activemerchant 1.56.0 → 1.57.0

data/lib/active_merchant/billing/gateways/forte.rb

@@ -23,6 +23,7 @@ module ActiveMerchant #:nodoc:
       def purchase(money, payment_method, options={})
         post = {}
         add_amount(post, money, options)
+        add_invoice(post, options)
         add_payment_method(post, payment_method)
         add_billing_address(post, payment_method, options)
         add_shipping_address(post, options)
@@ -34,6 +35,7 @@ module ActiveMerchant #:nodoc:
       def authorize(money, payment_method, options={})
         post = {}
         add_amount(post, money, options)
+        add_invoice(post, options)
         add_payment_method(post, payment_method)
         add_billing_address(post, payment_method, options)
         add_shipping_address(post, options)
@@ -44,6 +46,7 @@ module ActiveMerchant #:nodoc:
 
       def capture(money, authorization, options={})
         post = {}
+        add_invoice(post, options)
         post[:transaction_id] = transaction_id_from(authorization)
         post[:authorization_code] = authorization_code_from(authorization)
         post[:action] = "capture"
@@ -54,6 +57,7 @@ module ActiveMerchant #:nodoc:
       def credit(money, payment_method, options={})
         post = {}
         add_amount(post, money, options)
+        add_invoice(post, options)
         add_payment_method(post, payment_method)
         add_billing_address(post, payment_method, options)
         post[:action] = "disburse"
@@ -95,6 +99,10 @@ module ActiveMerchant #:nodoc:
         post[:location_id] = "loc_#{@options[:location_id]}"
       end
 
+      def add_invoice(post, options)
+        post[:order_number] = options[:order_id]
+      end
+
       def add_amount(post, money, options)
         post[:authorization_amount] = amount(money)
       end

data/lib/active_merchant/billing/gateways/in_context_paypal_express.rb

@@ -0,0 +1,15 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class InContextPaypalExpressGateway < PaypalExpressGateway
+      self.test_redirect_url = 'https://www.sandbox.paypal.com/checkoutnow'
+      self.live_redirect_url = 'https://www.paypal.com/checkoutnow'
+
+      def redirect_url_for(token, options = {})
+        options = {review: true}.update(options)
+        url  = "#{redirect_url}?token=#{token}"
+        url += '&useraction=commit' unless options[:review]
+        url
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/gateways/litle.rb

@@ -243,7 +243,7 @@ module ActiveMerchant #:nodoc:
       def add_order_source(doc, payment_method, options)
         if options[:order_source]
           doc.orderSource(options[:order_source])
-        elsif payment_method.is_a?(NetworkTokenizationCreditCard)
+        elsif payment_method.is_a?(NetworkTokenizationCreditCard) && payment_method.source == :apple_pay
           doc.orderSource('applepay')
         elsif payment_method.respond_to?(:track_data) && payment_method.track_data.present?
           doc.orderSource('retail')

data/lib/active_merchant/billing/gateways/merchant_e_solutions.rb

@@ -99,7 +99,8 @@ module ActiveMerchant #:nodoc:
 
       def add_invoice(post, options)
         if options.has_key? :order_id
-          post[:invoice_number] = options[:order_id].to_s.gsub(/[^\w.]/, '')
+          order_id = options[:order_id].to_s.gsub(/[^\w.]/, '')
+          post[:invoice_number] = truncate(order_id, 17)
         end
       end
 

