better_offsite_payments 2.3.0

data/lib/offsite_payments/integrations/citrus.rb

@@ -0,0 +1,227 @@
+module OffsitePayments
+  module Integrations
+    module Citrus
+      def self.helper(order, account, options = {})
+        Helper.new(order, account, options)
+      end
+
+      def self.notification(post, options = {})
+        Notification.new(post, options)
+      end
+
+      def self.return(query_string, options = {})
+        Return.new(query_string, options)
+      end
+
+      def self.checksum(secret_key, payload_items )
+        digest = OpenSSL::Digest.new('sha1')
+        OpenSSL::HMAC.hexdigest(digest, secret_key, payload_items)
+      end
+
+      class Helper < OffsitePayments::Helper
+        mapping :order, 'merchantTxnId'
+        mapping :amount, 'orderAmount'
+        mapping :account, 'merchantAccessKey'
+        mapping :credential2, 'secret_key'
+        mapping :credential3, 'pmt_url'
+        mapping :currency, 'currency'
+
+        mapping :customer, :first_name => 'firstName',:last_name => 'lastName', :email => 'email', :phone => 'mobileNo'
+
+        mapping :billing_address, :city => 'addressCity', :address1 => 'addressStreet1', :address2 => 'addressStreet2',:state => 'addressState',:zip => 'addressZip', :country => 'addressCountry'
+
+        mapping :checksum, 'secSignature'
+        mapping :return_url, 'returnUrl'
+
+        SANDBOX_URL = 'https://sandbox.citruspay.com/'.freeze
+        STAGING_URL = 'https://stg.citruspay.com/'.freeze
+        PRODUCTION_URL = 'https://www.citruspay.com/'.freeze
+
+        def credential_based_url
+          pmt_url = @fields['pmt_url']
+          case OffsitePayments.mode
+          when :production
+            PRODUCTION_URL + pmt_url
+          when :test
+            SANDBOX_URL    + pmt_url
+          when :staging
+            STAGING_URL    + pmt_url
+          else
+            raise StandardError, "Integration mode set to an invalid value: #{mode}"
+          end
+        end
+
+        def initialize(order, account, options = {})
+          super
+          add_field 'paymentMode', 'NET_BANKING'
+          add_field 'reqtime', (Time.now.to_i * 1000).to_s
+        end
+
+        def form_fields
+          @fields.merge(mappings[:checksum] => generate_checksum)
+        end
+
+        def generate_checksum
+          checksum_fields = @fields["pmt_url"] + @fields["orderAmount"].to_s + @fields["merchantTxnId"] + @fields["currency"]
+          Citrus.checksum(@fields["secret_key"],  checksum_fields )
+        end
+      end
+
+      class Notification < OffsitePayments::Notification
+        def initialize(post, options = {})
+          super(post, options)
+          @secret_key = options[:credential2]
+        end
+
+        def complete?
+          status == "Completed" || status == 'Canceled'
+        end
+
+        def status
+          @status ||= if checksum_ok?
+            if transaction_id.blank?
+              'Invalid'
+            else
+              case transaction_status.downcase
+              when 'success' then 'Completed'
+              when 'canceled' then 'Failed'
+              end
+            end
+          else
+            'Tampered'
+          end
+        end
+
+        def invoice_ok?( order_id )
+          order_id.to_s == invoice.to_s
+        end
+
+        def amount_ok?( order_amount )
+          BigDecimal.new( amount ) == order_amount
+        end
+
+        def item_id
+          params['TxId']
+        end
+
+        def invoice
+          item_id
+        end
+
+        # Status of transaction return from the Citrus. List of possible values:
+        # <tt>SUCCESS</tt>::
+        # <tt>CANCELED</tt>::
+        def transaction_status
+          params['TxStatus']
+        end
+
+        def gross
+          params['amount']
+        end
+
+        def amount
+          gross
+        end
+
+        def transaction_id
+          params['pgTxnNo']
+        end
+
+        def issuerrefno
+          params['issuerRefNo']
+        end
+
+        def authidcode
+          params['authIdCode']
+        end
+
+        def pgrespcode
+          params['pgRespCode']
+        end
+
+        def checksum
+          params['signature']
+        end
+
+        def paymentmode
+          params['paymentMode']
+        end
+
+        def currency
+          params['currency']
+        end
+
+        def customer_email
+          params['email']
+        end
+
+        def customer_phone
+          params['mobileNo']
+        end
+
+        def customer_first_name
+          params['firstName']
+        end
+
+        def customer_last_name
+          params['lastName']
+        end
+
+        def customer_address
+          { :address1 => params['addressStreet1'], :address2 => params['addressStreet2'],
+            :city => params['addressCity'], :state => params['addressState'],
+            :country => params['addressCountry'], :zip => params['addressZip'] }
+        end
+
+        def message
+          @message || params['TxMsg']
+        end
+
+        def acknowledge(authcode = nil)
+          checksum_ok?
