activemerchant 1.126.0 → 1.129.0

data/lib/active_merchant/billing/gateways/shift4.rb

@@ -0,0 +1,342 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class Shift4Gateway < Gateway
+      self.test_url = 'https://utgapi.shift4test.com/api/rest/v1/'
+      self.live_url = 'https://utg.shift4api.net/api/rest/v1/'
+
+      self.supported_countries = %w(US CA CU HT DO PR JM TT GP MQ BS BB LC CW AW VC VI GD AG DM KY KN SX TC MF VG BQ AI BL MS)
+      self.default_currency = 'USD'
+      self.supported_cardtypes = %i[visa master american_express discover]
+
+      self.homepage_url = 'https://shift4.com'
+      self.display_name = 'Shift4'
+
+      RECURRING_TYPE_TRANSACTIONS = %w(recurring installment)
+      TRANSACTIONS_WITHOUT_RESPONSE_CODE = %w(accesstoken add)
+      SUCCESS_TRANSACTION_STATUS = %w(A)
+      DISALLOWED_ENTRY_MODE_ACTIONS = %w(capture refund add verify)
+      URL_POSTFIX_MAPPING = {
+        'accesstoken' => 'credentials',
+        'add' => 'tokens',
+        'verify' => 'cards'
+      }
+      STANDARD_ERROR_CODE_MAPPING = {
+        'incorrect_number' => STANDARD_ERROR_CODE[:incorrect_number],
+        'invalid_number' => STANDARD_ERROR_CODE[:invalid_number],
+        'invalid_expiry_month' => STANDARD_ERROR_CODE[:invalid_expiry_date],
+        'invalid_expiry_year' => STANDARD_ERROR_CODE[:invalid_expiry_date],
+        'invalid_cvc' => STANDARD_ERROR_CODE[:invalid_cvc],
+        'expired_card' => STANDARD_ERROR_CODE[:expired_card],
+        'insufficient_funds' => STANDARD_ERROR_CODE[:card_declined],
+        'incorrect_cvc' => STANDARD_ERROR_CODE[:incorrect_cvc],
+        'incorrect_zip' => STANDARD_ERROR_CODE[:incorrect_zip],
+        'card_declined' => STANDARD_ERROR_CODE[:card_declined],
+        'processing_error' => STANDARD_ERROR_CODE[:processing_error],
+        'lost_or_stolen' => STANDARD_ERROR_CODE[:card_declined],
+        'suspected_fraud' => STANDARD_ERROR_CODE[:card_declined],
+        'expired_token' => STANDARD_ERROR_CODE[:card_declined]
+      }
+
+      def initialize(options = {})
+        requires!(options, :client_guid, :auth_token)
+        @client_guid = options[:client_guid]
+        @auth_token = options[:auth_token]
+        @access_token = options[:access_token]
+        super
+      end
+
+      def purchase(money, payment_method, options = {})
+        post = {}
+        action = 'sale'
+
+        payment_method = get_card_token(payment_method) if payment_method.is_a?(String)
+        add_datetime(post, options)
+        add_invoice(post, money, options)
+        add_clerk(post, options)
+        add_transaction(post, options)
+        add_card(action, post, payment_method, options)
+        add_card_present(post, options)
+        add_customer(post, payment_method, options)
+
+        commit(action, post, options)
+      end
+
+      def authorize(money, payment_method, options = {})
+        post = {}
+        action = 'authorization'
+
+        payment_method = get_card_token(payment_method) if payment_method.is_a?(String)
+        add_datetime(post, options)
+        add_invoice(post, money, options)
+        add_clerk(post, options)
+        add_transaction(post, options)
+        add_card(action, post, payment_method, options)
+        add_card_present(post, options)
+        add_customer(post, payment_method, options)
+
+        commit(action, post, options)
+      end
+
+      def capture(money, authorization, options = {})
+        post = {}
+        action = 'capture'
+        options[:invoice] = get_invoice(authorization)
+
+        add_datetime(post, options)
+        add_invoice(post, money, options)
+        add_clerk(post, options)
+        add_transaction(post, options)
+        add_card(action, post, get_card_token(authorization), options)
+
+        commit(action, post, options)
+      end
+
+      def refund(money, authorization, options = {})
+        post = {}
+        action = 'refund'
+
+        add_datetime(post, options)
+        add_invoice(post, money, options)
+        add_clerk(post, options)
+        add_transaction(post, options)
+        add_card(action, post, get_card_token(authorization), options)
+        add_card_present(post, options)
+
+        commit(action, post, options)
+      end
+
+      def void(authorization, options = {})
+        options[:invoice] = get_invoice(authorization)
+        commit('invoice', {}, options)
+      end
+
+      def verify(credit_card, options = {})
+        post = {}
+        action = 'verify'
+        post[:transaction] = {}
+
