archetype2142_activemerchant 1.124.0

data/lib/active_merchant/billing/gateways/quantum.rb

@@ -0,0 +1,274 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    # ActiveMerchant Implementation for Quantum Gateway XML Requester Service
+    # Based on API Doc from 8/6/2009
+    #
+    # Important Notes
+    # * Support is included for a customer id via the :customer option, invoice number via :invoice option, invoice description via :merchant option and memo via :description option
+    # * You can force email of receipt with :email_receipt => true
+    # * You can force email of merchant receipt with :merchant_receipt => true
+    # * You can exclude CVV with :ignore_cvv => true
+    # * All transactions use dollar values.
+    class QuantumGateway < Gateway
+      self.live_url = self.test_url = 'https://secure.quantumgateway.com/cgi/xml_requester.php'
+
+      # visa, master, american_express, discover
+      self.supported_cardtypes = %i[visa master american_express discover]
+      self.supported_countries = ['US']
+      self.default_currency = 'USD'
+      self.money_format = :dollars
+      self.homepage_url = 'http://www.quantumgateway.com'
+      self.display_name = 'Quantum Gateway'
+
+      # These are the options that can be used when creating a new Quantum Gateway object.
+      #
+      # :login =>  Your Quantum Gateway Gateway ID
+      #
+      # :password =>  Your Quantum Gateway Vault Key or Restrict Key
+      #
+      # NOTE: For testing supply your test GatewayLogin and GatewayKey
+      #
+      # :email_receipt => true   if you want a receipt sent to the customer (false be default)
+      #
+      # :merchant_receipt  => true if you want to override receiving the merchant receipt
+      #
+      # :ignore_avs => true   ignore both AVS and CVV verification
+      # :ignore_cvv => true   don't want to use CVV so continue processing even if CVV would have failed
+      #
+      def initialize(options = {})
+        requires!(options, :login, :password)
+        super
+      end
+
+      # Request an authorization for an amount from CyberSource
+      #
+      def authorize(money, creditcard, options = {})
+        setup_address_hash(options)
+        commit(build_auth_request(money, creditcard, options), options)
+      end
+
+      # Capture an authorization that has previously been requested
+      def capture(money, authorization, options = {})
+        setup_address_hash(options)
+        commit(build_capture_request(money, authorization, options), options)
+      end
+
+      # Purchase is an auth followed by a capture
+      # You must supply an order_id in the options hash
+      def purchase(money, creditcard, options = {})
+        setup_address_hash(options)
+        commit(build_purchase_request(money, creditcard, options), options)
+      end
+
+      def void(identification, options = {})
+        commit(build_void_request(identification, options), options)
+      end
+
+      def refund(money, identification, options = {})
+        commit(build_credit_request(money, identification, options), options)
+      end
+
+      def credit(money, identification, options = {})
+        ActiveMerchant.deprecated CREDIT_DEPRECATION_MESSAGE
+        refund(money, identification, options)
+      end
+
+      private
+
+      def setup_address_hash(options)
+        options[:billing_address] = options[:billing_address] || options[:address] || {}
+      end
+
+      def build_auth_request(money, creditcard, options)
+        xml = Builder::XmlMarkup.new
+        add_common_credit_card_info(xml, 'AUTH_ONLY')
+        add_purchase_data(xml, money)
+        add_creditcard(xml, creditcard)
+        add_address(xml, creditcard, options[:billing_address], options)
+        add_invoice_details(xml, options)
+        add_customer_details(xml, options)
+        add_memo(xml, options)
+        add_business_rules_data(xml)
+        xml.target!
+      end
+
+      def build_capture_request(money, authorization, options)
+        xml = Builder::XmlMarkup.new
+        add_common_credit_card_info(xml, 'PREVIOUS_SALE')
+        transaction_id, = authorization_parts_from(authorization)
+        add_transaction_id(xml, transaction_id)
+        xml.target!
+      end
+
+      def build_purchase_request(money, creditcard, options)
+        xml = Builder::XmlMarkup.new
+        add_common_credit_card_info(xml, @options[:ignore_avs] || @options[:ignore_cvv] ? 'SALES' : 'AUTH_CAPTURE')
+        add_address(xml, creditcard, options[:billing_address], options)
+        add_purchase_data(xml, money)
+        add_creditcard(xml, creditcard)
+        add_invoice_details(xml, options)
+        add_customer_details(xml, options)
+        add_memo(xml, options)
+        add_business_rules_data(xml)
+        xml.target!
