activemerchant 1.125.0 → 1.129.0

data/lib/active_merchant/billing/gateways/beanstream.rb

@@ -76,6 +76,7 @@ module ActiveMerchant #:nodoc:
         add_transaction_type(post, :authorization)
         add_customer_ip(post, options)
         add_recurring_payment(post, options)
+        add_three_ds(post, options)
         commit(post)
       end
 
@@ -88,6 +89,7 @@ module ActiveMerchant #:nodoc:
         add_transaction_type(post, purchase_action(source))
         add_customer_ip(post, options)
         add_recurring_payment(post, options)
+        add_three_ds(post, options)
         commit(post)
       end
 
@@ -215,6 +217,22 @@ module ActiveMerchant #:nodoc:
       def build_response(*args)
         Response.new(*args)
       end
+
+      def add_three_ds(post, options)
+        return unless three_d_secure = options[:three_d_secure]
+
+        post[:SecureXID] = (three_d_secure[:ds_transaction_id] || three_d_secure[:xid]) if three_d_secure.slice(:ds_transaction_id, :xid).values.any?
+        post[:SecureECI] = formatted_three_ds_eci(three_d_secure[:eci]) if three_d_secure[:eci].present?
+        post[:SecureCAVV] = three_d_secure[:cavv] if three_d_secure[:cavv].present?
+      end
+
+      def formatted_three_ds_eci(val)
+        case val
+        when '05', '02' then 5
+        when '06', '01' then 6
+        else val.to_i
+        end
+      end
     end
   end
 end

data/lib/active_merchant/billing/gateways/blue_pay.rb

@@ -483,7 +483,7 @@ module ActiveMerchant #:nodoc:
         return unless reason_type = options.dig(:stored_credential, :reason_type)
 
         case reason_type
-        when 'recurring' || 'installment'
+        when 'recurring', 'installment'
           'Y'
         when 'unscheduled'
           'N'

data/lib/active_merchant/billing/gateways/blue_snap.rb

@@ -68,6 +68,8 @@ module ActiveMerchant
         'business_savings' => 'CORPORATE_SAVINGS'
       }
 
+      SHOPPER_INITIATOR = %w(CUSTOMER CARDHOLDER)
+
       STATE_CODE_COUNTRIES = %w(US CA)
 
       def initialize(options = {})
@@ -78,7 +80,7 @@ module ActiveMerchant
       def purchase(money, payment_method, options = {})
         payment_method_details = PaymentMethodDetails.new(payment_method)
 
-        commit(:purchase, :post, payment_method_details) do |doc|
+        commit(:purchase, options, :post, payment_method_details) do |doc|
           if payment_method_details.alt_transaction?
             add_alt_transaction_purchase(doc, money, payment_method_details, options)
           else
@@ -88,13 +90,13 @@ module ActiveMerchant
       end
 
       def authorize(money, payment_method, options = {})
-        commit(:authorize) do |doc|
+        commit(:authorize, options) do |doc|
           add_auth_purchase(doc, money, payment_method, options)
         end
       end
 
       def capture(money, authorization, options = {})
-        commit(:capture, :put) do |doc|
+        commit(:capture, options, :put) do |doc|
           add_authorization(doc, authorization)
           add_order(doc, options)
           add_amount(doc, money, options) if options[:include_capture_amount] == true
@@ -102,15 +104,16 @@ module ActiveMerchant
       end
 
       def refund(money, authorization, options = {})
-        commit(:refund, :put) do |doc|
-          add_authorization(doc, authorization)
-          add_amount(doc, money, options)
-          add_order(doc, options)
+        options[:endpoint] = options[:merchant_transaction_id] ? "/refund/merchant/#{options[:merchant_transaction_id]}" : "/refund/#{authorization}"
+        commit(:refund, options, :post) do |doc|
+          add_amount(doc, money, options) if money
+          %i[reason cancel_subscription tax_amount].each { |field| send_when_present(doc, field, options) }
+          add_metadata(doc, options)
         end
       end
 
       def void(authorization, options = {})
-        commit(:void, :put) do |doc|
+        commit(:void, options, :put) do |doc|
           add_authorization(doc, authorization)
           add_order(doc, options)
         end
@@ -123,7 +126,7 @@ module ActiveMerchant
       def store(payment_method, options = {})
         payment_method_details = PaymentMethodDetails.new(payment_method)
 
