authorize-net 1.5.2

data/lib/authorize_net/response.rb

@@ -0,0 +1,27 @@
+module AuthorizeNet
+  
+  # The core, API agnostic response class. You shouldn't instantiate this one.
+  # Instead you should use AuthorizeNet::AIM::Response, AuthorizeNet::ARB::Response or AuthorizeNet::SIM::Response.
+  class Response
+    
+    include AuthorizeNet::TypeConversions
+        
+    # Fields to convert to/from booleans.
+    @@boolean_fields = []
+
+    # Fields to convert to/from BigDecimal.
+    @@decimal_fields = []
+    
+    # DO NOT USE. Instantiate AuthorizeNet::AIM::Response or AuthorizeNet::SIM::Response instead.
+    def initialize()
+      raise "#{self.class.to_s} should not be instantiated directly."
+    end
+    
+    # Check to see if the response indicated success.
+    def success?
+      false
+    end
+    
+  end
+  
+end

data/lib/authorize_net/sim/hosted_payment_form.rb

@@ -0,0 +1,38 @@
+module AuthorizeNet::SIM
+  
+  # Models a hosted payment form.
+  class HostedPaymentForm
+    
+    include AuthorizeNet::Model
+    
+    attr_accessor :header_html, :footer_html, :color_background, :color_link, :color_text, :logo_url, :background_url, :rename
+    
+    # Convenience method for adding field rename requests to the transaction. This renames a field shown on
+    # the hosted payment form.
+    def add_rename(field, name)
+      rename = "#{field},#{name}"
+      unless @rename.nil?
+        @rename = @rename.to_a << rename
+      else
+        @rename = [rename]
+      end
+    end
+    
+    def to_hash
+      hash = {
+        :header_html_payment_form => @header_html,
+        :footer_html_payment_form => @footer_html,
+        :color_background => @color_background,
+        :color_link => @color_link,
+        :color_text => @color_text,
+        :logo_url => @logo_url,
+        :background_url => @background_url,
+        :rename => @rename
+      }
+      hash.delete_if {|k, v| v.nil?}
+      hash
+    end
+  
+  end
+  
+end

data/lib/authorize_net/sim/hosted_receipt_page.rb

@@ -0,0 +1,37 @@
+module AuthorizeNet::SIM
+  
+  # Models a hosted receipt page.
+  class HostedReceiptPage
+    
+    # Defines constants for each of the link methods used by the hosted receipt page.
+    module LinkMethod
+      LINK = 'LINK'
+      POST = 'POST'
+      GET = 'GET'
+    end
+    
+    include AuthorizeNet::Model
+    
+    attr_accessor :header_html, :footer_html, :color_background, :color_link, :color_text, :logo_url, :background_url, :link_method, :link_text, :link_url
+    
+    
+    def to_hash
+      hash = {
+        :header_html_receipt => @header_html,
+        :footer_html_receipt => @footer_html,
+        :color_background => @color_background,
+        :color_link => @color_link,
+        :color_text => @color_text,
+        :logo_url => @logo_url,
+        :background_url => @background_url,
+        :receipt_link_method => @link_method,
+        :receipt_link_text => @link_text,
+        :receipt_link_url => @link_url
+      }
+      hash.delete_if {|k, v| v.nil?}
+      hash
+    end
+  
+  end
+  
+end