+      end
+
+      def build_void_request(authorization, options)
+        xml = Builder::XmlMarkup.new
+        add_common_credit_card_info(xml, 'VOID')
+        transaction_id, = authorization_parts_from(authorization)
+        add_transaction_id(xml, transaction_id)
+        xml.target!
+      end
+
+      def build_credit_request(money, authorization, options)
+        xml = Builder::XmlMarkup.new
+        add_common_credit_card_info(xml, 'RETURN')
+        add_purchase_data(xml, money)
+        transaction_id, cc = authorization_parts_from(authorization)
+        add_transaction_id(xml, transaction_id)
+        xml.tag! 'CreditCardNumber', cc
+        xml.target!
+      end
+
+      def add_common_credit_card_info(xml, process_type)
+        xml.tag! 'RequestType', 'ProcessSingleTransaction'
+        xml.tag! 'TransactionType', 'CREDIT'
+        xml.tag! 'PaymentType', 'CC'
+        xml.tag! 'ProcessType', process_type
+      end
+
+      def add_business_rules_data(xml)
+        xml.tag!('CustomerEmail', @options[:email_receipt] ? 'Y' : 'N')
+        xml.tag!('MerchantEmail', @options[:merchant_receipt] ? 'Y' : 'N')
+      end
+
+      def add_invoice_details(xml, options)
+        xml.tag! 'InvoiceNumber', options[:invoice]
+        xml.tag! 'InvoiceDescription', options[:merchant]
+      end
+
+      def add_customer_details(xml, options)
+        xml.tag! 'CustomerID', options[:customer]
+      end
+
+      def add_transaction_id(xml, transaction_id)
+        xml.tag! 'TransactionID', transaction_id
+      end
+
+      def add_memo(xml, options)
+        xml.tag! 'Memo', options[:description]
+      end
+
+      def add_purchase_data(xml, money = 0)
+        xml.tag! 'Amount', amount(money)
+        xml.tag! 'TransactionDate', Time.now
+      end
+
+      def add_address(xml, creditcard, address, options, shipTo = false)
+        xml.tag! 'FirstName', creditcard.first_name
+        xml.tag! 'LastName', creditcard.last_name
+        xml.tag! 'Address', address[:address1] # => there is no support for address2 in quantum
+        xml.tag! 'City', address[:city]
+        xml.tag! 'State', address[:state]
+        xml.tag! 'ZipCode', address[:zip]
+        xml.tag! 'Country', address[:country]
+        xml.tag! 'EmailAddress', options[:email]
+        xml.tag! 'IPAddress', options[:ip]
+      end
+
+      def add_creditcard(xml, creditcard)
+        xml.tag! 'PaymentType', 'CC'
+        xml.tag! 'CreditCardNumber', creditcard.number
+        xml.tag! 'ExpireMonth', format(creditcard.month, :two_digits)
+        xml.tag! 'ExpireYear', format(creditcard.year, :four_digits)
+        xml.tag!('CVV2', creditcard.verification_value) unless @options[:ignore_cvv] || creditcard.verification_value.blank?
+      end
+
+      # Where we actually build the full SOAP request using builder
+      def build_request(body, options)
+        xml = Builder::XmlMarkup.new
+        xml.instruct!
+        xml.tag! 'QGWRequest' do
+          xml.tag! 'Authentication' do
+            xml.tag! 'GatewayLogin', @options[:login]
+            xml.tag! 'GatewayKey', @options[:password]
+          end
+          xml.tag! 'Request' do
+            xml << body
+          end
+        end
+        xml.target!
