activemerchant 1.79.2 → 1.129.0

data/lib/active_merchant/billing/gateways/stripe.rb

@@ -2,6 +2,8 @@ require 'active_support/core_ext/hash/slice'
 
 module ActiveMerchant #:nodoc:
   module Billing #:nodoc:
+    # This gateway uses an older version of the Stripe API.
+    # To utilize the updated {Payment Intents API}[https://stripe.com/docs/api/payment_intents], integrate with the StripePaymentIntents gateway
     class StripeGateway < Gateway
       self.live_url = 'https://api.stripe.com/v1/'
 
@@ -21,10 +23,12 @@ module ActiveMerchant #:nodoc:
         'unchecked' => 'P'
       }
 
-      self.supported_countries = %w(AT AU BE BR CA CH DE DK ES FI FR GB HK IE IT JP LU MX NL NO NZ PT SE SG US)
+      DEFAULT_API_VERSION = '2020-08-27'
+
+      self.supported_countries = %w(AE AT AU BE BG BR CA CH CY CZ DE DK EE ES FI FR GB GR HK HU IE IN IT JP LT LU LV MT MX MY NL NO NZ PL PT RO SE SG SI SK US)
       self.default_currency = 'USD'
       self.money_format = :cents
-      self.supported_cardtypes = [:visa, :master, :american_express, :discover, :jcb, :diners_club, :maestro]
+      self.supported_cardtypes = %i[visa master american_express discover jcb diners_club maestro unionpay]
       self.currencies_without_fractions = %w(BIF CLP DJF GNF JPY KMF KRW MGA PYG RWF VND VUV XAF XOF XPF UGX)
 
       self.homepage_url = 'https://stripe.com/'
@@ -44,28 +48,29 @@ module ActiveMerchant #:nodoc:
         'processing_error' => STANDARD_ERROR_CODE[:processing_error],
         'incorrect_pin' => STANDARD_ERROR_CODE[:incorrect_pin],
         'test_mode_live_card' => STANDARD_ERROR_CODE[:test_mode_live_card],
-        'pickup_card' => STANDARD_ERROR_CODE[:pickup_card]
+        'pickup_card' => STANDARD_ERROR_CODE[:pickup_card],
+        'amount_too_small' => STANDARD_ERROR_CODE[:invalid_amount]
       }
 
       BANK_ACCOUNT_HOLDER_TYPE_MAPPING = {
-        "personal" => "individual",
-        "business" => "company",
+        'personal' => 'individual',
+        'business' => 'company'
       }
 
       MINIMUM_AUTHORIZE_AMOUNTS = {
-        "USD" => 100,
-        "CAD" => 100,
-        "GBP" => 60,
-        "EUR" => 100,
-        "DKK" => 500,
-        "NOK" => 600,
-        "SEK" => 600,
-        "CHF" => 100,
-        "AUD" => 100,
-        "JPY" => 100,
-        "MXN" => 2000,
-        "SGD" => 100,
-        "HKD" => 800
+        'USD' => 100,
+        'CAD' => 100,
+        'GBP' => 60,
+        'EUR' => 100,
+        'DKK' => 500,
+        'NOK' => 600,
+        'SEK' => 600,
+        'CHF' => 100,
+        'AUD' => 100,
+        'JPY' => 100,
+        'MXN' => 2000,
+        'SGD' => 100,
+        'HKD' => 800
       }
 
       def initialize(options = {})
@@ -76,18 +81,20 @@ module ActiveMerchant #:nodoc:
       end
 
       def authorize(money, payment, options = {})
+        if ach?(payment)
+          direct_bank_error = 'Direct bank account transactions are not supported for authorize.'
+          return Response.new(false, direct_bank_error)
+        end
+
         MultiResponse.run do |r|
           if payment.is_a?(ApplePayPaymentToken)
             r.process { tokenize_apple_pay_token(payment) }
-            payment = StripePaymentToken.new(r.params["token"]) if r.success?
+            payment = StripePaymentToken.new(r.params['token']) if r.success?
           end
           r.process do
             post = create_post_for_auth_or_purchase(money, payment, options)
-            if emv_payment?(payment)
-              add_application_fee(post, options)
-            else
-              post[:capture] = "false"
-            end
+            add_application_fee(post, options) if emv_payment?(payment)
+            post[:capture] = 'false'
             commit(:post, 'charges', post, options)
           end
         end.responses.last
@@ -102,14 +109,14 @@ module ActiveMerchant #:nodoc:
       #   purchase(money, nil, { :customer => id, ... })
       def purchase(money, payment, options = {})
         if ach?(payment)
-          direct_bank_error = "Direct bank account transactions are not supported. Bank accounts must be stored and verified before use."
+          direct_bank_error = 'Direct bank account transactions are not supported. Bank accounts must be stored and verified before use.'
           return Response.new(false, direct_bank_error)
         end
 
