activemerchant 1.125.0 → 1.129.0

data/lib/active_merchant/billing/gateways/rapyd.rb

@@ -0,0 +1,319 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class RapydGateway < Gateway
+      self.test_url = 'https://sandboxapi.rapyd.net/v1/'
+      self.live_url = 'https://api.rapyd.net/v1/'
+
+      self.supported_countries = %w(CA CL CO DO SV PE PT VI AU HK IN ID JP MY NZ PH SG KR TW TH VN AD AT BE BA BG HR CY CZ DK EE FI FR GE DE GI GR GL HU IS IE IL IT LV LI LT LU MK MT MD MC ME NL GB NO PL RO RU SM SK SI ZA ES SE CH TR VA)
+      self.default_currency = 'USD'
+      self.supported_cardtypes = %i[visa master american_express discover]
+
+      self.homepage_url = 'https://www.rapyd.net/'
+      self.display_name = 'Rapyd Gateway'
+
+      USA_PAYMENT_METHODS = %w[us_debit_discover_card us_debit_mastercard_card us_debit_visa_card us_ach_bank]
+
+      STANDARD_ERROR_CODE_MAPPING = {}
+
+      def initialize(options = {})
+        requires!(options, :secret_key, :access_key)
+        super
+      end
+
+      def purchase(money, payment, options = {})
+        post = {}
+        add_auth_purchase(post, money, payment, options)
+        post[:capture] = true unless payment.is_a?(Check)
+
+        commit(:post, 'payments', post)
+      end
+
+      def authorize(money, payment, options = {})
+        post = {}
+        add_auth_purchase(post, money, payment, options)
+        post[:capture] = false unless payment.is_a?(Check)
+
+        commit(:post, 'payments', post)
+      end
+
+      def capture(money, authorization, options = {})
+        post = {}
+        commit(:post, "payments/#{add_reference(authorization)}/capture", post)
+      end
+
+      def refund(money, authorization, options = {})
+        post = {}
+        post[:payment] = add_reference(authorization)
+        add_invoice(post, money, options)
+        add_metadata(post, options)
+        add_ewallet(post, options)
+
+        commit(:post, 'refunds', post)
+      end
+
+      def void(authorization, options = {})
+        post = {}
+        commit(:delete, "payments/#{add_reference(authorization)}", post)
+      end
+
+      def verify(credit_card, options = {})
+        authorize(0, credit_card, options)
+      end
+
+      def store(payment, options = {})
+        post = {}
+        add_payment(post, payment, options)
+        add_customer_object(post, payment, options)
+        add_metadata(post, options)
+        add_ewallet(post, options)
+        add_payment_fields(post, options)
+        add_payment_urls(post, options)
+        add_address(post, payment, options)
+        commit(:post, 'customers', post)
+      end
+
+      def unstore(customer)
+        commit(:delete, "customers/#{add_reference(customer)}", {})
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r((Access_key: )\w+), '\1[FILTERED]').
+          gsub(%r(("number\\?":\\?")\d+), '\1[FILTERED]').
+          gsub(%r(("account_number\\?":\\?")\d+), '\1[FILTERED]').
+          gsub(%r(("routing_number\\?":\\?")\d+), '\1[FILTERED]').
+          gsub(%r(("cvv\\?":\\?")\d+), '\1[FILTERED]')
+      end
+
+      private
+
+      def add_reference(authorization)
+        return unless authorization
+
+        authorization.split('|')[0]
+      end
+
+      def add_auth_purchase(post, money, payment, options)
+        add_invoice(post, money, options)
+        add_payment(post, payment, options)
+        add_customer_object(post, payment, options)
+        add_3ds(post, payment, options)
+        add_address(post, payment, options)
+        add_metadata(post, options)
+        add_ewallet(post, options)
+        add_payment_fields(post, options)
+        add_payment_urls(post, options)
+        add_customer_id(post, options)
+      end
+
+      def add_address(post, creditcard, options)
+        return unless address = options[:billing_address]
+
+        post[:address] = {}
+        # name and line_1 are required at the gateway
+        post[:address][:name] = address[:name] if address[:name]
