activemerchant 1.123.0 → 1.126.0

data/lib/active_merchant/billing/gateways/kushki.rb

@@ -82,6 +82,7 @@ module ActiveMerchant #:nodoc:
         add_invoice(action, post, amount, options)
         add_payment_method(post, payment_method, options)
         add_full_response(post, options)
+        add_metadata(post, options)
 
         commit(action, post)
       end
@@ -94,6 +95,7 @@ module ActiveMerchant #:nodoc:
         add_invoice(action, post, amount, options)
         add_contact_details(post, options[:contact_details]) if options[:contact_details]
         add_full_response(post, options)
+        add_metadata(post, options)
 
         commit(action, post)
       end
@@ -105,6 +107,7 @@ module ActiveMerchant #:nodoc:
         add_reference(post, authorization, options)
         add_invoice(action, post, amount, options)
         add_full_response(post, options)
+        add_metadata(post, options)
 
         commit(action, post)
       end
@@ -177,6 +180,10 @@ module ActiveMerchant #:nodoc:
         post[:fullResponse] = options[:full_response].to_s.casecmp('true').zero? if options[:full_response]
       end
 
+      def add_metadata(post, options)
+        post[:metadata] = options[:metadata] if options[:metadata]
+      end
+
       ENDPOINT = {
         'tokenize' => 'tokens',
         'charge' => 'charges',

data/lib/active_merchant/billing/gateways/litle.rb

@@ -39,6 +39,96 @@ module ActiveMerchant #:nodoc:
         check?(payment_method) ? commit(:echeckSales, request, money) : commit(:sale, request, money)
       end
 
