activemerchant 1.62.0 → 1.79.2

data/lib/active_merchant/billing/gateways/litle.rb

@@ -3,24 +3,18 @@ require 'nokogiri'
 module ActiveMerchant #:nodoc:
   module Billing #:nodoc:
     class LitleGateway < Gateway
-      SCHEMA_VERSION = '9.4'
+      SCHEMA_VERSION = '9.12'
 
-      self.test_url = 'https://www.testlitle.com/sandbox/communicator/online'
-      self.live_url = 'https://payments.litle.com/vap/communicator/online'
+      self.test_url = 'https://www.testvantivcnp.com/sandbox/communicator/online'
+      self.live_url = 'https://payments.vantivcnp.com/vap/communicator/online'
 
       self.supported_countries = ['US']
       self.default_currency = 'USD'
       self.supported_cardtypes = [:visa, :master, :american_express, :discover, :diners_club, :jcb]
 
-      self.homepage_url = 'http://www.litle.com/'
-      self.display_name = 'Litle & Co.'
+      self.homepage_url = 'http://www.vantiv.com/'
+      self.display_name = 'Vantiv eCommerce'
 
-      # Public: Create a new Litle gateway.
-      #
-      # options - A hash of options:
-      #           :login         - The user.
-      #           :password      - The password.
-      #           :merchant_id   - The merchant id.
       def initialize(options={})
         requires!(options, :login, :password, :merchant_id)
         super
@@ -29,23 +23,33 @@ module ActiveMerchant #:nodoc:
       def purchase(money, payment_method, options={})
         request = build_xml_request do |doc|
           add_authentication(doc)
-          doc.sale(transaction_attributes(options)) do
-            add_auth_purchase_params(doc, money, payment_method, options)
+          if check?(payment_method)
+            doc.echeckSale(transaction_attributes(options)) do
+              add_echeck_purchase_params(doc, money, payment_method, options)
+            end
+          else
+            doc.sale(transaction_attributes(options)) do
+              add_auth_purchase_params(doc, money, payment_method, options)
+            end
           end
         end
-
-        commit(:sale, request, money)
+       check?(payment_method) ? commit(:echeckSales, request, money) : commit(:sale, request, money)
       end
 
       def authorize(money, payment_method, options={})
         request = build_xml_request do |doc|
           add_authentication(doc)
-          doc.authorization(transaction_attributes(options)) do
-            add_auth_purchase_params(doc, money, payment_method, options)
+          if check?(payment_method)
+            doc.echeckVerification(transaction_attributes(options)) do
+              add_echeck_purchase_params(doc, money, payment_method, options)
+            end
+          else
+            doc.authorization(transaction_attributes(options)) do
+              add_auth_purchase_params(doc, money, payment_method, options)
+            end
           end
         end
-
-        commit(:authorization, request, money)
+        check?(payment_method) ? commit(:echeckVerification, request, money) : commit(:authorization, request, money)
       end
 
       def capture(money, authorization, options={})
@@ -68,19 +72,24 @@ module ActiveMerchant #:nodoc:
         refund(money, authorization, options)
       end
 
-      def refund(money, authorization, options={})
-        transaction_id, _, _ = split_authorization(authorization)
-
+      def refund(money, payment, options={})
         request = build_xml_request do |doc|
           add_authentication(doc)
           add_descriptor(doc, options)
-          doc.credit(transaction_attributes(options)) do
-            doc.litleTxnId(transaction_id)
-            doc.amount(money) if money
+          doc.send(refund_type(payment), transaction_attributes(options)) do
+            if payment.is_a?(String)
+              transaction_id, kind, _ = split_authorization(payment)
+              doc.litleTxnId(transaction_id)
+              doc.amount(money) if money
+            elsif check?(payment)
+              add_echeck_purchase_params(doc, money, payment, options)
+            else
+              add_auth_purchase_params(doc, money, payment, options)
+            end
           end
         end
 
