activemerchant 1.44.1 → 1.45.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: eca92a2d6a93b9c3de6bcacaf0ca4ff928826124
-  data.tar.gz: 24ed6b72ce5bed57175e5b23808e3471ed3a15f0
+  metadata.gz: 705744a332bbe4db27dc6e0dbbefd63712e94c28
+  data.tar.gz: 452924bd903988716baa84b34969a9248abb6480
 SHA512:
-  metadata.gz: 9a51d9b4a6a140298e8c1af1952f5b2c8f320b4f722510c3c57e8fa43887335ba9e53c6a80a00e086e718dc9f1872459331d478dd5c3a5e961012d802733ff46
-  data.tar.gz: 21f734179dede5a752de2f42d6d9f1269b66f8d2274abdde3486345ad2740999f4e1414b266a247958f3909bb7573054402c578000f3c7a4e920f07d3534ffc4
+  metadata.gz: bea4d6dd57b28e0e6b852e05630ace0b08d51e6d3403f5754ba060b8651842ab26871e601833e966b293d2d3d28cc49a52aa6b54352b7fd774c4cb324c84d1fa
+  data.tar.gz: 11dab3ab3cb2b85a54b31283f2127c6adfe0f1e2dbcdeb73a40e9d2096d45fa258474845f62ee73d6a6ecb6564bd04974941b85c2450cb403773bc739c41d3fa

checksums.yaml.gz.sig

@@ -1,3 +1 @@
-[h�bu0�Jo��F�������ԴU�O��T�}�G&C����x�F�Y�hG�a�0
->�7�IE�;���2G2U���=+I��1'��;����p�@��t
-Tw�ц!�nQ9He���2��u�]3.�������-yR�t�L	�據0�rvJ�0���˗�=�+��4ІgqKA��ࢂ�	Y��2PKK�[�����!M���׺O;�����l�7yP\��{P�9���?vW�4$Wq��o��j%
+��j#D>j(QV
r�B��<���N�ז���zV�&��ҴL�C�N��O�,��+�"G�&�j*��R�|���c�L�i�3�t��Is�K[���������sz>����Շ���Tk�w�%��/�J`ą���Ճ&<����.�)i�m�6�r�^5��~/��8q�D<If ���͈��

��p��iL�}Iٺ_x5e�*8��>>���w*�^h�G\A#���g����9�);T	Z+i

data/CHANGELOG

@@ -1,5 +1,53 @@
 = ActiveMerchant CHANGELOG
 
+== Version 1.45.0 (December 1, 2014)
+
+* HPS: Always pass CardHolderData element [SecureSubmit, ntalbott]
+* PayJunction: Include 'track' parameter if provided [hron]
+* WebPay: Fix API calls [tomykaira]
+* Moneris US: Add store, unstore, and update [AntoineInsa]
+* Moneris US: Add CVV and AVS [AntoineInsa]
+* Stripe: Add support for statement_description [markabe]
+* CASHNet: Add support for fname and lname [markabe]
+* Orbital: Fix customer profile auth/purchase [denis]
+* Payex: Fix expiry month to allow 4 digit year [duff]
+* Cashnet: Allow overriding custcode [hoenth]
+* Cashnet: Fix overridding item_code per transaction [ntalbott]
+* Add Checkout.com gateway [ravish-ramrakha-cko]
+* HPS: Add verify support [SecureSubmit]
+* Add Bank Frick gateway [varyonic]
+* Add Global Transport gateway [duff]
+* iATS: Add #store and #unstore [duff]
+* Authorize.Net: Fix amount formatting [ntalbott]
+* Authorize.Net: Truncate order_id to 20 characters [ntalbott]
+* Authorize.Net: Truncate more fields [duff]
+* Authorize.Net: Truncate invoiceNumber [ntalbott]
+* Adyen: Add support for verify operation [duff]
+* USAePay: Add track_data support [louiskearns]
+* Payex: Use the right url for the purchase call [duff]
+* Braintree: Allow dynamic descriptors [duff]
+* Openpay: Add support for device session id [guillermo-delucio, ismaelem]
+* Redsys: Add support for verify [duff]
+* Redsys: Handle unknown currencies [duff]
+* Stripe: Make #unstore signature consistent [duff]
+* Remove defunct Samurai gateway [ntalbott]
+* eWay Rapid: Tweak authorization support [duff]
+* Litle: Add support for dynamic descriptors [duff]
+* Add TNS gateway [markabe]
+* TNS: Update countries and supported card types [markabe]
+* Conekta: Add AMEX as a supported card type [MauricioMurga]
+* Checkout: pass through currency type [markabe]
+* Bogus: return standard error codes [jpcaissy]
+* Add PaymentToken and ApplePayPaymentToken objects for token-based transactions [bizla]
+* Authorize.Net: Add ApplePay in-app transaction support [bizla]
+* Stripe: Add ApplePay in-app transaction support [bizla]
+* eWAY Rapid: Add PartnerID param [j-mutter]
+* GlobalTransport: Truncate order_id [duff]
+* Redsys: Allow a description to be specified [duff]
+* NetworkMerchants: Fix currency [j-mutter]
+* Redsys: Improve handling of order_id [duff]
+* Checkout: Add support for void, refund, and verify [markabe]
+
 == Version 1.44.1 (Aug 28, 2014)
 
 * Allow SSLv3 for PsiGate [mutemule]

data/CONTRIBUTORS

@@ -497,3 +497,15 @@ Commercegate (June 2014)
 Worldpay US (August 2014)
 
