activemerchant 1.45.0 → 1.126.0

data/lib/active_merchant/billing/gateways/ogone.rb

@@ -1,4 +1,5 @@
 # coding: utf-8
+
 require 'rexml/document'
 
 module ActiveMerchant #:nodoc:
@@ -119,29 +120,26 @@ module ActiveMerchant #:nodoc:
                       'KO' => 'N',
                       'NO' => 'R' }
 
-      SUCCESS_MESSAGE = "The transaction was successful"
+      SUCCESS_MESSAGE = 'The transaction was successful'
+
+      THREE_D_SECURE_DISPLAY_WAYS = { main_window: 'MAINW', # display the identification page in the main window (default value).
 
-      THREE_D_SECURE_DISPLAY_WAYS = { :main_window => 'MAINW',  # display the identification page in the main window
-                                                                # (default value).
-                                      :pop_up      => 'POPUP',  # display the identification page in a pop-up window
-                                                                # and return to the main window at the end.
-                                      :pop_ix      => 'POPIX' } # display the identification page in a pop-up window
-                                                                # and remain in the pop-up window.
+                                      pop_up: 'POPUP',  # display the identification page in a pop-up window and return to the main window at the end.
+                                      pop_ix: 'POPIX' } # display the identification page in a pop-up window and remain in the pop-up window.
 
-      OGONE_NO_SIGNATURE_DEPRECATION_MESSAGE   = "Signature usage will be the default for a future release of ActiveMerchant. You should either begin using it, or update your configuration to explicitly disable it (signature_encryptor: none)"
+      OGONE_NO_SIGNATURE_DEPRECATION_MESSAGE   = 'Signature usage will be the default for a future release of ActiveMerchant. You should either begin using it, or update your configuration to explicitly disable it (signature_encryptor: none)'
       OGONE_STORE_OPTION_DEPRECATION_MESSAGE   = "The 'store' option has been renamed to 'billing_id', and its usage is deprecated."
 
-      self.test_url = "https://secure.ogone.com/ncol/test/"
-      self.live_url = "https://secure.ogone.com/ncol/prod/"
+      self.test_url = 'https://secure.ogone.com/ncol/test/'
+      self.live_url = 'https://secure.ogone.com/ncol/prod/'
 
-      self.supported_countries = ['BE', 'DE', 'FR', 'NL', 'AT', 'CH']
+      self.supported_countries = %w[BE DE FR NL AT CH]
       # also supports Airplus and UATP
-      self.supported_cardtypes = [:visa, :master, :american_express, :diners_club, :discover, :jcb, :maestro]
+      self.supported_cardtypes = %i[visa master american_express diners_club discover jcb maestro]
       self.homepage_url = 'http://www.ogone.com/'
       self.display_name = 'Ogone'
       self.default_currency = 'EUR'
       self.money_format = :cents
-      self.ssl_version = :TLSv1
 
       def initialize(options = {})
         requires!(options, :login, :user, :password)
@@ -151,12 +149,13 @@ module ActiveMerchant #:nodoc:
       # Verify and reserve the specified amount on the account, without actually doing the transaction.
       def authorize(money, payment_source, options = {})
         post = {}
+        action = payment_source.brand == 'mastercard' ? 'PAU' : 'RES'
         add_invoice(post, options)
         add_payment_source(post, payment_source, options)
         add_address(post, payment_source, options)
         add_customer_data(post, options)
         add_money(post, money, options)
-        commit('RES', post)
+        commit(action, post)
       end
 
       # Verify and transfer the specified amount.
@@ -205,23 +204,43 @@ module ActiveMerchant #:nodoc:
         perform_reference_credit(money, reference, options)
       end
 
