activemerchant 1.90.0 → 1.99.0

data/lib/active_merchant/billing/gateways/redsys.rb

@@ -193,28 +193,32 @@ module ActiveMerchant #:nodoc:
         requires!(options, :order_id)
 
         data = {}
-        add_action(data, :purchase)
+        add_action(data, :purchase, options)
         add_amount(data, money, options)
         add_order(data, options[:order_id])
         add_payment(data, payment)
+        add_threeds(data, options) if options[:execute_threed]
         data[:description] = options[:description]
         data[:store_in_vault] = options[:store]
+        data[:sca_exemption] = options[:sca_exemption]
 
-        commit data
+        commit data, options
       end
 
       def authorize(money, payment, options = {})
         requires!(options, :order_id)
 
         data = {}
-        add_action(data, :authorize)
+        add_action(data, :authorize, options)
         add_amount(data, money, options)
         add_order(data, options[:order_id])
         add_payment(data, payment)
+        add_threeds(data, options) if options[:execute_threed]
         data[:description] = options[:description]
         data[:store_in_vault] = options[:store]
+        data[:sca_exemption] = options[:sca_exemption]
 
-        commit data
+        commit data, options
       end
 
       def capture(money, authorization, options = {})
@@ -225,7 +229,7 @@ module ActiveMerchant #:nodoc:
         add_order(data, order_id)
         data[:description] = options[:description]
 
-        commit data
+        commit data, options
       end
 
       def void(authorization, options = {})
@@ -236,7 +240,7 @@ module ActiveMerchant #:nodoc:
         add_order(data, order_id)
         data[:description] = options[:description]
 
-        commit data
+        commit data, options
       end
 
       def refund(money, authorization, options = {})
@@ -247,7 +251,7 @@ module ActiveMerchant #:nodoc:
         add_order(data, order_id)
         data[:description] = options[:description]
 
-        commit data
+        commit data, options
       end
 
       def verify(creditcard, options = {})
@@ -278,8 +282,8 @@ module ActiveMerchant #:nodoc:
 
       private
 
-      def add_action(data, action)
-        data[:action] = transaction_code(action)
+      def add_action(data, action, options = {})
+        data[:action] = options[:execute_threed].present? ? '0' : transaction_code(action)
       end
 
       def add_amount(data, money, options)
@@ -295,6 +299,10 @@ module ActiveMerchant #:nodoc:
         test? ? test_url : live_url
       end
 
+      def threeds_url
+        test? ? 'https://sis-t.redsys.es:25443/sis/services/SerClsWSEntradaV2': 'https://sis.redsys.es/sis/services/SerClsWSEntradaV2'
+      end
+
       def add_payment(data, card)
         if card.is_a?(String)
           data[:credit_card_token] = card
@@ -311,21 +319,57 @@ module ActiveMerchant #:nodoc:
         end
       end
 
-      def commit(data)
-        parse(ssl_post(url, "entrada=#{CGI.escape(xml_request_from(data))}", headers))
+      def add_threeds(data, options)
+        if options[:execute_threed] == true
+          data[:threeds] = {threeDSInfo: 'CardData'}
+        end
+      end
+
+      def determine_3ds_action(threeds_hash)
+        return 'iniciaPeticion' if threeds_hash[:threeDSInfo] == 'CardData'
+        return 'trataPeticion' if threeds_hash[:threeDSInfo] == 'AuthenticationData' ||
+                                  threeds_hash[:threeDSInfo] == 'ChallengeResponse'
+      end
+
+      def commit(data, options = {})
+        if data[:threeds]
+          action = determine_3ds_action(data[:threeds])
+          request = <<-EOS
+            <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:apachesoap="http://xml.apache.org/xml-soap" xmlns:impl="http://webservice.sis.sermepa.es" xmlns:intf="http://webservice.sis.sermepa.es" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsdlsoap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >
+            <soapenv:Header/>
+            <soapenv:Body>
+              <intf:#{action} xmlns:intf="http://webservice.sis.sermepa.es">
+                <intf:datoEntrada>
+                <![CDATA[#{xml_request_from(data, options)}]]>
+                </intf:datoEntrada>
+              </intf:#{action}>
+            </soapenv:Body>
+          </soapenv:Envelope>
+          EOS
+          parse(ssl_post(threeds_url, request, headers(action)), action)
+        else
+          parse(ssl_post(url, "entrada=#{CGI.escape(xml_request_from(data, options))}", headers), action)
+        end
       end
 
