activemerchant 1.38.0 → 1.78.0

data/lib/active_merchant/billing/gateways/authorize_net.rb

@@ -1,725 +1,1018 @@
-module ActiveMerchant #:nodoc:
-  module Billing #:nodoc:
-    # For more information on the Authorize.Net Gateway please visit their {Integration Center}[http://developer.authorize.net/]
-    #
-    # The login and password are not the username and password you use to
-    # login to the Authorize.Net Merchant Interface. Instead, you will
-    # use the API Login ID as the login and Transaction Key as the
-    # password.
-    #
-    # ==== How to Get Your API Login ID and Transaction Key
-    #
-    # 1. Log into the Merchant Interface
-    # 2. Select Settings from the Main Menu
-    # 3. Click on API Login ID and Transaction Key in the Security section
-    # 4. Type in the answer to the secret question configured on setup
-    # 5. Click Submit
-    #
-    # ==== Automated Recurring Billing (ARB)
-    #
-    # Automated Recurring Billing (ARB) is an optional service for submitting and managing recurring, or subscription-based, transactions.
-    #
-    # To use recurring, update_recurring, cancel_recurring and status_recurring ARB must be enabled for your account.
-    #
-    # Information about ARB is available on the {Authorize.Net website}[http://www.authorize.net/solutions/merchantsolutions/merchantservices/automatedrecurringbilling/].
-    # Information about the ARB API is available at the {Authorize.Net Integration Center}[http://developer.authorize.net/]
+require 'nokogiri'
+
+module ActiveMerchant
+  module Billing
     class AuthorizeNetGateway < Gateway
-      API_VERSION = '3.1'
+      include Empty
 
-      class_attribute :arb_test_url, :arb_live_url
+      self.test_url = 'https://apitest.authorize.net/xml/v1/request.api'
+      self.live_url = 'https://api2.authorize.net/xml/v1/request.api'
 
-      self.test_url = "https://test.authorize.net/gateway/transact.dll"
-      self.live_url = "https://secure.authorize.net/gateway/transact.dll"
+      self.supported_countries = %w(AD AT AU BE BG CA CH CY CZ DE DK EE ES FI FR GB GI GR HU IE IL IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK SM TR US VA)
+      self.default_currency = 'USD'
+      self.money_format = :dollars
+      self.supported_cardtypes = [:visa, :master, :american_express, :discover, :diners_club, :jcb, :maestro]
 
-      self.arb_test_url = 'https://apitest.authorize.net/xml/v1/request.api'
-      self.arb_live_url = 'https://api.authorize.net/xml/v1/request.api'
+      self.homepage_url = 'http://www.authorize.net/'
+      self.display_name = 'Authorize.Net'
 
-      class_attribute :duplicate_window
+      # Authorize.net has slightly different definitions for returned AVS codes
+      # that have been mapped to the closest equivalent AM standard AVSResult codes
+      # Authorize.net's descriptions noted below
+      STANDARD_AVS_CODE_MAPPING = {
+        'A' => 'A', # Street Address: Match -- First 5 Digits of ZIP: No Match
+        'B' => 'I', # Address not provided for AVS check or street address match, postal code could not be verified
+        'E' => 'E', # AVS Error
+        'G' => 'G', # Non U.S. Card Issuing Bank
+        'N' => 'N', # Street Address: No Match -- First 5 Digits of ZIP: No Match
+        'P' => 'I', # AVS not applicable for this transaction
+        'R' => 'R', # Retry, System Is Unavailable
+        'S' => 'S', # AVS Not Supported by Card Issuing Bank
+        'U' => 'U', # Address Information For This Cardholder Is Unavailable
+        'W' => 'W', # Street Address: No Match -- All 9 Digits of ZIP: Match
+        'X' => 'X', # Street Address: Match -- All 9 Digits of ZIP: Match
+        'Y' => 'Y', # Street Address: Match - First 5 Digits of ZIP: Match
+        'Z' => 'Z'  # Street Address: No Match - First 5 Digits of ZIP: Match
+      }
 
-      APPROVED, DECLINED, ERROR, FRAUD_REVIEW = 1, 2, 3, 4
+      STANDARD_ERROR_CODE_MAPPING = {
+        '2127' => STANDARD_ERROR_CODE[:incorrect_address],
+        '22' => STANDARD_ERROR_CODE[:card_declined],
+        '227' => STANDARD_ERROR_CODE[:incorrect_address],
+        '23' => STANDARD_ERROR_CODE[:card_declined],
+        '2315' => STANDARD_ERROR_CODE[:invalid_number],
+        '2316' => STANDARD_ERROR_CODE[:invalid_expiry_date],
+        '2317' => STANDARD_ERROR_CODE[:expired_card],
+        '235' => STANDARD_ERROR_CODE[:processing_error],
+        '237' => STANDARD_ERROR_CODE[:invalid_number],
+        '24' => STANDARD_ERROR_CODE[:pickup_card],
+        '244' => STANDARD_ERROR_CODE[:incorrect_cvc],
+        '300' => STANDARD_ERROR_CODE[:config_error],
+        '3153' => STANDARD_ERROR_CODE[:processing_error],
+        '3155' => STANDARD_ERROR_CODE[:unsupported_feature],
+        '36' => STANDARD_ERROR_CODE[:incorrect_number],
+        '37' => STANDARD_ERROR_CODE[:invalid_expiry_date],
+        '378' => STANDARD_ERROR_CODE[:invalid_cvc],
+        '38' => STANDARD_ERROR_CODE[:expired_card],
+        '384' => STANDARD_ERROR_CODE[:config_error],
+      }
 
-      RESPONSE_CODE, RESPONSE_REASON_CODE, RESPONSE_REASON_TEXT, AUTHORIZATION_CODE = 0, 2, 3, 4
-      AVS_RESULT_CODE, TRANSACTION_ID, CARD_CODE_RESPONSE_CODE  = 5, 6, 38
+      MARKET_TYPE = {
+        :moto  => '1',
+        :retail  => '2'
+      }
 
-      self.default_currency = 'USD'
+      DEVICE_TYPE = {
+        :unknown => '1',
+        :unattended_terminal => '2',
+        :self_service_terminal => '3',
+        :electronic_cash_register => '4',
+        :personal_computer_terminal => '5',
+        :airpay => '6',
+        :wireless_pos => '7',
+        :website => '8',
+        :dial_terminal => '9',
+        :virtual_terminal => '10'
+      }
 
-      self.supported_countries = ['US', 'CA', 'GB']
-      self.supported_cardtypes = [:visa, :master, :american_express, :discover, :diners_club, :jcb]
-      self.homepage_url = 'http://www.authorize.net/'
-      self.display_name = 'Authorize.Net'
+      class_attribute :duplicate_window
 
-      CARD_CODE_ERRORS = %w( N S )
-      AVS_ERRORS = %w( A E N R W Z )
+      APPROVED, DECLINED, ERROR, FRAUD_REVIEW = 1, 2, 3, 4
+      TRANSACTION_ALREADY_ACTIONED = %w(310 311)
+
+      CARD_CODE_ERRORS = %w(N S)
+      AVS_ERRORS = %w(A E I N R W Z)
       AVS_REASON_CODES = %w(27 45)
 
-      AUTHORIZE_NET_ARB_NAMESPACE = 'AnetApi/xml/v1/schema/AnetApiSchema.xsd'
+      TRACKS = {
+          1 => /^%(?<format_code>.)(?<pan>[\d]{1,19}+)\^(?<name>.{2,26})\^(?<expiration>[\d]{0,4}|\^)(?<service_code>[\d]{0,3}|\^)(?<discretionary_data>.*)\?\Z/,
+          2 => /\A;(?<pan>[\d]{1,19}+)=(?<expiration>[\d]{0,4}|=)(?<service_code>[\d]{0,3}|=)(?<discretionary_data>.*)\?\Z/
+      }.freeze
 