data/lib/active_merchant/billing/gateways/ncr_secure_pay.rb

@@ -0,0 +1,165 @@
+require 'nokogiri'
+
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class NcrSecurePayGateway < Gateway
+      self.test_url = 'https://testbox.monetra.com:8665/'
+      self.live_url = 'https://ps.ncrsecurepay.com:8444/'
+
+      self.supported_countries = ['US']
+      self.default_currency = 'USD'
+      self.supported_cardtypes = [:visa, :master, :american_express, :discover]
+
+      self.homepage_url = 'http://www.ncrretailonline.com'
+      self.display_name = 'NCR Secure Pay'
+
+      def initialize(options={})
+        requires!(options, :username, :password)
+        super
+      end
+
+      def purchase(money, payment, options={})
+        post = {}
+        add_invoice(post, money, options)
+        add_payment(post, payment)
+        add_address(post, payment, options)
+
+        commit('sale', post)
+      end
+
+      def authorize(money, payment, options={})
+        post = {}
+        add_invoice(post, money, options)
+        add_payment(post, payment)
+        add_address(post, payment, options)
+
+        commit('preauth', post)
+      end
+
+      def capture(money, authorization, options={})
+        post = {}
+        add_reference(post, authorization)
+        add_invoice(post, money, options)
+
+        commit('preauthcomplete', post)
+      end
+
+      def refund(money, authorization, options={})
+        post = {}
+        add_reference(post, authorization)
+        add_invoice(post, money, options)
+
+        commit('credit', post)
+      end
+
+      def void(authorization, options={})
+        post = {}
+        add_reference(post, authorization)
+        commit('void', post)
+      end
+
+      def verify(credit_card, options={})
+        MultiResponse.run(:use_first_response) do |r|
+          r.process { authorize(100, credit_card, options) }
+          r.process(:ignore_result) { void(r.authorization, options) }
+        end
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.gsub(%r((<password>)[^<]*(</password>))i, '\1[FILTERED]\2').
+          gsub(%r((<account>)[^<]*(</account>))i, '\1[FILTERED]\2').
+          gsub(%r((<cv>)[^<]*(</cv>))i, '\1[FILTERED]\2')
+      end
+
+      private
+
+      def add_reference(post, reference)
+        post[:ttid] = reference
+      end
+
+      def add_address(post, payment, options)
+        address = options[:billing_address] || options[:address]
+        post[:zip] = address[:zip]
+        post[:street] = address[:address1]
+      end
+
+      def add_invoice(post, money, options)
+        post[:amount] = amount(money)
+        post[:currency] = (options[:currency] || currency(money))
+        post[:descmerch] = options[:merchant] if options[:merchant]
+        post[:ordernum] = options[:order_id] if options[:order_id]
+        post[:comments] = options[:description] if options[:description]
+      end
+
+      def add_payment(post, payment)
+        post[:cardholdername] = payment.name
+        post[:account] = payment.number
+        post[:cv] = payment.verification_value
+        post[:expdate] = expdate(payment)
+      end
+
+      def parse(body)
+        doc = Nokogiri::XML(body)
+        doc.remove_namespaces!
+        response = doc.xpath("/MonetraResp/Resp")[0]
+        resp_params = {}
+
+        response.elements.each do |node|
+          resp_params[node.name.downcase.to_sym] = node.text
+        end
+        resp_params
+      end
+
+      def commit(action, parameters)
+        url = (test? ? test_url : live_url)
+        response = parse(ssl_post(url, request_body(action, parameters)))
+
+        Response.new(
+          success_from(response),
+          message_from(response),
+          response,
+          authorization: authorization_from(response),
+          test: test?,
+          error_code: error_code_from(response)
+        )
+      end
+
+      def success_from(response)
+        response[:code] == "AUTH"
+      end
+
+      def message_from(response)
+        response[:verbiage]
+      end
+
+      def authorization_from(response)
+        response[:ttid]
+      end
+
+      def request_body(action, parameters = {})
+        Nokogiri::XML::Builder.new(:encoding => 'utf-8') do |xml|
+          xml.MonetraTrans do
+            xml.Trans(identifier: parameters.delete(:identifier) || "1") do
+              xml.username(options[:username])
+              xml.password(options[:password])
+              xml.action(action)
+              parameters.each do |name, value|
+                xml.send(name, value)
+              end
+            end
+          end
+        end.to_xml
+      end
+
+      def error_code_from(response)
+        unless success_from(response)
+          response[:msoft_code] || response[:phard_code]
+        end
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/gateways/payeezy.rb

@@ -30,22 +30,22 @@ module ActiveMerchant
         super
       end
 
-      def purchase(amount, creditcard, options = {})
+      def purchase(amount, payment_method, options = {})
         params = {transaction_type: 'purchase'}
 
         add_invoice(params, options)
-        add_creditcard(params, creditcard)
+        add_payment_method(params, payment_method)
         add_address(params, options)
         add_amount(params, amount, options)
 
         commit(params, options)
       end
 
-      def authorize(amount, creditcard, options = {})
+      def authorize(amount, payment_method, options = {})
         params = {transaction_type: 'authorize'}
 
         add_invoice(params, options)
-        add_creditcard(params, creditcard)
+        add_payment_method(params, payment_method)
         add_address(params, options)
         add_amount(params, amount, options)
 
