activemerchant 1.55.0 → 1.56.0

data/lib/active_merchant/billing/gateways/cashnet.rb

@@ -1,6 +1,8 @@
 module ActiveMerchant #:nodoc:
   module Billing #:nodoc:
     class CashnetGateway < Gateway
+      include Empty
+
       self.live_url      = "https://commerce.cashnet.com/"
 
       self.supported_countries = ["US"]
@@ -47,6 +49,7 @@ module ActiveMerchant #:nodoc:
         post = {}
         post[:origtx]  = identification
         add_invoice(post, options)
+        add_customer_data(post, options)
         commit('REFUND', money, post)
       end
 
@@ -106,6 +109,7 @@ module ActiveMerchant #:nodoc:
 
       def add_customer_data(post, options)
         post[:email_g]  = options[:email]
+        post[:custcode]  = options[:custcode] unless empty?(options[:custcode])
       end
 
       def expdate(creditcard)

data/lib/active_merchant/billing/gateways/creditcall.rb

@@ -3,6 +3,8 @@ require 'nokogiri'
 module ActiveMerchant #:nodoc:
   module Billing #:nodoc:
     class CreditcallGateway < Gateway
+      include Empty
+
       self.test_url = 'https://test.cardeasexml.com/generic.cex'
       self.live_url = 'https://live.cardeasexml.com/generic.cex'
 
@@ -121,7 +123,7 @@ module ActiveMerchant #:nodoc:
           xml.Manual(type: "cnp") do
             xml.PAN payment_method.number
             xml.ExpiryDate exp_date(payment_method)
-            xml.CSC payment_method.verification_value
+            xml.CSC payment_method.verification_value unless empty?(payment_method.verification_value)
           end
 
           if address = options[:billing_address]

data/lib/active_merchant/billing/gateways/elavon.rb

@@ -82,6 +82,7 @@ module ActiveMerchant #:nodoc:
         add_address(form, options)
         add_customer_data(form, options)
         add_test_mode(form, options)
+        add_ip(form, options)
         commit(:purchase, money, form)
       end
 
@@ -100,6 +101,7 @@ module ActiveMerchant #:nodoc:
         add_address(form, options)
         add_customer_data(form, options)
         add_test_mode(form, options)
+        add_ip(form, options)
         commit(:authorize, money, form)
       end
 
@@ -296,6 +298,10 @@ module ActiveMerchant #:nodoc:
         form[:partial_shipment_flag] = 'Y' if options[:partial_shipment_flag]
       end
 
+      def add_ip(form, options)
+        form[:cardholder_ip] = options[:ip] if options.has_key?(:ip)
+      end
+
       def message_from(response)
         success?(response) ? response['result_message'] : response['errorMessage']
       end

data/lib/active_merchant/billing/gateways/firstdata_e4.rb

@@ -356,7 +356,7 @@ module ActiveMerchant #:nodoc:
           [
             response[:authorization_num],
             response[:transaction_tag],
-            response[:dollar_amount].sub(".", "")
+            (response[:dollar_amount].to_f * 100).round
           ].join(";")
         else
           ""

data/lib/active_merchant/billing/gateways/garanti.rb

@@ -1,7 +1,8 @@
 module ActiveMerchant #:nodoc:
   module Billing #:nodoc:
     class GarantiGateway < Gateway
-      self.live_url = self.test_url = 'https://sanalposprov.garanti.com.tr/VPServlet'
+      self.live_url = 'https://sanalposprov.garanti.com.tr/VPServlet'
+      self.test_url = 'https://sanalposprovtest.garanti.com.tr/VPServlet'
 
       # The countries the gateway supports merchants from as 2 digit ISO country codes
       self.supported_countries = ['US','TR']
@@ -217,7 +218,8 @@ module ActiveMerchant #:nodoc:
       end
 
       def commit(money,request)
-        raw_response = ssl_post(self.live_url, "data=" + request)
+        url = test? ? self.test_url : self.live_url
+        raw_response = ssl_post(url, "data=" + request)
         response = parse(raw_response)
 
         success = success?(response)

data/lib/active_merchant/billing/gateways/jetpay.rb

@@ -162,7 +162,7 @@ module ActiveMerchant #:nodoc:
       end
 
       def capture(money, reference, options = {})
-        commit(money, build_capture_request(reference.split(";").first, money))
+        commit(money, build_capture_request(reference.split(";").first, money, options))
       end
 
       def void(reference, options = {})
@@ -242,9 +242,10 @@ module ActiveMerchant #:nodoc:
         end
       end
 