+        end
+
+        def checksum_ok?
+          fields = [invoice, transaction_status, amount.to_s, transaction_id, issuerrefno, authidcode, customer_first_name, customer_last_name, pgrespcode, customer_address[:zip]].join
+
+          unless Citrus.checksum(@secret_key, fields ) == checksum
+            @message = 'checksum mismatch...'
+            return false
+          end
+          true
+        end
+      end
+
+      class Return < OffsitePayments::Return
+        def initialize(query_string, options = {})
+          super
+          @notification = Notification.new(query_string, options)
+        end
+
+        def transaction_id
+          @notification.transaction_id
+        end
+
+        def status( order_id, order_amount )
+          if @notification.invoice_ok?( order_id ) && @notification.amount_ok?( BigDecimal.new(order_amount) )
+            @notification.status
+          else
+            'Mismatch'
+          end
+        end
+
+        def success?
+          status( @params['TxId'], @params['amount'] ) == 'Completed'
+        end
+
+        def message
+          @notification.message
+        end
+
+        def cancelled?
+          @notification.status == 'Failed'
+        end
+      end
+    end
+  end
+end

data/lib/offsite_payments/integrations/coinbase.rb

@@ -0,0 +1,172 @@
+module OffsitePayments #:nodoc:
+  module Integrations #:nodoc:
+    module Coinbase
+      mattr_accessor :service_url
+      self.service_url = 'https://www.coinbase.com/checkouts/redirect'
+
+      mattr_accessor :buttoncreate_url
+      self.buttoncreate_url = 'https://api.coinbase.com/v1/buttons'
+
+      mattr_accessor :notification_confirmation_url
+      self.notification_confirmation_url = 'https://api.coinbase.com/v1/orders/%s'
+
+      # options should be { credential1: "your API key", credential2: "your API secret" }
+      def self.notification(post, options = {})
+        Notification.new(post, options)
+      end
+
+      def self.return(query_string, options = {})
+        Return.new(query_string, options)
+      end
+
+      class Helper < OffsitePayments::Helper
+        # account should be a Coinbase API key; see https://coinbase.com/account/integrations
+        # options[:credential2] should be the corresponding API secret
+        def initialize(order_id, account, options)
+          super
+
+          @order = order_id
+          @account = account
+          @options = options
+          @options[:credential1] ||= ''
+          @options[:credential2] ||= ''
+        end
+
+        mapping :notify_url, 'notify_url'
+        mapping :return_url, 'return_url'
+        mapping :cancel_return_url, 'cancel_return_url'
+
+        def form_fields
+          uri = URI.parse(Coinbase.buttoncreate_url)
+
+          request_body = {
+            'button[auto_redirect]' => true,
+            'button[name]' => @options[:description] || "Your Order",
+            'button[price_string]' => @options[:amount],
+            'button[price_currency_iso]' => @options[:currency],
+            'button[custom]' => @order,
+            'button[callback_url]' => @fields['notify_url'],
+            'button[success_url]' => @fields['return_url'],
+            'button[cancel_url]' => @fields['cancel_return_url'],
+            'api_key' => @account
+          }.to_query
+
+          data = Coinbase.do_request(uri, @account, @options[:credential2], request_body)
+          json = JSON.parse(data)
+
+          raise ActionViewHelperError, "Error occured while contacting gateway : #{json['error']}" if json['error']
+
+          {'id' => json['button']['code']}
+        rescue JSON::ParserError
+          raise ActionViewHelperError, 'Invalid response from gateway. Please try again.'
+        end
+      end
+
+      class Notification < OffsitePayments::Notification
+
+        def complete?
+          status == "Completed"
+        end
+
+        def item_id
+          params['custom']
+        end
+
+        def transaction_id
+          params['id']
+        end
+
+        def received_at
+          Time.iso8601(params['created_at']).to_time.to_i
+        end
+
+        def gross
+          if params['total_original'].present?