-      def headers
-        {
-          'Content-Type' => 'application/x-www-form-urlencoded'
-        }
+      def headers(action=nil)
+        if action
+          {
+            'Content-Type' => 'text/xml',
+            'SOAPAction'    => action
+          }
+        else
+          {
+            'Content-Type' => 'application/x-www-form-urlencoded'
+          }
+        end
       end
 
-      def xml_request_from(data)
+      def xml_request_from(data, options = {})
         if sha256_authentication?
-          build_sha256_xml_request(data)
+          build_sha256_xml_request(data, options)
         else
-          build_sha1_xml_request(data)
+          build_sha1_xml_request(data, options)
         end
       end
 
@@ -351,30 +395,30 @@ module ActiveMerchant #:nodoc:
         Digest::SHA1.hexdigest(str)
       end
 
-      def build_sha256_xml_request(data)
+      def build_sha256_xml_request(data, options = {})
         xml = Builder::XmlMarkup.new
         xml.instruct!
         xml.REQUEST do
-          build_merchant_data(xml, data)
+          build_merchant_data(xml, data, options)
           xml.DS_SIGNATUREVERSION 'HMAC_SHA256_V1'
-          xml.DS_SIGNATURE sign_request(merchant_data_xml(data), data[:order_id])
+          xml.DS_SIGNATURE sign_request(merchant_data_xml(data, options), data[:order_id])
         end
         xml.target!
       end
 
-      def build_sha1_xml_request(data)
+      def build_sha1_xml_request(data, options = {})
         xml = Builder::XmlMarkup.new :indent => 2
-        build_merchant_data(xml, data)
+        build_merchant_data(xml, data, options)
         xml.target!
       end
 
-      def merchant_data_xml(data)
+      def merchant_data_xml(data, options = {})
         xml = Builder::XmlMarkup.new
-        build_merchant_data(xml, data)
+        build_merchant_data(xml, data, options)
         xml.target!
       end
 
-      def build_merchant_data(xml, data)
+      def build_merchant_data(xml, data, options = {})
         xml.DATOSENTRADA do
           # Basic elements
           xml.DS_Version 0.1
@@ -383,9 +427,10 @@ module ActiveMerchant #:nodoc:
           xml.DS_MERCHANT_ORDER              data[:order_id]
           xml.DS_MERCHANT_TRANSACTIONTYPE    data[:action]
           xml.DS_MERCHANT_PRODUCTDESCRIPTION data[:description]
-          xml.DS_MERCHANT_TERMINAL           @options[:terminal]
+          xml.DS_MERCHANT_TERMINAL           options[:terminal] || @options[:terminal]
           xml.DS_MERCHANT_MERCHANTCODE       @options[:login]
           xml.DS_MERCHANT_MERCHANTSIGNATURE  build_signature(data) unless sha256_authentication?
+          xml.DS_MERCHANT_EXCEP_SCA          data[:sca_exemption] if data[:sca_exemption]
 
           # Only when card is present
           if data[:card]
@@ -398,22 +443,42 @@ module ActiveMerchant #:nodoc:
             xml.DS_MERCHANT_IDENTIFIER data[:credit_card_token]
             xml.DS_MERCHANT_DIRECTPAYMENT 'true'
           end
+
+          # Set moto flag only if explicitly requested via moto field
+          # Requires account configuration to be able to use
+          if options.dig(:moto) && options.dig(:metadata, :manual_entry)
+            xml.DS_MERCHANT_DIRECTPAYMENT 'moto'
+          end
+
+          if data[:threeds]
+            xml.DS_MERCHANT_EMV3DS data[:threeds].to_json
+          end
         end
       end
 