-        commit(:store, :post, payment_method_details) do |doc|
+        commit(:store, options, :post, payment_method_details) do |doc|
           add_personal_info(doc, payment_method, options)
           add_echeck_company(doc, payment_method) if payment_method_details.check?
           doc.send('payment-sources') do
@@ -149,7 +152,7 @@ module ActiveMerchant
 
       def verify_credentials
         begin
-          ssl_get(url.to_s, headers)
+          ssl_get(url.to_s, headers(options))
         rescue ResponseError => e
           return false if e.response.code.to_i == 401
         end
@@ -178,6 +181,7 @@ module ActiveMerchant
         doc.send('store-card', options[:store_card] || false)
         add_amount(doc, money, options)
         add_fraud_info(doc, payment_method, options)
+        add_stored_credentials(doc, options)
 
         if payment_method.is_a?(String)
           doc.send('vaulted-shopper-id', payment_method)
@@ -189,6 +193,19 @@ module ActiveMerchant
         end
       end
 
+      def add_stored_credentials(doc, options)
+        return unless stored_credential = options[:stored_credential]
+
+        initiator = stored_credential[:initiator]&.upcase
+        initiator = 'SHOPPER' if SHOPPER_INITIATOR.include?(initiator)
+        doc.send('transaction-initiator', initiator) if stored_credential[:initiator]
+        if stored_credential[:network_transaction_id]
+          doc.send('network-transaction-info') do
+            doc.send('original-network-transaction-id', stored_credential[:network_transaction_id])
+          end
+        end
+      end
+
       def add_amount(doc, money, options)
         currency = options[:currency] || currency(money)
         doc.amount(localized_amount(money, currency))
@@ -234,6 +251,7 @@ module ActiveMerchant
               doc.send('meta-key', truncate(entry[:meta_key], 40))
               doc.send('meta-value', truncate(entry[:meta_value], 500))
               doc.send('meta-description', truncate(entry[:meta_description], 40))
+              doc.send('is-visible', truncate(entry[:meta_is_visible], 5))
             end
           end
         end
@@ -242,6 +260,7 @@ module ActiveMerchant
       def add_order(doc, options)
         doc.send('merchant-transaction-id', truncate(options[:order_id], 50)) if options[:order_id]
         doc.send('soft-descriptor', options[:soft_descriptor]) if options[:soft_descriptor]
+        doc.send('descriptor-phone-number', options[:descriptor_phone_number]) if options[:descriptor_phone_number]
         add_metadata(doc, options)
         add_3ds(doc, options[:three_d_secure]) if options[:three_d_secure]
         add_level_3_data(doc, options)
@@ -348,6 +367,7 @@ module ActiveMerchant
       def add_alt_transaction_purchase(doc, money, payment_method_details, options)
         doc.send('merchant-transaction-id', truncate(options[:order_id], 50)) if options[:order_id]
         doc.send('soft-descriptor', options[:soft_descriptor]) if options[:soft_descriptor]
+        doc.send('descriptor-phone-number', options[:descriptor_phone_number]) if options[:descriptor_phone_number]
         add_amount(doc, money, options)
 
         vaulted_shopper_id = payment_method_details.vaulted_shopper_id
@@ -356,6 +376,7 @@ module ActiveMerchant
         add_echeck_transaction(doc, payment_method_details.payment_method, options, vaulted_shopper_id.present?) if payment_method_details.check?
 
         add_fraud_info(doc, payment_method_details.payment_method, options)
+        add_stored_credentials(doc, options)
         add_metadata(doc, options)
       end
 
@@ -386,13 +407,12 @@ module ActiveMerchant
 
       def parse(response)
         return bad_authentication_response if response.code.to_i == 401
-        return generic_error_response(response.body) if [403, 429].include?(response.code.to_i)
+        return generic_error_response(response.body) if [403, 405, 429].include?(response.code.to_i)
 
         parsed = {}
         doc = Nokogiri::XML(response.body)
         doc.root.xpath('*').each do |node|
           name = node.name.downcase
-
           if node.elements.empty?
             parsed[name] = node.text
           elsif name == 'transaction-meta-data'
@@ -433,15 +453,15 @@ module ActiveMerchant
         end
       end
 
-      def api_request(action, request, verb, payment_method_details)
-        ssl_request(verb, url(action, payment_method_details), request, headers)
+      def api_request(action, request, verb, payment_method_details, options)
+        ssl_request(verb, url(action, options, payment_method_details), request, headers(options))
       rescue ResponseError => e
         e.response
       end
 