+      def add_level_two_data(doc, payment_method, options = {})
+        level_2_data = options[:level_2_data]
+        if level_2_data
+          doc.enhancedData do
+            case payment_method.brand
+            when 'visa'
+              doc.salesTax(level_2_data[:sales_tax]) if level_2_data[:sales_tax]
+            when 'master'
+              doc.customerReference(level_2_data[:customer_code]) if level_2_data[:customer_code]
+              doc.salesTax(level_2_data[:total_tax_amount]) if level_2_data[:total_tax_amount]
+              doc.detailTax do
+                doc.taxIncludedInTotal(level_2_data[:tax_included_in_total]) if level_2_data[:tax_included_in_total]
+                doc.taxAmount(level_2_data[:tax_amount]) if level_2_data[:tax_amount]
+                doc.cardAcceptorTaxId(level_2_data[:card_acceptor_tax_id]) if level_2_data[:card_acceptor_tax_id]
+              end
+            end
+          end
+        end
+      end
+
+      def add_level_three_data(doc, payment_method, options = {})
+        level_3_data = options[:level_3_data]
+        if level_3_data
+          doc.enhancedData do
+            case payment_method.brand
+            when 'visa'
+              add_level_three_information_tags_visa(doc, payment_method, level_3_data)
+            when 'master'
+              add_level_three_information_tags_master(doc, payment_method, level_3_data)
+            end
+          end
+        end
+      end
+
+      def add_level_three_information_tags_visa(doc, payment_method, level_3_data)
+        doc.discountAmount(level_3_data[:discount_amount]) if level_3_data[:discount_amount]
+        doc.shippingAmount(level_3_data[:shipping_amount]) if level_3_data[:shipping_amount]
+        doc.dutyAmount(level_3_data[:duty_amount]) if level_3_data[:duty_amount]
+        doc.detailTax do
+          doc.taxIncludedInTotal(level_3_data[:tax_included_in_total]) if level_3_data[:tax_included_in_total]
+          doc.taxAmount(level_3_data[:tax_amount]) if level_3_data[:tax_amount]
+          doc.taxRate(level_3_data[:tax_rate]) if level_3_data[:tax_rate]
+          doc.taxTypeIdentifier(level_3_data[:tax_type_identifier]) if level_3_data[:tax_type_identifier]
+          doc.cardAcceptorTaxId(level_3_data[:card_acceptor_tax_id]) if level_3_data[:card_acceptor_tax_id]
+        end
+        add_line_item_information_for_level_three_visa(doc, payment_method, level_3_data)
+      end
+
+      def add_level_three_information_tags_master(doc, payment_method, level_3_data)
+        doc.customerReference :customerReference, level_3_data[:customer_code] if level_3_data[:customer_code]
+        doc.salesTax(level_3_data[:total_tax_amount]) if level_3_data[:total_tax_amount]
+        doc.detailTax do
+          doc.taxIncludedInTotal(level_3_data[:tax_included_in_total]) if level_3_data[:tax_included_in_total]
+          doc.taxAmount(level_3_data[:tax_amount]) if level_3_data[:tax_amount]
+          doc.cardAcceptorTaxId :cardAcceptorTaxId, level_3_data[:card_acceptor_tax_id] if level_3_data[:card_acceptor_tax_id]
+        end
+        doc.lineItemData do
+          level_3_data[:line_items].each do |line_item|
+            doc.itemDescription(line_item[:item_description]) if line_item[:item_description]
+            doc.productCode(line_item[:product_code]) if line_item[:product_code]
+            doc.quantity(line_item[:quantity]) if line_item[:quantity]
+            doc.unitOfMeasure(line_item[:unit_of_measure]) if line_item[:unit_of_measure]
+            doc.lineItemTotal(line_item[:line_item_total]) if line_item[:line_item_total]
+          end
+        end
+      end
+
+      def add_line_item_information_for_level_three_visa(doc, payment_method, level_3_data)
+        doc.lineItemData do
+          level_3_data[:line_items].each do |line_item|
+            doc.itemSequenceNumber(line_item[:item_sequence_number]) if line_item[:item_sequence_number]
+            doc.commodityCode(line_item[:commodity_code]) if line_item[:commodity_code]
+            doc.itemDescription(line_item[:item_description]) if line_item[:item_description]
+            doc.productCode(line_item[:product_code]) if line_item[:product_code]
+            doc.quantity(line_item[:quantity]) if line_item[:quantity]
+            doc.unitOfMeasure(line_item[:unit_of_measure]) if line_item[:unit_of_measure]
+            doc.taxAmount(line_item[:tax_amount]) if line_item[:tax_amount]
+            doc.itemDiscountAmount(line_item[:discount_per_line_item]) unless line_item[:discount_per_line_item] < 0
+            doc.unitCost(line_item[:unit_cost]) unless line_item[:unit_cost] < 0
+            doc.detailTax do
+              doc.taxIncludedInTotal(line_item[:tax_included_in_total]) if line_item[:tax_included_in_total]
+              doc.taxAmount(line_item[:tax_amount]) if line_item[:tax_amount]
+              doc.taxRate(line_item[:tax_rate]) if line_item[:tax_rate]
+              doc.taxTypeIdentifier(line_item[:tax_type_identifier]) if line_item[:tax_type_identifier]
+              doc.cardAcceptorTaxId(line_item[:card_acceptor_tax_id]) if line_item[:card_acceptor_tax_id]
+            end
+          end
+        end
+      end
+
       def authorize(money, payment_method, options = {})
         request = build_xml_request do |doc|
           add_authentication(doc)
@@ -225,6 +315,8 @@ module ActiveMerchant #:nodoc:
         add_payment_method(doc, payment_method, options)
         add_pos(doc, payment_method)
         add_descriptor(doc, options)
+        add_level_two_data(doc, payment_method, options)
+        add_level_three_data(doc, payment_method, options)
         add_merchant_data(doc, options)
         add_debt_repayment(doc, options)
         add_stored_credential_params(doc, options)
@@ -386,7 +478,7 @@ module ActiveMerchant #:nodoc:
           doc.orderSource(order_source)
         elsif payment_method.is_a?(NetworkTokenizationCreditCard) && payment_method.source == :apple_pay
           doc.orderSource('applepay')
-        elsif payment_method.is_a?(NetworkTokenizationCreditCard) && payment_method.source == :android_pay
+        elsif payment_method.is_a?(NetworkTokenizationCreditCard) && %i[google_pay android_pay].include?(payment_method.source)
           doc.orderSource('androidpay')
         elsif payment_method.respond_to?(:track_data) && payment_method.track_data.present?
           doc.orderSource('retail')