-      def build_capture_request(transaction_id, money)
+      def build_capture_request(transaction_id, money, options)
         build_xml_request('CAPT', transaction_id) do |xml|
           xml.tag! 'TotalAmount', amount(money)
+          add_user_defined_fields(xml, options)
         end
       end
 

data/lib/active_merchant/billing/gateways/mercury.rb

@@ -195,7 +195,16 @@ module ActiveMerchant #:nodoc:
       def add_credit_card(xml, credit_card, action)
         xml.tag! 'Account' do
           if credit_card.track_data.present?
-            xml.tag! 'Track1', credit_card.track_data
+            # Track 1 has a start sentinel (STX) of '%' and track 2 is ';'
+            # Track 1 and 2 have identical end sentinels (ETX) of '?'
+            # If the track has no STX or is corrupt, we send it as track 1, to let Mercury
+            #handle with the validation error as it sees fit.
+            # Track 2 requires having the start and end sentinels stripped. Track 1 does not.
+            if credit_card.track_data[0] == ';' # track 2 start sentinel (STX)
+              xml.tag! 'Track2', credit_card.track_data[1..-2]
+            else # track 1 or a corrupt track
+              xml.tag! 'Track1', credit_card.track_data
+            end
           else
             xml.tag! 'AcctNo', credit_card.number
             xml.tag! 'ExpDate', expdate(credit_card)

data/lib/active_merchant/billing/gateways/micropayment.rb

@@ -23,6 +23,7 @@ module ActiveMerchant #:nodoc:
         add_invoice(post, amount, options)
         add_payment_method(post, payment_method, options)
         add_customer_data(post, options)
+        add_address(post, options)
         commit("purchase", post)
       end
 
@@ -31,6 +32,7 @@ module ActiveMerchant #:nodoc:
         add_invoice(post, amount, options)
         add_payment_method(post, payment_method, options)
         add_customer_data(post, options)
+        add_address(post, options)
         commit("authorize", post)
       end
 
@@ -81,22 +83,34 @@ module ActiveMerchant #:nodoc:
           post[:currency] = options[:currency] || currency(money)
         end
         post[:project] = options[:project] if options[:project]
+        post["params[title]"] = options[:description] if options[:description]
       end
 
       def add_payment_method(post, payment_method, options={})
-        post[:firstname] = payment_method.first_name
-        post[:surname] = payment_method.last_name
         post[:number] = payment_method.number
         post[:recurring] = 1 if options[:recurring] == true
         post[:cvc2] = payment_method.verification_value
         post[:expiryYear] = format(payment_method.year, :four_digits)
         post[:expiryMonth] = format(payment_method.month, :two_digits)
+
+        post["params[firstname]"] = payment_method.first_name
+        post["params[surname]"] = payment_method.last_name
       end
 
       def add_customer_data(post, options)
-        post[:email] = options[:email] if options[:email]
-        post[:ip] = options[:ip] || "1.1.1.1"
-        post[:sendMail] = options[:send_mail] || 'false'
+        post["params[email]"] = options[:email] if options[:email]
+        post["params[ip]"] = options[:ip] || "1.1.1.1"
+        post["params[sendMail]"] = options[:send_mail] || 'false'
+      end
+
+      def add_address(post, options)
+        address = options[:billing_address]
+        return unless address
+
+        post["params[address]"] = address[:address1] if address[:address1]
+        post["params[zipcode]"] = address[:zip] if address[:zip]
+        post["params[town]"] = address[:city] if address[:city]
+        post["params[country]"] = address[:country] if address[:country]
       end
 
       def add_reference(post, authorization)
@@ -128,7 +142,7 @@ module ActiveMerchant #:nodoc:
       end
 