@@ -71,7 +71,7 @@ module ActiveMerchant
       end
 
       def void(authorization, options = {})
-        params = {transaction_type: 'refund'}
+        params = {transaction_type: 'void'}
 
         add_authorization_info(params, authorization)
         add_amount(params, amount_from_authorization(authorization), options)
@@ -79,6 +79,26 @@ module ActiveMerchant
         commit(params, options)
       end
 
+      def verify(credit_card, options={})
+        MultiResponse.run(:use_first_response) do |r|
+          r.process { authorize(100, credit_card, options) }
+          r.process(:ignore_result) { void(r.authorization, options) }
+        end
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r((Token: )(\w|-)+), '\1[FILTERED]').
+          gsub(%r((\\?"card_number\\?":\\?")\d+), '\1[FILTERED]').
+          gsub(%r((\\?"cvv\\?":\\?")\d+), '\1[FILTERED]').
+          gsub(%r((\\?"account_number\\?":\\?")\d+), '\1[FILTERED]').
+          gsub(%r((\\?"routing_number\\?":\\?")\d+), '\1[FILTERED]')
+      end
+
       private
 
       def add_invoice(params, options)
@@ -96,6 +116,14 @@ module ActiveMerchant
         params[:method] = method
       end
 
+      def add_payment_method(params, payment_method)
+        if payment_method.is_a? Check
+          add_echeck(params, payment_method)
+        else
+          add_creditcard(params, payment_method)
+        end
+      end
+
       def add_creditcard(params, creditcard)
         credit_card = {}
 
@@ -109,6 +137,19 @@ module ActiveMerchant
         params[:credit_card] = credit_card
       end
 
+      def add_echeck(params, echeck)
+        tele_check = {}
+
+        tele_check[:check_number] = echeck.number
+        tele_check[:check_type] = "P"
+        tele_check[:routing_number] = echeck.routing_number
+        tele_check[:account_number] = echeck.account_number
+        tele_check[:accountholder_name] = "#{echeck.first_name} #{echeck.last_name}"
+
+        params[:method] = 'tele_check'
+        params[:tele_check] = tele_check
+      end
+
       def add_address(params, options)
         address = options[:billing_address]
         return unless address
@@ -141,12 +182,9 @@ module ActiveMerchant
           url = "#{url}/#{transaction_id}"
         end
 
-        success = false
         begin
           body = params.to_json
-          raw_response = ssl_post(url, body, headers(body))
-          response = parse(raw_response)
-          success = (response['transaction_status'] == 'approved')
+          response = parse(ssl_post(url, body, headers(body)))
         rescue ResponseError => e
           response = response_error(e.response.body)
         rescue JSON::ParserError
@@ -154,17 +192,21 @@ module ActiveMerchant
         end
 
         Response.new(
-          success,
-          handle_message(response, success),
+          success_from(response),
+          handle_message(response, success_from(response)),
           response,
           test: test?,
           authorization: authorization_from(params, response),
           avs_result: {code: response['avs']},
           cvv_result: response['cvv2'],
-          error_code: error_code(response, success)
+          error_code: error_code(response, success_from(response))
         )
       end
 
+      def success_from(response)
+        response['transaction_status'] == 'approved'
+      end
+
       def authorization_from(params, response)
         [
           response['transaction_id'],