data/lib/active_merchant/billing/gateways/mercado_pago.rb

@@ -53,8 +53,10 @@ module ActiveMerchant #:nodoc:
       end
 
       def verify(credit_card, options = {})
+        verify_amount = 100
+        verify_amount = options[:amount].to_i if options[:amount]
         MultiResponse.run(:use_first_response) do |r|
-          r.process { authorize(100, credit_card, options) }
+          r.process { authorize(verify_amount, credit_card, options) }
           r.process(:ignore_result) { void(r.authorization, options) }
         end
       end

data/lib/active_merchant/billing/gateways/mit.rb

@@ -0,0 +1,260 @@
+require 'json'
+require 'openssl'
+require 'digest'
+require 'base64'
+
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class MitGateway < Gateway
+      self.live_url = 'https://wpy.mitec.com.mx/ModuloUtilWS/activeCDP.htm'
+
+      self.supported_countries = ['MX']
+      self.default_currency = 'MXN'
+      self.supported_cardtypes = %i[visa master]
+
+      self.homepage_url = 'http://www.centrodepagos.com.mx/'
+      self.display_name = 'MIT Centro de pagos'
+
+      self.money_format = :dollars
+
+      def initialize(options = {})
+        requires!(options, :commerce_id, :user, :api_key, :key_session)
+        super
+      end
+
+      def purchase(money, payment, options = {})
+        MultiResponse.run do |r|
+          r.process { authorize(money, payment, options) }
+          r.process { capture(money, r.authorization, options) }
+        end
+      end
+
+      def cipher_key
+        @options[:key_session]
+      end
+
+      def decrypt(val, keyinhex)
+        # Splits the first 16 bytes (the IV bytes) in array format
+        unpacked = val.unpack('m')
+        iv_base64 = unpacked[0].bytes.slice(0, 16)
+        # Splits the second bytes (the encrypted text bytes) these would be the
+        # original message
+        full_data = unpacked[0].bytes.slice(16, unpacked[0].bytes.length)
+        # Creates the engine
+        engine = OpenSSL::Cipher::AES128.new(:CBC)
+        # Set engine as decrypt mode
+        engine.decrypt
+        # Converts the key from hex to bytes
+        engine.key = [keyinhex].pack('H*')
+        # Converts the ivBase64 array into bytes
+        engine.iv = iv_base64.pack('c*')
+        # Decrypts the texts and returns the original string
+        engine.update(full_data.pack('c*')) + engine.final
+      end
+
+      def encrypt(val, keyinhex)
+        # Creates the engine motor
+        engine = OpenSSL::Cipher::AES128.new(:CBC)
+        # Set engine as encrypt mode
+        engine.encrypt
+        # Converts the key from hex to bytes
+        engine.key = [keyinhex].pack('H*')
+        # Generates a random iv with this settings
+        iv_rand = engine.random_iv
+        # Packs IV as a Base64 string
+        iv_base64 = [iv_rand].pack('m')
+        # Converts the packed key into bytes
+        unpacked = iv_base64.unpack('m')
+        iv = unpacked[0]
+        # Sets the IV into the engine
+        engine.iv = iv
+        # Encrypts the texts and stores the bytes
+        encrypted_bytes = engine.update(val) + engine.final
+        # Concatenates the (a) IV bytes and (b) the encrypted bytes then returns a
+        # base64 representation
+        [iv << encrypted_bytes].pack('m')
+      end
+
+      def authorize(money, payment, options = {})
+        post = {
+          operation: 'Authorize',
+          commerce_id: @options[:commerce_id],
+          user: @options[:user],
+          apikey: @options[:api_key],
+          testMode: (test? ? 'YES' : 'NO')
+        }
+        add_invoice(post, money, options)
+        # Payments contains the card information
+        add_payment(post, payment)
+        add_customer_data(post, options)
+        post[:key_session] = @options[:key_session]
+
+        post_to_json = post.to_json
+        post_to_json_encrypt = encrypt(post_to_json, @options[:key_session])
+
+        final_post = '<authorization>' + post_to_json_encrypt + '</authorization><dataID>' + @options[:user] + '</dataID>'
+        json_post = {}
+        json_post[:payload] = final_post
+        commit('sale', json_post)
+      end
+
+      def capture(money, authorization, options = {})
+        post = {
+          operation: 'Capture',
+          commerce_id: @options[:commerce_id],
+          user: @options[:user],
+          apikey: @options[:api_key],
+          testMode: (test? ? 'YES' : 'NO'),
+          transaction_id: authorization,
+          amount: amount(money)
+        }
+        post[:key_session] = @options[:key_session]
+
+        post_to_json = post.to_json
+        post_to_json_encrypt = encrypt(post_to_json, @options[:key_session])
+
+        final_post = '<capture>' + post_to_json_encrypt + '</capture><dataID>' + @options[:user] + '</dataID>'
+        json_post = {}
+        json_post[:payload] = final_post
+        commit('capture', json_post)
+      end
+
+      def refund(money, authorization, options = {})
+        post = {
+          operation: 'Refund',
+          commerce_id: @options[:commerce_id],
+          user: @options[:user],