-        commit(:credit, request)
+        commit(refund_type(payment), request)
       end
 
       def verify(creditcard, options = {})
@@ -111,6 +120,11 @@ module ActiveMerchant #:nodoc:
             doc.orderId(truncate(options[:order_id], 24))
             if payment_method.is_a?(String)
               doc.paypageRegistrationId(payment_method)
+            elsif check?(payment_method)
+              doc.echeckForToken do
+                doc.accNum(payment_method.account_number)
+                doc.routingNum(payment_method.routing_number)
+              end
             else
               doc.accountNumber(payment_method.number)
               doc.cardValidationNum(payment_method.verification_value) if payment_method.verification_value
@@ -130,6 +144,8 @@ module ActiveMerchant #:nodoc:
           gsub(%r((<user>).+(</user>)), '\1[FILTERED]\2').
           gsub(%r((<password>).+(</password>)), '\1[FILTERED]\2').
           gsub(%r((<number>).+(</number>)), '\1[FILTERED]\2').
+          gsub(%r((<accNum>).+(</accNum>)), '\1[FILTERED]\2').
+          gsub(%r((<routingNum>).+(</routingNum>)), '\1[FILTERED]\2').
           gsub(%r((<cardValidationNum>).+(</cardValidationNum>)), '\1[FILTERED]\2').
           gsub(%r((<accountNumber>).+(</accountNumber>)), '\1[FILTERED]\2').
           gsub(%r((<paypageRegistrationId>).+(</paypageRegistrationId>)), '\1[FILTERED]\2').
@@ -137,6 +153,7 @@ module ActiveMerchant #:nodoc:
       end
 
       private
+
       CARD_TYPE = {
         'visa'             => 'VI',
         'master'           => 'MC',
@@ -165,7 +182,27 @@ module ActiveMerchant #:nodoc:
       }
 
       def void_type(kind)
-        (kind == 'authorization') ? :authReversal : :void
+        if kind == 'authorization'
+          :authReversal
+        elsif kind == 'echeckSales'
+          :echeckVoid
+        else
+          :void
+        end
+      end
+
+      def refund_type(payment)
+        transaction_id, kind, _ = split_authorization(payment)
+        if check?(payment) || kind  == 'echeckSales'
+          :echeckCredit
+        else
+          :credit
+        end
+      end
+
+      def check?(payment_method)
+        return false if payment_method.is_a?(String)
+        card_brand(payment_method) == 'check'
       end
 
       def add_authentication(doc)
@@ -181,12 +218,32 @@ module ActiveMerchant #:nodoc:
         add_order_source(doc, payment_method, options)
         add_billing_address(doc, payment_method, options)
         add_shipping_address(doc, payment_method, options)
-        add_payment_method(doc, payment_method)
+        add_payment_method(doc, payment_method, options)
         add_pos(doc, payment_method)
         add_descriptor(doc, options)
+        add_merchant_data(doc, options)
         add_debt_repayment(doc, options)
       end
 
+      def add_merchant_data(doc, options={})
+        if options[:affiliate] || options[:campaign] || options[:merchant_grouping_id]
+          doc.merchantData do
+            doc.affiliate(options[:affiliate]) if options[:affiliate]
+            doc.campaign(options[:campaign]) if options[:campaign]
+            doc.merchantGroupingId(options[:merchant_grouping_id]) if options[:merchant_grouping_id]
+          end
+        end
+      end
+
+      def add_echeck_purchase_params(doc, money, payment_method, options)
+        doc.orderId(truncate(options[:order_id], 24))
+        doc.amount(money)
+        add_order_source(doc, payment_method, options)
+        add_billing_address(doc, payment_method, options)
+        add_payment_method(doc, payment_method, options)
+        add_descriptor(doc, options)
+      end
+
       def add_descriptor(doc, options)
         if options[:descriptor_name] || options[:descriptor_phone]
           doc.customBilling do
@@ -200,7 +257,7 @@ module ActiveMerchant #:nodoc:
         doc.debtRepayment(true) if options[:debt_repayment] == true
       end
 