       def post_data(action, params)
-        params.map {|k, v| "#{k}=#{CGI.escape(v.to_s)}"}.join('&')
+        params.map {|k, v| "#{CGI.escape(k.to_s)}=#{CGI.escape(v.to_s)}"}.join('&')
       end
 
       def url(action)

data/lib/active_merchant/billing/gateways/omise.rb

@@ -3,7 +3,6 @@ require 'active_merchant/billing/rails'
 module ActiveMerchant #:nodoc:
   module Billing #:nodoc:
     class OmiseGateway < Gateway
-      API_VERSION = '1.0'
       API_URL     = 'https://api.omise.co/'
       VAULT_URL   = 'https://vault.omise.co/'
 
@@ -45,8 +44,9 @@ module ActiveMerchant #:nodoc:
 
       def initialize(options={})
         requires!(options, :public_key, :secret_key)
-        @public_key = options[:public_key]
-        @secret_key = options[:secret_key]
+        @public_key  = options[:public_key]
+        @secret_key  = options[:secret_key]
+        @api_version = options[:api_version]
         super
       end
 
@@ -178,7 +178,8 @@ module ActiveMerchant #:nodoc:
         key = options[:key] || @secret_key
         {
           'Content-Type'    => 'application/json;utf-8',
-          'User-Agent'      => "Omise/v#{API_VERSION} ActiveMerchantBindings/#{ActiveMerchant::VERSION}",
+          'Omise-Version'   => @api_version || "2014-07-27",
+          'User-Agent'      => "ActiveMerchantBindings/#{ActiveMerchant::VERSION} Ruby/#{RUBY_VERSION}",
           'Authorization'   => 'Basic ' + Base64.encode64(key.to_s + ':').strip,
           'Accept-Encoding' => 'utf-8'
         }

data/lib/active_merchant/billing/gateways/redsys.rb

@@ -24,6 +24,16 @@ module ActiveMerchant #:nodoc:
     #
     # Written by Samuel Lown for Cabify. For implementation questions, or
     # test access details please get in touch: sam@cabify.com.
+    #
+    # *** SHA256 Authentication Update ***
+    #
+    # Redsys is dropping support for the SHA1 authentication method. This
+    # adapter has been updated to work with the new SHA256 authentication
+    # method, however in your initialization options hash you will need to
+    # specify the key/value :signature_algorithm => "sha256" to use the
+    # SHA256 method. Otherwise it will default to using the SHA1.
+    #
+    #
     class RedsysGateway < Gateway
       self.live_url = "https://sis.sermepa.es/sis/operaciones"
       self.test_url = "https://sis-t.redsys.es:25443/sis/operaciones"
@@ -161,9 +171,11 @@ module ActiveMerchant #:nodoc:
       # * <tt>:secret_key</tt> -- The Redsys Secret Key. (REQUIRED)
       # * <tt>:terminal</tt> -- The Redsys Terminal. Defaults to 1. (OPTIONAL)
       # * <tt>:test</tt> -- +true+ or +false+. Defaults to +false+. (OPTIONAL)
+      # * <tt>:signature_algorithm</tt> -- +"sha256"+ Defaults to +"sha1"+. (OPTIONAL)
       def initialize(options = {})
         requires!(options, :login, :secret_key)
         options[:terminal] ||= 1
+        options[:signature_algorithm] ||= "sha1"
         super
       end
 
@@ -247,6 +259,7 @@ module ActiveMerchant #:nodoc:
           gsub(%r((<DS_MERCHANT_PAN>)\d+(</DS_MERCHANT_PAN>))i, '\1[FILTERED]\2').
           gsub(%r((<DS_MERCHANT_CVV2>)\d+(</DS_MERCHANT_CVV2>))i, '\1[FILTERED]\2').
           gsub(%r((DS_MERCHANT_CVV2)%2F%3E%0A%3C%2F)i, '\1[BLANK]').
+          gsub(%r((DS_MERCHANT_CVV2)%2F%3E%3C)i, '\1[BLANK]').
           gsub(%r((DS_MERCHANT_CVV2%3E)(%3C%2FDS_MERCHANT_CVV2))i, '\1[BLANK]\2').
           gsub(%r((<DS_MERCHANT_CVV2>)(</DS_MERCHANT_CVV2>))i, '\1[BLANK]\2').
           gsub(%r((DS_MERCHANT_CVV2%3E)\++(%3C%2FDS_MERCHANT_CVV2))i, '\1[BLANK]\2').
@@ -289,18 +302,28 @@ module ActiveMerchant #:nodoc:
       end
 