-      RECURRING_ACTIONS = {
-        :create => 'ARBCreateSubscription',
-        :update => 'ARBUpdateSubscription',
-        :cancel => 'ARBCancelSubscription',
-        :status => 'ARBGetSubscriptionStatus'
-      }
+      APPLE_PAY_DATA_DESCRIPTOR = "COMMON.APPLE.INAPP.PAYMENT"
+
+      PAYMENT_METHOD_NOT_SUPPORTED_ERROR = "155"
+      INELIGIBLE_FOR_ISSUING_CREDIT_ERROR = "54"
 
-      # Creates a new AuthorizeNetGateway
-      #
-      # The gateway requires that a valid login and password be passed
-      # in the +options+ hash.
-      #
-      # ==== Options
-      #
-      # * <tt>:login</tt> -- The Authorize.Net API Login ID (REQUIRED)
-      # * <tt>:password</tt> -- The Authorize.Net Transaction Key. (REQUIRED)
-      # * <tt>:test</tt> -- +true+ or +false+. If true, perform transactions against the test server.
-      #   Otherwise, perform transactions against the production server.
-      def initialize(options = {})
+      def initialize(options={})
         requires!(options, :login, :password)
         super
       end
 
-      # Performs an authorization, which reserves the funds on the customer's credit card, but does not
-      # charge the card.
-      #
-      # ==== Parameters
-      #
-      # * <tt>money</tt> -- The amount to be authorized as an Integer value in cents.
-      # * <tt>paysource</tt> -- The CreditCard or Check details for the transaction.
-      # * <tt>options</tt> -- A hash of optional parameters.
-      def authorize(money, paysource, options = {})
-        post = {}
-        add_currency_code(post, money, options)
-        add_invoice(post, options)
-        add_payment_source(post, paysource, options)
-        add_address(post, options)
-        add_customer_data(post, options)
-        add_duplicate_window(post)
-
-        commit('AUTH_ONLY', money, post)
-      end
-
-      # Perform a purchase, which is essentially an authorization and capture in a single operation.
-      #
-      # ==== Parameters
-      #
-      # * <tt>money</tt> -- The amount to be purchased as an Integer value in cents.
-      # * <tt>paysource</tt> -- The CreditCard or Check details for the transaction.
-      # * <tt>options</tt> -- A hash of optional parameters.
-      def purchase(money, paysource, options = {})
-        post = {}
-        add_currency_code(post, money, options)
-        add_invoice(post, options)
-        add_payment_source(post, paysource, options)
-        add_address(post, options)
-        add_customer_data(post, options)
-        add_duplicate_window(post)
-
-        commit('AUTH_CAPTURE', money, post)
-      end
-
-      # Captures the funds from an authorized transaction.
-      #
-      # ==== Parameters
-      #
-      # * <tt>money</tt> -- The amount to be captured as an Integer value in cents.
-      # * <tt>authorization</tt> -- The authorization returned from the previous authorize request.
-      def capture(money, authorization, options = {})
-        post = {:trans_id => authorization}
-        add_customer_data(post, options)
-        add_invoice(post, options)
-        commit('PRIOR_AUTH_CAPTURE', money, post)
-      end
-
-      # Void a previous transaction
-      #
-      # ==== Parameters
-      #
-      # * <tt>authorization</tt> - The authorization returned from the previous authorize request.
-      def void(authorization, options = {})
-        post = {:trans_id => authorization}
-        add_duplicate_window(post)
-        commit('VOID', nil, post)
-      end
-
-      # Refund a transaction.
-      #
-      # This transaction indicates to the gateway that
-      # money should flow from the merchant to the customer.
-      #
-      # ==== Parameters
-      #
-      # * <tt>money</tt> -- The amount to be credited to the customer as an Integer value in cents.
-      # * <tt>identification</tt> -- The ID of the original transaction against which the refund is being issued.
-      # * <tt>options</tt> -- A hash of parameters.
-      #
-      # ==== Options
-      #
-      # * <tt>:card_number</tt> -- The credit card number the refund is being issued to. (REQUIRED)
-      #   You can either pass the last four digits of the card number or the full card number.
-      # * <tt>:first_name</tt> -- The first name of the account being refunded.
-      # * <tt>:last_name</tt> -- The last name of the account being refunded.
-      # * <tt>:zip</tt> -- The postal code of the account being refunded.
-      def refund(money, identification, options = {})
-        requires!(options, :card_number)
-
-        post = { :trans_id => identification,
-                 :card_num => options[:card_number]
-               }
-
-        post[:first_name] = options[:first_name] if options[:first_name]
-        post[:last_name] = options[:last_name] if options[:last_name]
-        post[:zip] = options[:zip] if options[:zip]
-
-        add_invoice(post, options)
-        add_duplicate_window(post)
-
-        commit('CREDIT', money, post)
-      end
-
-      def credit(money, identification, options = {})
-        deprecated CREDIT_DEPRECATION_MESSAGE
-        refund(money, identification, options)
-      end
-
-      # Create a recurring payment.
-      #
-      # This transaction creates a new Automated Recurring Billing (ARB) subscription. Your account must have ARB enabled.
-      #
-      # ==== Parameters
-      #
-      # * <tt>money</tt> -- The amount to be charged to the customer at each interval as an Integer value in cents.
-      # * <tt>creditcard</tt> -- The CreditCard details for the transaction.
-      # * <tt>options</tt> -- A hash of parameters.
-      #
-      # ==== Options
-      #
-      # * <tt>:interval</tt> -- A hash containing information about the interval of time between payments. Must
-      #   contain the keys <tt>:length</tt> and <tt>:unit</tt>. <tt>:unit</tt> can be either <tt>:months</tt> or <tt>:days</tt>.
-      #   If <tt>:unit</tt> is <tt>:months</tt> then <tt>:length</tt> must be an integer between 1 and 12 inclusive.
-      #   If <tt>:unit</tt> is <tt>:days</tt> then <tt>:length</tt> must be an integer between 7 and 365 inclusive.
-      #   For example, to charge the customer once every three months the hash would be
-      #   +:interval => { :unit => :months, :length => 3 }+ (REQUIRED)
-      # * <tt>:duration</tt> -- A hash containing keys for the <tt>:start_date</tt> the subscription begins (also the date the
-      #   initial billing occurs) and the total number of billing <tt>:occurences</tt> or payments for the subscription. (REQUIRED)
-      def recurring(money, creditcard, options={})
-        requires!(options, :interval, :duration, :billing_address)
-        requires!(options[:interval], :length, [:unit, :days, :months])
-        requires!(options[:duration], :start_date, :occurrences)
-        requires!(options[:billing_address], :first_name, :last_name)
-
-        options[:credit_card] = creditcard
-        options[:amount] = money
-
-        request = build_recurring_request(:create, options)
-        recurring_commit(:create, request)
-      end
-
-      # Update a recurring payment's details.
-      #
-      # This transaction updates an existing Automated Recurring Billing (ARB) subscription. Your account must have ARB enabled
-      # and the subscription must have already been created previously by calling +recurring()+. The ability to change certain
-      # details about a recurring payment is dependent on transaction history and cannot be determined until after calling
-      # +update_recurring()+. See the ARB XML Guide for such conditions.
-      #
-      # ==== Parameters
-      #
-      # * <tt>options</tt> -- A hash of parameters.
-      #
-      # ==== Options
-      #
-      # * <tt>:subscription_id</tt> -- A string containing the <tt>:subscription_id</tt> of the recurring payment already in place
-      #   for a given credit card. (REQUIRED)
-      def update_recurring(options={})
-        requires!(options, :subscription_id)
-        request = build_recurring_request(:update, options)
-        recurring_commit(:update, request)
-      end
-
-      # Cancel a recurring payment.
-      #
-      # This transaction cancels an existing Automated Recurring Billing (ARB) subscription. Your account must have ARB enabled
-      # and the subscription must have already been created previously by calling recurring()
-      #
-      # ==== Parameters
-      #
-      # * <tt>subscription_id</tt> -- A string containing the +subscription_id+ of the recurring payment already in place
-      #   for a given credit card. (REQUIRED)
-      def cancel_recurring(subscription_id)
-        request = build_recurring_request(:cancel, :subscription_id => subscription_id)
-        recurring_commit(:cancel, request)
-      end
-
-      # Get Subscription Status of a recurring payment.
-      #
-      # This transaction gets the status of an existing Automated Recurring Billing (ARB) subscription. Your account must have ARB enabled.
-      #
-      # ==== Parameters
-      #
-      # * <tt>subscription_id</tt> -- A string containing the +subscription_id+ of the recurring payment already in place
-      #   for a given credit card. (REQUIRED)
-      def status_recurring(subscription_id)
-        request = build_recurring_request(:status, :subscription_id => subscription_id)
-        recurring_commit(:status, request)
+      def purchase(amount, payment, options = {})
+        if payment.is_a?(String)
+          commit(:cim_purchase) do |xml|
+            add_cim_auth_purchase(xml, "profileTransAuthCapture", amount, payment, options)
+          end
+        else
+          commit(:purchase) do |xml|
+            add_auth_purchase(xml, "authCaptureTransaction", amount, payment, options)
+          end
+        end
       end
 