+      end
+
+      # Contact CyberSource, make the SOAP request, and parse the reply into a Response object
+      def commit(request, options)
+        headers = { 'Content-Type' => 'text/xml' }
+        response = parse(ssl_post(self.live_url, build_request(request, options), headers))
+
+        success = response[:request_status] == 'Success'
+        message = response[:request_message]
+
+        if success # => checking for connectivity success first
+          success = %w(APPROVED FORCED VOIDED).include?(response[:Status])
+          message = response[:StatusDescription]
+          authorization = success ? authorization_for(response) : nil
+        end
+
+        Response.new(success, message, response,
+          test: test?,
+          authorization: authorization,
+          avs_result: { code: response[:AVSResponseCode] },
+          cvv_result: response[:CVV2ResponseCode])
+      end
+
+      # Parse the SOAP response
+      # Technique inspired by the Paypal Gateway
+      def parse(xml)
+        reply = {}
+
+        begin
+          xml = REXML::Document.new(xml)
+
+          root = REXML::XPath.first(xml, '//QGWRequest/ResponseSummary')
+          parse_element(reply, root)
+          reply[:request_status] = reply[:Status]
+          reply[:request_message] = "#{reply[:Status]}: #{reply[:StatusDescription]}"
+
+          if root = REXML::XPath.first(xml, '//QGWRequest/Result')
+            root.elements.to_a.each do |node|
+              parse_element(reply, node)
+            end
+          end
+        rescue Exception
+          reply[:request_status] = 'Failure'
+          reply[:request_message] = 'Failure: There was a problem parsing the response XML'
+        end
+
+        return reply
+      end
+
+      def parse_element(reply, node)
+        if node.has_elements?
+          node.elements.each { |e| parse_element(reply, e) }
+        else
+          if /item/.match?(node.parent.name)
+            parent = node.parent.name + (node.parent.attributes['id'] ? '_' + node.parent.attributes['id'] : '')
+            reply[(parent + '_' + node.name).to_sym] = node.text
+          else
+            reply[node.name.to_sym] = node.text
+          end
+        end
+        return reply
+      end
+
+      def authorization_for(reply)
+        "#{reply[:TransactionID]};#{reply[:CreditCardNumber]}"
+      end
+
+      def authorization_parts_from(authorization)
+        authorization.split(/;/)
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/gateways/quickbooks.rb

@@ -0,0 +1,377 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class QuickbooksGateway < Gateway
+      self.test_url = 'https://sandbox.api.intuit.com'
+      self.live_url = 'https://api.intuit.com'
+
+      self.supported_countries = ['US']
+      self.default_currency = 'USD'
+      self.supported_cardtypes = %i[visa master american_express discover diners]
+
+      self.homepage_url = 'http://payments.intuit.com'
+      self.display_name = 'QuickBooks Payments'
+      BASE = '/quickbooks/v4/payments'
+      ENDPOINT = "#{BASE}/charges"
+      VOID_ENDPOINT = "#{BASE}/txn-requests"
+      REFRESH_URI = 'https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer'
+
+      # https://developer.intuit.com/docs/0150_payments/0300_developer_guides/error_handling
+
+      STANDARD_ERROR_CODE_MAPPING = {
+        # Fraud Warnings
+        'PMT-1000' => STANDARD_ERROR_CODE[:processing_error],   # payment was accepted, but refund was unsuccessful
+        'PMT-1001' => STANDARD_ERROR_CODE[:invalid_cvc],        # payment processed, but cvc was invalid
+        'PMT-1002' => STANDARD_ERROR_CODE[:incorrect_address],  # payment processed, incorrect address info
+        'PMT-1003' => STANDARD_ERROR_CODE[:processing_error],   # payment processed, address info couldn't be validated
+
+        # Fraud Errors
+        'PMT-2000' => STANDARD_ERROR_CODE[:incorrect_cvc],      # Incorrect CVC
+        'PMT-2001' => STANDARD_ERROR_CODE[:invalid_cvc],        # CVC check unavaliable
+        'PMT-2002' => STANDARD_ERROR_CODE[:incorrect_address],  # Incorrect address
+        'PMT-2003' => STANDARD_ERROR_CODE[:incorrect_address],  # Address info unavailable
+
+        'PMT-3000' => STANDARD_ERROR_CODE[:processing_error],   # Merchant account could not be validated
+
+        # Invalid Request
+        'PMT-4000' => STANDARD_ERROR_CODE[:processing_error],   # Object is invalid
+        'PMT-4001' => STANDARD_ERROR_CODE[:processing_error],   # Object not found
+        'PMT-4002' => STANDARD_ERROR_CODE[:processing_error],   # Object is required
+
+        # Transaction Declined
+        'PMT-5000' => STANDARD_ERROR_CODE[:card_declined],      # Request was declined
+        'PMT-5001' => STANDARD_ERROR_CODE[:card_declined],      # Merchant does not support given payment method
+
+        # System Error
+        'PMT-6000' => STANDARD_ERROR_CODE[:processing_error], # A temporary Issue prevented this request from being processed.