+            "%.2f" % (params['total_original']['cents'].to_f / 100)
+          else
+            "%.2f" % (params['total_native']['cents'].to_f / 100)
+          end
+        end
+
+        def currency
+          params['total_native']['currency_iso']
+        end
+
+        def status
+          case params['status']
+          when "completed"
+            "Completed"
+          else
+            "Failed"
+          end
+        end
+
+        # Acknowledge the transaction to Coinbase. This method has to be called after a new
+        # apc arrives. Coinbase will verify that all the information we received are correct
+        # and will return a ok or a fail.
+        def acknowledge(authcode = {})
+          uri = URI.parse(Coinbase.notification_confirmation_url % transaction_id)
+
+          response = Coinbase.do_request(uri, @options[:credential1], @options[:credential2])
+          return false if response.nil?
+
+          posted_order = @params
+          parse(response)
+
+          return false unless @params
+          %w(id custom total_native status).all? { |param| posted_order[param] == @params[param] }
+        end
+
+        private
+
+        def parse(post)
+          @raw = post.to_s
+          @params = JSON.parse(post)['order']
+        rescue JSON::ParserError
+          @params = {}
+        end
+      end
+
+      class Return < OffsitePayments::Return
+        def initialize(query_string, options = {})
+          super
+          @notification = Notification.new(@params.to_json, options)
+        end
+
+        def parse(query_string)
+          parsed_hash = Rack::Utils.parse_nested_query(query_string)
+
+          if native_cents = parsed_hash['order'] && parsed_hash['order']['total_native'] && parsed_hash['order']['total_native']['cents']
+            parsed_hash['order']['total_native']['cents'] = native_cents.to_i
+          end
+
+          parsed_hash
+        end
+      end
+
+      protected
+
+      def self.do_request(uri, api_key, api_secret, post_body = nil)
+        nonce = (Time.now.to_f * 1e6).to_i
+        hmac_message = nonce.to_s + uri.to_s
+
+        if post_body
+          request = Net::HTTP::Post.new(uri.request_uri)
+          request.body = post_body
+          hmac_message = hmac_message + request.body
+        else
+          request = Net::HTTP::Get.new(uri.path)
+        end
+
+        http = Net::HTTP.new(uri.host, uri.port)
+        http.use_ssl = true
+
+        request['ACCESS_KEY'] = api_key
+        request['ACCESS_SIGNATURE'] = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), api_secret, hmac_message)
+        request['ACCESS_NONCE'] = nonce.to_s
+
+        http.request(request).body
+      end
+    end
+  end
+end

data/lib/offsite_payments/integrations/direc_pay.rb

@@ -0,0 +1,332 @@
+module OffsitePayments #:nodoc:
+  module Integrations #:nodoc:
+    module DirecPay
+      mattr_accessor :production_url, :test_url
+
+      self.production_url = "https://www.timesofmoney.com/direcpay/secure/dpMerchantTransaction.jsp"
+      self.test_url       = "https://test.direcpay.com/direcpay/secure/dpMerchantTransaction.jsp"
+
+      def self.service_url
+        mode = OffsitePayments.mode
+        case mode
+        when :production
+          self.production_url
+        when :test
+          self.test_url
+        else
+          raise StandardError, "Integration mode set to an invalid value: #{mode}"
+        end
+      end
+
+      def self.notification(post, options = {})
+        Notification.new(post)
+      end
+
+      def self.return(query_string, options = {})
+        Return.new(query_string, options)
+      end
+
+      def self.request_status_update(mid, transaction_id, notification_url)
+        Status.new(mid).update(transaction_id, notification_url)
+      end
+
+      class Helper < OffsitePayments::Helper
+        mapping :account,  'MID'
+        mapping :order,    'Merchant Order No'
+        mapping :amount,   'Amount'
+        mapping :currency, 'Currency'
+        mapping :country,  'Country'
+
+        mapping :billing_address,  :city     => 'custCity',
+                                   :address1 => 'custAddress',