 * Mark Bennett (markabe)
+
+Checkout.com (September 2014)
+
+* (ravish-ramrakha-cko)
+
+Bank Frick (September 2014)
+
+* Piers Chambers (varyonic)
+
+Global Transport (September 2014)
+
+* Duff O'Melia (duff)

data/README.md

@@ -87,6 +87,7 @@ The [ActiveMerchant Wiki](http://github.com/Shopify/active_merchant/wikis) conta
 * [Authorize.Net CIM](http://www.authorize.net/) - US
 * [Authorize.Net](http://www.authorize.net/) - AD, AT, AU, BE, BG, CA, CH, CY, CZ, DE, DK, ES, FI, FR, GB, GB, GI, GR, HU, IE, IT, LI, LU, MC, MT, NL, NO, PL, PT, RO, SE, SI, SK, SM, TR, US, VA
 * [Balanced](https://www.balancedpayments.com/) - US
+* [Bank Frick](http://www.bankfrickacquiring.com/) - LI, US
 * [Banwire](http://www.banwire.com/) - MX
 * [Barclays ePDQ Extra Plus](http://www.barclaycard.co.uk/business/accepting-payments/epdq-ecomm/) - GB
 * [Barclays ePDQ MPI](http://www.barclaycard.co.uk/business/accepting-payments/epdq-mpi/) - GB
@@ -101,6 +102,7 @@ The [ActiveMerchant Wiki](http://github.com/Shopify/active_merchant/wikis) conta
 * [Cashnet](http://www.higherone.com/) - US
 * [Cecabank](http://www.ceca.es/es/) - ES
 * [CertoDirect](http://www.certodirect.com/) - BE, BG, CZ, DK, DE, EE, IE, EL, ES, FR, IT, CY, LV, LT, LU, HU, MT, NL, AT, PL, PT, RO, SI, SK, FI, SE, GB
+* [Checkout.com](https://www.checkout.com/) - AT, BE, BG, CY, CZ, DE, DK, EE, ES, FI, FR, GR, HR, HU, IE, IS, IT, LI, LT, LU, LV, MT, MU, NL, NO, PL, PT, RO, SE, SI, SK, US
 * [Commercegate](http://www.commercegate.com/) - AD, AT, AX, BE, BG, CH, CY, CZ, DE, DK, ES, FI, FR, GB, GG, GI, GR, HR, HU, IE, IM, IS, IT, JE, LI, LT, LU, LV, MC, MT, NL, NO, PL, PT, RO, SE, SI, SK, VA
 * [Conekta](https://conekta.io) - MX
 * [CyberSource](http://www.cybersource.com) - US, BR, CA, CN, DK, FI, FR, DE, JP, MX, NO, SE, GB, SG
@@ -119,6 +121,7 @@ The [ActiveMerchant Wiki](http://github.com/Shopify/active_merchant/wikis) conta
 * [FirstData Global Gateway e4](http://www.firstdata.com) - CA, US
 * [FirstGiving](http://www.firstgiving.com/) - US
 * [Garanti Sanal POS](https://sanalposweb.garanti.com.tr) - US, TR
+* [Global Transport](https://www.globalpaymentsinc.com) - CA, PR, US
 * [HDFC](http://www.hdfcbank.com/sme/sme-details/merchant-services/guzh6m0i) - IN
 * [Heartland Payment Systems](http://developer.heartlandpaymentsystems.com/SecureSubmit/) - US
 * [iATS Payments](http://home.iatspayments.com/) - AU, BR, CA, CH, DE, DK, ES, FI, FR, GR, HK, IE, IT, NL, NO, PT, SE, SG, TR, UK, US
@@ -169,7 +172,7 @@ The [ActiveMerchant Wiki](http://github.com/Shopify/active_merchant/wikis) conta
 * [Payscout](http://www.payscout.com/) - US
 * [Paystation](http://paystation.co.nz) - NZ
 * [Pay Way](http://www.payway.com.au) - AU
-* [Pin](http://www.pin.net.au/) - AU
+* [Pin Payments](http://www.pin.net.au/) - AU
 * [Plug'n Pay](http://www.plugnpay.com/) - US
 * [Psigate](http://www.psigate.com/) - CA
 * [PSL Payment Solutions](http://www.paymentsolutionsltd.com/) - GB
@@ -182,7 +185,6 @@ The [ActiveMerchant Wiki](http://github.com/Shopify/active_merchant/wikis) conta
 * [SagePay](http://www.sagepay.com) - GB, IE
 * [Sage Payment Solutions](http://www.sagepayments.com) - US, CA
 * [Sallie Mae](http://www.salliemae.com/) - US
-* [Samurai](https://samurai.feefighters.com) - US
 * [SecureNet](http://www.securenet.com/) - US
 * [SecurePay](http://www.securepay.com/) - US, CA, GB, AU
 * [SecurePayTech](http://www.securepaytech.com/) - NZ
@@ -192,6 +194,7 @@ The [ActiveMerchant Wiki](http://github.com/Shopify/active_merchant/wikis) conta
 * [Stripe](https://stripe.com/) - AU, BE, CA, CH, DE, ES, FI, FR, GB, IE, IT, LU, NL, US
 * [Swipe](https://www.swipehq.com/checkout) - CA, NZ
 * [TransFirst](http://www.transfirst.com/) - US
+* [TNS](http://www.tnsi.com/) - AR, AU, BR, FR, DE, HK, MX, NZ, SG, GB, US
 * [NELiX TransaX](https://www.nelixtransax.com/) - US
 * [Transnational](http://www.tnbci.com/) - US
 * [TrustCommerce](http://www.trustcommerce.com/) - US
@@ -205,14 +208,21 @@ The [ActiveMerchant Wiki](http://github.com/Shopify/active_merchant/wikis) conta
 * [Worldpay](http://www.worldpay.com/) - HK, US, GB, AU, AD, BE, CH, CY, CZ, DE, DK, ES, FI, FR, GI, GR, HU, IE, IL, IT, LI, LU, MC, MT, NL, NO, NZ, PL, PT, SE, SG, SI, SM, TR, UM, VA
 * [Worldpay US](http://www.worldpay.com/us) - US
 
-## Contributing
+## Deprecation Policy
 
-The source code is hosted at [GitHub](http://github.com/Shopify/active_merchant), and can be fetched using:
+Deprecated functionality is removed on major version changes - for example, deprecations from 2.x are removed in 3.x.
 