data/lib/active_merchant/billing/gateways/sage.rb

@@ -1,172 +1,423 @@
-require 'active_merchant/billing/gateways/sage/sage_bankcard'
-require 'active_merchant/billing/gateways/sage/sage_virtual_check'
-require 'active_merchant/billing/gateways/sage/sage_vault'
-
 module ActiveMerchant #:nodoc:
   module Billing #:nodoc:
     class SageGateway < Gateway
-      self.supported_countries = SageBankcardGateway.supported_countries
-      self.supported_cardtypes = SageBankcardGateway.supported_cardtypes
-
-      self.abstract_class = true
-
-      # Creates a new SageGateway
-      #
-      # The gateway requires that a valid login and password be passed
-      # in the +options+ hash.
-      #
-      # ==== Options
-      #
-      # * <tt>:login</tt> - The Sage Payment Solutions Merchant ID Number.
-      # * <tt>:password</tt> - The Sage Payment Solutions Merchant Key Number.
+      self.display_name = 'http://www.sagepayments.com'
+      self.homepage_url = 'Sage Payment Solutions'
+      self.live_url = 'https://www.sagepayments.net/cgi-bin'
+
+      self.supported_countries =  ['US', 'CA']
+      self.supported_cardtypes = [:visa, :master, :american_express, :discover, :jcb, :diners_club]
+
+      TRANSACTIONS = {
+        :purchase           => '01',
+        :authorization      => '02',
+        :capture            => '11',
+        :void               => '04',
+        :credit             => '06',
+        :refund             => '10'
+      }
+
+      SOURCE_CARD   = "bankcard"
+      SOURCE_ECHECK =  "virtual_check"
+
       def initialize(options = {})
         requires!(options, :login, :password)
         super
       end
 
-      # Performs an authorization transaction
-      #
-      # ==== Parameters
-      # * <tt>money</tt> - The amount to be authorized as an integer value in cents.
-      # * <tt>credit_card</tt> - The CreditCard object to be used as the funding source for the transaction.
-      # * <tt>options</tt> - A hash of optional parameters.
-      #   * <tt>:order_id</tt> - A unique reference for this order. (maximum of 20 characters).
-      #   * <tt>:email</tt> - The customer's email address
-      #   * <tt>:customer</tt> - The Customer Number for Purchase Card Level II Transactions
-      #   * <tt>:billing_address</tt> - The customer's billing address as a hash of address information.
-      #     * <tt>:address1</tt> - The billing address street
-      #     * <tt>:city</tt> - The billing address city
-      #     * <tt>:state</tt> - The billing address state
-      #     * <tt>:country</tt> - The 2 digit ISO billing address country code
-      #     * <tt>:zip</tt> - The billing address zip code
-      #     * <tt>:phone</tt> - The billing address phone number
-      #     * <tt>:fax</tt> - The billing address fax number
-      #   * <tt>:shipping_address</tt> - The customer's shipping address as a hash of address information.
-      #     * <tt>:name</tt> - The name at the shipping address
-      #     * <tt>:address1</tt> - The shipping address street
-      #     * <tt>:city</tt> - The shipping address city
-      #     * <tt>:state</tt> - The shipping address state code
-      #     * <tt>:country</tt> - The 2 digit ISO shipping address country code
-      #     * <tt>:zip</tt> - The shipping address zip code
-      #   * <tt>:tax</tt> - The tax amount for the transaction as an Integer value in cents. Maps to Sage <tt>T_tax</tt>.
-      #   * <tt>:shipping</tt> - The shipping amount for the transaction as an Integer value in cents. Maps to Sage <tt>T_shipping</tt>.
       def authorize(money, credit_card, options = {})
-        bankcard.authorize(money, credit_card, options)
-      end
-
-      # Performs a purchase, which is essentially an authorization and capture in a single operation.
-      #
-      # ==== Parameters
-      #
-      # * <tt>money</tt> - The amount to be authorized as an integer value in cents.
-      # * <tt>source</tt> - The CreditCard or Check object to be used as the funding source for the transaction.
-      # * <tt>options</tt> - A hash of optional parameters.
-      #   * <tt>:order_id</tt> - A unique reference for this order. (maximum of 20 characters).
-      #   * <tt>:email</tt> - The customer's email address
-      #   * <tt>:customer</tt> - The Customer Number for Purchase Card Level II Transactions
-      #   * <tt>:billing_address</tt> - The customer's billing address as a hash of address information.
-      #     * <tt>:address1</tt> - The billing address street
-      #     * <tt>:city</tt> - The billing address city
-      #     * <tt>:state</tt> - The billing address state
-      #     * <tt>:country</tt> - The 2 digit ISO billing address country code
-      #     * <tt>:zip</tt> - The billing address zip code
-      #     * <tt>:phone</tt> - The billing address phone number
-      #     * <tt>:fax</tt> - The billing address fax number
-      #   * <tt>:shipping_address</tt> - The customer's shipping address as a hash of address information.
-      #     * <tt>:name</tt> - The name at the shipping address
-      #     * <tt>:address1</tt> - The shipping address street
-      #     * <tt>:city</tt> - The shipping address city
-      #     * <tt>:state</tt> - The shipping address state code
-      #     * <tt>:country</tt> - The 2 digit ISO shipping address country code
-      #     * <tt>:zip</tt> - The shipping address zip code
-      #   * <tt>:tax</tt> - The tax amount for the transaction as an integer value in cents. Maps to Sage <tt>T_tax</tt>.
-      #   * <tt>:shipping</tt> - The shipping amount for the transaction as an integer value in cents. Maps to Sage <tt>T_shipping</tt>.
-      #
-      # ==== Additional options in the +options+ hash for when using a Check as the funding source
-      # * <tt>:originator_id</tt> - 10 digit originator. If not provided, Sage will use the default Originator ID for the specific customer type.
-      # * <tt>:addenda</tt> - Transaction addenda.
-      # * <tt>:ssn</tt> - The customer's Social Security Number.
-      # * <tt>:drivers_license_state</tt> - The customer's drivers license state code.
-      # * <tt>:drivers_license_number</tt> - The customer's drivers license number.
-      # * <tt>:date_of_birth</tt> - The customer's date of birth as a Time or Date object or a string in the format <tt>mm/dd/yyyy</tt>.
-      def purchase(money, source, options = {})
-        if card_brand(source) == "check"
-          virtual_check.purchase(money, source, options)
+        post = {}
+        add_credit_card(post, credit_card)
+        add_transaction_data(post, money, options)
+        commit(:authorization, post, SOURCE_CARD)
+      end
+
+      def purchase(money, payment_method, options = {})
+        post = {}
+        if card_brand(payment_method) == "check"
+          source = SOURCE_ECHECK
+          add_check(post, payment_method)
+          add_check_customer_data(post, options)
         else
-          bankcard.purchase(money, source, options)
+          source = SOURCE_CARD
+          add_credit_card(post, payment_method)
         end
+        add_transaction_data(post, money, options)
+        commit(:purchase, post, source)
       end
 