+      }
+
+      FRAUD_WARNING_CODES = ['PMT-1000', 'PMT-1001', 'PMT-1002', 'PMT-1003']
+
+      def initialize(options = {})
+        # Quickbooks is deprecating OAuth 1.0 on December 17, 2019.
+        # OAuth 2.0 requires a client_id, client_secret, access_token, and refresh_token
+        # To maintain backwards compatibility, check for the presence of a refresh_token (only specified for OAuth 2.0)
+        # When present, validate that all OAuth 2.0 options are present
+        if options[:refresh_token]
+          requires!(options, :client_id, :client_secret, :access_token, :refresh_token)
+        else
+          requires!(options, :consumer_key, :consumer_secret, :access_token, :token_secret, :realm)
+        end
+        @options = options
+        super
+      end
+
+      def purchase(money, payment, options = {})
+        post = {}
+        add_amount(post, money, options)
+        add_charge_data(post, payment, options)
+        post[:capture] = 'true'
+
+        response = commit(ENDPOINT, post)
+        check_token_response(response, ENDPOINT, post, options)
+      end
+
+      def authorize(money, payment, options = {})
+        post = {}
+        add_amount(post, money, options)
+        add_charge_data(post, payment, options)
+        post[:capture] = 'false'
+
+        response = commit(ENDPOINT, post)
+        check_token_response(response, ENDPOINT, post, options)
+      end
+
+      def capture(money, authorization, options = {})
+        post = {}
+        authorization, = split_authorization(authorization)
+        post[:amount] = localized_amount(money, currency(money))
+        add_context(post, options)
+
+        response = commit(capture_uri(authorization), post)
+        check_token_response(response, capture_uri(authorization), post, options)
+      end
+
+      def refund(money, authorization, options = {})
+        post = {}
+        post[:amount] = localized_amount(money, currency(money))
+        add_context(post, options)
+        authorization, = split_authorization(authorization)
+
+        response = commit(refund_uri(authorization), post)
+        check_token_response(response, refund_uri(authorization), post, options)
+      end
+
+      def void(authorization, options = {})
+        _, request_id = split_authorization(authorization)
+
+        response = commit(void_uri(request_id))
+        check_token_response(response, void_uri(request_id), {}, options)
+      end
+
+      def verify(credit_card, options = {})
+        authorize(1.00, credit_card, options)
+      end
+
+      def refresh
+        response = refresh_access_token
+        response_object(response)
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r((realm=\")\w+), '\1[FILTERED]').
+          gsub(%r((oauth_consumer_key=\")\w+), '\1[FILTERED]').
+          gsub(%r((oauth_nonce=\")\w+), '\1[FILTERED]').
+          gsub(%r((oauth_signature=\")[a-zA-Z%0-9]+), '\1[FILTERED]').
+          gsub(%r((oauth_token=\")\w+), '\1[FILTERED]').
+          gsub(%r((number\D+)\d{16}), '\1[FILTERED]').
+          gsub(%r((cvc\D+)\d{3}), '\1[FILTERED]').
+          gsub(%r((Authorization: Basic )\w+), '\1[FILTERED]').
+          gsub(%r((access_token\\?":\\?")[\w\-\.]+)i, '\1[FILTERED]').
+          gsub(%r((refresh_token\\?":\\?")\w+), '\1[FILTERED]').
+          gsub(%r((refresh_token=)\w+), '\1[FILTERED]').
