
+        commit(:void, options, :put) do |doc|
           add_authorization(doc, authorization)
           add_order(doc, options)
         end
@@ -123,7 +124,7 @@ module ActiveMerchant
       def store(payment_method, options = {})
         payment_method_details = PaymentMethodDetails.new(payment_method)
 
-        commit(:store, :post, payment_method_details) do |doc|
+        commit(:store, options, :post, payment_method_details) do |doc|
           add_personal_info(doc, payment_method, options)
           add_echeck_company(doc, payment_method) if payment_method_details.check?
           doc.send('payment-sources') do
@@ -149,7 +150,7 @@ module ActiveMerchant
 
       def verify_credentials
         begin
-          ssl_get(url.to_s, headers)
+          ssl_get(url.to_s, headers(options))
         rescue ResponseError => e
           return false if e.response.code.to_i == 401
         end
@@ -234,6 +235,7 @@ module ActiveMerchant
               doc.send('meta-key', truncate(entry[:meta_key], 40))
               doc.send('meta-value', truncate(entry[:meta_value], 500))
               doc.send('meta-description', truncate(entry[:meta_description], 40))
+              doc.send('is-visible', truncate(entry[:meta_is_visible], 5))
             end
           end
         end
@@ -386,13 +388,12 @@ module ActiveMerchant
 
       def parse(response)
         return bad_authentication_response if response.code.to_i == 401
-        return generic_error_response(response.body) if [403, 429].include?(response.code.to_i)
+        return generic_error_response(response.body) if [403, 405, 429].include?(response.code.to_i)
 
         parsed = {}
         doc = Nokogiri::XML(response.body)
         doc.root.xpath('*').each do |node|
           name = node.name.downcase
-
           if node.elements.empty?
             parsed[name] = node.text
           elsif name == 'transaction-meta-data'
@@ -433,15 +434,15 @@ module ActiveMerchant
         end
       end
 
-      def api_request(action, request, verb, payment_method_details)
-        ssl_request(verb, url(action, payment_method_details), request, headers)
+      def api_request(action, request, verb, payment_method_details, options)
+        ssl_request(verb, url(action, options, payment_method_details), request, headers(options))
       rescue ResponseError => e
         e.response
       end
 
-      def commit(action, verb = :post, payment_method_details = PaymentMethodDetails.new())
+      def commit(action, options, verb = :post, payment_method_details = PaymentMethodDetails.new())
         request = build_xml_request(action, payment_method_details) { |doc| yield(doc) }
-        response = api_request(action, request, verb, payment_method_details)
+        response = api_request(action, request, verb, payment_method_details, options)
         parsed = parse(response)
 
         succeeded = success_from(action, response)
@@ -457,9 +458,10 @@ module ActiveMerchant
         )
       end
 
-      def url(action = nil, payment_method_details = PaymentMethodDetails.new())
+      def url(action = nil, options = {}, payment_method_details = PaymentMethodDetails.new())
         base = test? ? test_url : live_url
         resource = action == :store ? 'vaulted-shoppers' : payment_method_details.resource_url
+        resource += options[:endpoint] if action == :refund
         "#{base}/#{resource}"
       end
 
@@ -532,20 +534,28 @@ module ActiveMerchant
       end
 
       def root_element(action, payment_method_details)
-        action == :store ? 'vaulted-shopper' : payment_method_details.root_element
+        return 'refund' if action == :refund
+        return 'vaulted-shopper' if action == :store
+
+        payment_method_details.root_element
       end
 
-      def headers
-        {
+      def headers(options)
+        idempotency_key = options[:idempotency_key] if options[:idempotency_key]
+
+        headers = {
           'Content-Type' => 'application/xml',
           'Authorization' => ('Basic ' + Base64.strict_encode64("#{@options[:api_username]}:#{@options[:api_password]}").strip)
         }
+
+        headers['Idempotency-Key'] = idempotency_key if idempotency_key
+        headers
       end
 
       def build_xml_request(action, payment_method_details)
         builder = Nokogiri::XML::Builder.new
         builder.__send__(root_element(action, payment_method_details), root_attributes) do |doc|
-          doc.send('card-transaction-type', TRANSACTIONS[action]) if TRANSACTIONS[action] && !payment_method_details.alt_transaction?
+          doc.send('card-transaction-type', TRANSACTIONS[action]) if TRANSACTIONS[action] && !payment_method_details.alt_transaction? && action != :refund
           yield(doc)
         end
         builder.doc.root.to_xml