-      private
+      def authorize(amount, payment, options={})
+        if payment.is_a?(String)
+          commit(:cim_authorize) do |xml|
+            add_cim_auth_purchase(xml, "profileTransAuthOnly", amount, payment, options)
+          end
+        else
+          commit(:authorize) do |xml|
+            add_auth_purchase(xml, "authOnlyTransaction", amount, payment, options)
+          end
+        end
+      end
 
-      def commit(action, money, parameters)
-        parameters[:amount] = amount(money) unless action == 'VOID'
+      def capture(amount, authorization, options={})
+        if auth_was_for_cim?(authorization)
+          cim_capture(amount, authorization, options)
+        else
+          normal_capture(amount, authorization, options)
+        end
+      end
+
+      def refund(amount, authorization, options={})
+        response = if auth_was_for_cim?(authorization)
+          cim_refund(amount, authorization, options)
+        else
+          normal_refund(amount, authorization, options)
+        end
 
-        # Only activate the test_request when the :test option is passed in
-        parameters[:test_request] = @options[:test] ? 'TRUE' : 'FALSE'
+        return response if response.success?
+        return response unless options[:force_full_refund_if_unsettled]
 
-        url = test? ? self.test_url : self.live_url
-        data = ssl_post url, post_data(action, parameters)
+        if response.params["response_reason_code"] == INELIGIBLE_FOR_ISSUING_CREDIT_ERROR
+          void(authorization, options)
+        else
+          response
+        end
+      end
+
+      def void(authorization, options={})
+        if auth_was_for_cim?(authorization)
+          cim_void(authorization, options)
+        else
+          normal_void(authorization, options)
+        end
+      end
 
-        response          = parse(data)
-        response[:action] = action
+      def credit(amount, payment, options={})
+        if payment.is_a?(String)
+          raise ArgumentError, "Reference credits are not supported. Please supply the original credit card or use the #refund method."
+        end
 
-        message = message_from(response)
+        commit(:credit) do |xml|
+          add_order_id(xml, options)
+          xml.transactionRequest do
+            xml.transactionType('refundTransaction')
+            xml.amount(amount(amount))
+
+            add_payment_source(xml, payment)
+            xml.refTransId(transaction_id_from(options[:transaction_id])) if options[:transaction_id]
+            add_invoice(xml, 'refundTransaction', options)
+            add_customer_data(xml, payment, options)
+            add_settings(xml, payment, options)
+            add_user_fields(xml, amount, options)
+          end
+        end
+      end
 
-        # Return the response. The authorization can be taken out of the transaction_id
-        # Test Mode on/off is something we have to parse from the response text.
-        # It usually looks something like this
-        #
-        #   (TESTMODE) Successful Sale
-        test_mode = test? || message =~ /TESTMODE/
+      def verify(credit_card, options = {})
+        MultiResponse.run(:use_first_response) do |r|
+          r.process { authorize(100, credit_card, options) }
+          r.process(:ignore_result) { void(r.authorization, options) }
+        end
+      end
 
-        Response.new(success?(response), message, response,
-          :test => test_mode,
-          :authorization => response[:transaction_id],
-          :fraud_review => fraud_review?(response),
-          :avs_result => { :code => response[:avs_result_code] },
-          :cvv_result => response[:card_code]
-        )
+      def store(credit_card, options = {})
+        if options[:customer_profile_id]
+          create_customer_payment_profile(credit_card, options)
+        else
+          create_customer_profile(credit_card, options)
+        end
       end
 
-      def success?(response)
-        response[:response_code] == APPROVED
+      def unstore(authorization)
+        customer_profile_id, _, _ = split_authorization(authorization)
+
+        delete_customer_profile(customer_profile_id)
       end
 
-      def fraud_review?(response)
-        response[:response_code] == FRAUD_REVIEW
+      def verify_credentials
+        response = commit(:verify_credentials) { }
+        response.success?
       end
 
-      def parse(body)
-        fields = split(body)
+      def supports_scrubbing?
+        true
+      end
 
-        results = {
-          :response_code => fields[RESPONSE_CODE].to_i,
-          :response_reason_code => fields[RESPONSE_REASON_CODE],
-          :response_reason_text => fields[RESPONSE_REASON_TEXT],
-          :avs_result_code => fields[AVS_RESULT_CODE],
-          :transaction_id => fields[TRANSACTION_ID],
-          :card_code => fields[CARD_CODE_RESPONSE_CODE],
-          :authorization_code => fields[AUTHORIZATION_CODE]
-        }
-        results
+      def scrub(transcript)
+        transcript.
+          gsub(%r((Authorization: Basic )\w+), '\1[FILTERED]').
+          gsub(%r((<transactionKey>).+(</transactionKey>)), '\1[FILTERED]\2').
+          gsub(%r((<cardNumber>).+(</cardNumber>)), '\1[FILTERED]\2').
+          gsub(%r((<cardCode>).+(</cardCode>)), '\1[FILTERED]\2').
+          gsub(%r((<track1>).+(</track1>)), '\1[FILTERED]\2').
+          gsub(%r((<track2>).+(</track2>)), '\1[FILTERED]\2').
+          gsub(/(<routingNumber>).+(<\/routingNumber>)/, '\1[FILTERED]\2').
+          gsub(/(<accountNumber>).+(<\/accountNumber>)/, '\1[FILTERED]\2').
+          gsub(%r((<cryptogram>).+(</cryptogram>)), '\1[FILTERED]\2')
       end
 
-      def post_data(action, parameters = {})
-        post = {}
+      def supports_network_tokenization?
+        card = Billing::NetworkTokenizationCreditCard.new({
+          :number => "4111111111111111",
+          :month => 12,
+          :year => 20,
+          :first_name => 'John',
+          :last_name => 'Smith',
+          :brand => 'visa',
+          :payment_cryptogram => 'EHuWW9PiBkWvqE5juRwDzAUFBAk='
+        })
 
-        post[:version]        = API_VERSION
-        post[:login]          = @options[:login]
-        post[:tran_key]       = @options[:password]
-        post[:relay_response] = "FALSE"
-        post[:type]           = action
-        post[:delim_data]     = "TRUE"
-        post[:delim_char]     = ","
-        post[:encap_char]     = "$"
-        post[:solution_ID]    = application_id if application_id.present? && application_id != "ActiveMerchant"
+        request = post_data(:authorize) do |xml|
+          add_auth_purchase(xml, "authOnlyTransaction", 1, card, {})
+        end
+        raw_response = ssl_post(url, request, headers)
+        response = parse(:authorize, raw_response)
+        response[:response_reason_code].to_s != PAYMENT_METHOD_NOT_SUPPORTED_ERROR
+      end
+
+      private
+
+      def add_auth_purchase(xml, transaction_type, amount, payment, options)
+        add_order_id(xml, options)
+        xml.transactionRequest do
+          xml.transactionType(transaction_type)
+          xml.amount(amount(amount))
+          add_payment_source(xml, payment)
+          add_invoice(xml, transaction_type, options)
+          add_tax_fields(xml, options)
+          add_duty_fields(xml, options)
+          add_shipping_fields(xml, options)
+          add_tax_exempt_status(xml, options)
+          add_po_number(xml, options)
+          add_customer_data(xml, payment, options)
+          add_market_type_device_type(xml, payment, options)
+          add_settings(xml, payment, options)
+          add_user_fields(xml, amount, options)
+        end
+      end
 