-      # Captures authorized funds.
-      #
-      # ==== Parameters
-      #
-      # * <tt>money</tt> - The amount to be authorized as an integer value in cents. Sage doesn't support changing the capture amount, so the full amount of the initial transaction will be captured.
-      # * <tt>reference</tt> - The authorization reference string returned by the original transaction's Response#authorization.
+      # The +money+ amount is not used. The entire amount of the
+      # initial authorization will be captured.
       def capture(money, reference, options = {})
-        bankcard.capture(money, reference, options)
+        post = {}
+        add_reference(post, reference)
+        commit(:capture, post, SOURCE_CARD)
       end
 
-      # Voids a prior transaction. Works for both CreditCard and Check transactions.
-      #
-      # ==== Parameters
-      #
-      # * <tt>reference</tt> - The authorization reference string returned by the original transaction's Response#authorization.
       def void(reference, options = {})
-        if reference.split(";").last == "virtual_check"
-          virtual_check.void(reference, options)
-        else
-          bankcard.void(reference, options)
-        end
+        post = {}
+        add_reference(post, reference)
+        source = reference.split(";").last
+        commit(:void, post, source)
       end
 
-      #
-      # ==== Parameters
-      #
-      # * <tt>money</tt> - The amount to be authorized as an integer value in cents.
-      # * <tt>source</tt> - The CreditCard or Check object to be used as the target for the credit.
-      def credit(money, source, options = {})
-        if card_brand(source) == "check"
-          virtual_check.credit(money, source, options)
+      def credit(money, payment_method, options = {})
+        post = {}
+        if card_brand(payment_method) == "check"
+          source = SOURCE_ECHECK
+          add_check(post, payment_method)
+          add_check_customer_data(post, options)
         else
-          bankcard.credit(money, source, options)
+          source = SOURCE_CARD
+          add_credit_card(post, payment_method)
         end
+        add_transaction_data(post, money, options)
+        commit(:credit, post, source)
       end
 
       def refund(money, reference, options={})
-        bankcard.refund(money, reference, options)
+        post = {}
+        add_reference(post, reference)
+        add_transaction_data(post, money, options)
+        commit(:refund, post, SOURCE_CARD)
       end
 
