activemerchant 1.45.0 → 1.126.0

data/lib/active_merchant/billing/gateways/paystation.rb

@@ -1,8 +1,7 @@
 module ActiveMerchant #:nodoc:
   module Billing #:nodoc:
     class PaystationGateway < Gateway
-
-      self.live_url = self.test_url = "https://www.paystation.co.nz/direct/paystation.dll"
+      self.live_url = self.test_url = 'https://www.paystation.co.nz/direct/paystation.dll'
 
       # an "error code" of "0" means "No error - transaction successful"
       SUCCESSFUL_RESPONSE_CODE = '0'
@@ -14,7 +13,7 @@ module ActiveMerchant #:nodoc:
       self.supported_countries = ['NZ']
 
       # TODO: check this with paystation (amex and diners need to be enabled)
-      self.supported_cardtypes = [:visa, :master, :american_express, :diners_club ]
+      self.supported_cardtypes = %i[visa master american_express diners_club]
 
       self.homepage_url        = 'http://paystation.co.nz'
       self.display_name        = 'Paystation'
@@ -32,9 +31,7 @@ module ActiveMerchant #:nodoc:
 
         add_invoice(post, options)
         add_amount(post, money, options)
-
         add_credit_card(post, credit_card)
-
         add_authorize_flag(post, options)
 
         commit(post)
@@ -45,7 +42,6 @@ module ActiveMerchant #:nodoc:
 
         add_invoice(post, options)
         add_amount(post, money, options)
-
         add_authorization_token(post, authorization_token, options[:credit_card_verification])
 
         commit(post)
@@ -78,122 +74,131 @@ module ActiveMerchant #:nodoc:
         commit(post)
       end
 
-      private
-
-        def new_request
-          {
-            :pi    => @options[:paystation_id], # paystation account id
-            :gi    => @options[:gateway_id],    # paystation gateway id
-            "2p"   => "t",                      # two-party transaction type
-            :nr    => "t",                      # -- redirect??
-            :df    => "yymm"                    # date format: optional sometimes, required others
-          }
-        end
-
-        def add_customer_data(post, options)
-          post[:mc] = options[:customer]
-        end
+      def refund(money, authorization, options = {})
+        post = new_request
+        add_amount(post, money, options)
+        add_invoice(post, options)
+        add_refund_specific_fields(post, authorization)
 
-        def add_invoice(post, options)
-          requires!(options, :order_id)
+        commit(post)
+      end
 
-          post[:ms] = options[:order_id]     # "Merchant Session", must be unique per request
-          post[:mo] = options[:invoice]      # "Order Details", displayed in Paystation Admin
-          post[:mr] = options[:description]  # "Merchant Reference Code", seen from Paystation Admin
-        end
+      def verify(credit_card, options = {})
+        authorize(0, credit_card, options)
+      end
 
-        def add_credit_card(post, credit_card)
+      def supports_scrubbing?
+        true
+      end
 
-          post[:cn] = credit_card.number
-          post[:ct] = credit_card.brand
-          post[:ex] = format_date(credit_card.month, credit_card.year)
-          post[:cc] = credit_card.verification_value if credit_card.verification_value?
+      def scrub(transcript)
+        transcript.
+          gsub(%r((pstn_cn=)\d*), '\1[FILTERED]').
+          gsub(%r((pstn_cc=)\d*), '\1[FILTERED]')
+      end
 
-        end
+      private
 
-        # bill a token (stored via "store") rather than a Credit Card
-        def add_token(post, token)
-          post[:fp] = "t"    # turn on "future payments" - what paystation calls Token Billing
-          post[:ft] = token
-        end
+      def new_request
+        {
+          :pi    => @options[:paystation_id], # paystation account id
+          :gi    => @options[:gateway_id],    # paystation gateway id
+          '2p'   => 't',                      # two-party transaction type
+          :nr    => 't',                      # -- redirect??
+          :df    => 'yymm'                    # date format: optional sometimes, required others
+        }
+      end
 
-        def store_credit_card(post, options)
+      def add_customer_data(post, options)
+        post[:mc] = options[:customer]
+      end
 
-          post[:fp] = "t"                                # turn on "future payments" - what paystation calls Token Billing
-          post[:fs] = "t"                                # tells paystation to store right now, not bill
-          post[:ft] = options[:token] if options[:token] # specify a token to use that, or let Paystation generate one
+      def add_invoice(post, options)
+        post[:ms] = generate_unique_id
+        post[:mo] = options[:description]
+        post[:mr] = options[:order_id]
+      end
 