         MultiResponse.run do |r|
           if payment.is_a?(ApplePayPaymentToken)
             r.process { tokenize_apple_pay_token(payment) }
-            payment = StripePaymentToken.new(r.params["token"]) if r.success?
+            payment = StripePaymentToken.new(r.params['token']) if r.success?
           end
           r.process do
             post = create_post_for_auth_or_purchase(money, payment, options)
@@ -123,19 +130,24 @@ module ActiveMerchant #:nodoc:
         post = {}
 
         if emv_tc_response = options.delete(:icc_data)
-          post[:card] = { emv_approval_data: emv_tc_response }
-          commit(:post, "charges/#{CGI.escape(authorization)}", post, options)
+          # update the charge with emv data if card present
+          update = {}
+          update[:card] = { emv_approval_data: emv_tc_response }
+          commit(:post, "charges/#{CGI.escape(authorization)}", update, options)
         else
           add_application_fee(post, options)
           add_amount(post, money, options)
           add_exchange_rate(post, options)
-          commit(:post, "charges/#{CGI.escape(authorization)}/capture", post, options)
         end
+
+        commit(:post, "charges/#{CGI.escape(authorization)}/capture", post, options)
       end
 
       def void(identification, options = {})
         post = {}
+        post[:reverse_transfer] = options[:reverse_transfer] if options[:reverse_transfer]
         post[:metadata] = options[:metadata] if options[:metadata]
+        post[:reason] = options[:reason] if options[:reason]
         post[:expand] = [:charge]
         commit(:post, "charges/#{CGI.escape(identification)}/refunds", post, options)
       end
@@ -146,16 +158,24 @@ module ActiveMerchant #:nodoc:
         post[:refund_application_fee] = true if options[:refund_application_fee]
         post[:reverse_transfer] = options[:reverse_transfer] if options[:reverse_transfer]
         post[:metadata] = options[:metadata] if options[:metadata]
+        post[:reason] = options[:reason] if options[:reason]
         post[:expand] = [:charge]
 
-        MultiResponse.run(:first) do |r|
-          r.process { commit(:post, "charges/#{CGI.escape(identification)}/refunds", post, options) }
+        response = commit(:post, "charges/#{CGI.escape(identification)}/refunds", post, options)
+
+        if response.success? && options[:refund_fee_amount] && options[:refund_fee_amount].to_s != '0'
+          charge = api_request(:get, "charges/#{CGI.escape(identification)}", nil, options)
 
-          if options[:refund_fee_amount] && options[:refund_fee_amount].to_s != '0'
-            r.process { fetch_application_fee(identification, options) }
-            r.process { refund_application_fee(options[:refund_fee_amount].to_i, application_fee_from_response(r.responses.last), options) }
+          if application_fee = charge['application_fee']
+            fee_refund_options = {
+              currency: options[:currency], # currency isn't used by Stripe here, but we need it for #add_amount
+              key: @fee_refund_api_key
+            }
+            refund_application_fee(options[:refund_fee_amount].to_i, application_fee, fee_refund_options)
           end
         end
+
+        response
       end
 
       def verify(payment, options = {})
@@ -166,21 +186,10 @@ module ActiveMerchant #:nodoc:
         end
       end
 
-      def application_fee_from_response(response)
-        return unless response.success?
-        response.params["application_fee"] unless response.params["application_fee"].empty?
-      end
-
       def refund_application_fee(money, identification, options = {})
-        return Response.new(false, "Application fee id could not be found") unless identification
-
         post = {}
         add_amount(post, money, options)
-        options.merge!(:key => @fee_refund_api_key) if @fee_refund_api_key
-        options.delete(:stripe_account)
-
-        refund_fee = commit(:post, "application_fees/#{CGI.escape(identification)}/refunds", post, options)
-        application_fee_response!(refund_fee, "Application fee could not be refunded: #{refund_fee.message}")
+        commit(:post, "application_fees/#{CGI.escape(identification)}/refunds", post, options)
       end
 