-        request = post.merge(parameters).collect { |key, value| "x_#{key}=#{CGI.escape(value.to_s)}" }.join("&")
-        request
+      def add_cim_auth_purchase(xml, transaction_type, amount, payment, options)
+        add_order_id(xml, options)
+        xml.transaction do
+          xml.send(transaction_type) do
+            xml.amount(amount(amount))
+            add_tax_fields(xml, options)
+            add_shipping_fields(xml, options)
+            add_duty_fields(xml, options)
+            add_payment_source(xml, payment)
+            add_invoice(xml, transaction_type, options)
+            add_tax_exempt_status(xml, options)
+          end
+        end
       end
 
-      def add_currency_code(post, money, options)
-        post[:currency_code] = options[:currency] || currency(money)
+      def cim_capture(amount, authorization, options)
+        commit(:cim_capture) do |xml|
+          add_order_id(xml, options)
+          xml.transaction do
+            xml.profileTransPriorAuthCapture do
+              xml.amount(amount(amount))
+              add_tax_fields(xml, options)
+              add_shipping_fields(xml, options)
+              add_duty_fields(xml, options)
+              xml.transId(transaction_id_from(authorization))
+            end
+          end
+        end
       end
 
-      def add_invoice(post, options)
-        post[:invoice_num] = options[:order_id]
-        post[:description] = options[:description]
+      def normal_capture(amount, authorization, options)
+        commit(:capture) do |xml|
+          add_order_id(xml, options)
+          xml.transactionRequest do
+            xml.transactionType('priorAuthCaptureTransaction')
+            xml.amount(amount(amount))
+            add_tax_fields(xml, options)
+            add_duty_fields(xml, options)
+            add_shipping_fields(xml, options)
+            add_tax_exempt_status(xml, options)
+            add_po_number(xml, options)
+            xml.refTransId(transaction_id_from(authorization))
+            add_invoice(xml, "capture", options)
+            add_user_fields(xml, amount, options)
+          end
+        end
       end
 
-      def add_creditcard(post, creditcard, options={})
-        post[:card_num]   = creditcard.number
-        post[:card_code]  = creditcard.verification_value if creditcard.verification_value?
-        post[:exp_date]   = expdate(creditcard)
-        post[:first_name] = creditcard.first_name
-        post[:last_name]  = creditcard.last_name
+      def cim_refund(amount, authorization, options)
+        transaction_id, card_number, _ = split_authorization(authorization)
+
+        commit(:cim_refund) do |xml|
+          add_order_id(xml, options)
+          xml.transaction do
+            xml.profileTransRefund do
+              xml.amount(amount(amount))
+              add_tax_fields(xml, options)
+              add_shipping_fields(xml, options)
+              add_duty_fields(xml, options)
+              xml.creditCardNumberMasked(card_number)
+              add_invoice(xml, "profileTransRefund", options)
+              xml.transId(transaction_id)
+            end
+          end
+        end
+      end
+
+      def normal_refund(amount, authorization, options)
+        transaction_id, card_number, _ = split_authorization(authorization)
+
+        commit(:refund) do |xml|
+          xml.transactionRequest do
+            xml.transactionType('refundTransaction')
+            xml.amount(amount.nil? ? 0 : amount(amount))
+            xml.payment do
+              xml.creditCard do
+                xml.cardNumber(card_number || options[:card_number])
+                xml.expirationDate('XXXX')
+              end
+            end
+            xml.refTransId(transaction_id)
+
+            add_invoice(xml, 'refundTransaction', options)
+            add_tax_fields(xml, options)
+            add_duty_fields(xml, options)
+            add_shipping_fields(xml, options)
+            add_tax_exempt_status(xml, options)
+            add_po_number(xml, options)
+            add_customer_data(xml, nil, options)
+            add_user_fields(xml, amount, options)
+          end
+        end
+      end
+
+      def cim_void(authorization, options)
+        commit(:cim_void) do |xml|
+          add_order_id(xml, options)
+          xml.transaction do
+            xml.profileTransVoid do
+              xml.transId(transaction_id_from(authorization))
+            end
+          end
+        end
+      end
+
+      def normal_void(authorization, options)
+        commit(:void) do |xml|
+          add_order_id(xml, options)
+          xml.transactionRequest do
+            xml.transactionType('voidTransaction')
+            xml.refTransId(transaction_id_from(authorization))
+          end
+        end
       end
 
-      def add_payment_source(params, source, options={})
-        if card_brand(source) == "check"
-          add_check(params, source, options)
+      def add_payment_source(xml, source)
+        return unless source
+        if source.is_a?(String)
+          add_token_payment_method(xml, source)
+        elsif card_brand(source) == 'check'
+          add_check(xml, source)
+        elsif card_brand(source) == 'apple_pay'
+          add_apple_pay_payment_token(xml, source)
         else
-          add_creditcard(params, source, options)
+          add_credit_card(xml, source)
         end
       end
 
-      def add_check(post, check, options)
-        post[:method] = "ECHECK"
-        post[:bank_name] = check.bank_name
-        post[:bank_aba_code] = check.routing_number
-        post[:bank_acct_num] = check.account_number
-        post[:bank_acct_type] = check.account_type
-        post[:echeck_type] = "WEB"
-        post[:bank_acct_name] = check.name
-        post[:bank_check_number] = check.number if check.number.present?
-        post[:recurring_billing] = (options[:recurring] ? "TRUE" : "FALSE")
+      def camel_case_lower(key)
+        String(key).split('_').inject([]){ |buffer,e| buffer.push(buffer.empty? ? e : e.capitalize) }.join
       end
 
-      def add_customer_data(post, options)
-        if options.has_key? :email
-          post[:email] = options[:email]
-          post[:email_customer] = false
+      def add_settings(xml, source, options)
+        xml.transactionSettings do
+          if options[:recurring]
+            xml.setting do
+              xml.settingName("recurringBilling")
+              xml.settingValue("true")
+            end
+          end
+          if options[:disable_partial_auth]
+            xml.setting do
+              xml.settingName("allowPartialAuth")
+              xml.settingValue("false")
+            end
+          end
+          if options[:duplicate_window]
+            set_duplicate_window(xml, options[:duplicate_window])
+          elsif self.class.duplicate_window
+            ActiveMerchant.deprecated "Using the duplicate_window class_attribute is deprecated. Use the transaction options hash instead."
+            set_duplicate_window(xml, self.class.duplicate_window)
+          end
+          if options[:email_customer]
+            xml.setting do
+              xml.settingName("emailCustomer")
+              xml.settingValue("true")
+            end
+          end
+          if options[:header_email_receipt]
+            xml.setting do
+              xml.settingName("headerEmailReceipt")
+              xml.settingValue(options[:header_email_receipt])
+            end
+          end
+          if options[:test_request]
+            xml.setting do
+              xml.settingName("testRequest")
+              xml.settingValue("1")
+            end
+          end
+        end
+      end
+
+      def set_duplicate_window(xml, value)
+        xml.setting do
+          xml.settingName("duplicateWindow")
+          xml.settingValue(value)
+        end
+      end
+
+      def add_user_fields(xml, amount, options)
+        xml.userFields do
+          if currency = (options[:currency] || currency(amount))
+            xml.userField do
+              xml.name("x_currency_code")
+              xml.value(currency)
+            end
+          end
+          if application_id.present?
+            xml.userField do
+              xml.name("x_solution_id")
+              xml.value(application_id)
+            end
+          end
         end
+      end
+
+      def add_credit_card(xml, credit_card)
+        if credit_card.track_data
+          add_swipe_data(xml, credit_card)
+        else
+          xml.payment do
+            xml.creditCard do
+              xml.cardNumber(truncate(credit_card.number, 16))
+              xml.expirationDate(format(credit_card.month, :two_digits) + '/' + format(credit_card.year, :four_digits))
+              if credit_card.valid_card_verification_value?(credit_card.verification_value, credit_card.brand)
+                xml.cardCode(credit_card.verification_value)
+              end
+              if credit_card.is_a?(NetworkTokenizationCreditCard)
+                xml.cryptogram(credit_card.payment_cryptogram)
+              end
+            end
+          end
+        end
+      end
+
+      def add_swipe_data(xml, credit_card)
+        TRACKS.each do |key, regex|
+          if regex.match(credit_card.track_data)
+            @valid_track_data = true
+            xml.payment do
+              xml.trackData do
+                xml.public_send(:"track#{key}", credit_card.track_data)
+              end
+            end
+          end
+        end
+      end
+
+      def add_token_payment_method(xml, token)
+        customer_profile_id, customer_payment_profile_id, _ = split_authorization(token)
+        xml.customerProfileId(customer_profile_id)
+        xml.customerPaymentProfileId(customer_payment_profile_id)
+      end
 