-    git clone git://github.com/Shopify/active_merchant.git
+## Contributing
+
+1. [Fork it](http://github.com/Shopify/active_merchant/fork) and clone your new repo
+2. Create a branch (`git checkout -b my_awesome_feature`)
+3. Commit your changes (`git add my/awesome/file.rb; git commit -m "Added my awesome feature"`)
+4. Push your changes to your fork (`git push origin my_awesome_feature`)
+5. Open a [Pull Request](https://github.com/shopify/active_merchant/pulls)
 
 Please see the [ActiveMerchant Guide to Contributing](http://github.com/Shopify/active_merchant/wikis/contributing) for
 information on adding a new gateway to ActiveMerchant.
 
 Please don't touch the CHANGELOG in your pull requests, we'll add the appropriate CHANGELOG entries
 at release time.
+

data/lib/active_merchant/billing.rb

@@ -7,5 +7,7 @@ require 'active_merchant/billing/credit_card_formatting'
 require 'active_merchant/billing/credit_card'
 require 'active_merchant/billing/base'
 require 'active_merchant/billing/check'
+require 'active_merchant/billing/payment_token'
+require 'active_merchant/billing/apple_pay_payment_token'
 require 'active_merchant/billing/response'
 require 'active_merchant/billing/gateways'

data/lib/active_merchant/billing/apple_pay_payment_token.rb

@@ -0,0 +1,22 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class ApplePayPaymentToken < PaymentToken
+      # This is a representation of the token object specified here:
+      # https://developer.apple.com/library/ios/documentation/PassKit/Reference/PKPaymentToken_Ref/
+      # https://developer.apple.com/library/IOs//documentation/PassKit/Reference/PaymentTokenJSON/PaymentTokenJSON.html
+
+      attr_reader :payment_instrument_name, :payment_network
+      attr_accessor :transaction_identifier
+
+      def initialize(payment_data, options = {})
+        super
+        @payment_instrument_name = @metadata[:payment_instrument_name]
+        @payment_network = @metadata[:payment_network]
+      end
+
+      def type
+        'apple_pay'
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/gateway.rb

@@ -58,9 +58,40 @@ module ActiveMerchant #:nodoc:
 
       DEBIT_CARDS = [ :switch, :solo ]
       CURRENCIES_WITHOUT_FRACTIONS = [ 'BIF', 'BYR', 'CLP', 'CVE', 'DJF', 'GNF', 'HUF', 'ISK', 'JPY', 'KMF', 'KRW', 'PYG', 'RWF', 'TWD', 'UGX', 'VND', 'VUV', 'XAF', 'XOF', 'XPF' ]
+
       CREDIT_DEPRECATION_MESSAGE = "Support for using credit to refund existing transactions is deprecated and will be removed from a future release of ActiveMerchant. Please use the refund method instead."
       RECURRING_DEPRECATION_MESSAGE = "Recurring functionality in ActiveMerchant is deprecated and will be removed in a future version. Please contact the ActiveMerchant maintainers if you have an interest in taking ownership of a separate gem that continues support for it."
 
+      # == Standardized Error Codes
+      #
+      # :incorrect_number - Card number does not comply with ISO/IEC 7812 numbering standard
+      # :invalid_number - Card number was not matched by processor
+      # :invalid_expiry_date - Expiry date deos not match correct formatting
+      # :invalid_cvc - Security codes does not match correct format (3-4 digits)
+      # :expired_card - Card number is expired
+      # :incorrect_cvc - Secerity code was not matched by the processor
+      # :incorrect_zip - Zip code is not in correct format
+      # :incorrect_address - Billing address info was not matched by the processor
+      # :card_declined - Card number declined by processor
+      # :processing_error - Processor error
+      # :call_issuer - Transaction requires voice authentication, call issuer
+      # :pickup_card - Issuer requests that you pickup the card from merchant
+
+      STANDARD_ERROR_CODE = {
+        :incorrect_number => 'incorrect_number',
+        :invalid_number => 'invalid_number',
+        :invalid_expiry_date => 'invalid_expiry_date',
+        :invalid_cvc => 'invalid_cvc',
+        :expired_card => 'expired_card',
+        :incorrect_cvc => 'incorrect_cvc',
+        :incorrect_zip => 'incorrect_zip',
+        :incorrect_address => 'incorrect_address',
+        :card_declined => 'card_declined',
+        :processing_error => 'processing_error',
+        :call_issuer => 'call_issuer',
+        :pickup_card => 'pick_up_card'
+      }
+
       cattr_reader :implementations
       @@implementations = []
 
@@ -112,6 +143,10 @@ module ActiveMerchant #:nodoc:
         result.to_s.downcase
       end
 
+      def self.non_fractional_currency?(currency)
+        CURRENCIES_WITHOUT_FRACTIONS.include?(currency.to_s)
+      end
+
       def self.supported_countries=(country_codes)
         country_codes.each do |country_code|
           unless ActiveMerchant::Country.find(country_code)
@@ -197,7 +232,7 @@ module ActiveMerchant #:nodoc:
       def localized_amount(money, currency)
         amount = amount(money)
 