       # Note: creating a new credit card will not change the customer's existing default credit card (use :set_default => true)
@@ -190,13 +199,14 @@ module ActiveMerchant #:nodoc:
 
         if payment.is_a?(ApplePayPaymentToken)
           token_exchange_response = tokenize_apple_pay_token(payment)
-          params = { card: token_exchange_response.params["token"]["id"] } if token_exchange_response.success?
+          params = { card: token_exchange_response.params['token']['id'] } if token_exchange_response.success?
         elsif payment.is_a?(StripePaymentToken)
           add_payment_token(params, payment, options)
         elsif payment.is_a?(Check)
           bank_token_response = tokenize_bank_account(payment)
           return bank_token_response unless bank_token_response.success?
-          params = { source: bank_token_response.params["token"]["id"] }
+
+          params = { source: bank_token_response.params['token']['id'] }
         else
           add_creditcard(params, payment, options)
         end
@@ -213,15 +223,12 @@ module ActiveMerchant #:nodoc:
             # The /cards endpoint does not update other customer parameters.
             r.process { commit(:post, "customers/#{CGI.escape(options[:customer])}/cards", params, options) }
 
-            if options[:set_default] and r.success? and !r.params['id'].blank?
-              post[:default_card] = r.params['id']
-            end
+            post[:default_card] = r.params['id'] if options[:set_default] && r.success? && !r.params['id'].blank?
 
-            if post.count > 0
-              r.process { update_customer(options[:customer], post) }
-            end
+            r.process { update_customer(options[:customer], post.merge(expand: [:sources])) } if post.count > 0
           end
         else
+          post[:expand] = [:sources]
           commit(:post, 'customers', post.merge(params), options)
         end
       end
@@ -235,10 +242,10 @@ module ActiveMerchant #:nodoc:
       end
 
       def unstore(identification, options = {}, deprecated_options = {})
-        customer_id, card_id = identification.split("|")
+        customer_id, card_id = identification.split('|')
 
         if options.kind_of?(String)
-          ActiveMerchant.deprecated "Passing the card_id as the 2nd parameter is deprecated. The response authorization includes both the customer_id and the card_id."
+          ActiveMerchant.deprecated 'Passing the card_id as the 2nd parameter is deprecated. The response authorization includes both the customer_id and the card_id.'
           card_id ||= options
           options = deprecated_options
         end
@@ -248,18 +255,18 @@ module ActiveMerchant #:nodoc:
 
       def tokenize_apple_pay_token(apple_pay_payment_token, options = {})
         token_response = api_request(:post, "tokens?pk_token=#{CGI.escape(apple_pay_payment_token.payment_data.to_json)}")
-        success = !token_response.key?("error")
+        success = !token_response.key?('error')
 
-        if success && token_response.key?("id")
+        if success && token_response.key?('id')
           Response.new(success, nil, token: token_response)
         else
-          Response.new(success, token_response["error"]["message"])
+          Response.new(success, token_response['error']['message'])
         end
       end
 
       def verify_credentials
         begin
-          ssl_get(live_url + "charges/nonexistent", headers)
+          ssl_get(live_url + 'charges/nonexistent', headers)
         rescue ResponseError => e
           return false if e.response.code.to_i == 401
         end
@@ -274,21 +281,35 @@ module ActiveMerchant #:nodoc:
       def scrub(transcript)
         transcript.
           gsub(%r((Authorization: Basic )\w+), '\1[FILTERED]').
+          gsub(%r((Authorization: Bearer )\w+), '\1[FILTERED]').
           gsub(%r((&?three_d_secure\[cryptogram\]=)[\w=]*(&?)), '\1[FILTERED]\2').
-          gsub(%r((card\[cryptogram\]=)[^&]+(&?)), '\1[FILTERED]\2').
-          gsub(%r((card\[cvc\]=)\d+), '\1[FILTERED]').
-          gsub(%r((card\[emv_approval_data\]=)[^&]+(&?)), '\1[FILTERED]\2').
-          gsub(%r((card\[emv_auth_data\]=)[^&]+(&?)), '\1[FILTERED]\2').
-          gsub(%r((card\[encrypted_pin\]=)[^&]+(&?)), '\1[FILTERED]\2').
-          gsub(%r((card\[encrypted_pin_key_id\]=)[\w=]+(&?)), '\1[FILTERED]\2').
-          gsub(%r((card\[number\]=)\d+), '\1[FILTERED]').
-          gsub(%r((card\[swipe_data\]=)[^&]+(&?)), '\1[FILTERED]\2')
+          gsub(%r(((\[card\]|card)\[cryptogram\]=)[^&]+(&?)), '\1[FILTERED]\3').
+          gsub(%r(((\[card\]|card)\[cvc\]=)\d+), '\1[FILTERED]').
+          gsub(%r(((\[card\]|card)\[emv_approval_data\]=)[^&]+(&?)), '\1[FILTERED]\3').
+          gsub(%r(((\[card\]|card)\[emv_auth_data\]=)[^&]+(&?)), '\1[FILTERED]\3').
+          gsub(%r(((\[card\]|card)\[encrypted_pin\]=)[^&]+(&?)), '\1[FILTERED]\3').
+          gsub(%r(((\[card\]|card)\[encrypted_pin_key_id\]=)[\w=]+(&?)), '\1[FILTERED]\3').
+          gsub(%r(((\[card\]|card)\[number\]=)\d+), '\1[FILTERED]').
+          gsub(%r(((\[card\]|card)\[swipe_data\]=)[^&]+(&?)), '\1[FILTERED]\3').
+          gsub(%r(((\[bank_account\]|bank_account)\[account_number\]=)\d+), '\1[FILTERED]').
+          gsub(%r(((\[payment_method_data\]|payment_method_data)\[card\]\[token\]=)[^&]+(&?)), '\1[FILTERED]\3')
       end
 