+        add_datetime(post, options)
+        add_card(action, post, credit_card, options)
+        add_customer(post, credit_card, options)
+        add_card_on_file(post[:transaction], options)
+
+        commit(action, post, options)
+      end
+
+      def store(credit_card, options = {})
+        post = {}
+        action = 'add'
+
+        add_datetime(post, options)
+        add_card(action, post, credit_card, options)
+        add_customer(post, credit_card, options)
+
+        commit(action, post, options)
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r(("Number\\?"\s*:\s*\\?")[^"]*)i, '\1[FILTERED]').
+          gsub(%r(("expirationDate\\?"\s*:\s*\\?")[^"]*)i, '\1[FILTERED]').
+          gsub(%r(("FirstName\\?"\s*:\s*\\?")[^"]*)i, '\1[FILTERED]').
+          gsub(%r(("LastName\\?"\s*:\s*\\?")[^"]*)i, '\1[FILTERED]').
+          gsub(%r(("securityCode\\?":{\\?"[\w]+\\?":[\d]+,\\?"value\\?":\\?")[\d]*)i, '\1[FILTERED]')
+      end
+
+      def setup_access_token
+        post = {}
+        add_credentials(post, options)
+        add_datetime(post, options)
+
+        response = commit('accesstoken', post, request_headers('accesstoken', options))
+        raise OAuthResponseError.new(response, response.params.fetch('result', [{}]).first.dig('error', 'longText')) unless response.success?
+
+        response.params['result'].first['credential']['accessToken']
+      end
+
+      private
+
+      def add_credentials(post, options)
+        post[:credential] = {}
+        post[:credential][:clientGuid] = @client_guid
+        post[:credential][:authToken] = @auth_token
+      end
+
+      def add_clerk(post, options)
+        post[:clerk] = {}
+        post[:clerk][:numericId] = options[:clerk_id] || '1'
+      end
+
+      def add_invoice(post, money, options)
+        post[:amount] = {}
+        post[:amount][:total] = amount(money.to_f)
+        post[:amount][:tax] = options[:tax].to_f || 0.0
+      end
+
+      def add_datetime(post, options)
+        post[:dateTime] = options[:date_time] || current_date_time(options)
+      end
+
+      def add_transaction(post, options)
+        post[:transaction] = {}
+        post[:transaction][:invoice] = options[:invoice] || Time.new.to_i.to_s[1..3] + rand.to_s[2..7]
+        post[:transaction][:notes] = options[:notes] if options[:notes].present?
+        post[:transaction][:vendorReference] = options[:order_id]
+
+        add_purchase_card(post[:transaction], options)
+        add_card_on_file(post[:transaction], options)
+      end
+
+      def add_card(action, post, payment_method, options)
+        post[:card] = {}
+        post[:card][:entryMode] = options[:entry_mode] || 'M' unless DISALLOWED_ENTRY_MODE_ACTIONS.include?(action)
+        if payment_method.is_a?(CreditCard)
+          post[:card][:expirationDate] = "#{format(payment_method.month, :two_digits)}#{format(payment_method.year, :two_digits)}"
+          post[:card][:number] = payment_method.number
+          post[:card][:securityCode] = {}
+          post[:card][:securityCode][:indicator] = 1
+          post[:card][:securityCode][:value] = payment_method.verification_value
+        else
+          post[:card] = {} if post[:card].nil?
+          post[:card][:token] = {}
+          post[:card][:token][:value] = payment_method
+          post[:card][:expirationDate] = options[:expiration_date] if options[:expiration_date]
+        end
+      end
+
+      def add_card_present(post, options)
+        post[:card] = {} unless post[:card].present?
+
+        post[:card][:present] = options[:card_present] || 'N'
+      end
+
+      def add_customer(post, card, options)
+        address = options[:billing_address] || {}
+
+        post[:customer] = {}
+        post[:customer][:addressLine1] = address[:address1] if address[:address1]
+        post[:customer][:postalCode] = address[:zip] if address[:zip] && !address[:zip]&.to_s&.empty?
+        post[:customer][:firstName] = card.first_name if card.is_a?(CreditCard) && card.first_name
+        post[:customer][:lastName] = card.last_name if card.is_a?(CreditCard) && card.last_name
+        post[:customer][:emailAddress] = options[:email] if options[:email]
+        post[:customer][:ipAddress] = options[:ip] if options[:ip]
+      end
+
+      def add_purchase_card(post, options)
+        return unless options[:customer_reference] || options[:destination_postal_code] || options[:product_descriptors]
+
+        post[:purchaseCard] = {}
+        post[:purchaseCard][:customerReference] = options[:customer_reference] if options[:customer_reference]