+      def verify(credit_card, options = {})
+        MultiResponse.run(:use_first_response) do |r|
+          r.process { authorize(100, credit_card, options) }
+          r.process(:ignore_result) { void(r.authorization, options) }
+        end
+      end
+
       # Store a credit card by creating an Ogone Alias
       def store(payment_source, options = {})
-        options.merge!(:alias_operation => 'BYPSP') unless(options.has_key?(:billing_id) || options.has_key?(:store))
+        options[:alias_operation] = 'BYPSP' unless options.has_key?(:billing_id) || options.has_key?(:store)
         response = authorize(@options[:store_amount] || 1, payment_source, options)
         void(response.authorization) if response.success?
         response
       end
 
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r((Authorization: Basic )\w+), '\1[FILTERED]').
+          gsub(%r((&?cardno=)[^&]*)i, '\1[FILTERED]').
+          gsub(%r((&?cvc=)[^&]*)i, '\1[FILTERED]').
+          gsub(%r((&?pswd=)[^&]*)i, '\1[FILTERED]')
+      end
+
       private
 
       def reference_from(authorization)
-        authorization.split(";").first
+        authorization.split(';').first
       end
 
       def reference_transaction?(identifier)
         return false unless identifier.is_a?(String)
-        _, action = identifier.split(";")
+
+        _, action = identifier.split(';')
         !action.nil?
       end
 
@@ -267,11 +286,13 @@ module ActiveMerchant #:nodoc:
           THREE_D_SECURE_DISPLAY_WAYS[:main_window]
         add_pair post, 'WIN3DS', win_3ds
 
-        add_pair post, 'HTTP_ACCEPT',     options[:http_accept] || "*/*"
+        add_pair post, 'HTTP_ACCEPT',     options[:http_accept] || '*/*'
         add_pair post, 'HTTP_USER_AGENT', options[:http_user_agent] if options[:http_user_agent]
         add_pair post, 'ACCEPTURL',       options[:accept_url]      if options[:accept_url]
         add_pair post, 'DECLINEURL',      options[:decline_url]     if options[:decline_url]
         add_pair post, 'EXCEPTIONURL',    options[:exception_url]   if options[:exception_url]
+        add_pair post, 'CANCELURL',       options[:cancel_url]      if options[:cancel_url]
+        add_pair post, 'PARAMVAR',        options[:paramvar]        if options[:paramvar]
         add_pair post, 'PARAMPLUS',       options[:paramplus]       if options[:paramplus]
         add_pair post, 'COMPLUS',         options[:complus]         if options[:complus]
         add_pair post, 'LANGUAGE',        options[:language]        if options[:language]
@@ -281,8 +302,8 @@ module ActiveMerchant #:nodoc:
         add_pair post, 'ECI', eci.to_s
       end
 
-      def add_alias(post, _alias, alias_operation = nil)
-        add_pair post, 'ALIAS', _alias
+      def add_alias(post, alias_name, alias_operation = nil)
+        add_pair post, 'ALIAS', alias_name
         add_pair post, 'ALIASOPERATION', alias_operation unless alias_operation.nil?
       end
 
@@ -302,6 +323,7 @@ module ActiveMerchant #:nodoc:
 
       def add_address(post, creditcard, options)
         return unless options[:billing_address]
+
         add_pair post, 'Owneraddress', options[:billing_address][:address1]
         add_pair post, 'OwnerZip',     options[:billing_address][:zip]
         add_pair post, 'ownertown',    options[:billing_address][:city]
@@ -312,12 +334,13 @@ module ActiveMerchant #:nodoc:
       def add_invoice(post, options)
         add_pair post, 'orderID', options[:order_id] || generate_unique_id[0...30]
         add_pair post, 'COM',     options[:description]
+        add_pair post, 'ORIG',    options[:origin] if options[:origin]
       end
 
       def add_creditcard(post, creditcard)
         add_pair post, 'CN',     creditcard.name
         add_pair post, 'CARDNO', creditcard.number
-        add_pair post, 'ED',     "%02d%02s" % [creditcard.month, creditcard.year.to_s[-2..-1]]
+        add_pair post, 'ED',     '%02d%02s' % [creditcard.month, creditcard.year.to_s[-2..-1]]
         add_pair post, 'CVC',    creditcard.verification_value
       end
 