-        return amount unless non_fractional_currency?(currency)
+        return amount unless Gateway.non_fractional_currency?(currency)
 
         if self.money_format == :cents
           sprintf("%.0f", amount.to_f / 100)
@@ -206,9 +241,6 @@ module ActiveMerchant #:nodoc:
         end
       end
 
-      def non_fractional_currency?(currency)
-        CURRENCIES_WITHOUT_FRACTIONS.include?(currency.to_s)
-      end
 
       def currency(money)
         money.respond_to?(:currency) ? money.currency : self.default_currency

data/lib/active_merchant/billing/gateways/adyen.rb

@@ -51,7 +51,7 @@ module ActiveMerchant #:nodoc:
         post = {}
         post[:modificationRequest] = modification_request(authorization, options)
         post[:modificationRequest][:modificationAmount] = amount_hash(money, options[:currency])
-        
+
         commit('Payment.capture', post)
       end
 
@@ -61,7 +61,7 @@ module ActiveMerchant #:nodoc:
         post = {}
         post[:modificationRequest] = modification_request(authorization, options)
         post[:modificationRequest][:modificationAmount] = amount_hash(money, options[:currency])
-        
+
         commit('Payment.refund', post)
       end
 
@@ -74,6 +74,10 @@ module ActiveMerchant #:nodoc:
         commit('Payment.cancel', post)
       end
 
+      def verify(creditcard, options = {})
+        authorize(0, creditcard, options)
+      end
+
       private
 
       def commit(action, post)

data/lib/active_merchant/billing/gateways/authorize_net.rb

@@ -1,162 +1,114 @@
+require 'nokogiri'
+
 module ActiveMerchant #:nodoc:
   module Billing #:nodoc:
-    # For more information on the Authorize.Net Gateway please visit their {Integration Center}[http://developer.authorize.net/]
-    #
-    # The login and password are not the username and password you use to
-    # login to the Authorize.Net Merchant Interface. Instead, you will
-    # use the API Login ID as the login and Transaction Key as the
-    # password.
-    #
-    # ==== How to Get Your API Login ID and Transaction Key
-    #
-    # 1. Log into the Merchant Interface
-    # 2. Select Settings from the Main Menu
-    # 3. Click on API Login ID and Transaction Key in the Security section
-    # 4. Type in the answer to the secret question configured on setup
-    # 5. Click Submit
-    #
     class AuthorizeNetGateway < Gateway
-      API_VERSION = '3.1'
-
-      self.test_url = "https://test.authorize.net/gateway/transact.dll"
-      self.live_url = "https://secure.authorize.net/gateway/transact.dll"
-
-      class_attribute :duplicate_window
-
-      APPROVED, DECLINED, ERROR, FRAUD_REVIEW = 1, 2, 3, 4
+      include Empty
 
-      RESPONSE_CODE, RESPONSE_REASON_CODE, RESPONSE_REASON_TEXT, AUTHORIZATION_CODE = 0, 2, 3, 4
-      AVS_RESULT_CODE, TRANSACTION_ID, CARD_CODE_RESPONSE_CODE, CARDHOLDER_AUTH_CODE  = 5, 6, 38, 39
-
-      self.default_currency = 'USD'
+      self.test_url = 'https://apitest.authorize.net/xml/v1/request.api'
+      self.live_url = 'https://api.authorize.net/xml/v1/request.api'
 
       self.supported_countries = %w(AD AT AU BE BG CA CH CY CZ DE DK ES FI FR GB GB GI GR HU IE IT LI LU MC MT NL NO PL PT RO SE SI SK SM TR US VA)
+      self.default_currency = 'USD'
+      self.money_format = :dollars
       self.supported_cardtypes = [:visa, :master, :american_express, :discover, :diners_club, :jcb, :maestro]
+
       self.homepage_url = 'http://www.authorize.net/'
       self.display_name = 'Authorize.Net'
 
-      CARD_CODE_ERRORS = %w( N S )
-      AVS_ERRORS = %w( A E N R W Z )
-      AVS_REASON_CODES = %w(27 45)
+      class_attribute :duplicate_window
+
+      APPROVED, DECLINED, ERROR, FRAUD_REVIEW = 1, 2, 3, 4
       TRANSACTION_ALREADY_ACTIONED = %w(310 311)
 
-      # Creates a new AuthorizeNetGateway
-      #
-      # The gateway requires that a valid login and password be passed
-      # in the +options+ hash.
-      #
-      # ==== Options
-      #
-      # * <tt>:login</tt> -- The Authorize.Net API Login ID (REQUIRED)
-      # * <tt>:password</tt> -- The Authorize.Net Transaction Key. (REQUIRED)
-      # * <tt>:test</tt> -- +true+ or +false+. If true, perform transactions against the test server.
-      #   Otherwise, perform transactions against the production server.
-      def initialize(options = {})
+      CARD_CODE_ERRORS = %w(N S)
+      AVS_ERRORS = %w(A E N R W Z)
+      AVS_REASON_CODES = %w(27 45)
+
+      TRACKS = {
+          1 => /^%(?<format_code>.)(?<pan>[\d]{1,19}+)\^(?<name>.{2,26})\^(?<expiration>[\d]{0,4}|\^)(?<service_code>[\d]{0,3}|\^)(?<discretionary_data>.*)\?\Z/,
+          2 => /\A;(?<pan>[\d]{1,19}+)=(?<expiration>[\d]{0,4}|=)(?<service_code>[\d]{0,3}|=)(?<discretionary_data>.*)\?\Z/
+      }.freeze
+
+      APPLE_PAY_DATA_DESCRIPTOR = "COMMON.APPLE.INAPP.PAYMENT"
+
+      def initialize(options={})
         requires!(options, :login, :password)
         super
       end
 