+        post[:purchaseCard][:destinationPostalCode] = options[:destination_postal_code] if options[:destination_postal_code]
+        post[:purchaseCard][:productDescriptors] = options[:product_descriptors] if options[:product_descriptors]
+      end
+
+      def add_card_on_file(post, options)
+        return unless options[:stored_credential] || options[:usage_indicator] || options[:indicator] || options[:scheduled_indicator] || options[:transaction_id]
+
+        stored_credential = options[:stored_credential] || {}
+        post[:cardOnFile] = {}
+        post[:cardOnFile][:usageIndicator] = options[:usage_indicator] || (stored_credential[:initial_transaction] ? '01' : '02')
+        post[:cardOnFile][:indicator] = options[:indicator] || '01'
+        post[:cardOnFile][:scheduledIndicator] = options[:scheduled_indicator] || (RECURRING_TYPE_TRANSACTIONS.include?(stored_credential[:reason_type]) ? '01' : '02')
+        post[:cardOnFile][:transactionId] = options[:transaction_id] || stored_credential[:network_transaction_id] if options[:transaction_id] || stored_credential[:network_transaction_id]
+      end
+
+      def commit(action, parameters, option)
+        url_postfix = URL_POSTFIX_MAPPING[action] || 'transactions'
+        url = (test? ? "#{test_url}#{url_postfix}/#{action}" : "#{live_url}#{url_postfix}/#{action}")
+        if action == 'invoice'
+          response = parse(ssl_request(:delete, url, parameters.to_json, request_headers(action, option)))
+        else
+          response = parse(ssl_post(url, parameters.to_json, request_headers(action, option)))
+        end
+
+        Response.new(
+          success_from(action, response),
+          message_from(action, response),
+          response,
+          authorization: authorization_from(action, response),
+          test: test?,
+          error_code: error_code_from(action, response)
+        )
+      end
+
+      def handle_response(response)
+        case response.code.to_i
+        when 200...300, 400, 401, 500
+          response.body
+        else
+          raise ResponseError.new(response)
+        end
+      end
+
+      def parse(body)
+        return {} if body == ''
+
+        JSON.parse(body)
+      end
+
+      def message_from(action, response)
+        success_from(action, response) ? 'Transaction successful' : (error(response)&.dig('longText') || 'Transaction declined')
+      end
+
+      def error_code_from(action, response)
+        return unless success_from(action, response)
+
+        STANDARD_ERROR_CODE_MAPPING[response['primaryCode']]
+      end
+
+      def authorization_from(action, response)
+        return unless success_from(action, response)
+
+        authorization = response.dig('result', 0, 'card', 'token', 'value').to_s
+        invoice = response.dig('result', 0, 'transaction', 'invoice')
+        authorization += "|#{invoice}" if invoice
+        authorization
+      end
+
+      def get_card_token(authorization)
+        authorization.is_a?(CreditCard) ? authorization : authorization.split('|')[0]
+      end
+
+      def get_invoice(authorization)
+        authorization.is_a?(CreditCard) ? authorization : authorization.split('|')[1]
+      end
+
+      def request_headers(action, options)
+        headers = {
+          'Content-Type' => 'application/json'
+        }
+        headers['AccessToken'] = @access_token
+        headers['Invoice'] = options[:invoice] if action != 'capture' && options[:invoice].present?
+        headers['InterfaceVersion'] = '1'
+        headers['InterfaceName'] = 'Spreedly'
+        headers['CompanyName'] = 'Spreedly'
+        headers
+      end
+
+      def success_from(action, response)
+        success = error(response).nil?
+        success &&= SUCCESS_TRANSACTION_STATUS.include?(response['result'].first['transaction']['responseCode']) unless TRANSACTIONS_WITHOUT_RESPONSE_CODE.include?(action)
+        success
+      end
+
+      def error(response)
+        server_error = { 'longText' => response['error'] } if response['error']
+        server_error || response['result'].first['error']
+      end
+
+      def current_date_time(options = {})
+        time_zone = options[:merchant_time_zone] || 'Pacific Time (US & Canada)'
+        time = Time.now.in_time_zone(time_zone)
+        offset = Time.now.in_time_zone(time_zone).formatted_offset
+
+        time.strftime('%Y-%m-%dT%H:%M:%S.%3N') + offset
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/gateways/simetrik.rb