data/lib/active_merchant/billing/gateways/braintree/braintree_common.rb

@@ -18,6 +18,11 @@ module BraintreeCommon
     transcript.
       gsub(%r((Authorization: Basic )\w+), '\1[FILTERED]').
       gsub(%r((&?ccnumber=)\d*(&?)), '\1[FILTERED]\2').
-      gsub(%r((&?cvv=)\d*(&?)), '\1[FILTERED]\2')
+      gsub(%r((&?cvv=)\d*(&?)), '\1[FILTERED]\2').
+      gsub(%r((<account-number>)\d+(</account-number>)), '\1[FILTERED]\2').
+      gsub(%r((<payment-method-nonce>)[^<]+(</payment-method-nonce>)), '\1[FILTERED]\2').
+      gsub(%r((<payment-method-token>)[^<]+(</payment-method-token>)), '\1[FILTERED]\2').
+      gsub(%r((<value>)[^<]{100,}(</value>)), '\1[FILTERED]\2').
+      gsub(%r((<token>)[^<]+(</token>)), '\1[FILTERED]\2')
   end
 end

data/lib/active_merchant/billing/gateways/braintree/token_nonce.rb

@@ -0,0 +1,113 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class TokenNonce #:nodoc:
+      include PostsData
+      # This class emulates the behavior of the front-end js library to
+      # create token nonce for a bank account base on the docs:
+      # https://developer.paypal.com/braintree/docs/guides/ach/client-side
+
+      attr_reader :braintree_gateway, :options
+
+      def initialize(gateway, options = {})
+        @braintree_gateway = gateway
+        @options = options
+      end
+
+      def url
+        sandbox = @braintree_gateway.config.environment == :sandbox
+        "https://payments#{'.sandbox' if sandbox}.braintree-api.com/graphql"
+      end
+
+      def create_token_nonce_for_payment_method(payment_method)
+        headers = {
+          'Accept' => 'application/json',
+          'Authorization' => "Bearer #{client_token}",
+          'Content-Type' => 'application/json',
+          'Braintree-Version' => '2018-05-10'
+        }
+        resp = ssl_post(url, build_nonce_request(payment_method), headers)
+        json_response = JSON.parse(resp)
+
+        message = json_response['errors'].map { |err| err['message'] }.join("\n") if json_response['errors'].present?
+        token = json_response.dig('data', 'tokenizeUsBankAccount', 'paymentMethod', 'id')
+
+        return token, message
+      end
+
+      def client_token
+        base64_token = @braintree_gateway.client_token.generate
+        JSON.parse(Base64.decode64(base64_token))['authorizationFingerprint']
+      end
+
+      private
+
+      def graphql_query
+        <<-GRAPHQL
+        mutation TokenizeUsBankAccount($input: TokenizeUsBankAccountInput!) {
+          tokenizeUsBankAccount(input: $input) {
+            paymentMethod {
+              id
+              details {
+                ... on UsBankAccountDetails {
+                  last4
+                }
+              }
+            }
+          }
+        }
+        GRAPHQL
+      end
+
+      def billing_address_from_options
+        return nil if options[:billing_address].blank?
+
+        address = options[:billing_address]
+
+        {
+          streetAddress: address[:address1],
+          extendedAddress: address[:address2],
+          city: address[:city],
+          state: address[:state],
+          zipCode: address[:zip]
+        }.compact
+      end
+
+      def build_nonce_request(payment_method)
+        input = {
+          usBankAccount: {
+            achMandate: options[:ach_mandate],
+            routingNumber: payment_method.routing_number,
+            accountNumber: payment_method.account_number,
+            accountType: payment_method.account_type.upcase,
+            billingAddress: billing_address_from_options
+          }
+        }
+
+        if payment_method.account_holder_type == 'personal'
+          input[:usBankAccount][:individualOwner] = {
+            firstName: payment_method.first_name,
+            lastName: payment_method.last_name
+          }
+        else
+          input[:usBankAccount][:businessOwner] = {
+            businessName: payment_method.name
+          }
+        end
+
+        {
+          clientSdkMetadata: {
+            platform: 'web',
+            source: 'client',
+            integration: 'custom',
+            sessionId: SecureRandom.uuid,
+            version: '3.83.0'
+          },
+          query: graphql_query,
+          variables: {
+            input: input
+          }
+        }.to_json
+      end
+    end
+  end
+end