@@ -327,14 +350,15 @@ module ActiveMerchant #:nodoc:
 
         # Add HTML_ANSWER element (3-D Secure specific to the response's params)
         # Note: HTML_ANSWER is not an attribute so we add it "by hand" to the response
-        if html_answer = REXML::XPath.first(xml_root, "//HTML_ANSWER")
-          response["HTML_ANSWER"] = html_answer.text
+        if html_answer = REXML::XPath.first(xml_root, '//HTML_ANSWER')
+          response['HTML_ANSWER'] = html_answer.text
         end
 
         response
       end
 
       def commit(action, parameters)
+        add_pair parameters, 'RTIMEOUT', @options[:timeout] if @options[:timeout]
         add_pair parameters, 'PSPID',  @options[:login]
         add_pair parameters, 'USERID', @options[:user]
         add_pair parameters, 'PSWD',   @options[:password]
@@ -342,27 +366,27 @@ module ActiveMerchant #:nodoc:
         response = parse(ssl_post(url(parameters['PAYID']), post_data(action, parameters)))
 
         options = {
-          :authorization => [response["PAYID"], action].join(";"),
-          :test          => test?,
-          :avs_result    => { :code => AVS_MAPPING[response["AAVCheck"]] },
-          :cvv_result    => CVV_MAPPING[response["CVCCheck"]]
+          authorization: [response['PAYID'], action].join(';'),
+          test: test?,
+          avs_result: { code: AVS_MAPPING[response['AAVCheck']] },
+          cvv_result: CVV_MAPPING[response['CVCCheck']]
         }
         OgoneResponse.new(successful?(response), message_from(response), response, options)
       end
 
       def url(payid)
-        (test? ? test_url : live_url) + (payid ? "maintenancedirect.asp" : "orderdirect.asp")
+        (test? ? test_url : live_url) + (payid ? 'maintenancedirect.asp' : 'orderdirect.asp')
       end
 
       def successful?(response)
-        response["NCERROR"] == "0"
+        response['NCERROR'] == '0'
       end
 
       def message_from(response)
         if successful?(response)
           SUCCESS_MESSAGE
         else
-          format_error_message(response["NCERRORPLUS"])
+          format_error_message(response['NCERRORPLUS'])
         end
       end
 
@@ -370,9 +394,9 @@ module ActiveMerchant #:nodoc:
         raw_message = message.to_s.strip
         case raw_message
         when /\|/
-          raw_message.split("|").join(", ").capitalize
+          raw_message.split('|').join(', ').capitalize
         when /\//
-          raw_message.split("/").first.to_s.capitalize
+          raw_message.split('/').first.to_s.capitalize
         else
           raw_message.to_s.capitalize
         end
@@ -386,27 +410,49 @@ module ActiveMerchant #:nodoc:
 
       def add_signature(parameters)
         if @options[:signature].blank?
-           ActiveMerchant.deprecated(OGONE_NO_SIGNATURE_DEPRECATION_MESSAGE) unless(@options[:signature_encryptor] == "none")
-           return
+          ActiveMerchant.deprecated(OGONE_NO_SIGNATURE_DEPRECATION_MESSAGE) unless @options[:signature_encryptor] == 'none'
+          return
         end
 
-        sha_encryptor = case @options[:signature_encryptor]
-                        when 'sha256'
-                          Digest::SHA256
-                        when 'sha512'
-                          Digest::SHA512
-                        else
-                          Digest::SHA1
-                        end
-
-        string_to_digest = if @options[:signature_encryptor]
-          parameters.sort { |a, b| a[0].upcase <=> b[0].upcase }.map { |k, v| "#{k.upcase}=#{v}" }.join(@options[:signature])
-        else
-          %w[orderID amount currency CARDNO PSPID Operation ALIAS].map { |key| parameters[key] }.join
-        end
-        string_to_digest << @options[:signature]
+        add_pair parameters, 'SHASign', calculate_signature(parameters, @options[:signature_encryptor], @options[:signature])
+      end
+
+      def calculate_signature(signed_parameters, algorithm, secret)
+        return legacy_calculate_signature(signed_parameters, secret) unless algorithm
+
+        sha_encryptor =
+          case algorithm
+          when 'sha256'
+            Digest::SHA256
+          when 'sha512'
+            Digest::SHA512
+          when 'sha1'
+            Digest::SHA1
+          else
+            raise "Unknown signature algorithm #{algorithm}"
+          end
 