       def commit(data)
-        headers = {
+        parse(ssl_post(url, "entrada=#{CGI.escape(xml_request_from(data))}", headers))
+      end
+
+      def headers
+        {
           'Content-Type' => 'application/x-www-form-urlencoded'
         }
-        xml = build_xml_request(data)
-        parse(ssl_post(url, "entrada=#{CGI.escape(xml)}", headers))
+      end
+
+      def xml_request_from(data)
+        if sha256_authentication?
+          build_sha256_xml_request(data)
+        else
+          build_sha1_xml_request(data)
+        end
       end
 
       def build_signature(data)
         str = data[:amount] +
-              data[:order_id].to_s +
-              @options[:login].to_s +
-              data[:currency]
+          data[:order_id].to_s +
+          @options[:login].to_s +
+          data[:currency]
 
         if card = data[:card]
           str << card[:pan]
@@ -318,8 +341,30 @@ module ActiveMerchant #:nodoc:
         Digest::SHA1.hexdigest(str)
       end
 
-      def build_xml_request(data)
+      def build_sha256_xml_request(data)
+        xml = Builder::XmlMarkup.new
+        xml.instruct!
+        xml.REQUEST do
+          build_merchant_data(xml, data)
+          xml.DS_SIGNATUREVERSION 'HMAC_SHA256_V1'
+          xml.DS_SIGNATURE sign_request(merchant_data_xml(data), data[:order_id])
+        end
+        xml.target!
+      end
+
+      def build_sha1_xml_request(data)
         xml = Builder::XmlMarkup.new :indent => 2
+        build_merchant_data(xml, data)
+        xml.target!
+      end
+
+      def merchant_data_xml(data)
+        xml = Builder::XmlMarkup.new
+        build_merchant_data(xml, data)
+        xml.target!
+      end
+
+      def build_merchant_data(xml, data)
         xml.DATOSENTRADA do
           # Basic elements
           xml.DS_Version 0.1
@@ -330,7 +375,7 @@ module ActiveMerchant #:nodoc:
           xml.DS_MERCHANT_PRODUCTDESCRIPTION data[:description]
           xml.DS_MERCHANT_TERMINAL           @options[:terminal]
           xml.DS_MERCHANT_MERCHANTCODE       @options[:login]
-          xml.DS_MERCHANT_MERCHANTSIGNATURE  build_signature(data)
+          xml.DS_MERCHANT_MERCHANTSIGNATURE  build_signature(data) unless sha256_authentication?
 
           # Only when card is present
           if data[:card]
@@ -343,7 +388,6 @@ module ActiveMerchant #:nodoc:
             xml.DS_MERCHANT_IDENTIFIER data[:credit_card_token]
           end
         end
-        xml.target!
       end
 
       def parse(data)
@@ -375,18 +419,23 @@ module ActiveMerchant #:nodoc:
       end
 
       def validate_signature(data)
-        str = data[:ds_amount] +
-              data[:ds_order].to_s +
-              data[:ds_merchantcode] +
-              data[:ds_currency] +
-              data[:ds_response] +
-              data[:ds_cardnumber].to_s +
-              data[:ds_transactiontype].to_s +
-              data[:ds_securepayment].to_s +
-              @options[:secret_key]
-
-        sig = Digest::SHA1.hexdigest(str)
-        data[:ds_signature].to_s.downcase == sig
+        if sha256_authentication?
+          sig = Base64.strict_encode64(mac256(get_key(data[:ds_order].to_s), xml_signed_fields(data)))
+          sig.upcase == data[:ds_signature].to_s.upcase
+        else
+          str = data[:ds_amount] +
+            data[:ds_order].to_s +
+            data[:ds_merchantcode] +
+            data[:ds_currency] +
+            data[:ds_response] +
+            data[:ds_cardnumber].to_s +
+            data[:ds_transactiontype].to_s +
+            data[:ds_securepayment].to_s +
+            @options[:secret_key]
+
+          sig = Digest::SHA1.hexdigest(str)
+          data[:ds_signature].to_s.downcase == sig
+        end
       end
 