+                                   :state    => 'custState',
+                                   :zip      => 'custPinCode',
+                                   :country  => 'custCountry',
+                                   :phone    => 'custMobileNo'
+
+        mapping :shipping_address, :name     => 'deliveryName',
+                                   :city     => 'deliveryCity',
+                                   :address1 => 'deliveryAddress',
+                                   :state    => 'deliveryState',
+                                   :zip      => 'deliveryPinCode',
+                                   :country  => 'deliveryCountry',
+                                   :phone    => 'deliveryMobileNo'
+
+        mapping :customer, :name  => 'custName',
+                           :email => 'custEmailId'
+
+        mapping :description, 'otherNotes'
+        mapping :edit_allowed, 'editAllowed'
+
+        mapping :return_url, 'Success URL'
+        mapping :failure_url, 'Failure URL'
+
+        mapping :operating_mode, 'Operating Mode'
+        mapping :other_details, 'Other Details'
+        mapping :collaborator, 'Collaborator'
+
+        OPERATING_MODE = 'DOM'
+        COUNTRY        = 'IND'
+        CURRENCY       = 'INR'
+        OTHER_DETAILS  = 'NULL'
+        EDIT_ALLOWED   = 'Y'
+
+        PHONE_CODES = {
+          'IN' => '91',
+          'US' => '01',
+          'CA' => '01'
+        }
+
+        ENCODED_PARAMS = [ :account, :operating_mode, :country, :currency, :amount, :order, :other_details, :return_url, :failure_url, :collaborator ]
+
+        def initialize(order, account, options = {})
+          super
+          collaborator = OffsitePayments.mode == :test || options[:test] ? 'TOML' : 'DirecPay'
+          add_field(mappings[:collaborator], collaborator)
+          add_field(mappings[:country], 'IND')
+          add_field(mappings[:operating_mode], OPERATING_MODE)
+          add_field(mappings[:other_details], OTHER_DETAILS)
+          add_field(mappings[:edit_allowed], EDIT_ALLOWED)
+        end
+
+
+        def customer(params = {})
+          add_field(mappings[:customer][:name], full_name(params))
+          add_field(mappings[:customer][:email], params[:email])
+        end
+
+        # Need to format the amount to have 2 decimal places
+        def amount=(money)
+          cents = money.respond_to?(:cents) ? money.cents : money
+          raise ArgumentError, "amount must be a Money object or an integer" if money.is_a?(String)
+          raise ActionViewHelperError, "amount must be greater than $0.00" if cents.to_i <= 0
+
+          add_field(mappings[:amount], sprintf("%.2f", cents.to_f/100))
+        end
+
+        def shipping_address(params = {})
+          super(update_address(:shipping_address, params))
+        end
+
+        def billing_address(params = {})
+          super(update_address(:billing_address, params))
+        end
+
+        def form_fields
+          add_failure_url
+          add_request_parameters
+
+          unencoded_parameters
+        end
+
+        private
+
+        def add_request_parameters
+          params = ENCODED_PARAMS.map{ |param| fields[mappings[param]] }
+          encoded = encode_value(params.join('|'))
+
+          add_field('requestparameter', encoded)
+        end
+
+        def unencoded_parameters
+          params = fields.dup
+          # remove all encoded params from exported fields
+          ENCODED_PARAMS.each{ |param| params.delete(mappings[param]) }
+          # remove all special characters from each field value
+          params = params.collect{|name, value| [name, remove_special_characters(value)] }
+          Hash[params]
+        end
+
+        def add_failure_url
+          if fields[mappings[:failure_url]].nil?
+            add_field(mappings[:failure_url], fields[mappings[:return_url]])
+          end
+        end
+
+        def update_address(address_type, params)
+          params = params.dup
+          address = params[:address1]
+          address = "#{address} #{params[:address2]}" if params[:address2].present?
+          address = "#{params[:company]} #{address}" if params[:company].present?