-      def add_payment_method(doc, payment_method)
+      def add_payment_method(doc, payment_method, options)
         if payment_method.is_a?(String)
           doc.token do
             doc.litleToken(payment_method)
@@ -209,6 +266,13 @@ module ActiveMerchant #:nodoc:
           doc.card do
             doc.track(payment_method.track_data)
           end
+        elsif check?(payment_method)
+          doc.echeck do
+            doc.accType(payment_method.account_type)
+            doc.accNum(payment_method.account_number)
+            doc.routingNum(payment_method.routing_number)
+            doc.checkNum(payment_method.number)
+          end
         else
           doc.card do
             doc.type_(CARD_TYPE[payment_method.brand])
@@ -220,6 +284,11 @@ module ActiveMerchant #:nodoc:
             doc.cardholderAuthentication do
               doc.authenticationValue(payment_method.payment_cryptogram)
             end
+          elsif options[:order_source] && options[:order_source].start_with?('3ds')
+            doc.cardholderAuthentication do
+              doc.authenticationValue(options[:cavv]) if options[:cavv]
+              doc.authenticationTransactionId(options[:xid]) if options[:xid]
+            end
           end
         end
       end
@@ -228,7 +297,13 @@ module ActiveMerchant #:nodoc:
         return if payment_method.is_a?(String)
 
         doc.billToAddress do
-          doc.name(payment_method.name)
+          if check?(payment_method)
+            doc.name(payment_method.name)
+            doc.firstName(payment_method.first_name)
+            doc.lastName(payment_method.last_name)
+          else
+            doc.name(payment_method.name)
+          end
           doc.email(options[:email]) if options[:email]
 
           add_address(doc, options[:billing_address])
@@ -261,6 +336,8 @@ module ActiveMerchant #:nodoc:
           doc.orderSource(options[:order_source])
         elsif payment_method.is_a?(NetworkTokenizationCreditCard) && payment_method.source == :apple_pay
           doc.orderSource('applepay')
+        elsif payment_method.is_a?(NetworkTokenizationCreditCard) && payment_method.source == :android_pay
+          doc.orderSource('androidpay')
         elsif payment_method.respond_to?(:track_data) && payment_method.track_data.present?
           doc.orderSource('retail')
         else