+          apikey: @options[:api_key],
+          testMode: (test? ? 'YES' : 'NO'),
+          transaction_id: authorization,
+          auth: authorization,
+          amount: amount(money)
+        }
+        post[:key_session] = @options[:key_session]
+
+        post_to_json = post.to_json
+        post_to_json_encrypt = encrypt(post_to_json, @options[:key_session])
+
+        final_post = '<refund>' + post_to_json_encrypt + '</refund><dataID>' + @options[:user] + '</dataID>'
+        json_post = {}
+        json_post[:payload] = final_post
+        commit('refund', json_post)
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        ret_transcript = transcript
+        auth_origin = ret_transcript[/<authorization>(.*?)<\/authorization>/, 1]
+        unless auth_origin.nil?
+          auth_decrypted = decrypt(auth_origin, @options[:key_session])
+          auth_json = JSON.parse(auth_decrypted)
+          auth_json['card'] = '[FILTERED]'
+          auth_json['cvv'] = '[FILTERED]'
+          auth_json['apikey'] = '[FILTERED]'
+          auth_json['key_session'] = '[FILTERED]'
+          auth_to_json = auth_json.to_json
+          auth_tagged = '<authorization>' + auth_to_json + '</authorization>'
+          ret_transcript = ret_transcript.gsub(/<authorization>(.*?)<\/authorization>/, auth_tagged)
+        end
+
+        cap_origin = ret_transcript[/<capture>(.*?)<\/capture>/, 1]
+        unless cap_origin.nil?
+          cap_decrypted = decrypt(cap_origin, @options[:key_session])
+          cap_json = JSON.parse(cap_decrypted)
+          cap_json['apikey'] = '[FILTERED]'
+          cap_json['key_session'] = '[FILTERED]'
+          cap_to_json = cap_json.to_json
+          cap_tagged = '<capture>' + cap_to_json + '</capture>'
+          ret_transcript = ret_transcript.gsub(/<capture>(.*?)<\/capture>/, cap_tagged)
+        end
+
+        ref_origin = ret_transcript[/<refund>(.*?)<\/refund>/, 1]
+        unless ref_origin.nil?
+          ref_decrypted = decrypt(ref_origin, @options[:key_session])
+          ref_json = JSON.parse(ref_decrypted)
+          ref_json['apikey'] = '[FILTERED]'
+          ref_json['key_session'] = '[FILTERED]'
+          ref_to_json = ref_json.to_json
+          ref_tagged = '<refund>' + ref_to_json + '</refund>'
+          ret_transcript = ret_transcript.gsub(/<refund>(.*?)<\/refund>/, ref_tagged)
+        end
+
+        res_origin = ret_transcript[/#{Regexp.escape('reading ')}(.*?)#{Regexp.escape('read')}/m, 1]
+        loop do
+          break if res_origin.nil?
+
+          resp_origin = res_origin[/#{Regexp.escape('"')}(.*?)#{Regexp.escape('"')}/m, 1]
+          resp_decrypted = decrypt(resp_origin, @options[:key_session])
+          ret_transcript[/#{Regexp.escape('reading ')}(.*?)#{Regexp.escape('read')}/m, 1] = resp_decrypted
+          ret_transcript = ret_transcript.sub('reading ', 'response: ')
+          res_origin = ret_transcript[/#{Regexp.escape('reading ')}(.*?)#{Regexp.escape('read')}/m, 1]
+        end
+
+        ret_transcript
+      end
+
+      private
+
+      def add_customer_data(post, options)
+        post[:email] = options[:email] || 'nadie@mit.test'
+      end
+
+      def add_invoice(post, money, options)
+        post[:amount] = amount(money)
+        post[:currency] = (options[:currency] || currency(money))
+        post[:reference] = options[:order_id]
+        post[:transaction_id] = options[:order_id]
+      end
+
+      def add_payment(post, payment)
+        post[:installments] = 1
+        post[:card] = payment.number
+        post[:expmonth] = payment.month
+        post[:expyear] = payment.year
+        post[:cvv] = payment.verification_value
+        post[:name_client] = [payment.first_name, payment.last_name].join(' ')
+      end
+
+      def commit(action, parameters)
+        json_str = JSON.generate(parameters)
+        cleaned_str = json_str.gsub('\n', '')
+        raw_response = ssl_post(live_url, cleaned_str, { 'Content-type' => 'application/json' })
+        response = JSON.parse(decrypt(raw_response, @options[:key_session]))
+
+        Response.new(
+          success_from(response),
+          message_from(response),
+          response,
+          authorization: authorization_from(response),
+          avs_result: AVSResult.new(code: response['some_avs_response_key']),
+          cvv_result: CVVResult.new(response['some_cvv_response_key']),
+          test: test?,
+          error_code: error_code_from(response)
+        )
+      end
+
+      def success_from(response)
+        response['response'] == 'approved'
+      end
+
+      def message_from(response)
+        response['response']
+      end
+
+      def authorization_from(response)
+        response['reference']
+      end
+
+      def post_data(action, parameters = {})
+        parameters.collect { |key, value| "#{key}=#{CGI.escape(value.to_s)}" }.join('&')
+      end
+
+      def error_code_from(response)
+        response['message'].split(' -- ', 2)[0] unless success_from(response)
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/gateways/moka.rb