-        end
+      def add_credit_card(post, credit_card)
+        post[:cn] = credit_card.number
+        post[:ct] = credit_card.brand
+        post[:ex] = format_date(credit_card.month, credit_card.year)
+        post[:cc] = credit_card.verification_value if credit_card.verification_value?
+      end
 
-        def add_authorize_flag(post, options)
-          post[:pa] = "t" # tells Paystation that this is a pre-auth authorisation payment (account must be in pre-auth mode)
-        end
+      def add_token(post, token)
+        post[:fp] = 't' # turn on "future payments" - what paystation calls Token Billing
+        post[:ft] = token
+      end
 
-        def add_authorization_token(post, auth_token, verification_value = nil)
-          post[:cp] = "t" # Capture Payment flag – tells Paystation this transaction should be treated as a capture payment
-          post[:cx] = auth_token
-          post[:cc] = verification_value
-        end
+      def store_credit_card(post, options)
+        post[:fp] = 't'                                # turn on "future payments" - what paystation calls Token Billing
+        post[:fs] = 't'                                # tells paystation to store right now, not bill
+        post[:ft] = options[:token] if options[:token] # specify a token to use that, or let Paystation generate one
+      end
 
-        def add_amount(post, money, options)
+      def add_authorize_flag(post, options)
+        post[:pa] = 't' # tells Paystation that this is a pre-auth authorisation payment (account must be in pre-auth mode)
+      end
 
-          post[:am] = amount(money)
-          post[:cu] = options[:currency] || currency(money)
+      def add_refund_specific_fields(post, authorization)
+        post[:rc] = 't'
+        post[:rt] = authorization
+      end
 
-        end
+      def add_authorization_token(post, auth_token, verification_value = nil)
+        post[:cp] = 't' # Capture Payment flag – tells Paystation this transaction should be treated as a capture payment
+        post[:cx] = auth_token
+        post[:cc] = verification_value
+      end
 
-        def parse(xml_response)
-          response = {}
+      def add_amount(post, money, options)
+        post[:am] = amount(money)
+        post[:cu] = options[:currency] || currency(money)
+      end
 
-          xml = REXML::Document.new(xml_response)
+      def parse(xml_response)
+        response = {}
 
-          # for normal payments, the root node is <Response>
-          # for "future payments", it's <PaystationFuturePaymentResponse>
-          xml.elements.each("#{xml.root.name}/*") do |element|
-            response[element.name.underscore.to_sym] = element.text
-          end
+        xml = REXML::Document.new(xml_response)
 
-          response
+        xml.elements.each("#{xml.root.name}/*") do |element|
+          response[element.name.underscore.to_sym] = element.text
         end
 
-        def commit(post)
-
-          post[:tm] = "T" if test? # test mode
-
-          pstn_prefix_params = post.collect { |key, value| "pstn_#{key}=#{CGI.escape(value.to_s)}" }.join("&")
+        response
+      end
 
-          # need include paystation param as "initiator flag for payment engine"
-          data     = ssl_post(self.live_url, "#{pstn_prefix_params}&paystation=_empty")
-          response = parse(data)
-          message  = message_from(response)
+      def commit(post)
+        post[:tm] = 'T' if test?
+        pstn_prefix_params = post.collect { |key, value| "pstn_#{key}=#{CGI.escape(value.to_s)}" }.join('&')
 
-          PaystationResponse.new(success?(response), message, response,
-              :test          => (response[:tm] && response[:tm].downcase == "t"),
-              :authorization => response[:paystation_transaction_id]
-          )
-        end
+        data     = ssl_post(self.live_url, "#{pstn_prefix_params}&paystation=_empty")
+        response = parse(data)
+        message  = message_from(response)
 
-        def success?(response)
-          (response[:ec] == SUCCESSFUL_RESPONSE_CODE) || (response[:ec] == SUCCESSFUL_FUTURE_PAYMENT)
-        end
+        PaystationResponse.new(success?(response), message, response,
+          test: (response[:tm]&.casecmp('t')&.zero?),
+          authorization: response[:paystation_transaction_id])
+      end
 
-        def message_from(response)
-          response[:em]
-        end
+      def success?(response)
+        (response[:ec] == SUCCESSFUL_RESPONSE_CODE) || (response[:ec] == SUCCESSFUL_FUTURE_PAYMENT)
+      end
 