-      # Performs an authorization, which reserves the funds on the customer's credit card, but does not
-      # charge the card.
-      #
-      # ==== Parameters
-      #
-      # * <tt>money</tt> -- The amount to be authorized as an Integer value in cents.
-      # * <tt>paysource</tt> -- The CreditCard or Check details for the transaction.
-      # * <tt>options</tt> -- A hash of optional parameters.
-      def authorize(money, paysource, options = {})
-        post = {}
-        add_currency_code(post, money, options)
-        add_invoice(post, options)
-        add_payment_source(post, paysource, options)
-        add_address(post, options)
-        add_customer_data(post, options)
-        add_duplicate_window(post)
-
-        commit('AUTH_ONLY', money, post)
-      end
-
-      # Perform a purchase, which is essentially an authorization and capture in a single operation.
-      #
-      # ==== Parameters
-      #
-      # * <tt>money</tt> -- The amount to be purchased as an Integer value in cents.
-      # * <tt>paysource</tt> -- The CreditCard or Check details for the transaction.
-      # * <tt>options</tt> -- A hash of optional parameters.
-      def purchase(money, paysource, options = {})
-        post = {}
-        add_currency_code(post, money, options)
-        add_invoice(post, options)
-        add_payment_source(post, paysource, options)
-        add_address(post, options)
-        add_customer_data(post, options)
-        add_duplicate_window(post)
-
-        commit('AUTH_CAPTURE', money, post)
+      def purchase(amount, payment, options = {})
+        commit("AUTH_CAPTURE") do |xml|
+          add_order_id(xml, options)
+          xml.transactionRequest do
+            xml.transactionType 'authCaptureTransaction'
+            xml.amount amount(amount)
+            add_payment_source(xml, payment)
+            add_invoice(xml, options)
+            add_customer_data(xml, payment, options)
+            add_retail_data(xml, payment)
+            add_settings(xml, payment, options)
+            add_user_fields(xml, amount, options)
+          end
+        end
       end
 
-      # Captures the funds from an authorized transaction.
-      #
-      # ==== Parameters
-      #
-      # * <tt>money</tt> -- The amount to be captured as an Integer value in cents.
-      # * <tt>authorization</tt> -- The authorization returned from the previous authorize request.
-      def capture(money, authorization, options = {})
-        post = {:trans_id => authorization}
-        add_customer_data(post, options)
-        add_invoice(post, options)
-        commit('PRIOR_AUTH_CAPTURE', money, post)
+      def authorize(amount, payment, options={})
+        commit("AUTH_ONLY") do |xml|
+          add_order_id(xml, options)
+          xml.transactionRequest do
+            xml.transactionType 'authOnlyTransaction'
+            xml.amount amount(amount)
+            add_payment_source(xml, payment)
+            add_invoice(xml, options)
+            add_customer_data(xml, payment, options)
+            add_settings(xml, payment, options)
+            add_user_fields(xml, amount, options)
+          end
+        end
       end
 
-      # Void a previous transaction
-      #
-      # ==== Parameters
-      #
-      # * <tt>authorization</tt> - The authorization returned from the previous authorize request.
-      def void(authorization, options = {})
-        post = {:trans_id => authorization}
-        add_duplicate_window(post)
-        commit('VOID', nil, post)
+      def capture(amount, authorization, options={})
+        commit("PRIOR_AUTH_CAPTURE") do |xml|
+          add_order_id(xml, options)
+          xml.transactionRequest do
+            xml.transactionType 'priorAuthCaptureTransaction'
+            xml.amount amount(amount)
+            xml.refTransId split_authorization(authorization)[0]
+            add_invoice(xml, options)
+            add_user_fields(xml, amount, options)
+          end
+        end
       end
 
-      # Refund a transaction.
-      #
-      # This transaction indicates to the gateway that
-      # money should flow from the merchant to the customer.
-      #
-      # ==== Parameters
-      #
-      # * <tt>money</tt> -- The amount to be credited to the customer as an Integer value in cents.
-      # * <tt>identification</tt> -- The ID of the original transaction against which the refund is being issued.
-      # * <tt>options</tt> -- A hash of parameters.
-      #
-      # ==== Options
-      #
-      # * <tt>:card_number</tt> -- The credit card number the refund is being issued to. (REQUIRED)
-      #   You can either pass the last four digits of the card number or the full card number.
-      # * <tt>:first_name</tt> -- The first name of the account being refunded.
-      # * <tt>:last_name</tt> -- The last name of the account being refunded.
-      # * <tt>:zip</tt> -- The postal code of the account being refunded.
-      def refund(money, identification, options = {})
-        requires!(options, :card_number)
-
-        post = { :trans_id => identification,
-                 :card_num => options[:card_number]
-               }
-
-        post[:first_name] = options[:first_name] if options[:first_name]
-        post[:last_name] = options[:last_name] if options[:last_name]
-        post[:zip] = options[:zip] if options[:zip]
-
-        add_invoice(post, options)
-        add_duplicate_window(post)
-
-        commit('CREDIT', money, post)
+      def refund(amount, authorization, options={})
+        transaction_id, card_number = split_authorization(authorization)
+        commit("CREDIT") do |xml|
+          xml.transactionRequest do
+            xml.transactionType 'refundTransaction'
+            xml.amount (amount.nil? ? 0 : amount(amount))
+            xml.payment do
+              xml.creditCard do
+                xml.cardNumber(card_number || options[:card_number])
+                xml.expirationDate 'XXXX'
+              end
+            end
+            xml.refTransId transaction_id
+            add_customer_data(xml, nil, options)
+            add_user_fields(xml, amount, options)
+          end
+        end
       end
 