-      def parse(data)
+      def parse(data, action)
         params  = {}
         success = false
         message = ''
         options = @options.merge(:test => test?)
         xml     = Nokogiri::XML(data)
         code    = xml.xpath('//RETORNOXML/CODIGO').text
-        if code == '0'
+
+        if ['iniciaPeticion', 'trataPeticion'].include?(action)
+          vxml = Nokogiri::XML(data).remove_namespaces!.xpath("//Envelope/Body/#{action}Response/#{action}Return").inner_text
+          xml = Nokogiri::XML(vxml)
+          node = (action == 'iniciaPeticion' ? 'INFOTARJETA' : 'OPERACION')
+          op = xml.xpath("//RETORNOXML/#{node}")
+          op.children.each do |element|
+            params[element.name.downcase.to_sym] = element.text
+          end
+          message = response_text_3ds(xml, params)
+          success = params.size > 0 && is_success_response?(params[:ds_response])
+        elsif code == '0'
           op = xml.xpath('//RETORNOXML/OPERACION')
           op.children.each do |element|
             params[element.name.downcase.to_sym] = element.text
           end
-
           if validate_signature(params)
             message = response_text(params[:ds_response])
             options[:authorization] = build_authorization(params)
@@ -474,6 +539,20 @@ module ActiveMerchant #:nodoc:
         RESPONSE_TEXTS[code] || 'Unkown code, please check in manual'
       end
 
+      def response_text_3ds(xml, params)
+        code = xml.xpath('//RETORNOXML/CODIGO').text
+        message = ''
+        if code != '0'
+          message = "#{code} ERROR"
+        elsif params[:ds_emv3ds]
+          three_ds_data = JSON.parse(params[:ds_emv3ds])
+          message = three_ds_data['threeDSInfo']
+        elsif params[:ds_response]
+          message = response_text(params[:ds_response])
+        end
+        message
+      end
+
       def is_success_response?(code)
         (code.to_i < 100) || [400, 481, 500, 900].include?(code.to_i)
       end
@@ -523,6 +602,10 @@ module ActiveMerchant #:nodoc:
           xml_signed_fields += data[:ds_cardnumber]
         end
 
+        if data[:ds_emv3ds]
+          xml_signed_fields += data[:ds_emv3ds]
+        end
+
         xml_signed_fields + data[:ds_transactiontype] + data[:ds_securepayment]
       end
 

data/lib/active_merchant/billing/gateways/spreedly_core.rb

@@ -35,19 +35,13 @@ module ActiveMerchant #:nodoc:
       # Public: Run a purchase transaction.
       #
       # money          - The monetary amount of the transaction in cents.
-      # payment_method - The CreditCard or the Spreedly payment method token.
+      # payment_method - The CreditCard or Check or the Spreedly payment method token.
       # options        - A hash of options:
       #                  :store - Retain the payment method if the purchase
       #                           succeeds.  Defaults to false.  (optional)
       def purchase(money, payment_method, options = {})
-        if payment_method.is_a?(String)
-          purchase_with_token(money, payment_method, options)
-        else
-          MultiResponse.run do |r|
-            r.process { save_card(options[:store], payment_method, options) }
-            r.process { purchase_with_token(money, r.authorization, options) }
-          end
-        end
+        request = build_transaction_request(money, payment_method, options)
+        commit("gateways/#{options[:gateway_token] || @options[:gateway_token]}/purchase.xml", request)
       end
 
       # Public: Run an authorize transaction.
@@ -58,14 +52,8 @@ module ActiveMerchant #:nodoc:
       #                  :store - Retain the payment method if the authorize
       #                           succeeds.  Defaults to false.  (optional)
       def authorize(money, payment_method, options = {})
-        if payment_method.is_a?(String)
-          authorize_with_token(money, payment_method, options)
-        else
-          MultiResponse.run do |r|
-            r.process { save_card(options[:store], payment_method, options) }
-            r.process { authorize_with_token(money, r.authorization, options) }
-          end
-        end
+        request = build_transaction_request(money, payment_method, options)
+        commit("gateways/#{@options[:gateway_token]}/authorize.xml", request)
       end
 
       def capture(money, authorization, options={})
@@ -79,6 +67,7 @@ module ActiveMerchant #:nodoc:
       def refund(money, authorization, options={})
         request = build_xml_request('transaction') do |doc|
           add_invoice(doc, money, options)
+          add_extra_options(:gateway_specific_fields, doc, options)
         end
 