       def build_authorization(params)
@@ -426,6 +475,43 @@ module ActiveMerchant #:nodoc:
           "%04d%s" % [rand(0..9999), cleansed[0...8]]
         end
       end
+
+      def sha256_authentication?
+        @options[:signature_algorithm] == "sha256"
+      end
+
+      def sign_request(xml_request_string, order_id)
+        key = encrypt(@options[:secret_key], order_id)
+        Base64.strict_encode64(mac256(key, xml_request_string))
+      end
+
+      def encrypt(key, order_id)
+        block_length = 8
+        cipher = OpenSSL::Cipher::Cipher.new('DES3')
+        cipher.encrypt
+
+        cipher.key = Base64.strict_decode64(key)
+        # The OpenSSL default of an all-zeroes ("\\0") IV is used.
+        cipher.padding = 0
+
+        order_id += "\0" until order_id.bytesize % block_length == 0 # Pad with zeros
+
+        output = cipher.update(order_id) + cipher.final
+        output
+      end
+
+      def mac256(key, data)
+        OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), key, data)
+      end
+
+      def xml_signed_fields(data)
+        data[:ds_amount] + data[:ds_order] + data[:ds_merchantcode] + data[:ds_currency] +
+          data[:ds_response] + data[:ds_transactiontype] + data[:ds_securepayment]
+      end
+
+      def get_key(order_id)
+        encrypt(@options[:secret_key], order_id)
+      end
     end
   end
 end

data/lib/active_merchant/billing/gateways/stripe.rb

@@ -106,7 +106,9 @@ module ActiveMerchant #:nodoc:
       end
 
       def void(identification, options = {})
-        commit(:post, "charges/#{CGI.escape(identification)}/refunds", {}, options)
+        post = {}
+        post[:expand] = [:charge]
+        commit(:post, "charges/#{CGI.escape(identification)}/refunds", post, options)
       end
 
       def refund(money, identification, options = {})
@@ -115,6 +117,7 @@ module ActiveMerchant #:nodoc:
         post[:refund_application_fee] = true if options[:refund_application_fee]
         post[:reverse_transfer] = options[:reverse_transfer] if options[:reverse_transfer]
         post[:metadata] = options[:metadata] if options[:metadata]
+        post[:expand] = [:charge]
 
         MultiResponse.run(:first) do |r|
           r.process { commit(:post, "charges/#{CGI.escape(identification)}/refunds", post, options) }
@@ -283,7 +286,8 @@ module ActiveMerchant #:nodoc:
       end
 
       def add_expand_parameters(post, options)
-        post[:expand] = Array.wrap(options[:expand])
+        post[:expand] ||= []
+        post[:expand].concat(Array.wrap(options[:expand]).map(&:to_sym)).uniq!
       end
 
       def add_customer_data(post, options)
@@ -453,7 +457,7 @@ module ActiveMerchant #:nodoc:
         Response.new(success,
           success ? "Transaction approved" : response["error"]["message"],
           response,
-          :test => response.has_key?("livemode") ? !response["livemode"] : false,
+          :test => response_is_test?(response),
           :authorization => authorization_from(success, url, method, response),
           :avs_result => { :code => avs_code },
           :cvv_result => cvc_code,
@@ -492,6 +496,16 @@ module ActiveMerchant #:nodoc:
         }
       end
 
+      def response_is_test?(response)
+        if response.has_key?('livemode')
+          !response['livemode']
+        elsif response['charge'].is_a?(Hash) && response['charge'].has_key?('livemode')
+          !response['charge']['livemode']
+        else
+          false
+        end
+      end
+
       def non_fractional_currency?(currency)
         CURRENCIES_WITHOUT_FRACTIONS.include?(currency.to_s)
       end