@@ -1,7 +1,7 @@
 module ActiveMerchant #:nodoc:
   module Billing #:nodoc:
     class MokaGateway < Gateway
-      self.test_url = 'https://service.testmoka.com'
+      self.test_url = 'https://service.refmoka.com'
       self.live_url = 'https://service.moka.com'
 
       self.supported_countries = %w[GB TR US]
@@ -55,8 +55,10 @@ module ActiveMerchant #:nodoc:
         post[:PaymentDealerRequest] = {}
         options[:pre_auth] = 0
         add_auth_purchase(post, money, payment, options)
+        add_3ds_data(post, options) if options[:execute_threed]
 
-        commit('purchase', post)
+        action = options[:execute_threed] ? 'three_ds_purchase' : 'purchase'
+        commit(action, post)
       end
 
       def authorize(money, payment, options = {})
@@ -64,8 +66,10 @@ module ActiveMerchant #:nodoc:
         post[:PaymentDealerRequest] = {}
         options[:pre_auth] = 1
         add_auth_purchase(post, money, payment, options)
+        add_3ds_data(post, options) if options[:execute_threed]
 
-        commit('authorize', post)
+        action = options[:execute_threed] ? 'three_ds_authorize' : 'authorize'
+        commit(action, post)
       end
 
       def capture(money, authorization, options = {})
@@ -73,7 +77,7 @@ module ActiveMerchant #:nodoc:
         post[:PaymentDealerRequest] = {}
         add_payment_dealer_authentication(post)
         add_transaction_reference(post, authorization)
-        add_additional_transaction_data(post, options)
+        add_invoice(post, money, options)
 
         commit('capture', post)
       end
@@ -83,7 +87,6 @@ module ActiveMerchant #:nodoc:
         post[:PaymentDealerRequest] = {}
         add_payment_dealer_authentication(post)
         add_transaction_reference(post, authorization)
-        add_additional_transaction_data(post, options)
         add_void_refund_reason(post)
         add_amount(post, money)
 