-      # Stores a credit card in the Sage vault.
-      #
-      # ==== Parameters
-      #
-      # * <tt>credit_card</tt> - The CreditCard object to be stored.
       def store(credit_card, options = {})
         vault.store(credit_card, options)
       end
 
-      # Deletes a stored card from the Sage vault.
-      #
-      # ==== Parameters
-      #
-      # * <tt>identification</tt> - The 'GUID' identifying the stored card.
       def unstore(identification, options = {})
         vault.unstore(identification, options)
       end
 
       private
 
-      def bankcard
-        @bankcard ||= SageBankcardGateway.new(@options)
+      def add_credit_card(post, credit_card)
+        post[:C_name]       = credit_card.name
+        post[:C_cardnumber] = credit_card.number
+        post[:C_exp]        = expdate(credit_card)
+        post[:C_cvv]        = credit_card.verification_value if credit_card.verification_value?
+      end
+
+      def add_check(post, check)
+        post[:C_first_name]   = check.first_name
+        post[:C_last_name]    = check.last_name
+        post[:C_rte]          = check.routing_number
+        post[:C_acct]         = check.account_number
+        post[:C_check_number] = check.number
+        post[:C_acct_type]    = account_type(check)
+      end
+
+      def add_check_customer_data(post, options)
+        # Required  Customer Type – (NACHA Transaction Class)
+        # CCD for Commercial, Merchant Initiated
+        # PPD for Personal, Merchant Initiated
+        # WEB for Internet, Consumer Initiated
+        # RCK for Returned Checks
+        # ARC for Account Receivable Entry
+        # TEL for TelephoneInitiated
+        post[:C_customer_type] = "WEB"
+
+        # Optional  10  Digit Originator  ID – Assigned  By for  each transaction  class  or  business  purpose. If  not provided, the default Originator ID for the specific  Customer Type will be applied. 
+        post[:C_originator_id] = options[:originator_id]
+
+        # Optional  Transaction Addenda
+        post[:T_addenda] = options[:addenda]
+
+        # Required  Check  Writer  Social  Security  Number  (  Numbers Only, No Dashes ) 
+        post[:C_ssn] = options[:ssn].to_s.gsub(/[^\d]/, '')
+
+        post[:C_dl_state_code] = options[:drivers_license_state]
+        post[:C_dl_number]     = options[:drivers_license_number]
+        post[:C_dob]           = format_birth_date(options[:date_of_birth])
       end
 