-        if options.has_key? :customer
-          post[:cust_id] = options[:customer] if Float(options[:customer]) rescue nil
+      def add_apple_pay_payment_token(xml, apple_pay_payment_token)
+        xml.payment do
+          xml.opaqueData do
+            xml.dataDescriptor(APPLE_PAY_DATA_DESCRIPTOR)
+            xml.dataValue(Base64.strict_encode64(apple_pay_payment_token.payment_data.to_json))
+          end
         end
+      end
 
-        if options.has_key? :ip
-          post[:customer_ip] = options[:ip]
+      def add_market_type_device_type(xml, payment, options)
+        return if payment.is_a?(String) || card_brand(payment) == 'check' || card_brand(payment) == 'apple_pay'
+        if valid_track_data
+          xml.retail do
+            xml.marketType(options[:market_type] || MARKET_TYPE[:retail])
+            xml.deviceType(options[:device_type] || DEVICE_TYPE[:wireless_pos])
+          end
+        elsif payment.manual_entry
+          xml.retail do
+            xml.marketType(options[:market_type] || MARKET_TYPE[:moto])
+          end
+        else
+          if options[:market_type]
+            xml.retail do
+              xml.marketType(options[:market_type])
+            end
+          end
         end
       end
 
-      # x_duplicate_window won't be sent by default, because sending it changes the response.
-      # "If this field is present in the request with or without a value, an enhanced duplicate transaction response will be sent."
-      # (as of 2008-12-30) http://www.authorize.net/support/AIM_guide_SCC.pdf
-      def add_duplicate_window(post)
-        unless duplicate_window.nil?
-          post[:duplicate_window] = duplicate_window
+      def valid_track_data
+        @valid_track_data ||= false
+      end
+
+      def add_check(xml, check)
+        xml.payment do
+          xml.bankAccount do
+            xml.routingNumber(check.routing_number)
+            xml.accountNumber(check.account_number)
+            xml.nameOnAccount(truncate(check.name, 22))
+            xml.bankName(check.bank_name)
+            xml.checkNumber(check.number)
+          end
         end
       end
 
-      def add_address(post, options)
-        if address = options[:billing_address] || options[:address]
-          post[:address] = address[:address1].to_s
-          post[:company] = address[:company].to_s
-          post[:phone]   = address[:phone].to_s
-          post[:zip]     = address[:zip].to_s
-          post[:city]    = address[:city].to_s
-          post[:country] = address[:country].to_s
-          post[:state]   = address[:state].blank?  ? 'n/a' : address[:state]
+      def add_customer_data(xml, payment_source, options)
+        xml.customer do
+          xml.id(options[:customer]) unless empty?(options[:customer]) || options[:customer] !~ /^\w+$/
+          xml.email(options[:email]) unless empty?(options[:email])
         end
 
-        if address = options[:shipping_address]
-          post[:ship_to_first_name] = address[:first_name].to_s
-          post[:ship_to_last_name] = address[:last_name].to_s
-          post[:ship_to_address] = address[:address1].to_s
-          post[:ship_to_company] = address[:company].to_s
-          post[:ship_to_phone]   = address[:phone].to_s
-          post[:ship_to_zip]     = address[:zip].to_s
-          post[:ship_to_city]    = address[:city].to_s
-          post[:ship_to_country] = address[:country].to_s
-          post[:ship_to_state]   = address[:state].blank?  ? 'n/a' : address[:state]
+        add_billing_address(xml, payment_source, options)
+        add_shipping_address(xml, options)
+
+        xml.customerIP(options[:ip]) unless empty?(options[:ip])
+
+        xml.cardholderAuthentication do
+          xml.authenticationIndicator(options[:authentication_indicator])
+          xml.cardholderAuthenticationValue(options[:cardholder_authentication_value])
         end
       end
 
-      # Make a ruby type out of the response string
-      def normalize(field)
-        case field
-        when "true"   then true
-        when "false"  then false
-        when ""       then nil
-        when "null"   then nil
-        else field
+      def add_billing_address(xml, payment_source, options)
+        address = options[:billing_address] || options[:address] || {}
+
+        xml.billTo do
+          first_name, last_name = names_from(payment_source, address, options)
+          state = state_from(address, options)
+          full_address = "#{address[:address1]} #{address[:address2]}".strip
+
+          xml.firstName(truncate(first_name, 50)) unless empty?(first_name)
+          xml.lastName(truncate(last_name, 50)) unless empty?(last_name)
+          xml.company(truncate(address[:company], 50)) unless empty?(address[:company])
+          xml.address(truncate(full_address, 60))
+          xml.city(truncate(address[:city], 40))
+          xml.state(truncate(state, 40))
+          xml.zip(truncate((address[:zip] || options[:zip]), 20))
+          xml.country(truncate(address[:country], 60))
+          xml.phoneNumber(truncate(address[:phone], 25)) unless empty?(address[:phone])
+          xml.faxNumber(truncate(address[:fax], 25)) unless empty?(address[:fax])
         end
       end
 
-      def message_from(results)
-        if results[:response_code] == DECLINED
-          return CVVResult.messages[ results[:card_code] ] if CARD_CODE_ERRORS.include?(results[:card_code])
-          if AVS_REASON_CODES.include?(results[:response_reason_code]) && AVS_ERRORS.include?(results[:avs_result_code])
-            return AVSResult.messages[ results[:avs_result_code] ]
+      def add_shipping_address(xml, options, root_node="shipTo")
+        address = options[:shipping_address] || options[:address]
+        return unless address
+
+        xml.send(root_node) do
+          first_name, last_name = if address[:name]
+            split_names(address[:name])
+          else
+            [address[:first_name], address[:last_name]]
           end
+          full_address = "#{address[:address1]} #{address[:address2]}".strip
+
+          xml.firstName(truncate(first_name, 50)) unless empty?(first_name)
+          xml.lastName(truncate(last_name, 50)) unless empty?(last_name)
+          xml.company(truncate(address[:company], 50)) unless empty?(address[:company])
+          xml.address(truncate(full_address, 60))
+          xml.city(truncate(address[:city], 40))
+          xml.state(truncate(address[:state], 40))
+          xml.zip(truncate(address[:zip], 20))
+          xml.country(truncate(address[:country], 60))
         end
 
-        (results[:response_reason_text] ? results[:response_reason_text].chomp('.') : '')
       end
 