+          gsub(%r((Authorization: Bearer )[\w\-\.]+)i, '\1[FILTERED]\2')
+      end
+
+      private
+
+      def add_charge_data(post, payment, options = {})
+        add_payment(post, payment, options)
+        add_address(post, options)
+      end
+
+      def add_address(post, options)
+        return unless post[:card]&.kind_of?(Hash)
+
+        card_address = {}
+        if address = options[:billing_address] || options[:address]
+          card_address[:streetAddress] = address[:address1]
+          card_address[:city] = address[:city]
+          region = address[:state] || address[:region]
+          card_address[:region] = region if region.present?
+          card_address[:country] = address[:country] if address[:country].present?
+          card_address[:postalCode] = address[:zip] if address[:zip]
+        end
+        post[:card][:address] = card_address
+      end
+
+      def add_amount(post, money, options = {})
+        currency = options[:currency] || currency(money)
+        post[:amount] = localized_amount(money, currency)
+        post[:currency] = currency.upcase
+      end
+
+      def add_payment(post, payment, options = {})
+        add_creditcard(post, payment, options)
+        add_context(post, options)
+      end
+
+      def add_creditcard(post, creditcard, options = {})
+        card = {}
+        card[:number] = creditcard.number
+        card[:expMonth] = '%02d' % creditcard.month
+        card[:expYear] = creditcard.year
+        card[:cvc] = creditcard.verification_value if creditcard.verification_value?
+        card[:name] = creditcard.name if creditcard.name
+        card[:commercialCardCode] = options[:card_code] if options[:card_code]
+
+        post[:card] = card
+      end
+
+      def add_context(post, options = {})
+        post[:context] = {
+          mobile: options.fetch(:mobile, false),
+          isEcommerce: options.fetch(:ecommerce, true)
+        }
+      end
+
+      def parse(body)
+        JSON.parse(body)
+      end
+
+      def commit(uri, body = {}, method = :post)
+        endpoint = gateway_url + uri
+        # The QuickBooks API returns HTTP 4xx on failed transactions, which causes a
+        # ResponseError raise, so we have to inspect the response and discern between
+        # a legitimate HTTP error and an actual gateway transactional error.
+        headers = {}
+        response =
+          begin
+            headers = headers(method, endpoint)
+            method == :post ? ssl_post(endpoint, post_data(body), headers) : ssl_request(:get, endpoint, nil, headers)
+          rescue ResponseError => e
+            extract_response_body_or_raise(e)
+          end
+
+        response_object(response, headers)
+      end
+
+      def response_object(raw_response, headers = {})
+        parsed_response = parse(raw_response)
+
+        # Include access_token and refresh_token in params for OAuth 2.0
+        parsed_response['access_token'] = @options[:access_token] if @options[:refresh_token]
+        parsed_response['refresh_token'] = @options[:refresh_token] if @options[:refresh_token]
+
+        Response.new(
+          success?(parsed_response),
+          message_from(parsed_response),
+          parsed_response,
+          authorization: authorization_from(parsed_response, headers),
+          test: test?,
+          cvv_result: cvv_code_from(parsed_response),
+          error_code: errors_from(parsed_response),
+          fraud_review: fraud_review_status_from(parsed_response)
+        )
+      end
+
+      def gateway_url
+        test? ? test_url : live_url
+      end
+
+      def post_data(data = {})
+        data.to_json
+      end
+
+      def headers(method, uri)
+        return oauth_v2_headers if @options[:refresh_token]
+
+        raise ArgumentError, "Invalid HTTP method: #{method}. Valid methods are :post and :get" unless %i[post get].include?(method)
+
+        request_uri = URI.parse(uri)
+
+        # Following the guidelines from http://nouncer.com/oauth/authentication.html
+        oauth_parameters = {
+          oauth_nonce: generate_unique_id,
+          oauth_timestamp: Time.now.to_i.to_s,
+          oauth_signature_method: 'HMAC-SHA1',
+          oauth_version: '1.0',
+          oauth_consumer_key: @options[:consumer_key],
+          oauth_token: @options[:access_token]
+        }
+
+        # prepare components for signature
+        oauth_signature_base_string = [method.to_s.upcase, request_uri.to_s, oauth_parameters.to_param].map { |v| CGI.escape(v) }.join('&')