       def supports_network_tokenization?
         true
       end
 
+      # Helper method to prevent hitting the external_account limit from remote test runs
+      def delete_latest_test_external_account(account)
+        return unless test?
+
+        auth_header = { 'Authorization' => 'Basic ' + Base64.strict_encode64(options[:login].to_s + ':').strip }
+        url = "#{live_url}accounts/#{CGI.escape(account)}/external_accounts"
+        accounts_response = JSON.parse(ssl_get("#{url}?limit=100", auth_header))
+        to_delete = accounts_response['data'].reject { |ac| ac['default_for_currency'] }
+        ssl_request(:delete, "#{url}/#{to_delete.first['id']}", nil, auth_header)
+      end
+
       private
 
       class StripePaymentToken < PaymentToken
@@ -297,6 +318,49 @@ module ActiveMerchant #:nodoc:
         end
       end
 
+      def create_source(money, payment, type, options = {})
+        post = {}
+        add_amount(post, money, options, true)
+        post[:type] = type
+        if type == 'card'
+          add_creditcard(post, payment, options, true)
+          add_source_owner(post, payment, options)
+        elsif type == 'three_d_secure'
+          post[:three_d_secure] = { card: payment }
+          post[:redirect] = { return_url: options[:redirect_url] }
+        end
+        commit(:post, 'sources', post, options)
+      end
+
+      def show_source(source_id, options)
+        commit(:get, "sources/#{source_id}", nil, options)
+      end
+
+      def create_webhook_endpoint(options, events)
+        post = {}
+        post[:url] = options[:callback_url]
+        post[:enabled_events] = events
+        post[:connect] = true if options[:stripe_account]
+        options.delete(:stripe_account)
+        commit(:post, 'webhook_endpoints', post, options)
+      end
+
+      def delete_webhook_endpoint(options)
+        commit(:delete, "webhook_endpoints/#{options[:webhook_id]}", {}, options)
+      end
+
+      def show_webhook_endpoint(options)
+        options.delete(:stripe_account)
+        commit(:get, "webhook_endpoints/#{options[:webhook_id]}", nil, options)
+      end
+
+      def list_webhook_endpoints(options)
+        params = {}
+        params[:limit] = options[:limit] if options[:limit]
+        options.delete(:stripe_account)
+        commit(:get, "webhook_endpoints?#{post_data(params)}", nil, options)
+      end
+
       def create_post_for_auth_or_purchase(money, payment, options)
         post = {}
 
@@ -306,6 +370,12 @@ module ActiveMerchant #:nodoc:
           add_creditcard(post, payment, options)
         end
 
+        add_charge_details(post, money, payment, options)
+        post
+      end
+
+      # Used internally by Spreedly to populate the charge object for 3DS 1.0 transactions
+      def add_charge_details(post, money, payment, options)
         if emv_payment?(payment)
           add_statement_address(post, options)
           add_emv_metadata(post, payment)
@@ -314,15 +384,20 @@ module ActiveMerchant #:nodoc:
           add_customer_data(post, options)
           post[:description] = options[:description]
           post[:statement_descriptor] = options[:statement_description]
+          post[:statement_descriptor_suffix] = options[:statement_descriptor_suffix] if options[:statement_descriptor_suffix]
           post[:receipt_email] = options[:receipt_email] if options[:receipt_email]
           add_customer(post, payment, options)
           add_flags(post, options)
         end
 
         add_metadata(post, options)
+        add_shipping_address(post, payment, options)
         add_application_fee(post, options)
         add_exchange_rate(post, options)
         add_destination(post, options)
+        add_level_three(post, options)
+        add_connected_account(post, options)
+        add_radar_data(post, options)
         post
       end
 