@@ -4,10 +4,13 @@ module ActiveMerchant #:nodoc:
       self.test_url = 'https://payments.sta.simetrik.com/v1'
       self.live_url = 'https://payments.simetrik.com/v1'
 
-      class_attribute :test_auth_url, :live_auth_url
+      class_attribute :test_auth_url, :live_auth_url, :test_audience, :live_audience
       self.test_auth_url = 'https://tenant-payments-dev.us.auth0.com/oauth/token'
       self.live_auth_url = 'https://tenant-payments-prod.us.auth0.com/oauth/token'
 
+      self.test_audience = 'https://tenant-payments-dev.us.auth0.com/api/v2/'
+      self.live_audience = 'https://tenant-payments-prod.us.auth0.com/api/v2/'
+
       self.supported_countries = %w(PE AR)
       self.default_currency = 'USD'
       self.supported_cardtypes = %i[visa master american_express discover]
@@ -39,7 +42,7 @@ module ActiveMerchant #:nodoc:
       }
 
       def initialize(options = {})
-        requires!(options, :client_id, :client_secret, :audience)
+        requires!(options, :client_id, :client_secret)
         super
         @access_token = {}
         sign_access_token()
@@ -52,7 +55,6 @@ module ActiveMerchant #:nodoc:
         add_forward_route(post, options)
         add_forward_payload(post, money, payment, options)
         add_stored_credential(post, options)
-
         commit('authorize', post, { token_acquirer: options[:token_acquirer] })
       end
 