-      def virtual_check
-        @virtual_check ||= SageVirtualCheckGateway.new(@options)
+      def format_birth_date(date)
+        date.respond_to?(:strftime) ? date.strftime("%m/%d/%Y") : date
+      end
+
+      # DDA for Checking
+      # SAV for Savings 
+      def account_type(check)
+        case check.account_type
+        when 'checking' then 'DDA'
+        when 'savings'  then 'SAV'
+        else raise ArgumentError, "Unknown account type #{check.account_type}"
+        end
+      end
+
+      def parse(data, source)
+        source == SOURCE_ECHECK ? parse_check(data) : parse_credit_card(data)
+      end
+
+      def parse_check(data)
+        response = {}
+        response[:success]          = data[1,1]
+        response[:code]             = data[2,6].strip
+        response[:message]          = data[8,32].strip
+        response[:risk]             = data[40, 2]
+        response[:reference]        = data[42, 10]
+
+        extra_data = data[53...-1].split("\034")
+        response[:order_number] = extra_data[0]
+        response[:authentication_indicator] = extra_data[1]
+        response[:authentication_disclosure] = extra_data[2]
+        response
+      end
+
+      def parse_credit_card(data)
+        response = {}
+        response[:success]          = data[1,1]
+        response[:code]             = data[2,6]
+        response[:message]          = data[8,32].strip
+        response[:front_end]        = data[40, 2]
+        response[:cvv_result]       = data[42, 1]
+        response[:avs_result]       = data[43, 1].strip
+        response[:risk]             = data[44, 2]
+        response[:reference]        = data[46, 10]
+
+        response[:order_number], response[:recurring] = data[57...-1].split("\034")
+        response
+      end
+
+      def add_invoice(post, options)
+        post[:T_ordernum] = (options[:order_id] || generate_unique_id).slice(0, 20)
+        post[:T_tax] = amount(options[:tax]) unless options[:tax].blank?
+        post[:T_shipping] = amount(options[:shipping]) unless options[:shipping].blank?
+      end
+
+      def add_reference(post, reference)
+        ref, _ = reference.to_s.split(";")
+        post[:T_reference] = ref
+      end
+
+      def add_amount(post, money)
+        post[:T_amt] = amount(money)
+      end
+
+      def add_customer_data(post, options)
+        post[:T_customer_number] = options[:customer] if Float(options[:customer]) rescue nil
+      end
+
+      def add_addresses(post, options)
+        billing_address   = options[:billing_address] || options[:address] || {}
+
+        post[:C_address]    = billing_address[:address1]
+        post[:C_city]       = billing_address[:city]
+
+        if ['US', 'CA'].include?(billing_address[:country])
+          post[:C_state]    = billing_address[:state]
+        else
+          post[:C_state]    = "Outside of United States"
+        end
+
+        post[:C_zip]        = billing_address[:zip]
+        post[:C_country]    = billing_address[:country]
+        post[:C_telephone]  = billing_address[:phone]
+        post[:C_fax]        = billing_address[:fax]
+        post[:C_email]      = options[:email]
+
+        if shipping_address = options[:shipping_address]
+          post[:C_ship_name]    = shipping_address[:name]
+          post[:C_ship_address] = shipping_address[:address1]
+          post[:C_ship_city]    = shipping_address[:city]
+          post[:C_ship_state]   = shipping_address[:state]
+          post[:C_ship_zip]     = shipping_address[:zip]
+          post[:C_ship_country] = shipping_address[:country]
+        end
+      end
+
+      def add_transaction_data(post, money, options)
+        add_amount(post, money)
+        add_invoice(post, options)
+        add_addresses(post, options)
+        add_customer_data(post, options)
+      end
+
+      def commit(action, params, source)
+        url = url(params, source)
+        response = parse(ssl_post(url, post_data(action, params)), source)
+
+        Response.new(success?(response), response[:message], response,
+          :test => test?,
+          :authorization => authorization_from(response, source),
+          :avs_result => { :code => response[:avs_result] },
+          :cvv_result => response[:cvv_result]
+        )
+      end
+
+      def url(params, source)
+        if source == SOURCE_ECHECK
+          "#{live_url}/eftVirtualCheck.dll?transaction"
+        else
+          "#{live_url}/eftBankcard.dll?transaction"
+        end
+      end
+
+      def authorization_from(response, source)
+        "#{response[:reference]};#{source}"
+      end
+
+      def success?(response)
+        response[:success] == 'A'
+      end
+
+      def post_data(action, params = {})
+        params[:M_id]  = @options[:login]
+        params[:M_key] = @options[:password]
+        params[:T_code] = TRANSACTIONS[action]
+
+        params.collect { |key, value| "#{key}=#{CGI.escape(value.to_s)}" }.join("&")
       end
 