@@ -348,6 +423,19 @@ module ActiveMerchant #:nodoc:
         end
       end
 
+      def add_level_three(post, options)
+        level_three = {}
+
+        copy_when_present(level_three, [:merchant_reference], options)
+        copy_when_present(level_three, [:customer_reference], options)
+        copy_when_present(level_three, [:shipping_address_zip], options)
+        copy_when_present(level_three, [:shipping_from_zip], options)
+        copy_when_present(level_three, [:shipping_amount], options)
+        copy_when_present(level_three, [:line_items], options)
+
+        post[:level3] = level_three unless level_three.empty?
+      end
+
       def add_expand_parameters(post, options)
         post[:expand] ||= []
         post[:expand].concat(Array.wrap(options[:expand]).map(&:to_sym)).uniq!
@@ -355,13 +443,13 @@ module ActiveMerchant #:nodoc:
 
       def add_external_account(post, card_params, payment)
         external_account = {}
-        external_account[:object] ="card"
+        external_account[:object] = 'card'
         external_account[:currency] = (options[:currency] || currency(payment)).downcase
         post[:external_account] = external_account.merge(card_params[:card])
       end
 
       def add_customer_data(post, options)
-        metadata_options = [:description, :ip, :user_agent, :referrer]
+        metadata_options = %i[description ip user_agent referrer]
         post.update(options.slice(*metadata_options))
 
         post[:external_id] = options[:order_id]
@@ -369,7 +457,8 @@ module ActiveMerchant #:nodoc:
       end
 
       def add_address(post, options)
-        return unless post[:card] && post[:card].kind_of?(Hash)
+        return unless post[:card]&.kind_of?(Hash)
+
         if address = options[:billing_address] || options[:address]
           post[:card][:address_line1] = address[:address1] if address[:address1]
           post[:card][:address_line2] = address[:address2] if address[:address2]
@@ -382,7 +471,7 @@ module ActiveMerchant #:nodoc:
 
       def add_statement_address(post, options)
         return unless statement_address = options[:statement_address]
-        return unless [:address1, :city, :zip, :state].all? { |key| statement_address[key].present? }
+        return unless %i[address1 city zip state].all? { |key| statement_address[key].present? }
 
         post[:statement_address] = {}
         post[:statement_address][:line1] = statement_address[:address1]
@@ -392,11 +481,12 @@ module ActiveMerchant #:nodoc:
         post[:statement_address][:state] = statement_address[:state]
       end
 
-      def add_creditcard(post, creditcard, options)
+      def add_creditcard(post, creditcard, options, use_sources = false)
         card = {}
         if emv_payment?(creditcard)
           add_emv_creditcard(post, creditcard.icc_data)
-          post[:card][:read_method] = "contactless" if creditcard.read_method == 'contactless'
+          post[:card][:read_method] = 'contactless' if creditcard.read_method == 'contactless'
+          post[:card][:read_method] = 'contactless_magstripe_mode' if creditcard.read_method == 'contactless_magstripe'
           if creditcard.encrypted_pin_cryptogram.present? && creditcard.encrypted_pin_ksn.present?
             post[:card][:encrypted_pin] = creditcard.encrypted_pin_cryptogram
             post[:card][:encrypted_pin_key_id] = creditcard.encrypted_pin_ksn
@@ -407,14 +497,14 @@ module ActiveMerchant #:nodoc:
             if creditcard.respond_to?(:read_method)
               card[:fallback_reason] = 'no_chip' if creditcard.read_method == 'fallback_no_chip'
               card[:fallback_reason] = 'chip_error' if creditcard.read_method == 'fallback_chip_error'
-              card[:read_method] = "contactless_magstripe_mode" if creditcard.read_method == 'contactless_magstripe'
+              card[:read_method] = 'contactless_magstripe_mode' if creditcard.read_method == 'contactless_magstripe'
             end
           else
             card[:number] = creditcard.number
             card[:exp_month] = creditcard.month
             card[:exp_year] = creditcard.year
             card[:cvc] = creditcard.verification_value if creditcard.verification_value?
-            card[:name] = creditcard.name if creditcard.name
+            card[:name] = creditcard.name if creditcard.name && !use_sources
           end
 
           if creditcard.is_a?(NetworkTokenizationCreditCard)
@@ -424,12 +514,12 @@ module ActiveMerchant #:nodoc:
           end
           post[:card] = card
 