data/lib/authorize_net/sim/response.rb

@@ -0,0 +1,142 @@
+module AuthorizeNet::SIM
+  
+  # The SIM response class. Handles parsing the response from the gateway. Also
+  # provides a few relay response helpers used to implement Direct Post Method.
+  class Response < AuthorizeNet::KeyValueResponse
+    
+    # Our MD5 digest generator.
+    @@digest = OpenSSL::Digest::Digest.new('md5')
+    
+    include AuthorizeNet::SIM::Fields
+    
+    # Constructs a new response object from a +raw_response+. Provides utility methods
+    # for validating the response as authentic, and for handling the Direct Post Method
+    # relay response.
+    # 
+    # +raw_response+:: The raw response, either a string in POST body or GET query string format, or a hash of key/value pairs.
+    # 
+    # Typical usage:
+    #   response = AuthorizeNet::SIM::Response("x_first_name=John&x_last_name=Doe")
+    def initialize(raw_response)
+      @raw_response = raw_response
+      @custom_fields = {}
+      @fields = {}
+      parse_response(@raw_response)
+    end
+    
+    
+    # Returns True if the MD5 hash found in the response payload validates using
+    # the supplied api_login and secret merchant_value (THIS IS NOT YOUR API KEY).
+    def valid_md5?(api_login, merchant_value)
+      if @fields[:MD5_Hash].nil?
+        return false
+      end
+      @@digest.hexdigest("#{merchant_value}#{api_login}#{@fields[:trans_id]}#{@fields[:amount]}").downcase == @fields[:MD5_Hash].downcase
+    end
+    
+    # Returns an HTML string that can be returned to the gateway during the Relay Response,
+    # and will send the user on to URL you specify. Takes a hash of options, currently the
+    # only option is :include, which can be True to include all fields returned in the response
+    # as query string parameters, or it can be an array of fields to include.
+    def direct_post_reply(url, options = {})
+      url = direct_post_url(url, options[:include]) if options.has_key?(:include)
+      js_url = url.gsub("'", '\'')
+      html_url = url.gsub('&', '&amp;').gsub('"', "\"")
+      html = <<-HTML
+<html><head><script type="text/javascript" charset="utf-8">window.location='#{js_url}';</script><noscript><meta http-equiv="refresh" content="1;url=#{html_url}"></noscript></head><body></body></html>
+HTML
+    end
+    
+    # Returns an URL with the fields found in the response and specified in include_fields attached as
+    # part of the URL's query string. If you pass true instead of an array of fields, all fields will be
+    # attached.
+    def direct_post_url(base_url, include_fields = true)
+      url = base_url
+      if include_fields
+        fields = []
+        case include_fields
+        when TrueClass
+          fields = FIELDS.collect do |k|
+            k_str = k.to_s
+            k_str[2..k_str.length].to_sym
+          end
+        when Array
+          fields = include_fields
+        else
+          fields = include_fields.to_a
+        end
+        parsed_url = URI.parse(url)
+        if parsed_url.query.nil?
+          parsed_url.query = ''
+        elsif parsed_url.query.length != 0
+          parsed_url.query = parsed_url.query.chomp('&') + '&'
+        end
+        parsed_url.query += ((fields.select { |k| @fields.has_key?(k) }).collect { |k| self.to_param(k, @fields[k]) }).join('&')
+        parsed_url.query.chomp('&')
+        url = parsed_url.to_s
+      end
+      url
+    end
+    
+    # Check to see if the response indicated success. Success is defined as a valid MD5 hash
+    # and an response code of AuthorizeNet::Response::ResponseCode::APPROVED.
+    def success?(api_login, merchant_value)
+      valid_md5?(api_login, merchant_value) && approved?
+    end
+    
+    # Returns the transaction's authorization code. This should be shown to the
+    # end user.
+    def authorization_code
+      @fields[:auth_code]
+    end
+    
+    # Returns the transaction's authorization id. You will need this for future void, refund
+    # and prior authorization capture requests.
+    def transaction_id
+      @fields[:trans_id]
+    end
+    
+    # Returns the customer id from the response.
+    def customer_id
+      @fields[:cust_id]
+    end
+    
+    # Returns a response code (from AVSResponseCode) indicating the result of any Address Verification
+    # Service checks. 
+    def avs_response
+      @fields[:avs_code]
+    end
+    
+    #:enddoc:
+    protected
+    
+    # Internal helper to parse the raw response object. It handles both raw POST bodies and
+    # hashes.
+    def parse_response(raw_response)
+      case raw_response
+      when Hash
+        raw_response.each do |k, v|
+          k = k.to_sym
+          if FIELDS.include?(k)
+            @fields[to_internal_field(k)] = v # remove x_ from sym and stick in @fields
+          else
+            @custom_fields[k] = v
+          end
+        end
+      when String
+        # convert to hash and re-parse
+        hash = CGI::parse(raw_response)
+        hash.each do |k, v|
+          if v.kind_of?(Array) && v.length == 1
+            hash[k] = v[0]
+          end
+        end
+        parse_response(hash)
+      else
+        parse_response(@raw_response.to_s)
+      end
+    end
+    
+  end
+
+end