         commit("transactions/#{authorization}/credit.xml", request)
@@ -155,32 +144,25 @@ module ActiveMerchant #:nodoc:
       end
 
       def purchase_with_token(money, payment_method_token, options)
-        request = auth_purchase_request(money, payment_method_token, options)
+        request = build_transaction_request(money, payment_method_token, options)
         commit("gateways/#{options[:gateway_token] || @options[:gateway_token]}/purchase.xml", request)
       end
 
       def authorize_with_token(money, payment_method_token, options)
-        request = auth_purchase_request(money, payment_method_token, options)
+        request = build_transaction_request(money, payment_method_token, options)
         commit("gateways/#{@options[:gateway_token]}/authorize.xml", request)
       end
 
       def verify_with_token(payment_method_token, options)
-        request = build_xml_request('transaction') do |doc|
-          add_invoice(doc, nil, options)
-          doc.payment_method_token(payment_method_token)
-          doc.retain_on_success(true) if options[:store]
-          add_extra_options(:gateway_specific_fields, doc, options)
-        end
-
+        request = build_transaction_request(nil, payment_method_token, options)
         commit("gateways/#{@options[:gateway_token]}/verify.xml", request)
       end
 
-      def auth_purchase_request(money, payment_method_token, options)
+      def build_transaction_request(money, payment_method, options)
         build_xml_request('transaction') do |doc|
           add_invoice(doc, money, options)
+          add_payment_method(doc, payment_method, options)
           add_extra_options(:gateway_specific_fields, doc, options)
-          doc.payment_method_token(payment_method_token)
-          doc.retain_on_success(true) if options[:store]
         end
       end
 
@@ -190,6 +172,27 @@ module ActiveMerchant #:nodoc:
         doc.order_id(options[:order_id])
         doc.ip(options[:ip]) if options[:ip]
         doc.description(options[:description]) if options[:description]
+
+        if options[:merchant_name_descriptor]
+          doc.merchant_name_descriptor(options[:merchant_name_descriptor])
+        end
+        if options[:merchant_location_descriptor]
+          doc.merchant_location_descriptor(options[:merchant_location_descriptor])
+        end
+      end
+
+      def add_payment_method(doc, payment_method, options)
+        doc.retain_on_success(true) if options[:store]
+
+        if payment_method.is_a?(String)
+          doc.payment_method_token(payment_method)
+        elsif payment_method.is_a?(CreditCard)
+          add_credit_card(doc, payment_method, options)
+        elsif payment_method.is_a?(Check)
+          add_bank_account(doc, payment_method, options)
+        else
+          raise TypeError, 'Payment method not supported'
+        end
       end
 
       def add_credit_card(doc, credit_card, options)
@@ -210,6 +213,17 @@ module ActiveMerchant #:nodoc:
         end
       end
 
+      def add_bank_account(doc, bank_account, options)
+        doc.bank_account do
+          doc.first_name(bank_account.first_name)
+          doc.last_name(bank_account.last_name)
+          doc.bank_routing_number(bank_account.routing_number)
+          doc.bank_account_number(bank_account.account_number)
+          doc.bank_account_type(bank_account.account_type)
+          doc.bank_account_holder_type(bank_account.account_holder_type)
+        end
+      end
+
       def add_extra_options(type, doc, options)
         doc.send(type) do
           extra_options_to_doc(doc, options[type])

data/lib/active_merchant/billing/gateways/stripe.rb

@@ -2,6 +2,8 @@ require 'active_support/core_ext/hash/slice'
 
 module ActiveMerchant #:nodoc:
   module Billing #:nodoc:
+    # This gateway uses an older version of the Stripe API.
+    # To utilize the updated {Payment Intents API}[https://stripe.com/docs/api/payment_intents], integrate with the StripePaymentIntents gateway
     class StripeGateway < Gateway
       self.live_url = 'https://api.stripe.com/v1/'
 
@@ -21,7 +23,9 @@ module ActiveMerchant #:nodoc:
         'unchecked' => 'P'
       }
 