-          add_address(post, options)
+          add_address(post, options) unless use_sources
         elsif creditcard.kind_of?(String)
           if options[:track_data]
             card[:swipe_data] = options[:track_data]
-          elsif creditcard.include?("|")
-            customer_id, card_id = creditcard.split("|")
+          elsif creditcard.include?('|')
+            customer_id, card_id = creditcard.split('|')
             card = card_id
             post[:customer] = customer_id
           else
@@ -444,19 +534,16 @@ module ActiveMerchant #:nodoc:
       end
 
       def add_payment_token(post, token, options = {})
-        post[:card] = token.payment_data["id"]
+        post[:card] = token.payment_data['id']
       end
 
       def add_customer(post, payment, options)
-        if options[:customer] && !payment.respond_to?(:number)
-          ActiveMerchant.deprecated "Passing the customer in the options is deprecated. Just use the response.authorization instead."
-          post[:customer] = options[:customer]
-        end
+        post[:customer] = options[:customer] if options[:customer] && !payment.respond_to?(:number)
       end
 
       def add_flags(post, options)
         post[:uncaptured] = true if options[:uncaptured]
-        post[:recurring] = true if (options[:eci] == 'recurring' || options[:recurring])
+        post[:recurring] = true if options[:eci] == 'recurring' || options[:recurring]
       end
 
       def add_metadata(post, options = {})
@@ -464,7 +551,6 @@ module ActiveMerchant #:nodoc:
         post[:metadata].merge!(options[:metadata]) if options[:metadata]
         post[:metadata][:email] = options[:email] if options[:email]
         post[:metadata][:order_id] = options[:order_id] if options[:order_id]
-        post.delete(:metadata) if post[:metadata].empty?
       end
 
       def add_emv_metadata(post, creditcard)
@@ -472,15 +558,59 @@ module ActiveMerchant #:nodoc:
         post[:metadata][:card_read_method] = creditcard.read_method if creditcard.respond_to?(:read_method)
       end
 
-      def fetch_application_fee(identification, options = {})
-        options.merge!(:key => @fee_refund_api_key)
+      def add_shipping_address(post, payment, options = {})
+        return unless shipping = options[:shipping_address]
+        return unless shipping_name = shipping[:name]
+
+        post[:shipping] = {}
 
-        fetch_charge = commit(:get, "charges/#{CGI.escape(identification)}", nil, options)
-        application_fee_response!(fetch_charge, "Application fee id could not be retrieved: #{fetch_charge.message}")
+        post[:shipping][:name] = shipping_name
+        post[:shipping][:address] = {}
+        post[:shipping][:address][:line1] = shipping[:address1]
+        post[:shipping][:address][:line2] = shipping[:address2] if shipping[:address2]
+        post[:shipping][:address][:city] = shipping[:city] if shipping[:city]
+        post[:shipping][:address][:country] = shipping[:country] if shipping[:country]
+        post[:shipping][:address][:state] = shipping[:state] if shipping[:state]
+        post[:shipping][:address][:postal_code] = shipping[:zip] if shipping[:zip]
+        post[:shipping][:phone] = shipping[:phone_number] if shipping[:phone_number]
       end
 
-      def application_fee_response!(response, message)
-        response.success? ? response : Response.new(false, message)
+      def add_source_owner(post, creditcard, options)
+        post[:owner] = {}
+        post[:owner][:name] = creditcard.name if creditcard.name
+        post[:owner][:email] = options[:email] if options[:email]
+
+        if address = options[:billing_address] || options[:address]
+          owner_address = {}
+          owner_address[:line1] = address[:address1] if address[:address1]
+          owner_address[:line2] = address[:address2] if address[:address2]
+          owner_address[:country] = address[:country] if address[:country]
+          owner_address[:postal_code] = address[:zip] if address[:zip]
+          owner_address[:state] = address[:state] if address[:state]
+          owner_address[:city] = address[:city] if address[:city]
+
+          post[:owner][:phone] = address[:phone] if address[:phone]
+          post[:owner][:address] = owner_address
+        end
+      end
+
+      def add_connected_account(post, options = {})
+        post[:on_behalf_of] = options[:on_behalf_of] if options[:on_behalf_of]
+
+        return unless options[:transfer_destination]
+
+        post[:transfer_data] = { destination: options[:transfer_destination] }
+        post[:transfer_data][:amount] = options[:transfer_amount] if options[:transfer_amount]
+        post[:transfer_group] = options[:transfer_group] if options[:transfer_group]
+        post[:application_fee_amount] = options[:application_fee_amount] if options[:application_fee_amount]
+      end
+
+      def add_radar_data(post, options = {})
+        radar_options = {}
+        radar_options[:session] = options[:radar_session_id] if options[:radar_session_id]
+        radar_options[:skip_rules] = ['all'] if options[:skip_radar_rules]
+
+        post[:radar_options] = radar_options unless radar_options.empty?
       end
 
       def parse(body)
@@ -490,45 +620,62 @@ module ActiveMerchant #:nodoc:
       def post_data(params)
         return nil unless params
 
