activemerchant 1.45.0 → 1.126.0

data/lib/active_merchant/billing/gateways/quickpay.rb

@@ -1,367 +1,24 @@
 require 'rexml/document'
 require 'digest/md5'
 
+require 'active_merchant/billing/gateways/quickpay/quickpay_v10'
+require 'active_merchant/billing/gateways/quickpay/quickpay_v4to7'
+
 module ActiveMerchant #:nodoc:
   module Billing #:nodoc:
     class QuickpayGateway < Gateway
-      self.live_url = self.test_url = 'https://secure.quickpay.dk/api'
-
-      self.default_currency = 'DKK'
-      self.money_format = :cents
-      self.supported_cardtypes = [:dankort, :forbrugsforeningen, :visa, :master, :american_express, :diners_club, :jcb, :maestro]
-      self.supported_countries = ['DE', 'DK', 'ES', 'FI', 'FR', 'FO', 'GB', 'IS', 'NO', 'SE']
-      self.homepage_url = 'http://quickpay.net/'
-      self.display_name = 'QuickPay'
-
-      MD5_CHECK_FIELDS = {
-        3 => {
-          :authorize => %w(protocol msgtype merchant ordernumber amount
-                           currency autocapture cardnumber expirationdate
-                           cvd cardtypelock testmode),
-
-          :capture   => %w(protocol msgtype merchant amount transaction),
-
-          :cancel    => %w(protocol msgtype merchant transaction),
-
-          :refund    => %w(protocol msgtype merchant amount transaction),
-
-          :subscribe => %w(protocol msgtype merchant ordernumber cardnumber
-                           expirationdate cvd cardtypelock description testmode),
-
-          :recurring => %w(protocol msgtype merchant ordernumber amount
-                           currency autocapture transaction),
-
-          :status    => %w(protocol msgtype merchant transaction),
-
-          :chstatus  => %w(protocol msgtype merchant)
-        },
-
-        4 => {
-          :authorize => %w(protocol msgtype merchant ordernumber amount
-                           currency autocapture cardnumber expirationdate cvd
-                           cardtypelock testmode fraud_remote_addr
-                           fraud_http_accept fraud_http_accept_language
-                           fraud_http_accept_encoding fraud_http_accept_charset
-                           fraud_http_referer fraud_http_user_agent apikey),
-
-          :capture   => %w(protocol msgtype merchant amount transaction apikey),
-
-          :cancel    => %w(protocol msgtype merchant transaction apikey),
-
-          :refund    => %w(protocol msgtype merchant amount transaction apikey),
-
-          :subscribe => %w(protocol msgtype merchant ordernumber cardnumber
-                           expirationdate cvd cardtypelock description testmode
-                           fraud_remote_addr fraud_http_accept fraud_http_accept_language
-                           fraud_http_accept_encoding fraud_http_accept_charset
-                           fraud_http_referer fraud_http_user_agent apikey),
-
-          :recurring => %w(protocol msgtype merchant ordernumber amount currency
-                           autocapture transaction apikey),
-
-          :status    => %w(protocol msgtype merchant transaction apikey),
-
-          :chstatus  => %w(protocol msgtype merchant apikey)
-        },
-
-        5 => {
-          :authorize => %w(protocol msgtype merchant ordernumber amount
-                           currency autocapture cardnumber expirationdate cvd
-                           cardtypelock testmode fraud_remote_addr
-                           fraud_http_accept fraud_http_accept_language
-                           fraud_http_accept_encoding fraud_http_accept_charset
-                           fraud_http_referer fraud_http_user_agent apikey),
-
-          :capture   => %w(protocol msgtype merchant amount transaction apikey),
-
-          :cancel    => %w(protocol msgtype merchant transaction apikey),
-
-          :refund    => %w(protocol msgtype merchant amount transaction apikey),
-
-          :subscribe => %w(protocol msgtype merchant ordernumber cardnumber
-                           expirationdate cvd cardtypelock description testmode