-      def commit(action, verb = :post, payment_method_details = PaymentMethodDetails.new())
+      def commit(action, options, verb = :post, payment_method_details = PaymentMethodDetails.new())
         request = build_xml_request(action, payment_method_details) { |doc| yield(doc) }
-        response = api_request(action, request, verb, payment_method_details)
+        response = api_request(action, request, verb, payment_method_details, options)
         parsed = parse(response)
 
         succeeded = success_from(action, response)
@@ -457,9 +477,10 @@ module ActiveMerchant
         )
       end
 
-      def url(action = nil, payment_method_details = PaymentMethodDetails.new())
+      def url(action = nil, options = {}, payment_method_details = PaymentMethodDetails.new())
         base = test? ? test_url : live_url
         resource = action == :store ? 'vaulted-shoppers' : payment_method_details.resource_url
+        resource += options[:endpoint] if action == :refund
         "#{base}/#{resource}"
       end
 
@@ -510,7 +531,9 @@ module ActiveMerchant
       end
 
       def authorization_from(action, parsed_response, payment_method_details)
-        action == :store ? vaulted_shopper_id(parsed_response, payment_method_details) : parsed_response['transaction-id']
+        return vaulted_shopper_id(parsed_response, payment_method_details) if action == :store
+
+        parsed_response['refund-transaction-id'] || parsed_response['transaction-id']
       end
 
       def vaulted_shopper_id(parsed_response, payment_method_details)
@@ -532,20 +555,28 @@ module ActiveMerchant
       end
 
       def root_element(action, payment_method_details)
-        action == :store ? 'vaulted-shopper' : payment_method_details.root_element
+        return 'refund' if action == :refund
+        return 'vaulted-shopper' if action == :store
+
+        payment_method_details.root_element
       end
 
-      def headers
-        {
+      def headers(options)
+        idempotency_key = options[:idempotency_key] if options[:idempotency_key]
+
+        headers = {
           'Content-Type' => 'application/xml',
           'Authorization' => ('Basic ' + Base64.strict_encode64("#{@options[:api_username]}:#{@options[:api_password]}").strip)
         }
+
+        headers['Idempotency-Key'] = idempotency_key if idempotency_key
+        headers
       end
 
       def build_xml_request(action, payment_method_details)
         builder = Nokogiri::XML::Builder.new
         builder.__send__(root_element(action, payment_method_details), root_attributes) do |doc|
-          doc.send('card-transaction-type', TRANSACTIONS[action]) if TRANSACTIONS[action] && !payment_method_details.alt_transaction?
+          doc.send('card-transaction-type', TRANSACTIONS[action]) if TRANSACTIONS[action] && !payment_method_details.alt_transaction? && action != :refund
           yield(doc)
         end
         builder.doc.root.to_xml

data/lib/active_merchant/billing/gateways/bogus.rb

@@ -90,6 +90,10 @@ module ActiveMerchant #:nodoc:
         end
       end
 
+      def verify(credit_card, options = {})
+        authorize(0, credit_card, options)
+      end
+
       def store(paysource, options = {})
         case normalize(paysource)
         when /1$/

data/lib/active_merchant/billing/gateways/borgun.rb

@@ -23,18 +23,34 @@ module ActiveMerchant #:nodoc:
 
       def purchase(money, payment, options = {})
         post = {}
-        post[:TransType] = '1'
+        action = ''
+        if options[:apply_3d_secure] == '1'
+          add_3ds_preauth_fields(post, options)
+          action = '3ds_preauth'
+        else
+          post[:TransType] = '1'
+          add_3ds_fields(post, options)
+          action = 'sale'
+        end
         add_invoice(post, money, options)
         add_payment_method(post, payment)
-        commit('sale', post)
+        commit(action, post, options)
       end
 
       def authorize(money, payment, options = {})
         post = {}
-        post[:TransType] = '5'
+        action = ''
+        if options[:apply_3d_secure] == '1'
+          add_3ds_preauth_fields(post, options)
+          action = '3ds_preauth'
+        else
+          post[:TransType] = '5'
+          add_3ds_fields(post, options)
+          action = 'authonly'
+        end
         add_invoice(post, money, options)
         add_payment_method(post, payment)
-        commit('authonly', post, options)
+        commit(action, post, options)
       end
 
       def capture(money, authorization, options = {})
@@ -81,9 +97,26 @@ module ActiveMerchant #:nodoc:
       CURRENCY_CODES['EUR'] = '978'
       CURRENCY_CODES['USD'] = '840'
 