@@ -95,7 +98,6 @@ module ActiveMerchant #:nodoc:
         post[:PaymentDealerRequest] = {}
         add_payment_dealer_authentication(post)
         add_transaction_reference(post, authorization)
-        add_additional_transaction_data(post, options)
         add_void_refund_reason(post)
 
         commit('void', post)
@@ -134,6 +136,12 @@ module ActiveMerchant #:nodoc:
         add_basket_product(post, options[:basket_product]) if options[:basket_product]
       end
 
+      def add_3ds_data(post, options)
+        post[:PaymentDealerRequest][:ReturnHash] = 1
+        post[:PaymentDealerRequest][:RedirectUrl] = options[:redirect_url] || ''
+        post[:PaymentDealerRequest][:RedirectType] = options[:redirect_type] || 0
+      end
+
       def add_payment_dealer_authentication(post)
         post[:PaymentDealerAuthentication] = {
           DealerCode: @options[:dealer_code],
@@ -156,18 +164,19 @@ module ActiveMerchant #:nodoc:
       def add_payment(post, card)
         post[:PaymentDealerRequest][:CardHolderFullName] = card.name
         post[:PaymentDealerRequest][:CardNumber] = card.number
-        post[:PaymentDealerRequest][:ExpMonth] = card.month
+        post[:PaymentDealerRequest][:ExpMonth] = card.month.to_s.rjust(2, '0')
         post[:PaymentDealerRequest][:ExpYear] = card.year
-        post[:PaymentDealerRequest][:CvcNumber] = card.verification_value
+        post[:PaymentDealerRequest][:CvcNumber] = card.verification_value || ''
       end
 
       def add_amount(post, money)
-        post[:PaymentDealerRequest][:Amount] = money || 0
+        post[:PaymentDealerRequest][:Amount] = amount(money) || 0
       end
 
       def add_additional_auth_purchase_data(post, options)
         post[:PaymentDealerRequest][:IsPreAuth] = options[:pre_auth]
-        post[:PaymentDealerRequest][:Description] = options[:order_id] if options[:order_id]
+        post[:PaymentDealerRequest][:Description] = options[:description] if options[:description]
+        post[:PaymentDealerRequest][:InstallmentNumber] = options[:installment_number].to_i if options[:installment_number]
         post[:SubMerchantName] = options[:sub_merchant_name] if options[:sub_merchant_name]
         post[:IsPoolPayment] = options[:is_pool_payment] || 0
       end
@@ -232,6 +241,8 @@ module ActiveMerchant #:nodoc:
 
       def endpoint(action)
         case action
+        when 'three_ds_authorize', 'three_ds_purchase'
+          'DoDirectPaymentThreeD'
         when 'purchase', 'authorize'
           'DoDirectPayment'
         when 'capture'
@@ -256,7 +267,9 @@ module ActiveMerchant #:nodoc:
       end
 
       def success_from(response)
-        response.dig('Data', 'IsSuccessful')
+        return response.dig('Data', 'IsSuccessful') if response.dig('Data', 'IsSuccessful').to_s.present?
+
+        response['ResultCode']&.casecmp('success') == 0
       end
 
       def message_from(response)

data/lib/active_merchant/billing/gateways/moneris.rb

@@ -50,15 +50,16 @@ module ActiveMerchant #:nodoc:
         post[:order_id] = options[:order_id]
         post[:address] = options[:billing_address] || options[:address]
         post[:crypt_type] = options[:crypt_type] || @options[:crypt_type]
+        add_external_mpi_fields(post, options)
         add_stored_credential(post, options)
-        action = if post[:cavv]
+        action = if post[:cavv] || options[:three_d_secure]
                    'cavv_preauth'
                  elsif post[:data_key].blank?
                    'preauth'
                  else
                    'res_preauth_cc'
                  end
-        commit(action, post)
+        commit(action, post, options)
       end
 
       # This action verifies funding on a customer's card and readies them for
@@ -73,15 +74,16 @@ module ActiveMerchant #:nodoc:
         post[:order_id] = options[:order_id]
         post[:address] = options[:billing_address] || options[:address]
         post[:crypt_type] = options[:crypt_type] || @options[:crypt_type]
+        add_external_mpi_fields(post, options)
         add_stored_credential(post, options)
-        action = if post[:cavv]
+        action = if post[:cavv] || options[:three_d_secure]
                    'cavv_purchase'
                  elsif post[:data_key].blank?
                    'purchase'
                  else
                    'res_purchase_cc'
                  end
-        commit(action, post)
+        commit(action, post, options)
       end
 