-                           fraud_remote_addr fraud_http_accept fraud_http_accept_language
-                           fraud_http_accept_encoding fraud_http_accept_charset
-                           fraud_http_referer fraud_http_user_agent apikey),
-
-          :recurring => %w(protocol msgtype merchant ordernumber amount currency
-                           autocapture transaction apikey),
-
-          :status    => %w(protocol msgtype merchant transaction apikey),
-
-          :chstatus  => %w(protocol msgtype merchant apikey)
-        },
-
-        6 => {
-          :authorize => %w(protocol msgtype merchant ordernumber amount
-                           currency autocapture cardnumber expirationdate cvd
-                           cardtypelock testmode fraud_remote_addr
-                           fraud_http_accept fraud_http_accept_language
-                           fraud_http_accept_encoding fraud_http_accept_charset
-                           fraud_http_referer fraud_http_user_agent apikey),
-
-          :capture   => %w(protocol msgtype merchant amount transaction
-                           apikey),
-
-          :cancel    => %w(protocol msgtype merchant transaction apikey),
-
-          :refund    => %w(protocol msgtype merchant amount transaction apikey),
+      self.abstract_class = true
 
-          :subscribe => %w(protocol msgtype merchant ordernumber cardnumber
-                           expirationdate cvd cardtypelock description testmode
-                           fraud_remote_addr fraud_http_accept fraud_http_accept_language
-                           fraud_http_accept_encoding fraud_http_accept_charset
-                           fraud_http_referer fraud_http_user_agent apikey),
+      def self.new(options = {})
+        options.fetch(:login) { raise ArgumentError.new('Missing required parameter: login') }
 
-          :recurring => %w(protocol msgtype merchant ordernumber amount currency
-                           autocapture transaction apikey),
-
-          :status    => %w(protocol msgtype merchant transaction apikey),
-
-          :chstatus  => %w(protocol msgtype merchant apikey)
-        },
-
-        7 => {
-          :authorize => %w(protocol msgtype merchant ordernumber amount
-                           currency autocapture cardnumber expirationdate cvd
-                           acquirers cardtypelock testmode fraud_remote_addr
-                           fraud_http_accept fraud_http_accept_language
-                           fraud_http_accept_encoding fraud_http_accept_charset
-                           fraud_http_referer fraud_http_user_agent apikey),
-
-          :capture   => %w(protocol msgtype merchant amount transaction
-                           apikey),
-
-          :cancel    => %w(protocol msgtype merchant transaction apikey),
-
-          :refund    => %w(protocol msgtype merchant amount transaction apikey),
-
-          :subscribe => %w(protocol msgtype merchant ordernumber amount currency
-                           cardnumber expirationdate cvd acquirers cardtypelock
-                           description testmode fraud_remote_addr fraud_http_accept
-                           fraud_http_accept_language fraud_http_accept_encoding
-                           fraud_http_accept_charset fraud_http_referer
-                           fraud_http_user_agent apikey),
-
-          :recurring => %w(protocol msgtype merchant ordernumber amount currency
-                           autocapture transaction apikey),
-
-          :status    => %w(protocol msgtype merchant transaction apikey),
-
-          :chstatus  => %w(protocol msgtype merchant apikey)
-        }
-      }
-
-      APPROVED = '000'
-
-      # The login is the QuickpayId
-      # The password is the md5checkword from the Quickpay manager
-      # To use the API-key from the Quickpay manager, specify :api-key
-      # Using the API-key, requires that you use version 4+. Specify :version => 4/5/6/7 in options.