+        post[:address][:line_1] = address[:address1] if address[:address1]
+        post[:address][:line_2] = address[:address2] if address[:address2]
+        post[:address][:city] = address[:city] if address[:city]
+        post[:address][:state] = address[:state] if address[:state]
+        post[:address][:country] = address[:country] if address[:country]
+        post[:address][:zip] = address[:zip] if address[:zip]
+        post[:address][:phone_number] = address[:phone].gsub(/\D/, '') if address[:phone]
+      end
+
+      def add_invoice(post, money, options)
+        post[:amount] = money.zero? ? 0 : amount(money).to_f.to_s
+        post[:currency] = (options[:currency] || currency(money))
+      end
+
+      def add_payment(post, payment, options)
+        if payment.is_a?(CreditCard)
+          add_creditcard(post, payment, options)
+        elsif payment.is_a?(Check)
+          add_ach(post, payment, options)
+        else
+          add_token(post, payment, options)
+        end
+      end
+
+      def add_stored_credential(post, options)
+        return unless stored_credential = options[:stored_credential]
+
+        post[:payment_method][:fields][:network_reference_id] = stored_credential[:network_transaction_id] if stored_credential[:network_transaction_id]
+        post[:initiation_type] = stored_credential[:reason_type] if stored_credential[:reason_type]
+      end
+
+      def add_creditcard(post, payment, options)
+        post[:payment_method] = {}
+        post[:payment_method][:fields] = {}
+        pm_fields = post[:payment_method][:fields]
+
+        post[:payment_method][:type] = options[:pm_type]
+        pm_fields[:number] = payment.number
+        pm_fields[:expiration_month] = payment.month.to_s
+        pm_fields[:expiration_year] = payment.year.to_s
+        pm_fields[:name] = "#{payment.first_name} #{payment.last_name}"
+        pm_fields[:cvv] = payment.verification_value.to_s
+
+        add_stored_credential(post, options)
+      end
+
+      def add_ach(post, payment, options)
+        post[:payment_method] = {}
+        post[:payment_method][:fields] = {}
+
+        post[:payment_method][:type] = options[:pm_type]
+        post[:payment_method][:fields][:proof_of_authorization] = options[:proof_of_authorization]
+        post[:payment_method][:fields][:first_name] = payment.first_name if payment.first_name
+        post[:payment_method][:fields][:last_name] = payment.last_name if payment.last_name
+        post[:payment_method][:fields][:routing_number] = payment.routing_number
+        post[:payment_method][:fields][:account_number] = payment.account_number
+        post[:payment_method][:fields][:payment_purpose] = options[:payment_purpose] if options[:payment_purpose]
+      end
+
+      def add_token(post, payment, options)
+        return unless token = payment.split('|')[1]
+
+        post[:payment_method] = token
+      end
+
+      def add_3ds(post, payment, options)
+        return unless three_d_secure = options[:three_d_secure]
+
+        post[:payment_method_options] = {}
+        post[:payment_method_options]['3d_required'] = three_d_secure[:required]
+        post[:payment_method_options]['3d_version'] = three_d_secure[:version]
+        post[:payment_method_options][:cavv] = three_d_secure[:cavv]
+        post[:payment_method_options][:eci] = three_d_secure[:eci]
+        post[:payment_method_options][:xid] = three_d_secure[:xid]
+        post[:payment_method_options][:ds_trans_id] = three_d_secure[:ds_transaction_id]
+      end
+
+      def add_metadata(post, options)
+        post[:metadata] = options[:metadata] if options[:metadata]
+      end
+
+      def add_ewallet(post, options)
+        post[:ewallet_id] = options[:ewallet_id] if options[:ewallet_id]
+      end
+
+      def add_payment_fields(post, options)
+        post[:payment] = {}
+
+        post[:payment][:description] = options[:description] if options[:description]
+        post[:payment][:statement_descriptor] = options[:statement_descriptor] if options[:statement_descriptor]