data/lib/active_merchant/billing/gateways/mercado_pago.rb

@@ -0,0 +1,262 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class MercadoPagoGateway < Gateway
+      self.live_url = self.test_url = 'https://api.mercadopago.com/v1'
+
+      self.supported_countries = ['AR', 'BR', 'CL', 'CO', 'MX', 'PE', 'UY']
+      self.supported_cardtypes = [:visa, :master, :american_express]
+
+      self.homepage_url = 'https://www.mercadopago.com/'
+      self.display_name = 'Mercado Pago'
+      self.money_format = :dollars
+
+      CARD_BRAND = {
+        "american_express" => "amex",
+        "diners_club" => "diners"
+      }
+
+      def initialize(options={})
+        requires!(options, :access_token)
+        super
+      end
+
+      def purchase(money, payment, options={})
+        MultiResponse.run do |r|
+          r.process { commit("tokenize", "card_tokens", card_token_request(money, payment, options)) }
+          options.merge!(card_brand: (CARD_BRAND[payment.brand] || payment.brand))
+          options.merge!(card_token: r.authorization.split("|").first)
+          r.process { commit("purchase", "payments", purchase_request(money, payment, options) ) }
+        end
+      end
+
+      def authorize(money, payment, options={})
+        MultiResponse.run do |r|
+          r.process { commit("tokenize", "card_tokens", card_token_request(money, payment, options)) }
+          options.merge!(card_brand: (CARD_BRAND[payment.brand] || payment.brand))
+          options.merge!(card_token: r.authorization.split("|").first)
+          r.process { commit("authorize", "payments", authorize_request(money, payment, options) ) }
+        end
+      end
+
+      def capture(money, authorization, options={})
+        post = {}
+        authorization, _ = authorization.split("|")
+        post[:capture] = true
+        post[:transaction_amount] = amount(money).to_f
+        commit("capture", "payments/#{authorization}", post)
+      end
+
+      def refund(money, authorization, options={})
+        post = {}
+        authorization, original_amount = authorization.split("|")
+        post[:amount] = amount(money).to_f if original_amount && original_amount.to_f > amount(money).to_f
+        commit("refund", "payments/#{authorization}/refunds", post)
+      end
+
+      def void(authorization, options={})
+        authorization, _ = authorization.split("|")
+        post = { status: "cancelled" }
+        commit("void", "payments/#{authorization}", post)
+      end
+
+      def verify(credit_card, options={})
+        MultiResponse.run(:use_first_response) do |r|
+          r.process { authorize(100, credit_card, options) }
+          r.process(:ignore_result) { void(r.authorization, options) }
+        end
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r((access_token=).*?([^\s]+)), '\1[FILTERED]').
+          gsub(%r((\"card_number\\\":\\\")\d+), '\1[FILTERED]').
+          gsub(%r((\"security_code\\\":\\\")\d+), '\1[FILTERED]')
+      end
+
+      private
+
+      def card_token_request(money, payment, options = {})
+        post = {}
+        post[:card_number] = payment.number
+        post[:security_code] = payment.verification_value
+        post[:expiration_month] = payment.month
+        post[:expiration_year] = payment.year
+        post[:cardholder] = {
+          name: payment.name,
+          identification: {
+            type: options[:cardholder_identification_type],
+            number: options[:cardholder_identification_number]
+          }
+        }
+        post
+      end
+
+      def purchase_request(money, payment, options = {})
+        post = {}
+        add_invoice(post, money, options)
+        add_payment(post, options)
+        add_additional_data(post, options)
+        add_customer_data(post, payment, options)
+        add_address(post, options)
+        post[:binary_mode] = (options[:binary_mode].nil? ? true : options[:binary_mode])
+        post
+      end
+
+      def authorize_request(money, payment, options = {})
+        post = purchase_request(money, payment, options)
+        post.merge!(capture: false)
+        post
+      end
+
+      def add_additional_data(post, options)
+        post[:sponsor_id] = options[:sponsor_id]
+        post[:device_id] = options[:device_id] if options[:device_id]
+        post[:additional_info] = {
+          ip_address: options[:ip_address]
+        }.merge(options[:additional_info] || {})
+
+
+        add_address(post, options)
+        add_shipping_address(post, options)
+      end
+
+      def add_customer_data(post, payment, options)
+        post[:payer] = {
+          email: options[:email],
+          first_name: payment.first_name,
+          last_name: payment.last_name
+        }
+      end
+
+      def add_address(post, options)
+        if address = (options[:billing_address] || options[:address])
+
+          post[:additional_info].merge!({
+            payer: {
+              address: {
+                zip_code: address[:zip],
+                street_name: "#{address[:address1]} #{address[:address2]}"
+              }
+            }
+          })
+        end
+      end
+
+      def add_shipping_address(post, options)
+        if address = options[:shipping_address]
+
+          post[:additional_info].merge!({
+            shipments: {
+              receiver_address: {
+                zip_code: address[:zip],
+                street_name: "#{address[:address1]} #{address[:address2]}"
+              }
+            }
+          })
+        end
+      end
+
+      def split_street_address(address1)
+        street_number = address1.split(" ").first
+
+        if street_name = address1.split(" ")[1..-1]
+          street_name = street_name.join(" ")
+        else
+          nil
+        end
+
+        [street_number, street_name]
+      end
+
+      def add_invoice(post, money, options)
+        post[:transaction_amount] = amount(money).to_f
+        post[:description] = options[:description]
+        post[:installments] = options[:installments] ? options[:installments].to_i : 1
+        post[:statement_descriptor] = options[:statement_descriptor] if options[:statement_descriptor]
+        post[:external_reference] = options[:order_id] || SecureRandom.hex(16)
+      end
+
+      def add_payment(post, options)
+        post[:token] = options[:card_token]
+        post[:payment_method_id] = options[:card_brand]
+      end
+
+      def parse(body)
+        JSON.parse(body)
+      end
+
+      def commit(action, path, parameters)
+        if ["capture", "void"].include?(action)
+          response = parse(ssl_request(:put, url(path), post_data(parameters), headers))
+        else
+          response = parse(ssl_post(url(path), post_data(parameters), headers(parameters)))
+        end
+
+        Response.new(
+          success_from(action, response),
+          message_from(response),
+          response,
+          authorization: authorization_from(response, parameters),
+          test: test?,
+          error_code: error_code_from(action, response)
+        )
+      end
+
+      def success_from(action, response)
+        if action == "refund"
+          response["error"].nil?
+        else
+          ["active", "approved", "authorized", "cancelled", "in_process"].include?(response["status"])
+        end
+      end
+
+      def message_from(response)
+        (response["status_detail"]) || (response["message"])
+      end
+
+      def authorization_from(response, params)
+        [response["id"], params[:transaction_amount]].join("|")
+      end
+
+      def post_data(parameters = {})
+        parameters.clone.tap { |p| p.delete(:device_id) }.to_json
+      end
+
+      def error_code_from(action, response)
+        unless success_from(action, response)
+          if cause = response["cause"]
+            cause.empty? ? nil : cause.first["code"]
+          else
+            response["status"]
+          end
+        end
+      end
+
+      def url(action)
+        full_url = (test? ? test_url : live_url)
+        full_url + "/#{action}?access_token=#{CGI.escape(@options[:access_token])}"
+      end
+
+      def headers(options = {})
+        headers = {
+          "Content-Type" => "application/json"
+        }
+        headers['X-Device-Session-ID'] = options[:device_id] if options[:device_id]
+        headers
+      end
+
+      def handle_response(response)
+        case response.code.to_i
+        when 200..499
+          response.body
+        else
+          raise ResponseError.new(response)
+        end
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/gateways/merchant_e_solutions.rb