-      def credit(money, identification, options = {})
-        ActiveMerchant.deprecated CREDIT_DEPRECATION_MESSAGE
-        refund(money, identification, options)
+      def void(authorization, options={})
+        commit("VOID") do |xml|
+          add_order_id(xml, options)
+          xml.transactionRequest do
+            xml.transactionType 'voidTransaction'
+            xml.refTransId split_authorization(authorization)[0]
+            add_user_fields(xml, nil, options)
+          end
+        end
       end
 
       def verify(credit_card, options = {})
@@ -168,175 +120,300 @@ module ActiveMerchant #:nodoc:
 
       private
 
-      def commit(action, money, parameters)
-        parameters[:amount] = amount(money) unless action == 'VOID'
+      def add_payment_source(xml, source)
+        return unless source
+        if card_brand(source) == 'check'
+          add_check(xml, source)
+        elsif card_brand(source) == 'apple_pay'
+          add_apple_pay_payment_token(xml, source)
+        else
+          add_credit_card(xml, source)
+        end
+      end
 
-        url = test? ? self.test_url : self.live_url
-        data = ssl_post url, post_data(action, parameters)
+      def add_settings(xml, source, options)
+        xml.transactionSettings do
+          if(card_brand(source) == "check" && options[:recurring])
+            xml.setting do
+              xml.settingName "recurringBilling"
+              xml.settingValue "true"
+            end
+          end
+          if(self.class.duplicate_window)
+            xml.setting do
+              xml.settingName "duplicateWindow"
+              xml.settingValue self.class.duplicate_window
+            end
+          end
+        end
+      end
 
-        response          = parse(data)
-        response[:action] = action
+      def add_user_fields(xml, amount, options)
+        xml.userFields do
+          if(currency = (options[:currency] || currency(amount)))
+            xml.userField do
+              xml.name "x_currency_code"
+              xml.value currency
+            end
+          end
+          if(application_id.present? && application_id != "ActiveMerchant")
+            xml.userField do
+              xml.name "x_solution_id"
+              xml.value application_id
+            end
+          end
+        end
+      end
 
-        message = message_from(response)
+      def add_credit_card(xml, credit_card)
+        if credit_card.track_data
+          add_swipe_data(xml, credit_card)
+        else
+          xml.payment do
+            xml.creditCard do
+              xml.cardNumber credit_card.number
+              xml.expirationDate (format(credit_card.month, :two_digits) + '/' + format(credit_card.year, :four_digits))
+              unless empty?(credit_card.verification_value)
+                xml.cardCode credit_card.verification_value
+              end
+            end
+          end
+        end
+      end
 
-        Response.new(success?(response), message, response,
-          :test => test?,
-          :authorization => response[:transaction_id],
-          :fraud_review => fraud_review?(response),
-          :avs_result => { :code => response[:avs_result_code] },
-          :cvv_result => response[:card_code]
-        )
+      def add_swipe_data(xml, credit_card)
+        TRACKS.each do |key, regex|
+          if regex.match(credit_card.track_data)
+            @valid_track_data = true
+            xml.payment do
+              xml.trackData do
+                xml.public_send(:"track#{key}", credit_card.track_data)
+              end
+            end
+          end
+        end
       end
 
-      def success?(response)
-        response[:response_code] == APPROVED && TRANSACTION_ALREADY_ACTIONED.exclude?(response[:response_reason_code])
+      # http://developer.authorize.net/api/reference/#apple-pay-transactions
+      def add_apple_pay_payment_token(xml, apple_pay_payment_token)
+        xml.payment do
+          xml.opaqueData do
+            xml.dataDescriptor APPLE_PAY_DATA_DESCRIPTOR
+            xml.dataValue Base64.strict_encode64(apple_pay_payment_token.payment_data.to_json)
+          end
+        end
       end
 
-      def fraud_review?(response)
-        response[:response_code] == FRAUD_REVIEW
+      def add_retail_data(xml, payment)
+        return unless valid_track_data
+        xml.retail do
+          # As per http://www.authorize.net/support/CP_guide.pdf, '2' is for Retail, the only current market_type
+          xml.marketType 2
+        end
       end
 
-      def parse(body)
-        fields = split(body)
-
-        results = {
-          :response_code => fields[RESPONSE_CODE].to_i,
-          :response_reason_code => fields[RESPONSE_REASON_CODE],
-          :response_reason_text => fields[RESPONSE_REASON_TEXT],
-          :avs_result_code => fields[AVS_RESULT_CODE],
-          :transaction_id => fields[TRANSACTION_ID],
-          :card_code => fields[CARD_CODE_RESPONSE_CODE],
-          :authorization_code => fields[AUTHORIZATION_CODE],
-          :cardholder_authentication_code => fields[CARDHOLDER_AUTH_CODE]
-        }
-        results
+      def valid_track_data
+        @valid_track_data ||= false
       end
 
-      def post_data(action, parameters = {})
-        post = {}
-
-        post[:version]        = API_VERSION
-        post[:login]          = @options[:login]
-        post[:tran_key]       = @options[:password]
-        post[:relay_response] = "FALSE"
-        post[:type]           = action
-        post[:delim_data]     = "TRUE"
-        post[:delim_char]     = ","
-        post[:encap_char]     = "$"
-        post[:solution_ID]    = application_id if application_id.present? && application_id != "ActiveMerchant"
-
-        request = post.merge(parameters).collect { |key, value| "x_#{key}=#{CGI.escape(value.to_s)}" }.join("&")
-        request
+      def add_check(xml, check)
+        xml.payment do
+          xml.bankAccount do
+            xml.routingNumber check.routing_number
+            xml.accountNumber check.account_number
+            xml.nameOnAccount check.name
+            xml.echeckType "WEB"
+            xml.bankName check.bank_name
+            xml.checkNumber check.number
+          end
+        end
       end
 