-        add_pair parameters, 'SHASign', sha_encryptor.hexdigest(string_to_digest).upcase
+        filtered_params = signed_parameters.select { |_k, v| !v.blank? }
+        sha_encryptor.hexdigest(
+          filtered_params.sort_by { |k, _v| k.upcase }.map { |k, v| "#{k.upcase}=#{v}#{secret}" }.join('')
+        ).upcase
+      end
+
+      def legacy_calculate_signature(parameters, secret)
+        Digest::SHA1.hexdigest(
+          (
+            %w(
+              orderID
+              amount
+              currency
+              CARDNO
+              PSPID
+              Operation
+              ALIAS
+            ).map { |key| parameters[key] } +
+            [secret]
+          ).join('')
+        ).upcase
       end
 
       def add_pair(post, key, value)

data/lib/active_merchant/billing/gateways/omise.rb

@@ -0,0 +1,323 @@
+require 'active_merchant/billing/rails'
+
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class OmiseGateway < Gateway
+      API_URL     = 'https://api.omise.co/'
+      VAULT_URL   = 'https://vault.omise.co/'
+
+      STANDARD_ERROR_CODE_MAPPING = {
+        'invalid_security_code' => STANDARD_ERROR_CODE[:invalid_cvc],
+        'failed_capture'        => STANDARD_ERROR_CODE[:card_declined]
+      }
+
+      self.live_url = self.test_url = API_URL
+
+      # Currency supported by Omise
+      # * Thai Baht with Satang, 50000 (THB500.00)
+      # * Japanese Yen, 500 (JPY500)
+      self.default_currency = 'THB'
+      self.money_format     = :cents
+
+      # Country supported by Omise
+      # * Thailand
+      self.supported_countries = %w(TH JP)
+
+      # Credit cards supported by Omise
+      # * VISA
+      # * MasterCard
+      # * JCB
+      self.supported_cardtypes = %i[visa master jcb]
+
+      # Omise main page
+      self.homepage_url = 'https://www.omise.co/'
+      self.display_name = 'Omise'
+
+      # Creates a new OmiseGateway.
+      #
+      # Omise requires public_key for token creation.
+      # And it requires secret_key for other transactions.
+      # These keys can be found in https://dashboard.omise.co/test/api-keys
+      #
+      # ==== Options
+      #
+      # * <tt>:public_key</tt>  -- Omise's public key  (REQUIRED).
+      # * <tt>:secret_key</tt>  -- Omise's secret key  (REQUIRED).
+      # * <tt>:api_version</tt> -- Omise's API Version (OPTIONAL), default version is '2014-07-27'
+      #                            See version at page https://dashboard.omise.co/api-version/edit
+
+      def initialize(options = {})
+        requires!(options, :public_key, :secret_key)
+        @public_key  = options[:public_key]
+        @secret_key  = options[:secret_key]
+        @api_version = options[:api_version]
+        super
+      end
+
+      # Perform a purchase (with auto capture)
+      #
+      # ==== Parameters
+      #
+      # * <tt>money</tt>          -- The purchasing amount in Thai Baht Satang
+      # * <tt>payment_method</tt> -- The CreditCard object
+      # * <tt>options</tt>        -- An optional parameters, such as token from Omise.js
+      #
+      # ==== Options
+      # * <tt>token_id</tt> -- token id, use Omise.js library to retrieve a token id
+      # if this is passed as an option, it will ignore tokenizing via Omisevaultgateway object
+      #
+      # === Example
+      #  To create a charge on a card
+      #
+      #   purchase(money, Creditcard_object)
+      #
+      #  To create a charge on a token
+      #
+      #   purchase(money, nil, { :token_id => token_id, ... })
+      #
+      #  To create a charge on a customer
+      #
+      #   purchase(money, nil, { :customer_id => customer_id })
+
+      def purchase(money, payment_method, options = {})
+        create_charge(money, payment_method, options)
+      end
+
+      # Authorize a charge.
+      #
+      # ==== Parameters
+      #
+      # * <tt>money</tt>          -- The purchasing amount in Thai Baht Satang