       def vault
-        @vault ||= SageVaultGateway.new(@options)
+        @vault ||= SageVault.new(@options, self)
+      end
+
+      class SageVault
+
+        def initialize(options, gateway)
+          @live_url = 'https://www.sagepayments.net/web_services/wsVault/wsVault.asmx'
+          @options = options
+          @gateway = gateway
+        end
+
+        def store(credit_card, options = {})
+          request = build_store_request(credit_card, options)
+          commit(:store, request)
+        end
+
+        def unstore(identification, options = {})
+          request = build_unstore_request(identification, options)
+          commit(:unstore, request)
+        end
+
+        private
+
+        # A valid request example, since the Sage docs have none:
+        #
+        # <?xml version="1.0" encoding="UTF-8" ?>
+        # <SOAP-ENV:Envelope
+        #   xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
+        #   xmlns:ns1="https://www.sagepayments.net/web_services/wsVault/wsVault">
+        #   <SOAP-ENV:Body>
+        #     <ns1:INSERT_CREDIT_CARD_DATA>
+        #       <ns1:M_ID>279277516172</ns1:M_ID>
+        #       <ns1:M_KEY>O3I8G2H8V6A3</ns1:M_KEY>
+        #       <ns1:CARDNUMBER>4111111111111111</ns1:CARDNUMBER>
+        #       <ns1:EXPIRATION_DATE>0915</ns1:EXPIRATION_DATE>
+        #     </ns1:INSERT_CREDIT_CARD_DATA>
+        #   </SOAP-ENV:Body>
+        # </SOAP-ENV:Envelope>
+        def build_store_request(credit_card, options)
+          xml = Builder::XmlMarkup.new
+          add_credit_card(xml, credit_card, options)
+          xml.target!
+        end
+
+        def build_unstore_request(identification, options)
+          xml = Builder::XmlMarkup.new
+          add_identification(xml, identification, options)
+          xml.target!
+        end
+
+        def add_customer_data(xml)
+          xml.tag! 'ns1:M_ID', @options[:login]
+          xml.tag! 'ns1:M_KEY', @options[:password]
+        end
+
+        def add_credit_card(xml, credit_card, options)
+          xml.tag! 'ns1:CARDNUMBER', credit_card.number
+          xml.tag! 'ns1:EXPIRATION_DATE', exp_date(credit_card)
+        end
+
+        def add_identification(xml, identification, options)
+          xml.tag! 'ns1:GUID', identification
+        end
+
+        def exp_date(credit_card)
+          year  = sprintf("%.4i", credit_card.year)
+          month = sprintf("%.2i", credit_card.month)
+
+          "#{month}#{year[-2..-1]}"
+        end
+
+        def commit(action, request)
+          response = parse(@gateway.ssl_post(@live_url,
+            build_soap_request(action, request),
+            build_headers(action))
+          )
+
+          case action
+          when :store
+            success = response[:success] == 'true'
+            message = response[:message].downcase.capitalize if response[:message]
+          when :unstore
+            success = response[:delete_data_result] == 'true'
+            message = success ? 'Succeeded' : 'Failed'
+          end
+
+          Response.new(success, message, response,
+            authorization: response[:guid]
+          )
+        end
+
+        ENVELOPE_NAMESPACES = {
+          'xmlns:SOAP-ENV' => "http://schemas.xmlsoap.org/soap/envelope/",
+          'xmlns:ns1' => "https://www.sagepayments.net/web_services/wsVault/wsVault"
+        }
+
+        ACTION_ELEMENTS = {
+          store: 'INSERT_CREDIT_CARD_DATA',
+          unstore: 'DELETE_DATA'
+        }
+
+        def build_soap_request(action, body)
+          xml = Builder::XmlMarkup.new
+
+          xml.instruct!
+          xml.tag! 'SOAP-ENV:Envelope', ENVELOPE_NAMESPACES do
+            xml.tag! 'SOAP-ENV:Body' do
+              xml.tag! "ns1:#{ACTION_ELEMENTS[action]}" do
+                add_customer_data(xml)
+                xml << body
+              end
+            end
+          end
+          xml.target!
+        end
+
+        SOAP_ACTIONS = {
+          store: 'https://www.sagepayments.net/web_services/wsVault/wsVault/INSERT_CREDIT_CARD_DATA',
+          unstore: 'https://www.sagepayments.net/web_services/wsVault/wsVault/DELETE_DATA'
+        }
+
+        def build_headers(action)
+          {
+            "SOAPAction" => SOAP_ACTIONS[action],
+            "Content-Type" => "text/xml; charset=utf-8"
+          }
+        end
+
+        def parse(body)
+          response = {}
+          hashify_xml!(body, response)
+          response
+        end
+
+        def hashify_xml!(xml, response)
+          xml = REXML::Document.new(xml)
+
+          # Store
+          xml.elements.each("//Table1/*") do |node|
+            response[node.name.underscore.to_sym] = node.text
+          end
+
+          # Unstore
+          xml.elements.each("//DELETE_DATAResponse/*") do |node|
+            response[node.name.underscore.to_sym] = node.text
+          end
+        end
       end
     end
   end