+      def add_3ds_fields(post, options)
+        post[:ThreeDSMessageId] = options[:three_ds_message_id] if options[:three_ds_message_id]
+        post[:ThreeDS_PARes] = options[:three_ds_pares] if options[:three_ds_pares]
+        post[:ThreeDS_CRes] = options[:three_ds_cres] if options[:three_ds_cres]
+      end
+
+      def add_3ds_preauth_fields(post, options)
+        post[:SaleDescription] = options[:sale_description] || ''
+        post[:MerchantReturnURL] = options[:merchant_return_url] if options[:merchant_return_url]
+      end
+
       def add_invoice(post, money, options)
         post[:TrAmount] = amount(money)
         post[:TrCurrency] = CURRENCY_CODES[options[:currency] || currency(money)]
+        # The ISK currency must have a currency exponent of 2 on the 3DS request but not on the auth request
+        if post[:TrCurrency] == '352' && options[:apply_3d_secure] == '1'
+          post[:TrCurrencyExponent] = 2
+        else
+          post[:TrCurrencyExponent] = 0
+        end
         post[:TerminalID] = options[:terminal_id] || '1'
       end
 
@@ -103,11 +136,11 @@ module ActiveMerchant #:nodoc:
         post[:AuthCode] = authcode
       end
 
-      def parse(xml)
+      def parse(xml, options = nil)
         response = {}
 
         doc = Nokogiri::XML(CGI.unescapeHTML(xml))
-        body = doc.xpath('//getAuthorizationReply')
+        body = options[:apply_3d_secure] == '1' ? doc.xpath('//get3DSAuthenticationReply') : doc.xpath('//getAuthorizationReply')
         body = doc.xpath('//cancelAuthorizationReply') if body.length == 0
         body.children.each do |node|
           if node.text?
@@ -121,7 +154,6 @@ module ActiveMerchant #:nodoc:
             end
           end
         end
-
         response
       end
 
@@ -132,7 +164,7 @@ module ActiveMerchant #:nodoc:
 
         request = build_request(action, post, options)
         raw = ssl_post(url(action), request, headers)
-        pairs = parse(raw)
+        pairs = parse(raw, options)
         success = success_from(pairs)
 
         Response.new(
@@ -145,7 +177,7 @@ module ActiveMerchant #:nodoc:
       end
 
       def success_from(response)
-        (response[:actioncode] == '000')
+        (response[:actioncode] == '000') || (response[:status_resultcode] == '0')
       end
 
       def message_from(succeeded, response)
@@ -182,16 +214,17 @@ module ActiveMerchant #:nodoc:
 
       def build_request(action, post, options = {})
         mode = action == 'void' ? 'cancel' : 'get'
+        transaction_type = action == '3ds_preauth' ? '3DSAuthentication' : 'Authorization'
         xml = Builder::XmlMarkup.new indent: 18
         xml.instruct!(:xml, version: '1.0', encoding: 'utf-8')
-        xml.tag!("#{mode}Authorization") do
+        xml.tag!("#{mode}#{transaction_type}") do
           post.each do |field, value|
             xml.tag!(field, value)
           end
           build_airline_xml(xml, options[:passenger_itinerary_data]) if options[:passenger_itinerary_data]
         end
         inner = CGI.escapeHTML(xml.target!)
-        envelope(mode).sub(/{{ :body }}/, inner)
+        envelope(mode, action).sub(/{{ :body }}/, inner)
       end
 
       def build_airline_xml(xml, airline_data)
@@ -204,16 +237,23 @@ module ActiveMerchant #:nodoc:
         end
       end
 
-      def envelope(mode)
+      def envelope(mode, action)
+        if action == '3ds_preauth'
+          transaction_action = "#{mode}3DSAuthentication"
+          request_action = "#{mode}Auth3DSReqXml"
+        else
+          transaction_action = "#{mode}AuthorizationInput"
+          request_action = "#{mode}AuthReqXml"
+        end
         <<-XML
           <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:aut="http://Borgun/Heimir/pub/ws/Authorization">
             <soapenv:Header/>
             <soapenv:Body>
-              <aut:#{mode}AuthorizationInput>
-                <#{mode}AuthReqXml>
+              <aut:#{transaction_action}>
+                <#{request_action}>
                 {{ :body }}
-                </#{mode}AuthReqXml>
-              </aut:#{mode}AuthorizationInput>
+                </#{request_action}>
+              </aut:#{transaction_action}>
             </soapenv:Body>
           </soapenv:Envelope>
         XML