+          params[:address1] = address
+
+          params[:phone] = normalize_phone_number(params[:phone])
+          add_land_line_phone_for(address_type, params)
+
+          if address_type == :shipping_address
+            shipping_name = full_name(params) || fields[mappings[:customer][:name]]
+            add_field(mappings[:shipping_address][:name], shipping_name)
+          end
+          params
+        end
+
+        # Split a single phone number into the country code, area code and local number as best as possible
+        def add_land_line_phone_for(address_type, params)
+          address_field = address_type == :billing_address ? 'custPhoneNo' : 'deliveryPhNo'
+
+          if params.has_key?(:phone2)
+            phone = normalize_phone_number(params[:phone2])
+            phone_country_code, phone_area_code, phone_number = nil
+
+            if params[:country] == 'IN' && phone =~ /(91)? *(\d{3}) *(\d{4,})$/
+              phone_country_code, phone_area_code, phone_number = $1, $2, $3
+            else
+              numbers = phone.split(' ')
+              case numbers.size
+              when 3
+                phone_country_code, phone_area_code, phone_number = numbers
+              when 2
+                phone_area_code, phone_number = numbers
+              else
+                phone =~ /(\d{3})(\d+)$/
+                phone_area_code, phone_number = $1, $2
+              end
+            end
+
+            add_field("#{address_field}1", phone_country_code || phone_code_for_country(params[:country]) || '91')
+            add_field("#{address_field}2", phone_area_code)
+            add_field("#{address_field}3", phone_number)
+          end
+        end
+
+        def normalize_phone_number(phone)
+          phone.gsub(/[^\d ]+/, '') if phone
+        end
+
+        # Special characters are NOT allowed while posting transaction parameters on DirecPay system
+        def remove_special_characters(string)
+          string.gsub(/[~"'&#%]/, '-')
+        end
+
+        def encode_value(value)
+          encoded = Base64.strict_encode64(value)
+          string_to_encode = encoded[0, 1] + "T" + encoded[1, encoded.length]
+          Base64.strict_encode64(string_to_encode)
+        end
+
+        def decode_value(value)
+          decoded = Base64.decode64(value)
+          string_to_decode = decoded[0, 1] + decoded[2, decoded.length]
+          Base64.decode64(string_to_decode)
+        end
+
+        def phone_code_for_country(country)
+          PHONE_CODES[country]
+        end
+
+        def full_name(params)
+          return if params[:name].blank? && params[:first_name].blank? && params[:last_name].blank?
+
+          params[:name] || "#{params[:first_name]} #{params[:last_name]}"
+        end
+      end
+
+      class Notification < OffsitePayments::Notification
+        RESPONSE_PARAMS = ['DirecPay Reference ID', 'Flag', 'Country', 'Currency', 'Other Details', 'Merchant Order No', 'Amount']
+
+        def acknowledge(authcode = nil)
+          true
+        end
+
+        def complete?
+          status == 'Completed' || status == 'Pending'
+        end
+
+        def status
+          case params['Flag']
+          when 'SUCCESS'
+            'Completed'
+          when 'PENDING'
+            'Pending'
+          when 'FAIL'
+            'Failed'
+          else
+            'Error'
+          end
+        end
+
+        def item_id
+          params['Merchant Order No']
+        end
+
+        def transaction_id
+          params['DirecPay Reference ID']
+        end
+
+        # the money amount we received in X.2 decimal
+        def gross
+          params['Amount']
+        end
+
+        def currency
+          params['Currency']
+        end
+
+        def country
+          params['Country']
+        end
+
+        def other_details
+          params['Other Details']
+        end
+
+        def test?
+          false
+        end
+
+        # Take the posted data and move the relevant data into a hash
+        def parse(post)
+          super
+
+          values = params['responseparams'].to_s.split('|')
+          response_params = values.size == 3 ? ['DirecPay Reference ID', 'Flag', 'Error message'] : RESPONSE_PARAMS
+          response_params.each_with_index do |name, index|
+            params[name] = values[index]
+          end
+          params
+        end
+      end
+
+      class Return < OffsitePayments::Return
+        def initialize(post_data, options = {})
+          @notification = Notification.new(post_data, options)
+        end
+
+        def success?
+          notification.complete?
+        end
+
+        def message
+          notification.status
+        end
+      end
+
+      class Status
+        include ActiveUtils::PostsData
+
+        STATUS_TEST_URL = 'https://test.direcpay.com/direcpay/secure/dpMerchantTransaction.jsp'
+        STATUS_LIVE_URL = 'https://www.timesofmoney.com/direcpay/secure/dpPullMerchAtrnDtls.jsp'
+
+        attr_reader :account, :options
+
+        def initialize(account, options = {})
+          @account, @options = account, options
+        end
+
+        # Use this method to manually request a status update to the provided notification_url
+        def update(authorization, notification_url)
+          url = test? ? STATUS_TEST_URL : STATUS_LIVE_URL
+          parameters = [ authorization, account, notification_url ]
+          data = ActiveUtils::PostData.new
+          data[:requestparams] = parameters.join('|')
+
+          response = ssl_get("#{url}?#{data.to_post_data}")
+        end
+
+        def test?
+          OffsitePayments.mode == :test || options[:test]
+        end
+      end
+    end
+  end
+end