-      self.supported_countries = %w(AT AU BE BR CA CH DE DK ES FI FR GB HK IE IT JP LU MX NL NO NZ PT SE SG US)
+      DEFAULT_API_VERSION = '2015-04-07'
+
+      self.supported_countries = %w(AT AU BE BR CA CH DE DK EE ES FI FR GB GR HK IE IT JP LT LU LV MX NL NO NZ PL PT SE SG SI SK US)
       self.default_currency = 'USD'
       self.money_format = :cents
       self.supported_cardtypes = [:visa, :master, :american_express, :discover, :jcb, :diners_club, :maestro]
@@ -150,14 +154,21 @@ module ActiveMerchant #:nodoc:
         post[:reason] = options[:reason] if options[:reason]
         post[:expand] = [:charge]
 
-        MultiResponse.run(:first) do |r|
-          r.process { commit(:post, "charges/#{CGI.escape(identification)}/refunds", post, options) }
+        response = commit(:post, "charges/#{CGI.escape(identification)}/refunds", post, options)
+
+        if response.success? && options[:refund_fee_amount] && options[:refund_fee_amount].to_s != '0'
+          charge = api_request(:get, "charges/#{CGI.escape(identification)}", nil, options)
 
-          if options[:refund_fee_amount] && options[:refund_fee_amount].to_s != '0'
-            r.process { fetch_application_fee(identification, options) }
-            r.process { refund_application_fee(options[:refund_fee_amount].to_i, application_fee_from_response(r.responses.last), options) }
+          if application_fee = charge['application_fee']
+            fee_refund_options = {
+              currency: options[:currency], # currency isn't used by Stripe here, but we need it for #add_amount
+              key: @fee_refund_api_key
+            }
+            refund_application_fee(options[:refund_fee_amount].to_i, application_fee, fee_refund_options)
           end
         end
+
+        response
       end
 
       def verify(payment, options = {})
@@ -168,21 +179,10 @@ module ActiveMerchant #:nodoc:
         end
       end
 
-      def application_fee_from_response(response)
-        return unless response.success?
-        response.params['application_fee'] unless response.params['application_fee'].empty?
-      end
-
       def refund_application_fee(money, identification, options = {})
-        return Response.new(false, 'Application fee id could not be found') unless identification
-
         post = {}
         add_amount(post, money, options)
-        options[:key] = @fee_refund_api_key if @fee_refund_api_key
-        options.delete(:stripe_account)
-
-        refund_fee = commit(:post, "application_fees/#{CGI.escape(identification)}/refunds", post, options)
-        application_fee_response!(refund_fee, "Application fee could not be refunded: #{refund_fee.message}")
+        commit(:post, "application_fees/#{CGI.escape(identification)}/refunds", post, options)
       end
 
       # Note: creating a new credit card will not change the customer's existing default credit card (use :set_default => true)
@@ -304,8 +304,8 @@ module ActiveMerchant #:nodoc:
         add_amount(post, money, options, true)
         post[:type] = type
         if type == 'card'
-          add_creditcard(post, payment, options)
-          post[:card].delete(:name)
+          add_creditcard(post, payment, options, true)
+          add_source_owner(post, payment, options)
         elsif type == 'three_d_secure'
           post[:three_d_secure] = {card: payment}
           post[:redirect] = {return_url: options[:redirect_url]}
@@ -313,10 +313,16 @@ module ActiveMerchant #:nodoc:
         commit(:post, 'sources', post, options)
       end
 
+      def show_source(source_id, options)
+        commit(:get, "sources/#{source_id}", nil, options)
+      end
+
       def create_webhook_endpoint(options, events)
         post = {}
         post[:url] = options[:callback_url]
         post[:enabled_events] = events
+        post[:connect] = true if options[:stripe_account]
+        options.delete(:stripe_account)
         commit(:post, 'webhook_endpoints', post, options)
       end
 
@@ -324,6 +330,18 @@ module ActiveMerchant #:nodoc:
         commit(:delete, "webhook_endpoints/#{options[:webhook_id]}", {}, options)
       end
 
+      def show_webhook_endpoint(options)
+        options.delete(:stripe_account)
+        commit(:get, "webhook_endpoints/#{options[:webhook_id]}", nil, options)
+      end
+
+      def list_webhook_endpoints(options)
+        params = {}
+        params[:limit] = options[:limit] if options[:limit]
+        options.delete(:stripe_account)
+        commit(:get, "webhook_endpoints?#{post_data(params)}", nil, options)
+      end
+
       def create_post_for_auth_or_purchase(money, payment, options)
         post = {}
 