-      def expdate(creditcard)
-        year  = sprintf("%.4i", creditcard.year)
-        month = sprintf("%.2i", creditcard.month)
+      def add_order_id(xml, options)
+        xml.refId(truncate(options[:order_id], 20))
+      end
 
-        "#{month}#{year[-2..-1]}"
+      def add_invoice(xml, transaction_type, options)
+        xml.order do
+          xml.invoiceNumber(truncate(options[:order_id], 20))
+          xml.description(truncate(options[:description], 255))
+          xml.purchaseOrderNumber(options[:po_number]) if options[:po_number] && transaction_type.start_with?("profileTrans")
+        end
+
+        # Authorize.net API requires lineItems to be placed directly after order tag
+        if options[:line_items]
+          xml.lineItems do
+            options[:line_items].each do |line_item|
+              xml.lineItem do
+                line_item.each do |key, value|
+                  xml.send(camel_case_lower(key), value)
+                end
+              end
+            end
+          end
+        end
       end
 
-      def split(response)
-        response[1..-2].split(/\$,\$/)
+      def add_tax_fields(xml, options)
+        tax = options[:tax]
+        if tax.is_a?(Hash)
+          xml.tax do
+            xml.amount(amount(tax[:amount].to_i))
+            xml.name(tax[:name])
+            xml.description(tax[:description])
+          end
+        end
       end
 
-      # ARB
+      def add_duty_fields(xml, options)
+        duty = options[:duty]
+        if duty.is_a?(Hash)
+          xml.duty do
+            xml.amount(amount(duty[:amount].to_i))
+            xml.name(duty[:name])
+            xml.description(duty[:description])
+          end
+        end
+      end
 
-      # Builds recurring billing request
-      def build_recurring_request(action, options = {})
-        unless RECURRING_ACTIONS.include?(action)
-          raise StandardError, "Invalid Automated Recurring Billing Action: #{action}"
+      def add_shipping_fields(xml, options)
+        shipping = options[:shipping]
+        if shipping.is_a?(Hash)
+          xml.shipping do
+            xml.amount(amount(shipping[:amount].to_i))
+            xml.name(shipping[:name])
+            xml.description(shipping[:description])
+          end
         end
+      end
 
-        xml = Builder::XmlMarkup.new(:indent => 2)
-        xml.instruct!(:xml, :version => '1.0', :encoding => 'utf-8')
-        xml.tag!("#{RECURRING_ACTIONS[action]}Request", :xmlns => AUTHORIZE_NET_ARB_NAMESPACE) do
-          add_arb_merchant_authentication(xml)
-          # Merchant-assigned reference ID for the request
-          xml.tag!('refId', options[:ref_id]) if options[:ref_id]
-          send("build_arb_#{action}_subscription_request", xml, options)
+      def add_tax_exempt_status(xml, options)
+        xml.taxExempt(options[:tax_exempt]) if options[:tax_exempt]
+      end
+
+      def add_po_number(xml, options)
+        xml.poNumber(options[:po_number]) if options[:po_number]
+      end
+
+      def create_customer_payment_profile(credit_card, options)
+        commit(:cim_store_update) do |xml|
+          xml.customerProfileId options[:customer_profile_id]
+          xml.paymentProfile do
+            add_billing_address(xml, credit_card, options)
+            xml.payment do
+              xml.creditCard do
+                xml.cardNumber(truncate(credit_card.number, 16))
+                xml.expirationDate(format(credit_card.year, :four_digits) + '-' + format(credit_card.month, :two_digits))
+                xml.cardCode(credit_card.verification_value) if credit_card.verification_value
+              end
+            end
+          end
         end
       end
 
-      # Contains the merchant’s payment gateway account authentication information
-      def add_arb_merchant_authentication(xml)
-        xml.tag!('merchantAuthentication') do
-          xml.tag!('name', @options[:login])
-          xml.tag!('transactionKey', @options[:password])
+      def create_customer_profile(credit_card, options)
+        commit(:cim_store) do |xml|
+          xml.profile do
+            xml.merchantCustomerId(truncate(options[:merchant_customer_id], 20) || SecureRandom.hex(10))
+            xml.description(truncate(options[:description], 255)) unless empty?(options[:description])
+            xml.email(options[:email]) unless empty?(options[:email])
+
+            xml.paymentProfiles do
+              xml.customerType("individual")
+              add_billing_address(xml, credit_card, options)
+              add_shipping_address(xml, options, "shipToList")
+              xml.payment do
+                xml.creditCard do
+                  xml.cardNumber(truncate(credit_card.number, 16))
+                  xml.expirationDate(format(credit_card.year, :four_digits) + '-' + format(credit_card.month, :two_digits))
+                  xml.cardCode(credit_card.verification_value) if credit_card.verification_value
+                end
+              end
+            end
+          end
         end
       end
 
-      # Builds body for ARBCreateSubscriptionRequest
-      def build_arb_create_subscription_request(xml, options)
-        # Subscription
-        add_arb_subscription(xml, options)
+      def delete_customer_profile(customer_profile_id)
+        commit(:cim_store_delete_customer) do |xml|
+          xml.customerProfileId(customer_profile_id)
+        end
+      end
 
-        xml.target!
+      def names_from(payment_source, address, options)
+        if payment_source && !payment_source.is_a?(PaymentToken) && !payment_source.is_a?(String)
+          first_name, last_name = split_names(address[:name])
+          [(payment_source.first_name || first_name), (payment_source.last_name || last_name)]
+        else
+          [options[:first_name], options[:last_name]]
+        end
       end
 
-      # Builds body for ARBUpdateSubscriptionRequest
-      def build_arb_update_subscription_request(xml, options)
-        xml.tag!('subscriptionId', options[:subscription_id])
-        # Adds Subscription
-        add_arb_subscription(xml, options)
+      def state_from(address, options)
+        if ["US", "CA"].include?(address[:country])
+          address[:state] || 'NC'
+        else
+          address[:state] || 'n/a'
+        end
+      end
 
-        xml.target!
+      def headers
+        { 'Content-Type' => 'text/xml' }
       end
 
-      # Builds body for ARBCancelSubscriptionRequest
-      def build_arb_cancel_subscription_request(xml, options)
-        xml.tag!('subscriptionId', options[:subscription_id])
+      def url
+        test? ? test_url : live_url
+      end
 
-        xml.target!
+      def parse(action, raw_response)
+        if is_cim_action?(action) || action == :verify_credentials
+          parse_cim(raw_response)
+        else
+          parse_normal(action, raw_response)
+        end
       end
 
-      # Builds body for ARBGetSubscriptionStatusRequest
-      def build_arb_status_subscription_request(xml, options)
-        xml.tag!('subscriptionId', options[:subscription_id])
+      def commit(action, &payload)
+        raw_response = ssl_post(url, post_data(action, &payload), headers)
+        response = parse(action, raw_response)
 
-        xml.target!
+        avs_result_code = response[:avs_result_code].upcase if response[:avs_result_code]
+        avs_result = AVSResult.new(code: STANDARD_AVS_CODE_MAPPING[avs_result_code])
+        cvv_result = CVVResult.new(response[:card_code])
+        if using_live_gateway_in_test_mode?(response)
+          Response.new(false, "Using a live Authorize.net account in Test Mode is not permitted.")
+        else
+          Response.new(
+            success_from(action, response),
+            message_from(action, response, avs_result, cvv_result),
+            response,
+            authorization: authorization_from(action, response),
+            test: test?,
+            avs_result: avs_result,
+            cvv_result: cvv_result,
+            fraud_review: fraud_review?(response),
+            error_code: map_error_code(response[:response_code], response[:response_reason_code])
+          )
+        end
+      end
+
+      def is_cim_action?(action)
+        action.to_s.start_with?("cim")
       end
 
