activemerchant 1.32.0 → 1.33.0

data/lib/active_merchant/billing/integrations/payu_in/notification.rb

@@ -0,0 +1,167 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    module Integrations #:nodoc:
+      module PayuIn
+        class Notification < ActiveMerchant::Billing::Integrations::Notification
+
+          def initialize(post, options = {})
+            super(post, options)
+            @merchant_id = options[:credential1]
+            @secret_key = options[:credential2]
+          end
+
+          def complete?
+            status == "success"
+          end
+
+          # Status of the transaction. List of possible values:
+          # <tt>invalid</tt>:: transaction id is not present
+          # <tt>tampered</tt>:: transaction data has been tampered
+          # <tt>success</tt>:: transaction successful
+          # <tt>pending</tt>:: transaction is pending for some approval
+          # <tt>failure</tt>:: transaction failure
+          def status
+            @status ||= if checksum_ok?
+              if transaction_id.blank?
+                'invalid'
+              else
+                transaction_status.downcase
+              end
+            else
+              'tampered'
+            end
+          end
+
+          def invoice_ok?( order_id )
+            order_id.to_s == invoice.to_s
+          end
+
+          # Order amount should be equal to gross - discount
+          def amount_ok?( order_amount, order_discount = BigDecimal.new( '0.0' ) )
+            BigDecimal.new( gross ) == order_amount && BigDecimal.new( discount ) == order_discount
+          end
+
+          # Status of transaction return from the PayU. List of possible values:
+          # <tt>SUCCESS</tt>::
+          # <tt>PENDING</tt>::
+          # <tt>FAILURE</tt>::
+          def transaction_status
+            params['status']
+          end
+
+          # ID of this transaction (PayU.in number)
+          def transaction_id
+            params['mihpayid']
+          end
+
+          # Mode of Payment
+          #
+          # 'CC' for credit-card
+          # 'NB' for net-banking
+          # 'CD' for cheque or DD
+          # 'CO' for Cash Pickup
+          def type
+            params['mode']
+          end
+
+          # What currency have we been dealing with
+          def currency
+            'INR'
+          end
+
+          def item_id
+            params['txnid']
+          end
+
+          # This is the invoice which you passed to PayU.in
+          def invoice
+            params['txnid']
+          end
+
+          # Merchant Id provided by the PayU.in
+          def account
+            params['key']
+          end
+
+          # original amount send by merchant
+          def gross
+            params['amount']
+          end
+
+          # This is discount given to user - based on promotion set by merchants.
+          def discount
+            params['discount']
+          end
+
+          # Description offer for what PayU given the offer to user - based on promotion set by merchants.
+          def offer_description
+            params['offer']
+          end
+
+          # Information about the product as send by merchant
+          def product_info
+            params['productinfo']
+          end
+
+          # Email of the customer
+          def customer_email
+            params['email']
+          end
+
+          # Phone of the customer
+          def customer_phone
+            params['phone']
+          end
+
+          # Firstname of the customer
+          def customer_first_name
+            params['firstname']
+          end
+
+          # Lastname of the customer
+          def customer_last_name
+            params['lastname']
+          end
+
+          # Full address of the customer
+          def customer_address
+            { :address1 => params['address1'], :address2 => params['address2'],
+              :city => params['city'], :state => params['state'],
+              :country => params['country'], :zipcode => params['zipcode'] }
+          end
+
+          def user_defined
+            return @user_defined if @user_defined
+            @user_defined = []
+            10.times{ |i| @user_defined.push( params[ "udf#{i+1}" ] ) }
+            @user_defined
+          end
+
+          def checksum
+            params['hash']
+          end
+
+          def message
+            @message || params['error']
+          end
+
+          def acknowledge
+            checksum_ok?
+          end
+
+          def checksum_ok?
+            fields = user_defined.dup.push( customer_email, customer_first_name, product_info, gross, invoice, :reverse => true )
+            fields.unshift( transaction_status )
+            unless PayuIn.checksum(@merchant_id, @secret_key, *fields ) == checksum
+              @message = 'Return checksum not matching the data provided'
+              return false
+            end
+            true
+          end
+
+        end
+      end
+    end
+  end
+end
+