+        oauth_signing_key = [@options[:consumer_secret], @options[:token_secret]].map { |v| CGI.escape(v) }.join('&')
+        hmac_signature = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha1'), oauth_signing_key, oauth_signature_base_string)
+
+        # append signature to required OAuth parameters
+        oauth_parameters[:oauth_signature] = CGI.escape(Base64.encode64(hmac_signature).chomp.delete("\n"))
+
+        # prepare Authorization header string
+        oauth_parameters = Hash[oauth_parameters.sort_by { |k, _| k }]
+        oauth_headers = ["OAuth realm=\"#{@options[:realm]}\""]
+        oauth_headers += oauth_parameters.map { |k, v| "#{k}=\"#{v}\"" }
+
+        {
+          'Content-type' => 'application/json',
+          'Request-Id' => generate_unique_id,
+          'Authorization' => oauth_headers.join(', ')
+        }
+      end
+
+      def oauth_v2_headers
+        {
+          'Content-Type'      => 'application/json',
+          'Request-Id'        => generate_unique_id,
+          'Accept'            => 'application/json',
+          'Authorization'     => "Bearer #{@options[:access_token]}"
+        }
+      end
+
+      def check_token_response(response, endpoint, body = {}, options = {})
+        return response unless @options[:refresh_token]
+        return response unless options[:allow_refresh]
+        return response unless response.params['code'] == 'AuthenticationFailed'
+
+        refresh_access_token
+        commit(endpoint, body)
+      end
+
+      def refresh_access_token
+        post = {}
+        post[:grant_type] = 'refresh_token'
+        post[:refresh_token] = @options[:refresh_token]
+        data = post.collect { |key, value| "#{key}=#{CGI.escape(value.to_s)}" }.join('&')
+
+        basic_auth = Base64.strict_encode64("#{@options[:client_id]}:#{@options[:client_secret]}")
+        headers = {
+          'Content-Type'      => 'application/x-www-form-urlencoded',
+          'Accept'            => 'application/json',
+          'Authorization'     => "Basic #{basic_auth}"
+        }
+
+        response = ssl_post(REFRESH_URI, data, headers)
+        json_response = JSON.parse(response)
+
+        @options[:access_token] = json_response['access_token'] if json_response['access_token']
+        @options[:refresh_token] = json_response['refresh_token'] if json_response['refresh_token']
+        response
+      end
+
+      def cvv_code_from(response)
+        if response['errors'].present?
+          FRAUD_WARNING_CODES.include?(response['errors'].first['code']) ? 'I' : ''
+        else
+          success?(response) ? 'M' : ''
+        end
+      end
+
+      def success?(response)
+        return FRAUD_WARNING_CODES.concat(['0']).include?(response['errors'].first['code']) if response['errors']
+
+        !%w[DECLINED CANCELLED].include?(response['status']) && !%w[AuthenticationFailed AuthorizationFailed].include?(response['code'])
+      end
+
+      def message_from(response)
+        response['errors'].present? ? response['errors'].map { |error_hash| error_hash['message'] }.join(' ') : response['status']
+      end
+
+      def errors_from(response)
+        if %w[AuthenticationFailed AuthorizationFailed].include?(response['code'])
+          response['code']
+        else
+          response['errors'].present? ? STANDARD_ERROR_CODE_MAPPING[response['errors'].first['code']] : ''
+        end
+      end
+
+      def authorization_from(response, headers = {})
+        [response['id'], headers['Request-Id']].join('|')
+      end
+
+      def split_authorization(authorization)
+        authorization, request_id = authorization.split('|')
+        [authorization, request_id]
+      end
+
+      def fraud_review_status_from(response)
+        response['errors'] && FRAUD_WARNING_CODES.include?(response['errors'].first['code'])
+      end
+
+      def extract_response_body_or_raise(response_error)
+        begin
+          parse(response_error.response.body)
+        rescue JSON::ParserError
+          raise response_error
+        end
+        response_error.response.body
+      end
+
+      def refund_uri(authorization)
+        "#{ENDPOINT}/#{CGI.escape(authorization.to_s)}/refunds"
+      end
+
+      def capture_uri(authorization)
+        "#{ENDPOINT}/#{CGI.escape(authorization.to_s)}/capture"
+      end
+
+      def void_uri(request_id)
+        "#{VOID_ENDPOINT}/#{CGI.escape(request_id.to_s)}/void"
+      end
+    end
+  end
+end