@@ -94,6 +94,17 @@ module ActiveMerchant #:nodoc:
         commit('V', nil, options.merge(post))
       end
 
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r((&?profile_key=)\w*(&?)), '\1[FILTERED]\2').
+          gsub(%r((&?card_number=)\d*(&?)), '\1[FILTERED]\2').
+          gsub(%r((&?cvv2=)\d*(&?)), '\1[FILTERED]\2')
+      end
+
       private
 
       def add_address(post, options)

data/lib/active_merchant/billing/gateways/merchant_warrior.rb

@@ -68,6 +68,18 @@ module ActiveMerchant #:nodoc:
         commit('addCard', post)
       end
 
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r((&?paymentCardNumber=)[^&]*)i, '\1[FILTERED]').
+          gsub(%r((CardNumber=)[^&]*)i, '\1[FILTERED]').
+          gsub(%r((&?paymentCardCSC=)[^&]*)i, '\1[FILTERED]').
+          gsub(%r((&?apiKey=)[^&]*)i, '\1[FILTERED]')
+      end
+
       private
 
       def add_transaction(post, identification)
@@ -79,13 +91,13 @@ module ActiveMerchant #:nodoc:
 
         post['customerName'] = scrub_name(address[:name])
         post['customerCountry'] = address[:country]
-        post['customerState'] = address[:state]
+        post['customerState'] = address[:state] || 'N/A'
         post['customerCity'] = address[:city]
         post['customerAddress'] = address[:address1]
         post['customerPostCode'] = address[:zip]
-		post['customerIP'] = address[:ip]
-		post['customerPhone'] = address[:phone]
-		post['customerEmail'] = address[:email]
+        post['customerIP'] = address[:ip]
+        post['customerPhone'] = address[:phone]
+        post['customerEmail'] = address[:email]
       end
 
       def add_order_id(post, options)

data/lib/active_merchant/billing/gateways/mercury.rb

@@ -81,6 +81,19 @@ module ActiveMerchant #:nodoc:
         commit('CardLookup', request)
       end
 