-      # Adds subscription information
-      def add_arb_subscription(xml, options)
-        xml.tag!('subscription') do
-          # Merchant-assigned name for the subscription (optional)
-          xml.tag!('name', options[:subscription_name]) if options[:subscription_name]
-          # Contains information about the payment schedule
-          add_arb_payment_schedule(xml, options)
-          # The amount to be billed to the customer
-          # for each payment in the subscription
-          xml.tag!('amount', amount(options[:amount])) if options[:amount]
-          if trial = options[:trial]
-            # The amount to be charged for each payment during a trial period (conditional)
-            xml.tag!('trialAmount', amount(trial[:amount])) if trial[:amount]
+      def post_data(action)
+        Nokogiri::XML::Builder.new(encoding: 'UTF-8') do |xml|
+          xml.send(root_for(action), 'xmlns' => 'AnetApi/xml/v1/schema/AnetApiSchema.xsd') do
+            add_authentication(xml)
+            yield(xml)
           end
-          # Contains either the customer’s credit card
-          # or bank account payment information
-          add_arb_payment(xml, options)
-          # Contains order information (optional)
-          add_arb_order(xml, options)
-          # Contains information about the customer
-          add_arb_customer(xml, options)
-          # Contains the customer's billing address information
-          add_arb_address(xml, 'billTo', options[:billing_address])
-          # Contains the customer's shipping address information (optional)
-          add_arb_address(xml, 'shipTo', options[:shipping_address])
+        end.to_xml(indent: 0)
+      end
+
+      def root_for(action)
+        if action == :cim_store
+          "createCustomerProfileRequest"
+        elsif action == :cim_store_update
+          "createCustomerPaymentProfileRequest"
+        elsif action == :cim_store_delete_customer
+          "deleteCustomerProfileRequest"
+        elsif action == :verify_credentials
+          "authenticateTestRequest"
+        elsif is_cim_action?(action)
+          "createCustomerProfileTransactionRequest"
+        else
+          "createTransactionRequest"
         end
       end
 
-      # Adds information about the interval of time between payments
-      def add_arb_interval(xml, options)
-        interval = options[:interval]
-        return unless interval
-        xml.tag!('interval') do
-          # The measurement of time, in association with the Interval Unit,
-          # that is used to define the frequency of the billing occurrences
-          xml.tag!('length', interval[:length])
-          # The unit of time, in association with the Interval Length,
-          # between each billing occurrence
-          xml.tag!('unit', interval[:unit].to_s)
-        end
+      def add_authentication(xml)
+        xml.merchantAuthentication do
+          xml.name(@options[:login])
+          xml.transactionKey(@options[:password])
+        end
+      end
+
+      def parse_normal(action, body)
+        doc = Nokogiri::XML(body)
+        doc.remove_namespaces!
+
+        response = {action: action}
+
+        response[:response_code] = if(element = doc.at_xpath("//transactionResponse/responseCode"))
+          (empty?(element.content) ? nil : element.content.to_i)
+        end
+
+        if(element = doc.at_xpath("//errors/error"))
+          response[:response_reason_code] = element.at_xpath("errorCode").content[/0*(\d+)$/, 1]
+          response[:response_reason_text] = element.at_xpath("errorText").content.chomp('.')
+        elsif(element = doc.at_xpath("//transactionResponse/messages/message"))
+          response[:response_reason_code] = element.at_xpath("code").content[/0*(\d+)$/, 1]
+          response[:response_reason_text] = element.at_xpath("description").content.chomp('.')
+        elsif(element = doc.at_xpath("//messages/message"))
+          response[:response_reason_code] = element.at_xpath("code").content[/0*(\d+)$/, 1]
+          response[:response_reason_text] = element.at_xpath("text").content.chomp('.')
+        else
+          response[:response_reason_code] = nil
+          response[:response_reason_text] = ""
+        end
+
+        response[:avs_result_code] = if(element = doc.at_xpath("//avsResultCode"))
+          (empty?(element.content) ? nil : element.content)
+        end
+
+        response[:transaction_id] = if(element = doc.at_xpath("//transId"))
+          (empty?(element.content) ? nil : element.content)
+        end
+
+        response[:card_code] = if(element = doc.at_xpath("//cvvResultCode"))
+          (empty?(element.content) ? nil : element.content)
+        end
+
+        response[:authorization_code] = if(element = doc.at_xpath("//authCode"))
+          (empty?(element.content) ? nil : element.content)
+        end
+
+        response[:cardholder_authentication_code] = if(element = doc.at_xpath("//cavvResultCode"))
+          (empty?(element.content) ? nil : element.content)
+        end
+
+        response[:account_number] = if(element = doc.at_xpath("//accountNumber"))
+          (empty?(element.content) ? nil : element.content[-4..-1])
+        end
+
+        response[:test_request] = if(element = doc.at_xpath("//testRequest"))
+          (empty?(element.content) ? nil : element.content)
+        end
+
+        response
       end
 
-      # Adds information about the subscription duration
-      def add_arb_duration(xml, options)
-        duration = options[:duration]
-        return unless duration
-        # The date the subscription begins
-        # (also the date the initial billing occurs)
-        xml.tag!('startDate', duration[:start_date]) if duration[:start_date]
-        # Number of billing occurrences or payments for the subscription
-        xml.tag!('totalOccurrences', duration[:occurrences]) if duration[:occurrences]
-      end
-
-      def add_arb_payment_schedule(xml, options)
-        return unless options[:interval] || options[:duration]
-        xml.tag!('paymentSchedule') do
-          # Contains information about the interval of time between payments
-          add_arb_interval(xml, options)
-          add_arb_duration(xml, options)
-          if trial = options[:trial]
-            # Number of billing occurrences or payments in the trial period (optional)
-            xml.tag!('trialOccurrences', trial[:occurrences]) if trial[:occurrences]
-          end
-        end
-      end
-
-      # Adds customer's credit card or bank account payment information
-      def add_arb_payment(xml, options)
-        return unless options[:credit_card] || options[:bank_account]
-        xml.tag!('payment') do
-          # Contains the customer’s credit card information
-          add_arb_credit_card(xml, options)
-          # Contains the customer’s bank account information
-          add_arb_bank_account(xml, options)
-        end
-      end
-
-      # Adds customer’s credit card information
-      # Note: This element should only be included
-      # when the payment method is credit card.
-      def add_arb_credit_card(xml, options)
-        credit_card = options[:credit_card]
-        return unless credit_card
-        xml.tag!('creditCard') do
-          # The credit card number used for payment of the subscription
-          xml.tag!('cardNumber', credit_card.number)
-          # The expiration date of the credit card used for the subscription
-          xml.tag!('expirationDate', arb_expdate(credit_card))
-        end
-      end
-
-      # Adds customer’s bank account information
-      # Note: This element should only be included
-      # when the payment method is bank account.
-      def add_arb_bank_account(xml, options)
-        bank_account = options[:bank_account]
-        return unless bank_account
-        xml.tag!('bankAccount') do
-          # The type of bank account used for payment of the subscription
-          xml.tag!('accountType', bank_account[:account_type])
-          # The routing number of the customer’s bank
-          xml.tag!('routingNumber', bank_account[:routing_number])
-          # The bank account number used for payment of the subscription
-          xml.tag!('accountNumber', bank_account[:account_number])
-          # The full name of the individual associated
-          # with the bank account number
-          xml.tag!('nameOfAccount', bank_account[:name_of_account])
-          # The full name of the individual associated
-          # with the bank account number (optional)
-          xml.tag!('bankName', bank_account[:bank_name]) if bank_account[:bank_name]
-          # The type of electronic check transaction used for the subscription
-          xml.tag!('echeckType', bank_account[:echeck_type])
-        end
-      end
-
-      # Adds order information (optional)
-      def add_arb_order(xml, options)
-        order = options[:order]
-        return unless order
-        xml.tag!('order') do
-          # Merchant-assigned invoice number for the subscription (optional)
-          xml.tag!('invoiceNumber', order[:invoice_number])
-          # Description of the subscription (optional)
-          xml.tag!('description', order[:description])
-        end
-      end
-
-      # Adds information about the customer
-      def add_arb_customer(xml, options)
-        customer = options[:customer]
-        return unless customer
-        xml.tag!('customer') do
-          xml.tag!('type', customer[:type]) if customer[:type]
-          xml.tag!('id', customer[:id]) if customer[:id]
-          xml.tag!('email', customer[:email]) if customer[:email]
-          xml.tag!('phoneNumber', customer[:phone_number]) if customer[:phone_number]
-          xml.tag!('faxNumber', customer[:fax_number]) if customer[:fax_number]
-          add_arb_drivers_license(xml, options)
-          xml.tag!('taxId', customer[:tax_id]) if customer[:tax_id]
-        end
-      end
-
-      # Adds the customer's driver's license information (conditional)
-      def add_arb_drivers_license(xml, options)
-        return unless customer = options[:customer]
-        return unless drivers_license = customer[:drivers_license]
-        xml.tag!('driversLicense') do
-          # The customer's driver's license number
-          xml.tag!('number', drivers_license[:number])
-          # The customer's driver's license state
-          xml.tag!('state', drivers_license[:state])
-          # The customer's driver's license date of birth
-          xml.tag!('dateOfBirth', drivers_license[:date_of_birth])
-        end
-      end
-
-      # Adds address information
-      def add_arb_address(xml, container_name, address)
-        return if address.blank?
-        xml.tag!(container_name) do
-          xml.tag!('firstName', address[:first_name])
-          xml.tag!('lastName', address[:last_name])
-          xml.tag!('company', address[:company])
-          xml.tag!('address', address[:address1])
-          xml.tag!('city', address[:city])
-          xml.tag!('state', address[:state])
-          xml.tag!('zip', address[:zip])
-          xml.tag!('country', address[:country])
-        end
-      end
-
-      def arb_expdate(credit_card)
-        sprintf('%04d-%02d', credit_card.year, credit_card.month)
-      end
-
-      def recurring_commit(action, request)
-        url = test? ? arb_test_url : arb_live_url
-        xml = ssl_post(url, request, "Content-Type" => "text/xml")
-
-        response = recurring_parse(action, xml)
-
-        message = response[:message] || response[:text]
-        test_mode = test? || message =~ /Test Mode/
-        success = response[:result_code] == 'Ok'
-
-        Response.new(success, message, response,
-          :test => test_mode,
-          :authorization => response[:subscription_id]
-        )
-      end
-
-     def recurring_parse(action, xml)
+      def parse_cim(body)
         response = {}
-        xml = REXML::Document.new(xml)
-        root = REXML::XPath.first(xml, "//#{RECURRING_ACTIONS[action]}Response") ||
-               REXML::XPath.first(xml, "//ErrorResponse")
-        if root
-          root.elements.to_a.each do |node|
-            recurring_parse_element(response, node)
-          end
+
+        doc = Nokogiri::XML(body).remove_namespaces!
+
+        if (element = doc.at_xpath("//messages/message"))
+          response[:message_code] = element.at_xpath("code").content[/0*(\d+)$/, 1]
+          response[:message_text] = element.at_xpath("text").content.chomp('.')
         end
 