-        def format_date(month, year)
-          "#{format(year, :two_digits)}#{format(month, :two_digits)}"
-        end
+      def message_from(response)
+        response[:em]
+      end
 
+      def format_date(month, year)
+        "#{format(year, :two_digits)}#{format(month, :two_digits)}"
+      end
     end
 
     class PaystationResponse < Response
-      # add a method to response so we can easily get the token
-      # for Validate transactions
       def token
-        @params["future_payment_token"]
+        @params['future_payment_token']
       end
     end
   end
 end
-

data/lib/active_merchant/billing/gateways/payu_in.rb

@@ -0,0 +1,249 @@
+# encoding: utf-8
+
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class PayuInGateway < Gateway
+      self.test_url = 'https://test.payu.in/_payment'
+      self.live_url = 'https://secure.payu.in/_payment'
+
+      TEST_INFO_URL = 'https://test.payu.in/merchant/postservice.php?form=2'
+      LIVE_INFO_URL = 'https://info.payu.in/merchant/postservice.php?form=2'
+
+      self.supported_countries = ['IN']
+      self.default_currency = 'INR'
+      self.supported_cardtypes = %i[visa master american_express diners_club maestro]
+
+      self.homepage_url = 'https://www.payu.in/'
+      self.display_name = 'PayU India'
+
+      def initialize(options = {})
+        requires!(options, :key, :salt)
+        super
+      end
+
+      def purchase(money, payment, options = {})
+        requires!(options, :order_id)
+
+        post = {}
+        add_invoice(post, money, options)
+        add_payment(post, payment)
+        add_addresses(post, options)
+        add_customer_data(post, options)
+        add_auth(post)
+
+        MultiResponse.run do |r|
+          r.process { commit(url('purchase'), post) }
+          if r.params['enrolled'].to_s == '0'
+            r.process { commit(r.params['post_uri'], r.params['form_post_vars']) }
+          else
+            r.process { handle_3dsecure(r) }
+          end
+        end
+      end
+
+      def refund(money, authorization, options = {})
+        raise ArgumentError, 'Amount is required' unless money
+
+        post = {}
+
+        post[:command] = 'cancel_refund_transaction'
+        post[:var1] = authorization
+        post[:var2] = generate_unique_id
+        post[:var3] = amount(money)
+
+        add_auth(post, :command, :var1)
+
+        commit(url('refund'), post)
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(/(ccnum=)[^&\n"]*(&|\n|"|$)/, '\1[FILTERED]\2').
+          gsub(/(ccvv=)[^&\n"]*(&|\n|"|$)/, '\1[FILTERED]\2').
+          gsub(/(card_hash=)[^&\n"]*(&|\n|"|$)/, '\1[FILTERED]\2').
+          gsub(/(ccnum":")[^"]*(")/, '\1[FILTERED]\2').
+          gsub(/(ccvv":")[^"]*(")/, '\1[FILTERED]\2')
+      end
+
+      private
+
+      PAYMENT_DIGEST_KEYS = %w(
+        txnid amount productinfo firstname email
+        udf1 udf2 udf3 udf4 udf5
+        bogus bogus bogus bogus bogus
+      )
+      def add_auth(post, *digest_keys)
+        post[:key] = @options[:key]
+        post[:txn_s2s_flow] = 1
+
+        digest_keys = PAYMENT_DIGEST_KEYS if digest_keys.empty?
+        digest = Digest::SHA2.new(512)
+        digest << @options[:key] << '|'
+        digest_keys.each do |key|
+          digest << (post[key.to_sym] || '') << '|'
+        end
+        digest << @options[:salt]
+        post[:hash] = digest.hexdigest
+      end
+
+      def add_customer_data(post, options)
+        post[:email] = clean(options[:email] || 'unknown@example.com', nil, 50)
+        post[:phone] = clean((options[:billing_address] && options[:billing_address][:phone]) || '11111111111', :numeric, 50)
+      end
+
+      def add_addresses(post, options)
+        if options[:billing_address]
+          post[:address1] = clean(options[:billing_address][:address1], :text, 100)
+          post[:address2] = clean(options[:billing_address][:address2], :text, 100)
+          post[:city] = clean(options[:billing_address][:city], :text, 50)
+          post[:state] = clean(options[:billing_address][:state], :text, 50)
+          post[:country] = clean(options[:billing_address][:country], :text, 50)
+          post[:zipcode] = clean(options[:billing_address][:zip], :numeric, 20)
+        end
+
+        if options[:shipping_address]
+          if options[:shipping_address][:name]
+            first, *rest = options[:shipping_address][:name].split(/\s+/)