+      # * <tt>payment_method</tt> -- The CreditCard object
+      # * <tt>options</tt>        -- An optional parameters, such as token or capture
+
+      def authorize(money, payment_method, options = {})
+        options[:capture] = 'false'
+        create_charge(money, payment_method, options)
+      end
+
+      # Capture an authorized charge.
+      #
+      # ==== Parameters
+      #
+      # * <tt>money</tt>     -- An amount in Thai Baht Satang
+      # * <tt>charge_id</tt> -- The CreditCard object
+      # * <tt>options</tt>   -- An optional parameters, such as token or capture
+
+      def capture(money, charge_id, options = {})
+        post = {}
+        add_amount(post, money, options)
+        commit(:post, "charges/#{CGI.escape(charge_id)}/capture", post, options)
+      end
+
+      # Refund a charge.
+      #
+      # ==== Parameters
+      #
+      # * <tt>money</tt>     -- An amount of money to charge in Satang.
+      # * <tt>charge_id</tt> -- The CreditCard object
+      # * <tt>options</tt>   -- An optional parameters, such as token or capture
+
+      def refund(money, charge_id, options = {})
+        options[:amount] = money if money
+        commit(:post, "charges/#{CGI.escape(charge_id)}/refunds", options)
+      end
+
+      # Store a card details as customer
+      #
+      # ==== Parameters
+      #
+      # * <tt>payment_method</tt> -- The CreditCard.
+      # * <tt>options</tt>        -- Optional Customer information:
+      #     'email'       (A customer email)
+      #     'description' (A customer description)
+
+      def store(payment_method, options = {})
+        post, card_params = {}, {}
+        add_customer_data(post, options)
+        add_token(card_params, payment_method, options)
+        commit(:post, 'customers', post.merge(card_params), options)
+      end
+
+      # Delete a customer and all associated credit cards.
+      #
+      # ==== Parameters
+      #
+      # * <tt>customer_id</tt> -- The Customer identifier (REQUIRED).
+
+      def unstore(customer_id, options = {})
+        commit(:delete, "customers/#{CGI.escape(customer_id)}")
+      end
+
+      # Enable scrubbing sensitive information
+      def supports_scrubbing?
+        true
+      end
+
+      # Scrub sensitive information out of HTTP transcripts
+      #
+      # ==== Parameters
+      #
+      # * <tt>transcript</tt> -- The HTTP transcripts
+
+      def scrub(transcript)
+        transcript.
+          gsub(/(Authorization: Basic )\w+/i, '\1[FILTERED]').
+          gsub(/(\\"number\\":)\\"\d+\\"/, '\1[FILTERED]').
+          gsub(/(\\"security_code\\":)\\"\d+\\"/, '\1[FILTERED]')
+      end
+
+      private
+
+      def create_charge(money, payment_method, options)
+        post = {}
+        add_token(post, payment_method, options)
+        add_amount(post, money, options)
+        add_customer(post, options)
+        post[:capture] = options[:capture] if options[:capture]
+        commit(:post, 'charges', post, options)
+      end
+
+      def headers(options = {})
+        key = options[:key] || @secret_key
+        {
+          'Content-Type'    => 'application/json;utf-8',
+          'Omise-Version'   => @api_version || '2014-07-27',
+          'User-Agent'      => "ActiveMerchantBindings/#{ActiveMerchant::VERSION} Ruby/#{RUBY_VERSION}",
+          'Authorization'   => 'Basic ' + Base64.encode64(key.to_s + ':').strip,
+          'Accept-Encoding' => 'utf-8'
+        }
+      end
+
+      def url_for(endpoint)
+        (endpoint == 'tokens' ? VAULT_URL : API_URL) + endpoint
+      end
+
+      def post_data(parameters)
+        parameters.present? ? parameters.to_json : nil
+      end
+
+      def https_request(method, endpoint, parameters = nil, options = {})
+        raw_response = response = nil
+        begin
+          raw_response = ssl_request(method, url_for(endpoint), post_data(parameters), headers(options))
+          response = parse(raw_response)