-      def initialize(options = {})
-        requires!(options, :login, :password)
-        @protocol = options.delete(:version) || 7 # default to protocol version 7
-        super
-      end
-
-      def authorize(money, credit_card_or_reference, options = {})
-        post = {}
-
-        action = recurring_or_authorize(credit_card_or_reference)
-
-        add_amount(post, money, options)
-        add_invoice(post, options)
-        add_creditcard_or_reference(post, credit_card_or_reference, options)
-        add_autocapture(post, false)
-        add_fraud_parameters(post, options) if action.eql?(:authorize)
-        add_testmode(post)
-
-        commit(action, post)
-      end
-
-      def purchase(money, credit_card_or_reference, options = {})
-        post = {}
-
-        action = recurring_or_authorize(credit_card_or_reference)
-
-        add_amount(post, money, options)
-        add_creditcard_or_reference(post, credit_card_or_reference, options)
-        add_invoice(post, options)
-        add_fraud_parameters(post, options) if action.eql?(:authorize)
-        add_autocapture(post, true)
-
-        commit(action, post)
-      end
-
-      def capture(money, authorization, options = {})
-        post = {}
-
-        add_reference(post, authorization)
-        add_amount_without_currency(post, money)
-        commit(:capture, post)
-      end
-
-      def void(identification, options = {})
-        post = {}
-
-        add_reference(post, identification)
-
-        commit(:cancel, post)
-      end
-
-      def refund(money, identification, options = {})
-        post = {}
-
-        add_amount_without_currency(post, money)
-        add_reference(post, identification)
-
-        commit(:refund, post)
-      end
-
-      def credit(money, identification, options = {})
-        ActiveMerchant.deprecated CREDIT_DEPRECATION_MESSAGE
-        refund(money, identification, options)
-      end
-
-      def store(creditcard, options = {})
-        post = {}
-
-        add_creditcard(post, creditcard, options)
-        add_amount(post, 0, options) if @protocol >= 7
-        add_invoice(post, options)
-        add_description(post, options)
-        add_fraud_parameters(post, options)
-        add_testmode(post)
-
-        commit(:subscribe, post)
-      end
-
-      private
-
-      def add_amount(post, money, options = {})
-        post[:amount]   = amount(money)
-        post[:currency] = options[:currency] || currency(money)
-      end
-
-      def add_amount_without_currency(post, money, options = {})
-        post[:amount] = amount(money)
-      end
-
-      def add_invoice(post, options)
-        post[:ordernumber] = format_order_number(options[:order_id])
-      end
-
-      def add_creditcard(post, credit_card, options)
-        post[:cardnumber]     = credit_card.number
-        post[:cvd]            = credit_card.verification_value
-        post[:expirationdate] = expdate(credit_card)
-        post[:cardtypelock]   = options[:cardtypelock] unless options[:cardtypelock].blank?
-        post[:acquirers]      = options[:acquirers] unless options[:acquirers].blank?
-      end
-
-      def add_reference(post, identification)
-        post[:transaction] = identification
-      end
-
-      def add_creditcard_or_reference(post, credit_card_or_reference, options)
-        if credit_card_or_reference.is_a?(String)
-          add_reference(post, credit_card_or_reference)
+        version = options[:login].to_i < 10000000 ? 10 : 7
+        if version <= 7
+          QuickpayV4to7Gateway.new(options)
         else
-          add_creditcard(post, credit_card_or_reference, options)
+          QuickpayV10Gateway.new(options)
         end
       end
-
-      def add_autocapture(post, autocapture)
-        post[:autocapture] = autocapture ? 1 : 0
-      end
-
-      def recurring_or_authorize(credit_card_or_reference)
-        credit_card_or_reference.is_a?(String) ? :recurring : :authorize
-      end
-
-      def add_description(post, options)
-        post[:description] = options[:description]
-      end
-
-      def add_testmode(post)
-        return if post[:transaction].present?