-      def add_currency_code(post, money, options)
-        post[:currency_code] = options[:currency] || currency(money)
+      def add_customer_data(xml, payment_source, options)
+        billing_address = options[:billing_address] || options[:address] || {}
+        shipping_address = options[:shipping_address] || options[:address] || {}
+
+        xml.customer do
+          xml.id(options[:customer]) unless empty?(options[:customer]) || options[:customer] !~ /^\d+$/
+          xml.email(options[:email]) unless empty?(options[:email])
+        end
+
+        xml.billTo do
+          first_name, last_name = names_from(payment_source, billing_address, options)
+          xml.firstName(truncate(first_name, 50)) unless empty?(first_name)
+          xml.lastName(truncate(last_name, 50)) unless empty?(last_name)
+
+          xml.company(truncate(billing_address[:company], 50)) unless empty?(billing_address[:company])
+          xml.address(truncate(billing_address[:address1], 60))
+          xml.city(truncate(billing_address[:city], 40))
+          xml.state(empty?(billing_address[:state]) ? 'n/a' : truncate(billing_address[:state], 40))
+          xml.zip(truncate((billing_address[:zip] || options[:zip]), 20))
+          xml.country(truncate(billing_address[:country], 60))
+          xml.phoneNumber(truncate(billing_address[:phone], 25)) unless empty?(billing_address[:phone])
+          xml.faxNumber(truncate(billing_address[:fax], 25)) unless empty?(billing_address[:fax])
+        end
+
+        unless shipping_address.blank?
+          xml.shipTo do
+            first_name, last_name = names_from(payment_source, shipping_address, options)
+            xml.firstName(truncate(first_name, 50)) unless empty?(first_name)
+            xml.lastName(truncate(last_name, 50)) unless empty?(last_name)
+
+            xml.company(truncate(shipping_address[:company], 50)) unless empty?(shipping_address[:company])
+            xml.address(truncate(shipping_address[:address1], 60))
+            xml.city(truncate(shipping_address[:city], 40))
+            xml.state(truncate(shipping_address[:state], 40))
+            xml.zip(truncate(shipping_address[:zip], 20))
+            xml.country(truncate(shipping_address[:country], 60))
+          end
+        end
+
+        xml.customerIP(options[:ip]) unless empty?(options[:ip])
+
+        xml.cardholderAuthentication do
+          xml.authenticationIndicator options[:authentication_indicator]
+          xml.cardholderAuthenticationValue options[:cardholder_authentication_value]
+        end
       end
 
-      def add_invoice(post, options)
-        post[:invoice_num] = options[:order_id]
-        post[:description] = options[:description]
+      def add_order_id(xml, options)
+        xml.refId truncate(options[:order_id], 20)
       end
 
-      def add_creditcard(post, creditcard, options={})
-        post[:card_num]   = creditcard.number
-        post[:card_code]  = creditcard.verification_value if creditcard.verification_value?
-        post[:exp_date]   = expdate(creditcard)
-        post[:first_name] = creditcard.first_name
-        post[:last_name]  = creditcard.last_name
+      def add_invoice(xml, options)
+        xml.order do
+          xml.invoiceNumber truncate(options[:order_id], 20)
+          xml.description truncate(options[:description], 255)
+        end
       end
 
-      def add_payment_source(params, source, options={})
-        if card_brand(source) == "check"
-          add_check(params, source, options)
+      def names_from(payment_source, address, options)
+        if payment_source && !payment_source.is_a?(PaymentToken)
+          first_name, last_name = (address[:name] || "").split
+          [(payment_source.first_name || first_name), (payment_source.last_name || last_name)]
         else
-          add_creditcard(params, source, options)
+          [options[:first_name], options[:last_name]]
         end
       end
 
-      def add_check(post, check, options)
-        post[:method] = "ECHECK"
-        post[:bank_name] = check.bank_name
-        post[:bank_aba_code] = check.routing_number
-        post[:bank_acct_num] = check.account_number
-        post[:bank_acct_type] = check.account_type
-        post[:echeck_type] = "WEB"
-        post[:bank_acct_name] = check.name
-        post[:bank_check_number] = check.number if check.number.present?
-        post[:recurring_billing] = (options[:recurring] ? "TRUE" : "FALSE")
+      def commit(action, &payload)
+        url = (test? ? test_url : live_url)
+        response = parse(action, ssl_post(url, post_data(&payload), 'Content-Type' => 'text/xml'))
+
+        avs_result = AVSResult.new(code: response[:avs_result_code])
+        cvv_result = CVVResult.new(response[:card_code])
+        Response.new(
+          success_from(response),
+          message_from(response, avs_result, cvv_result),
+          response,
+          authorization: authorization_from(response),
+          test: test?,
+          avs_result: avs_result,
+          cvv_result: cvv_result,
+          fraud_review: fraud_review?(response)
+        )
       end
 
-      def add_customer_data(post, options)
-        if options.has_key? :email
-          post[:email] = options[:email]
-          post[:email_customer] = false
-        end
+      def post_data
+        Nokogiri::XML::Builder.new do |xml|
+          xml.createTransactionRequest('xmlns' => 'AnetApi/xml/v1/schema/AnetApiSchema.xsd') do
+            xml.merchantAuthentication do
+              xml.name @options[:login]
+              xml.transactionKey @options[:password]
+            end
+            yield(xml)
+          end
+        end.to_xml(indent: 0)
+      end
 