@@ -70,7 +72,7 @@ module ActiveMerchant #:nodoc:
             acquire_extra_options: options[:acquire_extra_options] || {}
           }
         }
-        post[:forward_payload][:amount][:vat] = options[:vat] if options[:vat]
+        post[:forward_payload][:amount][:vat] = options[:vat].to_f / 100 if options[:vat]
 
         add_forward_route(post, options)
         commit('capture', post, { token_acquirer: options[:token_acquirer] })
@@ -127,12 +129,10 @@ module ActiveMerchant #:nodoc:
 
       def scrub(transcript)
         transcript.
-          gsub(%r((\"number\\\":\\\")\d+), '\1[FILTERED]').
-          gsub(%r((\"security_code\\\":\\\")\d+), '\1[FILTERED]').
-          gsub(%r((\"exp_month\\\":\\\")\d+), '\1[FILTERED]').
-          gsub(%r((\"exp_year\\\":\\\")\d+), '\1[FILTERED]').
-          gsub(%r((\"holder_first_name\\\":\\\")"\w+"), '\1[FILTERED]').
-          gsub(%r((\"holder_last_name\\\":\\\")"\w+"), '\1[FILTERED]')
+          gsub(%r((Authorization: Bearer ).+), '\1[FILTERED]').
+          gsub(%r(("client_secret\\?":\\?")\w+), '\1[FILTERED]').
+          gsub(%r(("number\\?":\\?")\d+), '\1[FILTERED]').
+          gsub(%r(("security_code\\?":\\?")\d+), '\1[FILTERED]')
       end
 
       private
@@ -148,7 +148,7 @@ module ActiveMerchant #:nodoc:
       def add_forward_payload(post, money, payment, options)
         forward_payload = {}
         add_user(forward_payload, options[:user]) if options[:user]
-        add_order(forward_payload, money, options[:order]) if options[:order] || money
+        add_order(forward_payload, money, options)
         add_payment_method(forward_payload, payment, options[:payment_method]) if options[:payment_method] || payment
 
         forward_payload[:payment_method] = {} unless forward_payload[:payment_method]
@@ -230,29 +230,34 @@ module ActiveMerchant #:nodoc:
         post[:forward_payload][:authentication][:stored_credential] = options[:stored_credential] if check_initiator && check_reason_type
       end
 
-      def add_order(post, money, order_options)
+      def add_order(post, money, options)
+        return unless options[:order] || money
+
         order = {}
-        order[:id] = order_options[:id] if order_options[:id]
-        order[:description] = order_options[:description] if order_options[:description]
-        order[:installments] = order_options[:installments] if order_options[:installments]
+        order_options = options[:order] || {}
+        order[:id] = options[:order_id] if options[:order_id]
+        order[:description] = options[:description] if options[:description]
+        order[:installments] = order_options[:installments].to_i if order_options[:installments]
         order[:datetime_local_transaction] = order_options[:datetime_local_transaction] if order_options[:datetime_local_transaction]
 
-        add_amount(order, money, order_options[:amount]) if order_options[:amount]
-        add_address('shipping_address', order, order_options[:shipping_address]) if order_options[:shipping_address]
+        add_amount(order, money, options)
+        add_address('shipping_address', order, options)
 
         post[:order] = order
       end
 
-      def add_amount(post, money, amount_options)
+      def add_amount(post, money, options)
         amount_obj = {}
         amount_obj[:total_amount] = amount(money).to_f
-        amount_obj[:currency] = (amount_options[:currency] || currency(money))
-        amount_obj[:vat] = amount_options[:vat] if amount_options[:vat]
+        amount_obj[:currency] = (options[:currency] || currency(money))
+        amount_obj[:vat] = options[:vat].to_f / 100 if options[:vat]
 
         post[:amount] = amount_obj
       end
 
-      def add_address(tag, post, address_options)
+      def add_address(tag, post, options)
+        return unless address_options = options[:shipping_address]
+
         address = {}
         address[:name] = address_options[:name] if address_options[:name]
         address[:address1] = address_options[:address1] if address_options[:address1]
@@ -335,6 +340,7 @@ module ActiveMerchant #:nodoc:
         }
       end
 