-        post[:testmode] = test? ? '1' : '0'
-      end
-
-      def add_fraud_parameters(post, options)
-        if @protocol >= 4
-          post[:fraud_remote_addr] = options[:ip] if options[:ip]
-          post[:fraud_http_accept] = options[:fraud_http_accept] if options[:fraud_http_accept]
-          post[:fraud_http_accept_language] = options[:fraud_http_accept_language] if options[:fraud_http_accept_language]
-          post[:fraud_http_accept_encoding] = options[:fraud_http_accept_encoding] if options[:fraud_http_accept_encoding]
-          post[:fraud_http_accept_charset] = options[:fraud_http_accept_charset] if options[:fraud_http_accept_charset]
-          post[:fraud_http_referer] = options[:fraud_http_referer] if options[:fraud_http_referer]
-          post[:fraud_http_user_agent] = options[:fraud_http_user_agent] if options[:fraud_http_user_agent]
-        end
-      end
-
-      def commit(action, params)
-        response = parse(ssl_post(self.live_url, post_data(action, params)))
-
-        Response.new(successful?(response), message_from(response), response,
-          :test => test?,
-          :authorization => response[:transaction]
-        )
-      end
-
-      def successful?(response)
-        response[:qpstat] == APPROVED
-      end
-
-      def parse(data)
-        response = {}
-
-        doc = REXML::Document.new(data)
-
-        doc.root.elements.each do |element|
-          response[element.name.to_sym] = element.text
-        end
-
-        response
-      end
-
-      def message_from(response)
-        response[:qpstatmsg].to_s
-      end
-
-      def post_data(action, params = {})
-        params[:protocol] = @protocol
-        params[:msgtype]  = action.to_s
-        params[:merchant] = @options[:login]
-        params[:apikey] = @options[:apikey] if @options[:apikey]
-        params[:md5check] = generate_check_hash(action, params)
-
-        params.collect { |key, value| "#{key}=#{CGI.escape(value.to_s)}" }.join("&")
-      end
-
-      def generate_check_hash(action, params)
-        string = MD5_CHECK_FIELDS[@protocol][action].collect do |key|
-          params[key.to_sym]
-        end.join('')
-
-        # Add the md5checkword
-        string << @options[:password].to_s
-
-        Digest::MD5.hexdigest(string)
-      end
-
-      def expdate(credit_card)
-        year  = format(credit_card.year, :two_digits)
-        month = format(credit_card.month, :two_digits)
-
-        "#{year}#{month}"
-      end
-
-      # Limited to 20 digits max
-      def format_order_number(number)
-        number.to_s.gsub(/[^\w]/, '').rjust(4, "0")[0...20]
-      end
     end
   end
 end
-

data/lib/active_merchant/billing/gateways/qvalent.rb

@@ -0,0 +1,305 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class QvalentGateway < Gateway
+      self.display_name = 'Qvalent'
+      self.homepage_url = 'https://www.qvalent.com/'
+
+      self.test_url = 'https://ccapi.client.support.qvalent.com/post/CreditCardAPIReceiver'
+      self.live_url = 'https://ccapi.client.qvalent.com/post/CreditCardAPIReceiver'
+
+      self.supported_countries = ['AU']
+      self.default_currency = 'AUD'
+      self.money_format = :cents
+      self.supported_cardtypes = %i[visa master american_express discover jcb diners]
+
+      CVV_CODE_MAPPING = {
+        'S' => 'D'
+      }
+
+      def initialize(options = {})
+        requires!(options, :username, :password, :merchant, :pem)
+        super
+      end
+
+      def purchase(amount, payment_method, options = {})
+        post = {}
+        add_invoice(post, amount, options)
+        add_order_number(post, options)
+        add_payment_method(post, payment_method)
+        add_verification_value(post, payment_method)
+        add_stored_credential_data(post, payment_method, options)
+        add_customer_data(post, options)
+        add_soft_descriptors(post, options)
+        add_customer_reference(post, options)
+
+        commit('capture', post)
+      end
+
+      def authorize(amount, payment_method, options = {})
+        post = {}
+        add_invoice(post, amount, options)
+        add_order_number(post, options)
+        add_payment_method(post, payment_method)
+        add_verification_value(post, payment_method)
+        add_stored_credential_data(post, payment_method, options)
+        add_customer_data(post, options)
+        add_soft_descriptors(post, options)
+        add_customer_reference(post, options)
+
+        commit('preauth', post)
+      end
+
+      def capture(amount, authorization, options = {})
+        post = {}
+        add_invoice(post, amount, options)
+        add_reference(post, authorization, options)
+        add_customer_data(post, options)
+        add_soft_descriptors(post, options)
+        add_customer_reference(post, options)
+
+        commit('captureWithoutAuth', post)
+      end
+
+      def refund(amount, authorization, options = {})
+        post = {}
+        add_invoice(post, amount, options)
+        add_reference(post, authorization, options)
+        add_customer_data(post, options)
+        add_soft_descriptors(post, options)
+        post['order.ECI'] = options[:eci] || 'SSL'
+        add_customer_reference(post, options)
+
+        commit('refund', post)
+      end
+
+      # Credit requires the merchant account to be enabled for "Adhoc Refunds"
+      def credit(amount, payment_method, options = {})
+        post = {}
+        add_invoice(post, amount, options)
+        add_order_number(post, options)
+        add_payment_method(post, payment_method)
+        add_customer_data(post, options)
+        add_soft_descriptors(post, options)
+        add_customer_reference(post, options)
+
+        commit('refund', post)
+      end
+
+      def void(authorization, options = {})
+        post = {}
+        add_reference(post, authorization, options)
+        add_customer_data(post, options)
+        add_soft_descriptors(post, options)
+        add_customer_reference(post, options)
+
+        commit('reversal', post)
+      end
+
+      def store(payment_method, options = {})
+        post = {}
+        add_payment_method(post, payment_method)
+        add_card_reference(post, options)
+
+        commit('registerAccount', post)
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r((&?customer.password=)[^&]*), '\1[FILTERED]').