-        if options.has_key? :customer
-          post[:cust_id] = options[:customer] if Float(options[:customer]) rescue nil
+      def parse(action, body)
+        doc = Nokogiri::XML(body)
+        doc.remove_namespaces!
+
+        response = {action: action}
+
+        response[:response_code] = if(element = doc.at_xpath("//transactionResponse/responseCode"))
+          (empty?(element.content) ? nil : element.content.to_i)
         end
 
-        if options.has_key? :ip
-          post[:customer_ip] = options[:ip]
+        if(element = doc.at_xpath("//errors/error"))
+          response[:response_reason_code] = element.at_xpath("errorCode").content[/0*(\d+)$/, 1]
+          response[:response_reason_text] = element.at_xpath("errorText").content.chomp('.')
+        elsif(element = doc.at_xpath("//transactionResponse/messages/message"))
+          response[:response_reason_code] = element.at_xpath("code").content[/0*(\d+)$/, 1]
+          response[:response_reason_text] = element.at_xpath("description").content.chomp('.')
+        elsif(element = doc.at_xpath("//messages/message"))
+          response[:response_reason_code] = element.at_xpath("code").content[/0*(\d+)$/, 1]
+          response[:response_reason_text] = element.at_xpath("text").content.chomp('.')
+        else
+          response[:response_reason_code] = nil
+          response[:response_reason_text] = ""
         end
 
-        if options.has_key? :cardholder_authentication_value
-          post[:cardholder_authentication_value] = options[:cardholder_authentication_value]
+        response[:avs_result_code] = if(element = doc.at_xpath("//avsResultCode"))
+          (empty?(element.content) ? nil : element.content)
         end
 
-        if options.has_key? :authentication_indicator
-          post[:authentication_indicator] = options[:authentication_indicator]
+        response[:transaction_id] = if(element = doc.at_xpath("//transId"))
+          (empty?(element.content) ? nil : element.content)
         end
 
-      end
+        response[:card_code] = if(element = doc.at_xpath("//cvvResultCode"))
+          (empty?(element.content) ? nil : element.content)
+        end
 
-      # x_duplicate_window won't be sent by default, because sending it changes the response.
-      # "If this field is present in the request with or without a value, an enhanced duplicate transaction response will be sent."
-      # (as of 2008-12-30) http://www.authorize.net/support/AIM_guide_SCC.pdf
-      def add_duplicate_window(post)
-        unless duplicate_window.nil?
-          post[:duplicate_window] = duplicate_window
+        response[:authorization_code] = if(element = doc.at_xpath("//authCode"))
+          (empty?(element.content) ? nil : element.content)
         end
-      end
 
-      def add_address(post, options)
-        if address = options[:billing_address] || options[:address]
-          post[:address] = address[:address1].to_s
-          post[:company] = address[:company].to_s
-          post[:phone]   = address[:phone].to_s
-          post[:zip]     = address[:zip].to_s
-          post[:city]    = address[:city].to_s
-          post[:country] = address[:country].to_s
-          post[:state]   = address[:state].blank?  ? 'n/a' : address[:state]
+        response[:cardholder_authentication_code] = if(element = doc.at_xpath("//cavvResultCode"))
+          (empty?(element.content) ? nil : element.content)
         end
 
-        if address = options[:shipping_address]
-          post[:ship_to_first_name] = address[:first_name].to_s
-          post[:ship_to_last_name] = address[:last_name].to_s
-          post[:ship_to_address] = address[:address1].to_s
-          post[:ship_to_company] = address[:company].to_s
-          post[:ship_to_phone]   = address[:phone].to_s
-          post[:ship_to_zip]     = address[:zip].to_s
-          post[:ship_to_city]    = address[:city].to_s
-          post[:ship_to_country] = address[:country].to_s
-          post[:ship_to_state]   = address[:state].blank?  ? 'n/a' : address[:state]
+        response[:account_number] = if(element = doc.at_xpath("//accountNumber"))
+          (empty?(element.content) ? nil : element.content[-4..-1])
         end
+
+        response
       end
 
-      def message_from(results)
-        if results[:response_code] == DECLINED
-          return CVVResult.messages[ results[:card_code] ] if CARD_CODE_ERRORS.include?(results[:card_code])
-          if AVS_REASON_CODES.include?(results[:response_reason_code]) && AVS_ERRORS.include?(results[:avs_result_code])
-            return AVSResult.messages[ results[:avs_result_code] ]
+      def success_from(response)
+        (
+          response[:response_code] == APPROVED &&
+          TRANSACTION_ALREADY_ACTIONED.exclude?(response[:response_reason_code])
+        )
+      end
+
+      def message_from(response, avs_result, cvv_result)
+        if response[:response_code] == DECLINED
+          if CARD_CODE_ERRORS.include?(cvv_result.code)
+            return cvv_result.message
+          elsif(AVS_REASON_CODES.include?(response[:response_reason_code]) && AVS_ERRORS.include?(avs_result.code))
+            return avs_result.message
           end
         end
 
-        (results[:response_reason_text] ? results[:response_reason_text].chomp('.') : '')
+        response[:response_reason_text]
+      end
+
+      def authorization_from(response)
+        [response[:transaction_id], response[:account_number]].join("#")
+      end
+
+      def split_authorization(authorization)
+        transaction_id, card_number = authorization.split("#")
+        [transaction_id, card_number]
       end
 
-      def split(response)
-        response[1..-2].split(/\$,\$/)
+      def fraud_review?(response)
+        (response[:response_code] == FRAUD_REVIEW)
       end
+
+      def truncate(value, max_size)
+        return nil unless value
+        value.to_s[0, max_size]
+      end
+
     end
   end
 end