+        rescue ResponseError => e
+          raw_response = e.response.body
+          response = parse(raw_response)
+        rescue JSON::ParserError
+          response = json_error(raw_response)
+        end
+        response
+      end
+
+      def parse(body)
+        JSON.parse(body)
+      end
+
+      def json_error(raw_response)
+        msg  = 'Invalid response received from Omise API. Please contact support@omise.co if you continue to receive this message.'
+        msg += "The raw response returned by the API was #{raw_response.inspect})"
+        { message: msg }
+      end
+
+      def commit(method, endpoint, params = nil, options = {})
+        response = https_request(method, endpoint, params, options)
+        Response.new(
+          successful?(response),
+          message_from(response),
+          response,
+          {
+            authorization: authorization_from(response),
+            test: test?,
+            error_code: successful?(response) ? nil : standard_error_code_mapping(response)
+          }
+        )
+      end
+
+      def standard_error_code_mapping(response)
+        STANDARD_ERROR_CODE_MAPPING[error_code_from(response)] || message_to_standard_error_code_from(response)
+      end
+
+      def error_code_from(response)
+        error?(response) ? response['code'] : response['failure_code']
+      end
+
+      def message_to_standard_error_code_from(response)
+        message = response['message'] if response['code'] == 'invalid_card'
+        case message
+        when /brand not supported/
+          STANDARD_ERROR_CODE[:invalid_number]
+        when /number is invalid/
+          STANDARD_ERROR_CODE[:incorrect_number]
+        when /expiration date cannot be in the past/
+          STANDARD_ERROR_CODE[:expired_card]
+        when /expiration \w+ is invalid/
+          STANDARD_ERROR_CODE[:invalid_expiry_date]
+        else
+          STANDARD_ERROR_CODE[:processing_error]
+        end
+      end
+
+      def message_from(response)
+        if successful?(response)
+          'Success'
+        else
+          response['message'] || response['failure_message']
+        end
+      end
+
+      def authorization_from(response)
+        response['id'] if successful?(response)
+      end
+
+      def successful?(response)
+        !error?(response) && response['failure_code'].nil?
+      end
+
+      def error?(response)
+        response.key?('object') && (response['object'] == 'error')
+      end
+
+      def get_token(post, credit_card)
+        add_creditcard(post, credit_card) if credit_card
+        commit(:post, 'tokens', post, { key: @public_key })
+      end
+
+      def add_token(post, credit_card, options = {})
+        if options[:token_id].present?
+          post[:card] = options[:token_id]
+        else
+          response = get_token(post, credit_card)
+          response.authorization ? (post[:card] = response.authorization) : response
+        end
+      end
+
+      def add_creditcard(post, payment_method)
+        card = {
+          number:           payment_method.number,
+          name:             payment_method.name,
+          security_code:    payment_method.verification_value,
+          expiration_month: payment_method.month,
+          expiration_year:  payment_method.year
+        }
+        post[:card] = card
+      end
+
+      def add_customer(post, options = {})
+        post[:customer] = options[:customer_id] if options[:customer_id]
+      end
+
+      def add_customer_data(post, options = {})
+        post[:description] = options[:description] if options[:description]
+        post[:email]       = options[:email] if options[:email]
+      end
+
+      def add_amount(post, money, options)
+        post[:amount]      = amount(money)
+        post[:currency]    = (options[:currency] || currency(money))
+        post[:description] = options[:description] if options.key?(:description)
+      end
+    end
+  end
+end