data/lib/active_merchant/billing/integrations/payu_in/return.rb

@@ -0,0 +1,53 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    module Integrations #:nodoc:
+      module PayuIn
+        class Return < ActiveMerchant::Billing::Integrations::Return
+
+          def initialize(query_string, options = {})
+            super
+            @notification = Notification.new(query_string, options)
+          end
+
+          # PayU Transaction Id
+          #
+          def transaction_id
+            @notification.transaction_id
+          end
+
+          # Returns the status of the transaction as a string
+          # The status can be one of the following
+          #
+          # invalid - transaction id not present
+          # tampered - checksum does not mismatch
+          # mismatch - order id mismatch
+          # success - transaction success
+          # pending - transaction pending
+          # failure - transaction failure
+          #
+          # payu does not put the discount field in the checksum
+          # it can be easily forged by the attacker without detection
+          #
+          def status( order_id, order_amount )
+            if @notification.invoice_ok?( order_id ) && @notification.amount_ok?( BigDecimal.new(order_amount) )
+              @notification.status
+            else
+              'mismatch'
+            end
+          end
+
+          # check success of the transaction
+          # check order_id and
+          def success?
+            status( @params['txnid'], @params['amount'] ) == 'success'
+          end
+
+          def message
+            @notification.message
+          end
+
+        end
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/integrations/payu_in.rb

@@ -0,0 +1,43 @@
+require 'digest/sha2'
+require 'bigdecimal'
+
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    module Integrations #:nodoc:
+      module PayuIn
+        autoload :Return, 'active_merchant/billing/integrations/payu_in/return.rb'
+        autoload :Helper, 'active_merchant/billing/integrations/payu_in/helper.rb'
+        autoload :Notification, 'active_merchant/billing/integrations/payu_in/notification.rb'
+
+        mattr_accessor :test_url
+        mattr_accessor :production_url
+
+        self.test_url = 'https://test.payu.in/_payment.php'
+        self.production_url = 'https://secure.payu.in/_payment.php'
+
+        def self.service_url
+          ActiveMerchant::Billing::Base.integration_mode == :production ? self.production_url : self.test_url
+        end
+
+        def self.notification(post, options = {})
+          Notification.new(post, options)
+        end
+
+        def self.return(post, options = {})
+          Return.new(post, options)
+        end
+
+        def self.checksum(merchant_id, secret_key, *payload_items )
+          options = payload_items.pop if Hash === payload_items.last
+          options ||= {}
+          payload = if options[:reverse] then
+            payload_items.dup.push( merchant_id || "" ).unshift( secret_key || "" ).collect{ |x| x.to_s }.join("|")
+          else
+            payload_items.dup.unshift( merchant_id || "" ).push( secret_key || "" ).collect{ |x| x.to_s }.join("|")
+          end
+          Digest::SHA512.hexdigest( payload )
+        end
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/integrations/quickpay/notification.rb

@@ -41,17 +41,54 @@ module ActiveMerchant #:nodoc:
           end
 
           # Provide access to raw fields from quickpay
-          %w(msgtype ordernumber state chstat chstatmsg qpstat qpstatmsg merchant merchantemail cardtype cardnumber splitpayment fraudprobability fraudremarks fraudreport fee).each do |attr|
+          %w(
+            msgtype
+            ordernumber
+            state
+            chstat
+            chstatmsg
+            qpstat
+            qpstatmsg
+            merchant
+            merchantemail
+            cardtype
+            cardnumber
+            cardhash
+            cardexpire
+            splitpayment
+            fraudprobability
+            fraudremarks
+            fraudreport
+            fee
+          ).each do |attr|
             define_method(attr) do
               params[attr]
             end
           end
 
           MD5_CHECK_FIELDS = [
-            :msgtype, :ordernumber, :amount, :currency, :time, :state,
-            :qpstat, :qpstatmsg, :chstat, :chstatmsg, :merchant, :merchantemail,
-            :transaction, :cardtype, :cardnumber, :splitpayment, :fraudprobability,
-            :fraudremarks, :fraudreport, :fee
+            :msgtype,
+            :ordernumber,
+            :amount,
+            :currency,
+            :time,
+            :state,
+            :qpstat,
+            :qpstatmsg,
+            :chstat,
+            :chstatmsg,
+            :merchant,
+            :merchantemail,
+            :transaction,
+            :cardtype,
+            :cardnumber,
+            :cardhash,
+            :cardexpire,
+            :splitpayment,
+            :fraudprobability,
+            :fraudremarks,
+            :fraudreport,
+            :fee
           ]
 