       # This method retrieves locked funds from a customer's account (from a
@@ -203,6 +205,21 @@ module ActiveMerchant #:nodoc:
         sprintf('%.4i', creditcard.year)[-2..-1] + sprintf('%.2i', creditcard.month)
       end
 
+      def add_external_mpi_fields(post, options)
+        # See these pages:
+        # https://developer.moneris.com/livedemo/3ds2/cavv_purchase/tool/php
+        # https://developer.moneris.com/livedemo/3ds2/cavv_preauth/guide/php
+        return unless options[:three_d_secure]
+
+        three_d_secure_options = options[:three_d_secure]
+
+        post[:threeds_version] = three_d_secure_options[:version]
+        post[:crypt_type] = three_d_secure_options[:eci]
+        post[:cavv] = three_d_secure_options[:cavv]
+        post[:threeds_server_trans_id] = three_d_secure_options[:three_ds_server_trans_id]
+        post[:ds_trans_id] = three_d_secure_options[:ds_transaction_id]
+      end
+
       def add_payment_source(post, payment_method, options)
         if payment_method.is_a?(String)
           post[:data_key] = payment_method
@@ -291,14 +308,16 @@ module ActiveMerchant #:nodoc:
         end
       end
 
-      def commit(action, parameters = {})
+      def commit(action, parameters = {}, options = {})
+        threed_ds_transaction = options[:three_d_secure].present?
+
         data = post_data(action, parameters)
         url = test? ? self.test_url : self.live_url
         raw = ssl_post(url, data)
         response = parse(raw)
 
         Response.new(
-          successful?(response),
+          successful?(action, response, threed_ds_transaction),
           message_from(response[:message]),
           response,
           test: test?,
@@ -314,8 +333,16 @@ module ActiveMerchant #:nodoc:
       end
 
       # Tests for a successful response from Moneris' servers
-      def successful?(response)
-        response[:response_code] &&
+      def successful?(action, response, threed_ds_transaction = false)
+        # See 9.4 CAVV Result Codes in https://developer.moneris.com/livedemo/3ds2/reference/guide/php
+        cavv_accepted = if threed_ds_transaction
+                          response[:cavv_result_code] && response[:cavv_result_code] == '2'
+                        else
+                          true
+                        end
+
+        cavv_accepted &&
+          response[:response_code] &&
           response[:complete] &&
           (0..49).cover?(response[:response_code].to_i)
       end

data/lib/active_merchant/billing/gateways/mundipagg.rb

@@ -276,14 +276,14 @@ module ActiveMerchant #:nodoc:
                    end
 
         Response.new(
-          success_from(response),
+          success_from(response, action),
           message_from(response),
           response,
           authorization: authorization_from(response, action),
           avs_result: AVSResult.new(code: response['some_avs_response_key']),
           cvv_result: CVVResult.new(response['some_cvv_response_key']),
           test: test?,
-          error_code: error_code_from(response)
+          error_code: error_code_from(response, action)
         )
       rescue ResponseError => e
         message = get_error_messages(e)
@@ -297,8 +297,10 @@ module ActiveMerchant #:nodoc:
         )
       end
 
-      def success_from(response)
-        %w[pending paid processing canceled active].include? response['status']
+      def success_from(response, action)
+        success = response.try(:[], 'last_transaction').try(:[], 'success') unless action == 'store'
+        success = !response.try(:[], 'id').nil? if action == 'store'
+        success
       end
 
       def message_from(response)
@@ -350,8 +352,8 @@ module ActiveMerchant #:nodoc:
         parameters.to_json
       end
 
-      def error_code_from(response)
-        return if success_from(response)
+      def error_code_from(response, action)
+        return if success_from(response, action)
         return response['last_transaction']['acquirer_return_code'] if response['last_transaction']
 
         STANDARD_ERROR_CODE[:processing_error]