data/lib/active_merchant/billing/gateways/braintree/braintree_common.rb

@@ -18,6 +18,11 @@ module BraintreeCommon
     transcript.
       gsub(%r((Authorization: Basic )\w+), '\1[FILTERED]').
       gsub(%r((&?ccnumber=)\d*(&?)), '\1[FILTERED]\2').
-      gsub(%r((&?cvv=)\d*(&?)), '\1[FILTERED]\2')
+      gsub(%r((&?cvv=)\d*(&?)), '\1[FILTERED]\2').
+      gsub(%r((<account-number>)\d+(</account-number>)), '\1[FILTERED]\2').
+      gsub(%r((<payment-method-nonce>)[^<]+(</payment-method-nonce>)), '\1[FILTERED]\2').
+      gsub(%r((<payment-method-token>)[^<]+(</payment-method-token>)), '\1[FILTERED]\2').
+      gsub(%r((<value>)[^<]{100,}(</value>)), '\1[FILTERED]\2').
+      gsub(%r((<token>)[^<]+(</token>)), '\1[FILTERED]\2')
   end
 end

data/lib/active_merchant/billing/gateways/braintree/token_nonce.rb

@@ -0,0 +1,113 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class TokenNonce #:nodoc:
+      include PostsData
+      # This class emulates the behavior of the front-end js library to
+      # create token nonce for a bank account base on the docs:
+      # https://developer.paypal.com/braintree/docs/guides/ach/client-side
+
+      attr_reader :braintree_gateway, :options
+
+      def initialize(gateway, options = {})
+        @braintree_gateway = gateway
+        @options = options
+      end
+
+      def url
+        sandbox = @braintree_gateway.config.environment == :sandbox
+        "https://payments#{'.sandbox' if sandbox}.braintree-api.com/graphql"
+      end
+
+      def create_token_nonce_for_payment_method(payment_method)
+        headers = {
+          'Accept' => 'application/json',
+          'Authorization' => "Bearer #{client_token}",
+          'Content-Type' => 'application/json',
+          'Braintree-Version' => '2018-05-10'
+        }
+        resp = ssl_post(url, build_nonce_request(payment_method), headers)
+        json_response = JSON.parse(resp)
+
+        message = json_response['errors'].map { |err| err['message'] }.join("\n") if json_response['errors'].present?
+        token = json_response.dig('data', 'tokenizeUsBankAccount', 'paymentMethod', 'id')
+
+        return token, message
+      end
+
+      def client_token
+        base64_token = @braintree_gateway.client_token.generate
+        JSON.parse(Base64.decode64(base64_token))['authorizationFingerprint']
+      end
+
+      private
+
+      def graphql_query
+        <<-GRAPHQL
+        mutation TokenizeUsBankAccount($input: TokenizeUsBankAccountInput!) {
+          tokenizeUsBankAccount(input: $input) {
+            paymentMethod {
+              id
+              details {
+                ... on UsBankAccountDetails {
+                  last4
+                }
+              }
+            }
+          }
+        }
+        GRAPHQL
+      end
+
+      def billing_address_from_options
+        return nil if options[:billing_address].blank?
+
+        address = options[:billing_address]
+
+        {
+          streetAddress: address[:address1],
+          extendedAddress: address[:address2],
+          city: address[:city],
+          state: address[:state],
+          zipCode: address[:zip]
+        }.compact
+      end
+
+      def build_nonce_request(payment_method)
+        input = {
+          usBankAccount: {
+            achMandate: options[:ach_mandate],
+            routingNumber: payment_method.routing_number,
+            accountNumber: payment_method.account_number,
+            accountType: payment_method.account_type.upcase,
+            billingAddress: billing_address_from_options
+          }
+        }
+
+        if payment_method.account_holder_type == 'personal'
+          input[:usBankAccount][:individualOwner] = {
+            firstName: payment_method.first_name,
+            lastName: payment_method.last_name
+          }
+        else
+          input[:usBankAccount][:businessOwner] = {
+            businessName: payment_method.name
+          }
+        end
+
+        {
+          clientSdkMetadata: {
+            platform: 'web',
+            source: 'client',
+            integration: 'custom',
+            sessionId: SecureRandom.uuid,
+            version: '3.83.0'
+          },
+          query: graphql_query,
+          variables: {
+            input: input
+          }
+        }.to_json
+      end
+    end
+  end
+end