+            post[:shipping_firstname] = clean(first, :name, 60)
+            post[:shipping_lastname] = clean(rest.join(' '), :name, 20)
+          end
+          post[:shipping_address1] = clean(options[:shipping_address][:address1], :text, 100)
+          post[:shipping_address2] = clean(options[:shipping_address][:address2], :text, 100)
+          post[:shipping_city] = clean(options[:shipping_address][:city], :text, 50)
+          post[:shipping_state] = clean(options[:shipping_address][:state], :text, 50)
+          post[:shipping_country] = clean(options[:shipping_address][:country], :text, 50)
+          post[:shipping_zipcode] = clean(options[:shipping_address][:zip], :numeric, 20)
+          post[:shipping_phone] = clean(options[:shipping_address][:phone], :numeric, 50)
+        end
+      end
+
+      def add_invoice(post, money, options)
+        post[:amount] = amount(money)
+
+        post[:txnid] = clean(options[:order_id], :alphanumeric, 30)
+        post[:productinfo] = clean(options[:description] || 'Purchase', nil, 100)
+
+        post[:surl] = 'http://example.com'
+        post[:furl] = 'http://example.com'
+      end
+
+      BRAND_MAP = {
+        visa: 'VISA',
+        master: 'MAST',
+        american_express: 'AMEX',
+        diners_club: 'DINR',
+        maestro: 'MAES'
+      }
+
+      def add_payment(post, payment)
+        post[:pg] = 'CC'
+        post[:firstname] = clean(payment.first_name, :name, 60)
+        post[:lastname] = clean(payment.last_name, :name, 20)
+
+        post[:bankcode] = BRAND_MAP[payment.brand.to_sym]
+        post[:ccnum] = payment.number
+        post[:ccvv] = payment.verification_value
+        post[:ccname] = payment.name
+        post[:ccexpmon] = format(payment.month, :two_digits)
+        post[:ccexpyr] = format(payment.year, :four_digits)
+      end
+
+      def clean(value, format, maxlength)
+        value ||= ''
+        value =
+          case format
+          when :alphanumeric
+            value.gsub(/[^A-Za-z0-9]/, '')
+          when :name
+            value.gsub(/[^A-Za-z ]/, '')
+          when :numeric
+            value.gsub(/[^0-9]/, '')
+          when :text
+            value.gsub(/[^A-Za-z0-9@\-_\/\. ]/, '')
+          when nil
+            value
+          else
+            raise "Unknown format #{format} for #{value}"
+          end
+        value[0...maxlength]
+      end
+
+      def parse(body)
+        top = JSON.parse(body)
+
+        if result = top.delete('result')
+          result.split('&').inject({}) do |hash, string|
+            key, value = string.split('=')
+            hash[CGI.unescape(key).downcase] = CGI.unescape(value || '')
+            hash
+          end.each do |key, value|
+            if top[key]
+              top["result_#{key}"] = value
+            else
+              top[key] = value
+            end
+          end
+        end
+
+        if response = top.delete('response')
+          top.merge!(response)
+        end
+
+        top
+      rescue JSON::ParserError
+        {
+          'error' => "Invalid response received from the PayU API. (The raw response was `#{body}`)."
+        }
+      end
+
+      def commit(url, parameters)
+        response = parse(ssl_post(url, post_data(parameters), 'Accept-Encoding' => 'identity'))
+
+        Response.new(
+          success_from(response),
+          message_from(response),
+          response,
+          authorization: authorization_from(response),
+          test: test?
+        )
+      end
+
+      def url(action)
+        case action
+        when 'purchase'
+          (test? ? test_url : live_url)
+        else
+          (test? ? TEST_INFO_URL : LIVE_INFO_URL)
+        end
+      end
+
+      def success_from(response)
+        if response['result_status']
+          (response['status'] == 'success' && response['result_status'] == 'success')
+        else
+          (response['status'] == 'success' || response['status'].to_s == '1')
+        end
+      end
+
+      def message_from(response)
+        (response['error_message'] || response['error'] || response['msg'])
+      end
+
+      def authorization_from(response)
+        response['mihpayid']
+      end
+
+      def post_data(parameters = {})
+        PostData.new.merge!(parameters).to_post_data
+      end
+
+      def handle_3dsecure(response)
+        Response.new(false, '3D-secure enrolled cards are not supported.')
+      end
+    end
+  end
+end