data/lib/authorize_net/sim/transaction.rb

@@ -0,0 +1,138 @@
+module AuthorizeNet::SIM
+
+  # The SIM transaction class. Handles building the transaction payload and
+  # generating a set of hidden form fields to be POSTed to the gateway.
+  class Transaction < AuthorizeNet::KeyValueTransaction
+    
+    RANDOM_SEQUENCE_MAX = (1 << 32) - 1
+    
+    # Our MD5 digest generator.
+    @@digest  = OpenSSL::Digest::Digest.new('md5')
+    
+    # The default options for the constructor.
+    @@option_defaults = {
+      :sequence => nil,
+      :timestamp => nil,
+      :test => false,
+      :hosted_payment_form => false,
+      :relay_response => true,
+      :relay_url => nil,
+      :transaction_type => Type::AUTHORIZE_AND_CAPTURE
+    }
+    
+    # Constructs a SIM transaction. You can use the new SIM transaction object
+    # to build the hidden field payload needed to process a SIM transaction with
+    # the gateway. In particular, this class handles generating the MD5 fingerprint
+    # used to authenticate transactions at the gateway. Since the fingerprint includes
+    # the amount to charge, you should not construct this object until you know EXACTLY
+    # how much you want to charge (or authorize).
+    # 
+    # +api_login_id+:: Your API login ID, as a string.
+    # +api_transaction_key+:: Your API transaction key, as a string.
+    # +amount+:: The amount of the transaction, as a string, Float or BigDecimal.
+    # +options+:: A hash of options. See below for values.
+    # 
+    # Options
+    # +sequence+:: The sequence number of the transaction as a string or Fixnum. This is usually something like an invoice number. If none is provided, the SDK generates one at random.
+    # +timestamp+:: The time the transaction was initiated as a string or Fixnum. This needs to be within 15 minutes of when the gateway receives the transaction. If no value is provided, the SDK defaults it to Time.now().
+    # +test+:: A boolean indicating if the transaction should be run in test mode or not (defaults to false).
+    # +hosted_payment_form+:: A boolean indicating if the transaction should use a hosted payment form (defaults to false).
+    # +relay_response+:: A boolean indicating if the transaction should use the relay response feature to return a receipt to the customer (defaults to true). Direct Post Method requires using a relay response.
+    # +relay_url+:: A string of the URL that the gateway should hit to get the relay response (defaults to nil).
+    # +transaction_type+:: The type of transaction to perform. Defaults to AuthorizeNet::Type::AUTHORIZE_AND_CAPTURE. This value is only used if run is called directly.
+    # 
+    def initialize(api_login_id, api_transaction_key, amount, options = {})
+      super()
+      @api_transaction_key = api_transaction_key
+      @api_login_id = api_login_id
+      @amount = decimal_to_value(amount)
+      options = @@option_defaults.merge(options)
+      @sequence = options[:sequence]
+      @timestamp = options[:timestamp]
+      @test_mode = options[:test]
+      @hosted_payment_form = options[:hosted_payment_form]
+      @relay_url = options[:relay_url]
+      @type = options[:transaction_type]
+      unless @relay_url.nil?
+        @relay_response = true
+      else
+        @relay_response = !!options[:relay_response]
+      end
+      @delim_data = !@relay_response
+    end
+    
+    # Calculates and returns the HMAC-MD5 fingerprint needed to authenticate the transaction
+    # with the SIM gateway.
+    def fingerprint
+      if @timestamp.nil?
+        @timestamp = Time.now.to_i
+      end
+      
+      if @sequence.nil?
+        @sequence = rand(RANDOM_SEQUENCE_MAX)
+      end
+      OpenSSL::HMAC.hexdigest(@@digest, @api_transaction_key, "#{@api_login_id.to_s.rstrip}^#{@sequence.to_s.rstrip}^#{@timestamp.to_s.rstrip}^#{@amount.to_s.rstrip}^")
+    end
+    
+    # Returns all the fields needed for the fingerprint. These must all be passed to the SIM
+    # exactly as returned. And these values are time sensitive.
+    def fingerprint_fields
+      {
+        :login => @api_login_id,
+        :fp_hash => fingerprint,
+        :fp_sequence => @sequence,
+        :fp_timestamp => @timestamp,
+        :amount => @amount
+      }
+    end
+    
+    # Returns all the fields (including custom) exactly as they should be named
+    # in the SIM form. Fields with multiple values are returned with an array
+    # for the key's value.
+    def form_fields
+      form_fields = {}
+      form_fields[:x_test_request] = boolean_to_value(@test_mode)
+      if @hosted_payment_form
+        form_fields[:x_show_form] = 'PAYMENT_FORM'
+      end
+      if @relay_response && !@relay_url.nil?
+        form_fields[:x_relay_url] = @relay_url
+      end
+      fields.merge(:type => @type, :version => @version, :delim_data => boolean_to_value(@delim_data), :relay_response => boolean_to_value(@relay_response)).each do |k, v|
+        form_fields[to_external_field(k)] = v
+      end
+      fingerprint_fields.each do |k, v|
+        form_fields[to_external_field(k)] = v
+      end
+      form_fields.merge(custom_fields)
+    end
+    
+    
+    # Takes an instance of AuthorizeNet::SIM::HostedPaymentForm and adds it to the transaction. Note that
+    # many of the fields in AuthorizeNet::SIM::HostedPaymentForm are shared with those in
+    # AuthorizeNet::SIM::HostedReceiptPage. For the duplicate fields, which ever value
+    # is added to the transaction last will be the one used.
+    def set_hosted_payment_form(form)
+      @fields.merge!(form.to_hash)
+      @hosted_payment_form = true
+    end
+    
+    # Takes an instance of AuthorizeNet::SIM::HostedReceiptPage and adds it to the transaction. Note that
+    # many of the fields in AuthorizeNet::SIM::HostedReceiptPage are shared with those in
+    # AuthorizeNet::SIM::HostedPaymentForm. For the duplicate fields, which ever value
+    # is added to the transaction last will be the one used. If you set a hosted payment receipt,
+    # the relay response will be disabled.
+    def set_hosted_payment_receipt(form)
+      @fields.merge!(form.to_hash)
+      @relay_response = false
+      @delim_data = true
+    end
+    
+    # An alias for form_fields.
+    def run
+      form_fields
+    end
+  
+  end
+
+end