+        response[:result_code] = if(element = doc.at_xpath("//messages/resultCode"))
+          (empty?(element.content) ? nil : element.content)
+        end
+
+        response[:test_request] = if(element = doc.at_xpath("//testRequest"))
+          (empty?(element.content) ? nil : element.content)
+        end
+
+        response[:customer_profile_id] = if(element = doc.at_xpath("//customerProfileId"))
+          (empty?(element.content) ? nil : element.content)
+        end
+
+        response[:customer_payment_profile_id] = if(element = doc.at_xpath("//customerPaymentProfileIdList/numericString"))
+          (empty?(element.content) ? nil : element.content)
+        end
+
+        response[:customer_payment_profile_id] = if(element = doc.at_xpath("//customerPaymentProfileIdList/numericString") ||
+                                                              doc.at_xpath("//customerPaymentProfileId"))
+          (empty?(element.content) ? nil : element.content)
+        end
+
+        response[:direct_response] = if(element = doc.at_xpath("//directResponse"))
+          (empty?(element.content) ? nil : element.content)
+        end
+
+        response.merge!(parse_direct_response_elements(response))
+
         response
       end
 
-      def recurring_parse_element(response, node)
-        if node.has_elements?
-          node.elements.each{|e| recurring_parse_element(response, e) }
+      def success_from(action, response)
+        if cim?(action) || (action == :verify_credentials)
+          response[:result_code] == "Ok"
+        else
+          [APPROVED, FRAUD_REVIEW].include?(response[:response_code]) && TRANSACTION_ALREADY_ACTIONED.exclude?(response[:response_reason_code])
+        end
+      end
+
+      def message_from(action, response, avs_result, cvv_result)
+        if response[:response_code] == DECLINED
+          if CARD_CODE_ERRORS.include?(cvv_result.code)
+            return cvv_result.message
+          elsif(AVS_REASON_CODES.include?(response[:response_reason_code]) && AVS_ERRORS.include?(avs_result.code))
+            return avs_result.message
+          end
+        end
+
+        response[:response_reason_text] || response[:message_text]
+      end
+
+      def authorization_from(action, response)
+        if cim?(action)
+          [response[:customer_profile_id], response[:customer_payment_profile_id], action].join("#")
         else
-          response[node.name.underscore.to_sym] = node.text
+          [response[:transaction_id], response[:account_number], action].join("#")
         end
       end
+
+      def split_authorization(authorization)
+        authorization.split("#")
+      end
+
+      def cim?(action)
+        (action == :cim_store) || (action == :cim_store_update) || (action == :cim_store_delete_customer)
+      end
+
+      def transaction_id_from(authorization)
+        transaction_id, _, _ = split_authorization(authorization)
+        transaction_id
+      end
+
+      def fraud_review?(response)
+        (response[:response_code] == FRAUD_REVIEW)
+      end
+
+      def using_live_gateway_in_test_mode?(response)
+        !test? && response[:test_request] == "1"
+      end
+
+      def map_error_code(response_code, response_reason_code)
+        STANDARD_ERROR_CODE_MAPPING["#{response_code}#{response_reason_code}"]
+      end
+
+      def auth_was_for_cim?(authorization)
+        _, _, action = split_authorization(authorization)
+        action && is_cim_action?(action)
+      end
+
+      def parse_direct_response_elements(response)
+        params = response[:direct_response]
+        return {} unless params
+
+        parts = params.split(',')
+        {
+          response_code: parts[0].to_i,
+          response_subcode: parts[1],
+          response_reason_code: parts[2],
+          response_reason_text: parts[3],
+          approval_code: parts[4],
+          avs_result_code: parts[5],
+          transaction_id: parts[6],
+          invoice_number: parts[7],
+          order_description: parts[8],
+          amount: parts[9],
+          method: parts[10],
+          transaction_type: parts[11],
+          customer_id: parts[12],
+          first_name: parts[13],
+          last_name: parts[14],
+          company: parts[15],
+          address: parts[16],
+          city: parts[17],
+          state: parts[18],
+          zip_code: parts[19],
+          country: parts[20],
+          phone: parts[21],
+          fax: parts[22],
+          email_address: parts[23],
+          ship_to_first_name: parts[24],
+          ship_to_last_name: parts[25],
+          ship_to_company: parts[26],
+          ship_to_address: parts[27],
+          ship_to_city: parts[28],
+          ship_to_state: parts[29],
+          ship_to_zip_code: parts[30],
+          ship_to_country: parts[31],
+          tax: parts[32],
+          duty: parts[33],
+          freight: parts[34],
+          tax_exempt: parts[35],
+          purchase_order_number: parts[36],
+          md5_hash: parts[37],
+          card_code: parts[38],
+          cardholder_authentication_verification_response: parts[39],
+          account_number: parts[50] || '',
+          card_type: parts[51] || '',
+          split_tender_id: parts[52] || '',
+          requested_amount: parts[53] || '',
+          balance_on_card: parts[54] || '',
+        }
+      end
+
     end
   end
 end