@@ -333,6 +351,12 @@ module ActiveMerchant #:nodoc:
           add_creditcard(post, payment, options)
         end
 
+        add_charge_details(post, money, payment, options)
+        post
+      end
+
+      # Used internally by Spreedly to populate the charge object for 3DS 1.0 transactions
+      def add_charge_details(post, money, payment, options)
         if emv_payment?(payment)
           add_statement_address(post, options)
           add_emv_metadata(post, payment)
@@ -435,7 +459,7 @@ module ActiveMerchant #:nodoc:
         post[:statement_address][:state] = statement_address[:state]
       end
 
-      def add_creditcard(post, creditcard, options)
+      def add_creditcard(post, creditcard, options, use_sources = false)
         card = {}
         if emv_payment?(creditcard)
           add_emv_creditcard(post, creditcard.icc_data)
@@ -458,7 +482,7 @@ module ActiveMerchant #:nodoc:
             card[:exp_month] = creditcard.month
             card[:exp_year] = creditcard.year
             card[:cvc] = creditcard.verification_value if creditcard.verification_value?
-            card[:name] = creditcard.name if creditcard.name
+            card[:name] = creditcard.name if creditcard.name && !use_sources
           end
 
           if creditcard.is_a?(NetworkTokenizationCreditCard)
@@ -468,7 +492,7 @@ module ActiveMerchant #:nodoc:
           end
           post[:card] = card
 
-          add_address(post, options)
+          add_address(post, options) unless use_sources
         elsif creditcard.kind_of?(String)
           if options[:track_data]
             card[:swipe_data] = options[:track_data]
@@ -516,15 +540,23 @@ module ActiveMerchant #:nodoc:
         post[:metadata][:card_read_method] = creditcard.read_method if creditcard.respond_to?(:read_method)
       end
 
-      def fetch_application_fee(identification, options = {})
-        options[:key] = @fee_refund_api_key
-
-        fetch_charge = commit(:get, "charges/#{CGI.escape(identification)}", nil, options)
-        application_fee_response!(fetch_charge, "Application fee id could not be retrieved: #{fetch_charge.message}")
-      end
+      def add_source_owner(post, creditcard, options)
+        post[:owner] = {}
+        post[:owner][:name] = creditcard.name if creditcard.name
+        post[:owner][:email] = options[:email] if options[:email]
 
-      def application_fee_response!(response, message)
-        response.success? ? response : Response.new(false, message)
+        if address = options[:billing_address] || options[:address]
+          owner_address = {}
+          owner_address[:line1] = address[:address1] if address[:address1]
+          owner_address[:line2] = address[:address2] if address[:address2]
+          owner_address[:country] = address[:country] if address[:country]
+          owner_address[:postal_code] = address[:zip] if address[:zip]
+          owner_address[:state] = address[:state] if address[:state]
+          owner_address[:city] = address[:city] if address[:city]
+
+          post[:owner][:phone] = address[:phone] if address[:phone]
+          post[:owner][:address] = owner_address
+        end
       end
 
       def parse(body)
@@ -586,7 +618,7 @@ module ActiveMerchant #:nodoc:
       end
 
       def api_version(options)
-        options[:version] || @options[:version] || '2015-04-07'
+        options[:version] || @options[:version] || self.class::DEFAULT_API_VERSION
       end
 
       def api_request(method, endpoint, parameters = nil, options = {})
@@ -629,8 +661,8 @@ module ActiveMerchant #:nodoc:
         return response.fetch('error', {})['charge'] unless success
 
         if url == 'customers'
-          [response['id'], response['sources']['data'].first['id']].join('|')
-        elsif method == :post && url.match(/customers\/.*\/cards/)
+          [response['id'], response.dig('sources', 'data').first&.dig('id')].join('|')
+        elsif method == :post && (url.match(/customers\/.*\/cards/) || url.match(/payment_methods\/.*\/attach/))
           [response['customer'], response['id']].join('|')
         else
           response['id']