+          gsub(%r((&?card.PAN=)[^&]*), '\1[FILTERED]').
+          gsub(%r((&?card.CVN=)[^&]*), '\1[FILTERED]')
+      end
+
+      private
+
+      CURRENCY_CODES = Hash.new { |_h, k| raise ArgumentError.new("Unsupported currency: #{k}") }
+      CURRENCY_CODES['AUD'] = 'AUD'
+      CURRENCY_CODES['INR'] = 'INR'
+
+      def add_soft_descriptors(post, options)
+        post['customer.merchantName'] = options[:customer_merchant_name] if options[:customer_merchant_name]
+        post['customer.merchantStreetAddress'] = options[:customer_merchant_street_address] if options[:customer_merchant_street_address]
+        post['customer.merchantLocation'] = options[:customer_merchant_location] if options[:customer_merchant_location]
+        post['customer.merchantState'] = options[:customer_merchant_state] if options[:customer_merchant_state]
+        post['customer.merchantCountry'] = options[:customer_merchant_country] if options[:customer_merchant_country]
+        post['customer.merchantPostCode'] = options[:customer_merchant_post_code] if options[:customer_merchant_post_code]
+        post['customer.subMerchantId'] = options[:customer_sub_merchant_id] if options[:customer_sub_merchant_id]
+      end
+
+      def add_invoice(post, money, options)
+        post['order.amount'] = amount(money)
+        post['card.currency'] = CURRENCY_CODES[options[:currency] || currency(money)]
+      end
+
+      def add_payment_method(post, payment_method)
+        post['card.cardHolderName'] = payment_method.name
+        post['card.PAN'] = payment_method.number
+        post['card.expiryYear'] = format(payment_method.year, :two_digits)
+        post['card.expiryMonth'] = format(payment_method.month, :two_digits)
+      end
+
+      def add_stored_credential_data(post, payment_method, options)
+        post['order.ECI'] = options[:eci] || eci(options)
+        if (stored_credential = options[:stored_credential]) && %w(visa master).include?(payment_method.brand)
+          post['card.posEntryMode'] = stored_credential[:initial_transaction] ? 'MANUAL' : 'STORED_CREDENTIAL'
+          stored_credential_usage(post, payment_method, options) unless stored_credential[:initiator] && stored_credential[:initiator] == 'cardholder'
+          post['order.authTraceId'] = stored_credential[:network_transaction_id] if stored_credential[:network_transaction_id]
+        end
+      end
+
+      def stored_credential_usage(post, payment_method, options)
+        return unless payment_method.brand == 'visa'
+
+        stored_credential = options[:stored_credential]
+        if stored_credential[:reason_type] == 'unscheduled'
+          if stored_credential[:initiator] == 'merchant'
+            post['card.storedCredentialUsage'] = 'UNSCHEDULED_MIT'
+          elsif stored_credential[:initiator] == 'customer'
+            post['card.storedCredentialUsage'] = 'UNSCHEDULED_CIT'
+          end
+        elsif stored_credential[:reason_type] == 'recurring'
+          post['card.storedCredentialUsage'] = 'RECURRING'
+        elsif stored_credential[:reason_type] == 'installment'
+          post['card.storedCredentialUsage'] = 'INSTALLMENT'
+        end
+      end
+
+      def eci(options)
+        if options.dig(:stored_credential, :initial_transaction)
+          'SSL'
+        elsif options.dig(:stored_credential, :initiator) && options[:stored_credential][:initiator] == 'cardholder'
+          'MTO'
+        elsif options.dig(:stored_credential, :reason_type)
+          case options[:stored_credential][:reason_type]
+          when 'recurring'
+            'REC'
+          when 'installment'
+            'INS'
+          when 'unscheduled'
+            'MTO'
+          end
+        else
+          'SSL'