+      # if this method is refactored, ensure that the client_secret is properly scrubbed
       def sign_access_token
         fetch_access_token() if Time.new.to_i > (@access_token[:expires_at] || 0) + 10
         @access_token[:access_token]
@@ -348,7 +354,7 @@ module ActiveMerchant #:nodoc:
         login_info = {}
         login_info[:client_id] = @options[:client_id]
         login_info[:client_secret] = @options[:client_secret]
-        login_info[:audience] = @options[:audience]
+        login_info[:audience] = test? ? test_audience : live_audience
         login_info[:grant_type] = 'client_credentials'
         response = parse(ssl_post(auth_url(), login_info.to_json, {
           'content-Type' => 'application/json'

data/lib/active_merchant/billing/gateways/stripe.rb

@@ -145,6 +145,7 @@ module ActiveMerchant #:nodoc:
 
       def void(identification, options = {})
         post = {}
+        post[:reverse_transfer] = options[:reverse_transfer] if options[:reverse_transfer]
         post[:metadata] = options[:metadata] if options[:metadata]
         post[:reason] = options[:reason] if options[:reason]
         post[:expand] = [:charge]
@@ -280,6 +281,7 @@ module ActiveMerchant #:nodoc:
       def scrub(transcript)
         transcript.
           gsub(%r((Authorization: Basic )\w+), '\1[FILTERED]').
+          gsub(%r((Authorization: Bearer )\w+), '\1[FILTERED]').
           gsub(%r((&?three_d_secure\[cryptogram\]=)[\w=]*(&?)), '\1[FILTERED]\2').
           gsub(%r(((\[card\]|card)\[cryptogram\]=)[^&]+(&?)), '\1[FILTERED]\3').
           gsub(%r(((\[card\]|card)\[cvc\]=)\d+), '\1[FILTERED]').
@@ -301,7 +303,7 @@ module ActiveMerchant #:nodoc:
       def delete_latest_test_external_account(account)
         return unless test?
 
-        auth_header = { 'Authorization': "Bearer #{options[:login]}" }
+        auth_header = { 'Authorization' => 'Basic ' + Base64.strict_encode64(options[:login].to_s + ':').strip }
         url = "#{live_url}accounts/#{CGI.escape(account)}/external_accounts"
         accounts_response = JSON.parse(ssl_get("#{url}?limit=100", auth_header))
         to_delete = accounts_response['data'].reject { |ac| ac['default_for_currency'] }
@@ -389,6 +391,7 @@ module ActiveMerchant #:nodoc:
         end
 
         add_metadata(post, options)
+        add_shipping_address(post, payment, options)
         add_application_fee(post, options)
         add_exchange_rate(post, options)
         add_destination(post, options)
@@ -555,6 +558,23 @@ module ActiveMerchant #:nodoc:
         post[:metadata][:card_read_method] = creditcard.read_method if creditcard.respond_to?(:read_method)
       end
 
+      def add_shipping_address(post, payment, options = {})
+        return unless shipping = options[:shipping_address]
+        return unless shipping_name = shipping[:name]
+
+        post[:shipping] = {}
+
+        post[:shipping][:name] = shipping_name
+        post[:shipping][:address] = {}
+        post[:shipping][:address][:line1] = shipping[:address1]
+        post[:shipping][:address][:line2] = shipping[:address2] if shipping[:address2]
+        post[:shipping][:address][:city] = shipping[:city] if shipping[:city]
+        post[:shipping][:address][:country] = shipping[:country] if shipping[:country]
+        post[:shipping][:address][:state] = shipping[:state] if shipping[:state]
+        post[:shipping][:address][:postal_code] = shipping[:zip] if shipping[:zip]
+        post[:shipping][:phone] = shipping[:phone_number] if shipping[:phone_number]
+      end
+
       def add_source_owner(post, creditcard, options)
         post[:owner] = {}
         post[:owner][:name] = creditcard.name if creditcard.name