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r(&lt;), "<").
+          gsub(%r(&gt;), ">").
+          gsub(%r((<pw>).*(</pw>))i, '\1[FILTERED]\2').
+          gsub(%r((<AcctNo>)(\d|x)*(</AcctNo>))i, '\1[FILTERED]\3').
+          gsub(%r((<CVVData>)\d*(</CVVData>))i, '\1[FILTERED]\2')
+      end
+
       private
 
       def build_non_authorized_request(action, money, credit_card, options)
@@ -126,7 +139,7 @@ module ActiveMerchant #:nodoc:
             xml.tag! 'TranInfo' do
               xml.tag! "AuthCode", auth_code
               xml.tag! "AcqRefData", acq_ref_data
-              xml.tag! "ProcessData", process_data 
+              xml.tag! "ProcessData", process_data
             end
           end
         end

data/lib/active_merchant/billing/gateways/migs.rb

@@ -1,7 +1,5 @@
 require 'active_merchant/billing/gateways/migs/migs_codes'
 
-require 'digest/md5' # Used in add_secure_hash
-
 module ActiveMerchant #:nodoc:
   module Billing #:nodoc:
     class MigsGateway < Gateway
@@ -121,6 +119,13 @@ module ActiveMerchant #:nodoc:
         refund(money, authorization, options)
       end
 
+      def verify(credit_card, options={})
+        MultiResponse.run do |r|
+          r.process { authorize(100, credit_card, options) }
+          r.process(:ignore_result) { void(r.authorization, options) }
+        end
+      end
+
       # Checks the status of a previous transaction
       # This can be useful when a response is not received due to network issues
       #
@@ -187,7 +192,7 @@ module ActiveMerchant #:nodoc:
 
         response_hash = parse(data)
 
-        expected_secure_hash = calculate_secure_hash(response_hash.reject{|k, v| k == :SecureHash}, @options[:secure_hash])
+        expected_secure_hash = calculate_secure_hash(response_hash, @options[:secure_hash])
         unless response_hash[:SecureHash] == expected_secure_hash
           raise SecurityError, "Secure Hash mismatch, response may be tampered with"
         end
@@ -199,6 +204,18 @@ module ActiveMerchant #:nodoc:
         @options[:login].start_with?('TEST')
       end
 
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r((&?CardNum=)\d*(&?)), '\1[FILTERED]\2').
+          gsub(%r((&?CardSecurityCode=)\d*(&?)), '\1[FILTERED]\2').
+          gsub(%r((&?AccessCode=)[^&]*(&?)), '\1[FILTERED]\2').
+          gsub(%r((&?Password=)[^&]*(&?)), '\1[FILTERED]\2')
+      end
+
       private
 
       def add_amount(post, money, options)
@@ -245,6 +262,7 @@ module ActiveMerchant #:nodoc:
       end
 
       def commit(post)
+        add_secure_hash(post) if @options[:secure_hash]
         data = ssl_post self.merchant_hosted_url, post_data(post)
         response_hash = parse(data)
         response_object(response_hash)
@@ -290,12 +308,16 @@ module ActiveMerchant #:nodoc:
 
       def add_secure_hash(post)
         post[:SecureHash] = calculate_secure_hash(post, @options[:secure_hash])
+        post[:SecureHashType] = 'SHA256'
       end
 
       def calculate_secure_hash(post, secure_hash)
-        sorted_values = post.sort_by(&:to_s).map(&:last)
-        input = secure_hash + sorted_values.join
-        Digest::MD5.hexdigest(input).upcase
+        input = post
+                .reject { |k| %i[SecureHash SecureHashType].include?(k) }
+                .sort
+                .map { |(k, v)| "vpc_#{k}=#{v}" }
+                .join('&')
+        OpenSSL::HMAC.hexdigest('SHA256', [secure_hash].pack('H*'), input).upcase
       end
     end
   end