+        end
+      end
+
+      def add_verification_value(post, payment_method)
+        post['card.CVN'] = payment_method.verification_value
+      end
+
+      def add_card_reference(post, options)
+        post['customer.customerReferenceNumber'] = options[:customer_reference_number] || options[:order_id]
+      end
+
+      def add_customer_reference(post, options)
+        post['customer.customerReferenceNumber'] = options[:customer_reference_number] if options[:customer_reference_number]
+      end
+
+      def add_reference(post, authorization, options)
+        post['customer.originalOrderNumber'] = authorization
+        add_order_number(post, options)
+      end
+
+      def add_order_number(post, options)
+        post['customer.orderNumber'] = options[:order_id] || SecureRandom.uuid
+      end
+
+      def add_customer_data(post, options)
+        post['order.ipAddress'] = options[:ip] || '127.0.0.1'
+        post['order.xid'] = options[:xid] if options[:xid]
+        post['order.cavv'] = options[:cavv] if options[:cavv]
+      end
+
+      def commit(action, post)
+        post['customer.username'] = @options[:username]
+        post['customer.password'] = @options[:password]
+        post['customer.merchant'] = @options[:merchant]
+        post['order.type'] = action
+
+        data = build_request(post)
+        raw = parse(ssl_post(url(action), data, headers))
+
+        succeeded = success_from(raw['response.responseCode'])
+        Response.new(
+          succeeded,
+          message_from(succeeded, raw),
+          raw,
+          authorization: raw['response.orderNumber'] || raw['response.customerReferenceNumber'],
+          cvv_result: cvv_result(succeeded, raw),
+          error_code: error_code_from(succeeded, raw),
+          test: test?
+        )
+      end
+
+      def cvv_result(succeeded, raw)
+        return unless succeeded
+
+        code = CVV_CODE_MAPPING[raw['response.cvnResponse']] || raw['response.cvnResponse']
+        CVVResult.new(code)
+      end
+
+      def headers
+        {
+          'Content-Type' => 'application/x-www-form-urlencoded'
+        }
+      end
+
+      def build_request(post)
+        post.to_query + '&message.end'
+      end
+
+      def url(action)
+        (test? ? test_url : live_url)
+      end
+
+      def parse(body)
+        result = {}
+        body.to_s.each_line do |pair|
+          result[$1] = $2 if pair.strip =~ /\A([^=]+)=(.+)\Z/im
+        end
+        result
+      end
+
+      def parse_element(response, node)
+        if node.has_elements?
+          node.elements.each { |element| parse_element(response, element) }
+        else
+          response[node.name.underscore.to_sym] = node.text
+        end
+      end
+
+      SUCCESS_CODES = %w(00 08 10 11 16 QS QZ)
+
+      def success_from(response)
+        SUCCESS_CODES.include?(response)
+      end
+
+      def message_from(succeeded, response)
+        if succeeded
+          'Succeeded'
+        else
+          response['response.text'] || 'Unable to read error message'
+        end
+      end
+
+      STANDARD_ERROR_CODE_MAPPING = {
+        '14' => STANDARD_ERROR_CODE[:invalid_number],
+        'QQ' => STANDARD_ERROR_CODE[:invalid_cvc],
+        '33' => STANDARD_ERROR_CODE[:expired_card],
+        'NT' => STANDARD_ERROR_CODE[:incorrect_address],
+        '12' => STANDARD_ERROR_CODE[:card_declined],
+        '06' => STANDARD_ERROR_CODE[:processing_error],
+        '01' => STANDARD_ERROR_CODE[:call_issuer],
+        '04' => STANDARD_ERROR_CODE[:pickup_card]
+      }
+
+      def error_code_from(succeeded, response)
+        succeeded ? nil : STANDARD_ERROR_CODE_MAPPING[response['response.responseCode']]
+      end
+    end
+  end
+end