+      end
+
+      def add_payment_urls(post, options)
+        post[:complete_payment_url] = options[:complete_payment_url] if options[:complete_payment_url]
+        post[:error_payment_url] = options[:error_payment_url] if options[:error_payment_url]
+      end
+
+      def add_customer_object(post, payment, options)
+        post[:name] = "#{payment.first_name} #{payment.last_name}" unless payment.is_a?(String)
+        phone = options.dig(:billing_address, :phone) .gsub(/\D/, '') unless options[:billing_address].nil?
+        post[:phone_number] = phone || options.dig(:customer, :phone_number)
+        post[:email] = options[:email] || options.dig(:customer, :email)
+        post[:addresses] = options.dig(:customer, :addresses) if USA_PAYMENT_METHODS.include?(options[:pm_type])
+      end
+
+      def add_customer_id(post, options)
+        post[:customer] = options[:customer_id] if options[:customer_id]
+      end
+
+      def parse(body)
+        return {} if body.empty? || body.nil?
+
+        JSON.parse(body)
+      end
+
+      def commit(method, action, parameters)
+        url = (test? ? test_url : live_url) + action.to_s
+        rel_path = "#{method}/v1/#{action}"
+        response = api_request(method, url, rel_path, parameters)
+
+        Response.new(
+          success_from(response),
+          message_from(response),
+          response,
+          authorization: authorization_from(response),
+          avs_result: avs_result(response),
+          cvv_result: cvv_result(response),
+          test: test?,
+          error_code: error_code_from(response)
+        )
+      end
+
+      def api_request(method, url, rel_path, params)
+        params == {} ? body = '' : body = params.to_json
+        parse(ssl_request(method, url, body, headers(rel_path, body)))
+      end
+
+      def headers(rel_path, payload)
+        salt = SecureRandom.base64(12)
+        timestamp = Time.new.to_i.to_s
+        {
+          'Content-Type' => 'application/json',
+          'access_key' => @options[:access_key],
+          'salt' => salt,
+          'timestamp' => timestamp,
+          'signature' => generate_hmac(rel_path, salt, timestamp, payload)
+        }
+      end
+
+      def generate_hmac(rel_path, salt, timestamp, payload)
+        signature = "#{rel_path}#{salt}#{timestamp}#{@options[:access_key]}#{@options[:secret_key]}#{payload}"
+        hash = Base64.urlsafe_encode64(OpenSSL::HMAC.hexdigest('sha256', @options[:secret_key], signature))
+        hash
+      end
+
+      def avs_result(response)
+        return nil unless (code = response.dig('data', 'payment_method_data', 'acs_check'))
+
+        AVSResult.new(code: code)
+      end
+
+      def cvv_result(response)
+        return nil unless (code = response.dig('data', 'payment_method_data', 'cvv_check'))
+
+        CVVResult.new(code)
+      end
+
+      def success_from(response)
+        response.dig('status', 'status') == 'SUCCESS' && response.dig('status', 'error') != 'ERR'
+      end
+
+      def message_from(response)
+        case response.dig('status', 'status')
+        when 'ERROR'
+          response.dig('status', 'message') == '' ? response.dig('status', 'error_code') : response.dig('status', 'message')
+        else
+          response.dig('status', 'status')
+        end
+      end
+
+      def authorization_from(response)
+        id = response.dig('data') ? response.dig('data', 'id') : response.dig('status', 'operation_id')
+
+        "#{id}|#{response.dig('data', 'default_payment_method')}"
+      end
+
+      def error_code_from(response)
+        response.dig('status', 'error_code') unless success_from(response)
+      end
+
+      def handle_response(response)
+        case response.code.to_i
+        when 200...300, 400, 401, 404
+          response.body
+        else
+          raise ResponseError.new(response)
+        end
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/gateways/reach.rb