           def generate_md5string
@@ -67,6 +104,32 @@ module ActiveMerchant #:nodoc:
           def acknowledge
             generate_md5check == params['md5check']
           end
+
+          # Take the posted data and move the relevant data into a hash
+          def parse(post)
+            # 30 + 12
+            #------------------------------8a827a0e6829
+            #Content-Disposition: form-data; name="msgtype"
+            #
+            #subscribe
+            #------------------------------8a827a0e6829
+            #Content-Disposition: form-data; name="ordernumber"
+            #
+            #BILP94406
+
+            if post =~ /-{20,40}\w{6,24}/
+              @raw = post.to_s
+              post.split(/-{20,40}\w{6,24}[\n\r]*/m).each do |part|
+                part.scan(/([^\n\r]+)[\n\r]+([^\n\r]*)/m) do |header, value|
+                  if header.match(/name=["'](.*)["']/)
+                    params[$1] = value.strip
+                  end
+                end
+              end
+            else
+              super
+            end
+          end
         end
       end
     end

data/lib/active_merchant/billing/integrations/rbkmoney/helper.rb

@@ -0,0 +1,23 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    module Integrations #:nodoc:
+      module Rbkmoney
+        class Helper < ActiveMerchant::Billing::Integrations::Helper
+          mapping :account, 'eshopId'
+          mapping :amount, 'recipientAmount'
+
+          # NOTE: rbkmoney uses outdated currency code 'RUR'
+          mapping :currency, 'recipientCurrency'
+
+          mapping :order, 'orderId'
+
+          mapping :customer, :email => 'user_email'
+
+          mapping :credential2, 'serviceName'
+          mapping :credential3, 'successUrl'
+          mapping :credential4, 'failUrl'
+        end
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/integrations/rbkmoney/notification.rb

@@ -0,0 +1,91 @@
+require 'net/http'
+
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    module Integrations #:nodoc:
+      module Rbkmoney
+        class Notification < ActiveMerchant::Billing::Integrations::Notification
+          %w(
+            eshopId
+            paymentId
+            orderId
+            eshopAccount
+            serviceName
+            recipientAmount
+            recipientCurrency
+            paymentStatus
+            userName
+            userEmail
+            paymentData
+            secretKey
+            hash
+          ).each do |param_name|
+            define_method(param_name.underscore){ params[param_name] }
+          end
+
+          def complete?
+            (payment_status == '5')
+          end
+
+          def test?
+            false
+          end
+
+          def status
+            case payment_status
+            when '3'
+              'pending'
+            when '5'
+              'completed'
+            else 'unknown'
+            end
+          end
+
+          def user_fields
+            params.inject({}) do |fields, (k,v)|
+              if /\AuserField_[\d+]\z/.match(k)
+                fields[k] = v
+              end
+              fields
+            end
+          end
+
+          alias_method :client_id, :eshop_id
+          alias_method :item_id, :order_id
+          alias_method :transaction_id, :payment_id
+          alias_method :received_at, :payment_data
+          alias_method :payer_email, :user_email
+          alias_method :gross, :recipient_amount
+          alias_method :currency, :recipient_currency
+
+          def acknowledge
+            string = [
+              eshop_id,
+              order_id,
+              service_name,
+              eshop_account,
+              recipient_amount,
+              recipient_currency,
+              payment_status,
+              user_name,
+              user_email,
+              payment_data,
+              @options[:secret]
+            ].join '::'
+
+            signature = case hash.to_s.length
+            when 32
+              Digest::MD5.hexdigest(string)
+            when 128
+              Digest::SHA512.hexdigest(string)
+            else
+              return false
+            end
+
+            signature == hash
+          end
+        end
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/integrations/rbkmoney.rb

@@ -0,0 +1,17 @@
+require File.dirname(__FILE__) + '/rbkmoney/helper.rb'
+require File.dirname(__FILE__) + '/rbkmoney/notification.rb'
+
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    module Integrations #:nodoc:
+      module Rbkmoney
+        mattr_accessor :service_url
+        self.service_url = 'https://rbkmoney.ru/acceptpurchase.aspx'
+
+        def self.notification(*args)
+          Notification.new(*args)
+        end
+      end
+    end
+  end
+end

data/lib/active_merchant/version.rb

@@ -1,3 +1,3 @@
 module ActiveMerchant
-  VERSION = "1.32.0"
+  VERSION = "1.33.0"
 end