-        params.map do |key, value|
+        flatten_params([], params).join('&')
+      end
+
+      def flatten_params(flattened, params, prefix = nil)
+        params.each do |key, value|
           next if value != false && value.blank?
+
+          flattened_key = prefix.nil? ? key : "#{prefix}[#{key}]"
           if value.is_a?(Hash)
-            h = {}
-            value.each do |k, v|
-              h["#{key}[#{k}]"] = v unless v.blank?
-            end
-            post_data(h)
+            flatten_params(flattened, value, flattened_key)
           elsif value.is_a?(Array)
-            value.map { |v| "#{key}[]=#{CGI.escape(v.to_s)}" }.join("&")
+            flatten_array(flattened, value, flattened_key)
           else
-            "#{key}=#{CGI.escape(value.to_s)}"
+            flattened << "#{flattened_key}=#{CGI.escape(value.to_s)}"
           end
-        end.compact.join("&")
+        end
+        flattened
+      end
+
+      def flatten_array(flattened, array, prefix)
+        array.each_with_index do |item, idx|
+          key = "#{prefix}[#{idx}]"
+          if item.is_a?(Hash)
+            flatten_params(flattened, item, key)
+          elsif item.is_a?(Array)
+            flatten_array(flattened, item, key)
+          else
+            flattened << "#{key}=#{CGI.escape(item.to_s)}"
+          end
+        end
       end
 
       def headers(options = {})
-        key     = options[:key] || @api_key
+        key = options[:key] || @api_key
         idempotency_key = options[:idempotency_key]
 
         headers = {
-          "Authorization" => "Basic " + Base64.encode64(key.to_s + ":").strip,
-          "User-Agent" => "Stripe/v1 ActiveMerchantBindings/#{ActiveMerchant::VERSION}",
-          "Stripe-Version" => api_version(options),
-          "X-Stripe-Client-User-Agent" => stripe_client_user_agent(options),
-          "X-Stripe-Client-User-Metadata" => {:ip => options[:ip]}.to_json
+          'Authorization' => 'Basic ' + Base64.strict_encode64(key.to_s + ':').strip,
+          'User-Agent' => "Stripe/v1 ActiveMerchantBindings/#{ActiveMerchant::VERSION}",
+          'Stripe-Version' => api_version(options),
+          'X-Stripe-Client-User-Agent' => stripe_client_user_agent(options),
+          'X-Stripe-Client-User-Metadata' => { ip: options[:ip] }.to_json
         }
-        headers.merge!("Idempotency-Key" => idempotency_key) if idempotency_key
-        headers.merge!("Stripe-Account" => options[:stripe_account]) if options[:stripe_account]
+        headers['Idempotency-Key'] = idempotency_key if idempotency_key
+        headers['Stripe-Account'] = options[:stripe_account] if options[:stripe_account]
         headers
       end
 
       def stripe_client_user_agent(options)
         return user_agent unless options[:application]
-        JSON.dump(JSON.parse(user_agent).merge!({application: options[:application]}))
+
+        JSON.dump(JSON.parse(user_agent).merge!({ application: options[:application] }))
       end
 
       def api_version(options)
-        options[:version] || @options[:version] || "2015-04-07"
+        options[:version] || @options[:version] || self.class::DEFAULT_API_VERSION
       end
 
       def api_request(method, endpoint, parameters = nil, options = {})
@@ -548,59 +695,55 @@ module ActiveMerchant #:nodoc:
       def commit(method, url, parameters = nil, options = {})
         add_expand_parameters(parameters, options) if parameters
         response = api_request(method, url, parameters, options)
-
-        success = success_from(response)
+        response['webhook_id'] = options[:webhook_id] if options[:webhook_id]
+        success = success_from(response, options)
 