@@ -0,0 +1,277 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class ReachGateway < Gateway
+      self.test_url = 'https://checkout.rch.how/'
+      self.live_url = 'https://checkout.rch.io/'
+
+      self.supported_countries = ['US']
+      self.default_currency = 'USD'
+      self.supported_cardtypes = %i[visa diners_club american_express jcb master discover maestro]
+
+      self.homepage_url = 'https://www.withreach.com/'
+      self.display_name = 'Reach'
+      self.currencies_without_fractions = %w(BIF BYR CLF CLP CVE DJF GNF ISK JPY KMF KRW PYG RWF UGX UYI VND VUV XAF XOF XPF IDR MGA MRO)
+
+      API_VERSION = 'v2.22'.freeze
+      STANDARD_ERROR_CODE_MAPPING = {}
+      PAYMENT_METHOD_MAP = {
+        american_express: 'AMEX',
+        cabal: 'CABAL',
+        check: 'ACH',
+        dankort: 'DANKORT',
+        diners_club: 'DINERS',
+        discover: 'DISC',
+        elo: 'ELO',
+        jcb: 'JCB',
+        maestro: 'MAESTRO',
+        master: 'MC',
+        naranja: 'NARANJA',
+        union_pay: 'UNIONPAY',
+        visa: 'VISA'
+      }
+
+      def initialize(options = {})
+        requires!(options, :merchant_id, :secret)
+        super
+      end
+
+      def authorize(money, payment, options = {})
+        request = build_checkout_request(money, payment, options)
+        add_custom_fields_data(request, options)
+        add_customer_data(request, options, payment)
+        add_stored_credentials(request, options)
+        post = { request: request, card: add_payment(payment, options) }
+        if options[:stored_credential]
+          MultiResponse.run(:use_first_response) do |r|
+            r.process { commit('checkout', post) }
+            r.process do
+              r2 = get_network_payment_reference(r.responses[0])
+              r.params[:network_transaction_id] = r2.message
+              r2
+            end
+          end
+        else
+          commit('checkout', post)
+        end
+      end
+
+      def purchase(money, payment, options = {})
+        options[:capture] = true
+        authorize(money, payment, options)
+      end
+
+      def capture(money, authorization, options = {})
+        post = { request: { MerchantId: @options[:merchant_id], OrderId: authorization } }
+        commit('capture', post)
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r(((MerchantId)[% \w]+[%]\d{2})[\w -]+), '\1[FILTERED]').
+          gsub(%r((signature=)[\w%]+), '\1[FILTERED]\2').
+          gsub(%r((Number%22%3A%22)[\d]+), '\1[FILTERED]\2').
+          gsub(%r((VerificationCode%22%3A)[\d]+), '\1[FILTERED]\2')
+      end
+
+      def refund(amount, authorization, options = {})
+        currency = options[:currency] || currency(options[:amount])
+        post = {
+          request: {
+            MerchantId: @options[:merchant_id],
+            OrderId: authorization,
+            ReferenceId: options[:order_id] || options[:reference_id],
+            Amount: localized_amount(amount, currency)
+          }
+        }
+        commit('refund', post)
+      end
+
+      def void(authorization, options = {})
+        post = {
+          request: {
+            MerchantId: @options[:merchant_id],
+            OrderId: authorization
+          }
+        }
+
+        commit('cancel', post)
+      end
+
+      def verify(credit_card, options = {})
+        MultiResponse.run(:use_first_response) do |r|
+          r.process { authorize(100, credit_card, options) }
+          r.process(:ignore_result) { void(r.authorization, options) }
+        end
+      end
+
+      private
+
+      def build_checkout_request(amount, payment, options)
+        currency = options[:currency] || currency(options[:amount])
+        {
+          MerchantId: @options[:merchant_id],
+          ReferenceId: options[:order_id],
+          ConsumerCurrency: currency,
+          Capture: options[:capture] || false,
+          PaymentMethod: PAYMENT_METHOD_MAP.fetch(payment.brand.to_sym, 'unsupported'),
+          Items: [
+            Sku: options[:item_sku] || SecureRandom.alphanumeric,
+            ConsumerPrice: localized_amount(amount, currency),
+            Quantity: (options[:item_quantity] || 1)
+          ]
+        }
+      end
+
+      def add_payment(payment, options)
+        ntid = options.dig(:stored_credential, :network_transaction_id)
+        cvv_or_previos_reference = (ntid ? { PreviousNetworkPaymentReference: ntid } : { VerificationCode: payment.verification_value })
+        {
+          Name: payment.name,
+          Number: payment.number,
+          Expiry: { Month: payment.month, Year: payment.year }
+        }.merge!(cvv_or_previos_reference)
+      end
+
+      def add_customer_data(request, options, payment)
+        address = options[:billing_address] || options[:address]
+
+        return if address.blank?
+
+        request[:Consumer] = {