data/lib/authorize_net/transaction.rb

@@ -0,0 +1,66 @@
+module AuthorizeNet
+  
+  # The core, API agnostic transaction class. You shouldn't instantiate this one.
+  # Instead you should use AuthorizeNet::AIM::Transaction, AuthorizeNet::SIM::Transaction or AuthorizeNet::ARB::Transaction.
+  class Transaction
+    
+    include AuthorizeNet::TypeConversions
+    
+    # Fields to convert to/from booleans.
+    @@boolean_fields = []
+    
+    # Fields to convert to/from BigDecimal.
+    @@decimal_fields = []
+    
+    # DO NOT USE. Instantiate AuthorizeNet::AIM::Transaction, AuthorizeNet::SIM::Transaction or AuthorizeNet::ARB::Transaction instead.
+    def initialize()
+      @fields ||= {}
+    end
+    
+    # Sets arbitrary API fields, overwriting existing values if they exist. Takes a hash of key/value pairs, 
+    # where the keys are the field names without the "x_" prefix. You can set a field to Nil to unset it. If
+    # the value is an array, each value in the array will be added. For example, set_fields({:line_item => 
+    # ["item1<|>golf balls<|><|>2<|>18.95<|>Y", "item2<|>golf bag<|>Wilson golf carry bag, red<|>1<|>39.99<|>"]})
+    # would generate two x_line_item fields in the transaction. One for each value in the array.
+    def set_fields(fields = {})
+      @fields.merge!(fields)
+      @fields.reject! {|k, v| v.nil?}
+      @fields
+    end
+    
+    # Returns the current hash of API fields.
+    def fields
+      @fields
+    end
+        
+    # Takes an instance of AuthorizeNet::Address and adds it to the transaction.
+    def set_address(address)
+      @fields.merge!(address.to_hash)
+    end
+    
+    # Takes an instance of AuthorizeNet::ShippingAddress and adds it to the transaction.
+    def set_shipping_address(address)
+      @fields.merge!(address.to_hash)
+    end
+    
+    # Takes an instance of AuthorizeNet::Customer and adds it to the transaction.
+    def set_customer(customer)
+      @fields.merge!(customer.to_hash)
+    end
+    
+    #:enddoc:
+    protected
+    
+    # Internal method to handle multiple types of payment arguments.
+    def handle_payment_argument(payment)
+      case payment
+      when AuthorizeNet::CreditCard, AuthorizeNet::ECheck
+        set_fields(payment.to_hash)
+      else
+        set_fields(:card_num => payment)
+      end
+    end
+    
+  end
+  
+end