         card = card_from_response(response)
-        avs_code = AVS_CODE_TRANSLATOR["line1: #{card["address_line1_check"]}, zip: #{card["address_zip_check"]}"]
-        cvc_code = CVC_CODE_TRANSLATOR[card["cvc_check"]]
-
+        avs_code = AVS_CODE_TRANSLATOR["line1: #{card['address_line1_check']}, zip: #{card['address_zip_check']}"]
+        cvc_code = CVC_CODE_TRANSLATOR[card['cvc_check']]
         Response.new(success,
           message_from(success, response),
           response,
-          :test => response_is_test?(response),
-          :authorization => authorization_from(success, url, method, response),
-          :avs_result => { :code => avs_code },
-          :cvv_result => cvc_code,
-          :emv_authorization => emv_authorization_from_response(response),
-          :error_code => success ? nil : error_code_from(response)
-        )
+          test: response_is_test?(response),
+          authorization: authorization_from(success, url, method, response),
+          avs_result: { code: avs_code },
+          cvv_result: cvc_code,
+          emv_authorization: emv_authorization_from_response(response),
+          error_code: success ? nil : error_code_from(response))
       end
 
       def authorization_from(success, url, method, response)
-        return response.fetch("error", {})["charge"] unless success
+        return response.fetch('error', {})['charge'] unless success
 
-        if url == "customers"
-          [response["id"], response["sources"]["data"].first["id"]].join("|")
-        elsif method == :post && url.match(/customers\/.*\/cards/)
-          [response["customer"], response["id"]].join("|")
+        if url == 'customers'
+          [response['id'], response.dig('sources', 'data').first&.dig('id')].join('|')
+        elsif method == :post && (url.match(/customers\/.*\/cards/) || url.match(/payment_methods\/.*\/attach/))
+          [response['customer'], response['id']].join('|')
         else
-          response["id"]
+          response['id']
         end
       end
 
       def message_from(success, response)
-        success ? "Transaction approved" : response.fetch("error", {"message" => "No error details"})["message"]
+        success ? 'Transaction approved' : response.fetch('error', { 'message' => 'No error details' })['message']
       end
 
-      def success_from(response)
-        !response.key?("error") && response["status"] != "failed"
+      def success_from(response, options)
+        !response.key?('error') && response['status'] != 'failed'
       end
 
       def response_error(raw_response)
-        begin
-          parse(raw_response)
-        rescue JSON::ParserError
-          json_error(raw_response)
-        end
+        parse(raw_response)
+      rescue JSON::ParserError
+        json_error(raw_response)
       end
 
       def json_error(raw_response)
         msg = 'Invalid response received from the Stripe API.  Please contact support@stripe.com if you continue to receive this message.'
         msg += "  (The raw response returned by the API was #{raw_response.inspect})"
         {
-          "error" => {
-            "message" => msg
+          'error' => {
+            'message' => msg
           }
         }
       end
@@ -624,13 +767,13 @@ module ActiveMerchant #:nodoc:
       end
 
       def card_from_response(response)
-        response["card"] || response["active_card"] || response["source"] || {}
+        response['card'] || response['active_card'] || response['source'] || {}
       end
 
       def emv_authorization_from_response(response)
-        return response["error"]["emv_auth_data"] if response["error"]
+        return response['error']['emv_auth_data'] if response['error']
 
-        card_from_response(response)["emv_auth_data"]
+        card_from_response(response)['emv_auth_data']
       end
 
       def error_code_from(response)
@@ -653,18 +796,18 @@ module ActiveMerchant #:nodoc:
             country: 'US',
             currency: 'usd',
             routing_number: bank_account.routing_number,
-            name: bank_account.name,
-            account_holder_type: account_holder_type,
+            account_holder_name: bank_account.name,
+            account_holder_type: account_holder_type
           }
         }
 
         token_response = api_request(:post, "tokens?#{post_data(post)}")
-        success = token_response["error"].nil?
+        success = token_response['error'].nil?
 
-        if success && token_response["id"]
+        if success && token_response['id']
           Response.new(success, nil, token: token_response)
         else
-          Response.new(success, token_response["error"]["message"])
+          Response.new(success, token_response['error']['message'])
         end
       end
 
@@ -673,14 +816,32 @@ module ActiveMerchant #:nodoc:
         when String, nil
           false
         else
-          card_brand(payment_method) == "check"
+          card_brand(payment_method) == 'check'
         end
       end
 
       def auth_minimum_amount(options)
         return 100 unless options[:currency]
+
         return MINIMUM_AUTHORIZE_AMOUNTS[options[:currency].upcase] || 100
       end
+
+      def copy_when_present(dest, dest_path, source, source_path = nil)
+        source_path ||= dest_path
+        source_path.each do |key|
+          return nil unless source[key]
+
+          source = source[key]
+        end
+
+        if source
+          dest_path.first(dest_path.size - 1).each do |key|
+            dest[key] ||= {}
+            dest = dest[key]
+          end
+          dest[dest_path.last] = source
+        end
+      end
     end
   end
 end