+          Name: payment.respond_to?(:name) ? payment.name : address[:name],
+          Email: options[:email],
+          Address: address[:address1],
+          City: address[:city],
+          Country: address[:country]
+        }.compact
+      end
+
+      def add_stored_credentials(request, options)
+        request[:PaymentModel] = payment_model(options) || ''
+        request[:DeviceFingerprint] = options[:device_fingerprint] if options[:device_fingerprint]
+      end
+
+      def payment_model(options)
+        stored_credential = options[:stored_credential]
+        return options[:payment_model] if options[:payment_model]
+        return 'CIT-One-Time' unless stored_credential
+
+        payment_model_options = {
+          initial_transaction: {
+            'cardholder' => {
+              'installment' => 'CIT-Setup-Scheduled',
+              'unscheduled' => 'CIT-Setup-Unscheduled-MIT',
+              'recurring' => 'CIT-Setup-Unscheduled'
+            }
+          },
+          no_initial_transaction: {
+            'cardholder' => {
+              'unscheduled' => 'CIT-Subsequent-Unscheduled'
+            },
+            'merchant' => {
+              'recurring' => 'MIT-Subsequent-Scheduled',
+              'unscheduled' => 'MIT-Subsequent-Unscheduled'
+            }
+          }
+        }
+        initial = stored_credential[:initial_transaction] ? :initial_transaction : :no_initial_transaction
+        payment_model_options[initial].dig(stored_credential[:initiator], stored_credential[:reason_type])
+      end
+
+      def add_custom_fields_data(request, options)
+        add_shipping_data(request, options) if options[:taxes].present?
+        request[:RateOfferId] = options[:rate_offer_id] if options[:rate_offer_id].present?
+        request[:Items] = options[:items] if options[:items].present?
+      end
+
+      def add_shipping_data(request, options)
+        request[:Shipping] = {
+          ConsumerPrice: options[:price],
+          ConsumerTaxes: options[:taxes],
+          ConsumerDuty: options[:duty]
+        }
+        request[:Consignee] = {
+          Name: options[:consignee_name],
+          Address: options[:consignee_address],
+          City: options[:consignee_city],
+          Country: options[:consignee_country]
+        }
+      end
+
+      def sign_body(body)
+        Base64.strict_encode64(OpenSSL::HMAC.digest('sha256', @options[:secret].encode('utf-8'), body.encode('utf-8')))
+      end
+
+      def parse(body)
+        hash_response = URI.decode_www_form(body).to_h
+        hash_response['response'] = JSON.parse(hash_response['response'])
+
+        hash_response
+      end
+
+      def format_and_sign(post)
+        post[:request] = post[:request].to_json
+        post[:card] = post[:card].to_json if post[:card].present?
+        post[:signature] = sign_body(post[:request])
+        post
+      end
+
+      def get_network_payment_reference(response)
+        parameters = { request: { MerchantId: @options[:merchant_id], OrderId: response.params['response']['OrderId'] } }
+        body = post_data format_and_sign(parameters)
+
+        raw_response = ssl_request :post, url('query'), body, {}
+        response = parse(raw_response)
+        message = response.dig('response', 'Payment', 'NetworkPaymentReference')
+        Response.new(true, message, {})
+      end
+
+      def commit(action, parameters)
+        body = post_data format_and_sign(parameters)
+        raw_response = ssl_post url(action), body
+        response = parse(raw_response)
+
+        Response.new(
+          success_from(response),
+          message_from(response) || '',
+          response,
+          authorization: authorization_from(response['response']),
+          # avs_result: AVSResult.new(code: response['some_avs_response_key']),
+          # cvv_result: CVVResult.new(response['some_cvv_response_key']),
+          test: test?,
+          error_code: error_code_from(response)
+        )
+      rescue ActiveMerchant::ResponseError => e
+        Response.new(false, (e.response.body.present? ? e.response.body : e.response.msg), {}, test: test?)
+      end
+
+      def success_from(response)
+        response.dig('response', 'Error').blank?
+      end
+
+      def message_from(response)
+        success_from(response) ? '' : response.dig('response', 'Error', 'ReasonCode')
+      end
+
+      def authorization_from(response)
+        response['OrderId']
+      end
+
+      def post_data(params)
+        params.map { |k, v| "#{k}=#{CGI.escape(v.to_s)}" }.join('&')
+      end
+
+      def error_code_from(response)
+        response['response']['Error']['Code'] unless success_from(response)
+      end
+
+      def url(action)
+        "#{test? ? test_url : live_url}#{API_VERSION}/#{action}"
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/gateways/redsys.rb

@@ -91,7 +91,7 @@ module ActiveMerchant #:nodoc:
       # More operations are supported by the gateway itself, but
       # are not supported in this library.
       SUPPORTED_TRANSACTIONS = {
-        purchase:   'A',
+        purchase:   '0',
         authorize:  '1',
         capture:    '2',
         refund:     '3',
@@ -266,9 +266,13 @@ module ActiveMerchant #:nodoc:
       end
 
       def verify(creditcard, options = {})
-        MultiResponse.run(:use_first_response) do |r|
-          r.process { authorize(100, creditcard, options) }
-          r.process(:ignore_result) { void(r.authorization, options) }
+        if options[:sca_exemption_behavior_override] == 'endpoint_and_ntid'
+          purchase(0, creditcard, options)
+        else
+          MultiResponse.run(:use_first_response) do |r|
+            r.process { authorize(100, creditcard, options) }
+            r.process(:ignore_result) { void(r.authorization, options) }
+          end
         end
       end
 
@@ -685,7 +689,7 @@ module ActiveMerchant #:nodoc:
         cipher = OpenSSL::Cipher.new('DES3')
         cipher.encrypt
 
-        cipher.key = Base64.strict_decode64(key)
+        cipher.key = Base64.urlsafe_decode64(key)
         # The OpenSSL default of an all-zeroes ("\\0") IV is used.
         cipher.padding = 0
 

data/lib/active_merchant/billing/gateways/safe_charge.rb

@@ -107,10 +107,7 @@ module ActiveMerchant #:nodoc:
       end
 
       def verify(credit_card, options = {})
-        MultiResponse.run(:use_first_response) do |r|
-          r.process { authorize(100, credit_card, options) }
-          r.process(:ignore_result) { void(r.authorization, options) }
-        end
+        authorize(0, credit_card, options)
       end
 
       def supports_scrubbing?

data/lib/active_merchant/billing/gateways/sage_pay.rb

@@ -427,7 +427,7 @@ module ActiveMerchant #:nodoc:
       def past_purchase_reference?(payment_method)
         return false unless payment_method.is_a?(String)
 
-        payment_method.split(';').last == 'purchase'
+        %w(purchase repeat).include?(payment_method.split(';').last)
       end
     end
   end