n8_activemerchant 1.9.3

data/lib/active_merchant/billing/integrations/paypal/notification.rb

@@ -0,0 +1,154 @@
+require 'net/http'
+
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    module Integrations #:nodoc:
+      module Paypal
+        # Parser and handler for incoming Instant payment notifications from paypal. 
+        # The Example shows a typical handler in a rails application. Note that this
+        # is an example, please read the Paypal API documentation for all the details
+        # on creating a safe payment controller.
+        #
+        # Example
+        #  
+        #   class BackendController < ApplicationController
+        #     include ActiveMerchant::Billing::Integrations
+        #
+        #     def paypal_ipn
+        #       notify = Paypal::Notification.new(request.raw_post)
+        #   
+        #       order = Order.find(notify.item_id)
+        #     
+        #       if notify.acknowledge 
+        #         begin
+        #           
+        #           if notify.complete? and order.total == notify.amount
+        #             order.status = 'success' 
+        #             
+        #             shop.ship(order)
+        #           else
+        #             logger.error("Failed to verify Paypal's notification, please investigate")
+        #           end
+        #   
+        #         rescue => e
+        #           order.status        = 'failed'      
+        #           raise
+        #         ensure
+        #           order.save
+        #         end
+        #       end
+        #   
+        #       render :nothing
+        #     end
+        #   end
+        class Notification < ActiveMerchant::Billing::Integrations::Notification
+          include PostsData
+          
+          # Was the transaction complete?
+          def complete?
+            status == "Completed"
+          end
+
+          # When was this payment received by the client. 
+          # sometimes it can happen that we get the notification much later. 
+          # One possible scenario is that our web application was down. In this case paypal tries several 
+          # times an hour to inform us about the notification
+          def received_at
+            Time.parse params['payment_date']
+          end
+
+          # Status of transaction. List of possible values:
+          # <tt>Canceled-Reversal</tt>::
+          # <tt>Completed</tt>::
+          # <tt>Denied</tt>::
+          # <tt>Expired</tt>::
+          # <tt>Failed</tt>::
+          # <tt>In-Progress</tt>::
+          # <tt>Partially-Refunded</tt>::
+          # <tt>Pending</tt>::
+          # <tt>Processed</tt>::
+          # <tt>Refunded</tt>::
+          # <tt>Reversed</tt>::
+          # <tt>Voided</tt>::
+          def status
+            params['payment_status']
+          end
+
+          # Id of this transaction (paypal number)
+          def transaction_id
+            params['txn_id']
+          end
+
+          # What type of transaction are we dealing with? 
+          #  "cart" "send_money" "web_accept" are possible here. 
+          def type
+            params['txn_type']
+          end
+
+          # the money amount we received in X.2 decimal.
+          def gross
+            params['mc_gross']
+          end
+
+          # the markup paypal charges for the transaction
+          def fee
+            params['mc_fee']
+          end
+
+          # What currency have we been dealing with
+          def currency
+            params['mc_currency']
+          end
+
+          # This is the item number which we submitted to paypal 
+          # The custom field is also mapped to item_id because PayPal
+          # doesn't return item_number in dispute notifications
+          def item_id
+            params['item_number'] || params['custom']
+          end
+
+          # This is the invoice which you passed to paypal 
+          def invoice
+            params['invoice']
+          end   
+
+          # Was this a test transaction?
+          def test?
+            params['test_ipn'] == '1'
+          end
+          
+          def account
+            params['business'] || params['receiver_email']
+          end
+
+          # Acknowledge the transaction to paypal. This method has to be called after a new 
+          # ipn arrives. Paypal will verify that all the information we received are correct and will return a 
+          # ok or a fail. 
+          # 
+          # Example:
+          # 
+          #   def paypal_ipn
+          #     notify = PaypalNotification.new(request.raw_post)
+          #
+          #     if notify.acknowledge 
+          #       ... process order ... if notify.complete?
+          #     else
+          #       ... log possible hacking attempt ...
+          #     end
+          def acknowledge
+            payload =  raw
+
+            response = ssl_post(Paypal.service_url + '?cmd=_notify-validate', payload, 
+              'Content-Length' => "#{payload.size}",
+              'User-Agent'     => "Active Merchant -- http://activemerchant.org"
+            )
+            
+            raise StandardError.new("Faulty paypal result: #{response}") unless ["VERIFIED", "INVALID"].include?(response)
+
+            response == "VERIFIED"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/integrations/paypal/return.rb

@@ -0,0 +1,10 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    module Integrations #:nodoc:
+      module Paypal
+        class Return < ActiveMerchant::Billing::Integrations::Return
+	      end
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/integrations/quickpay.rb

@@ -0,0 +1,17 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    module Integrations #:nodoc:
+      module Quickpay 
+        autoload :Helper, File.dirname(__FILE__) + '/quickpay/helper.rb'
+        autoload :Notification, File.dirname(__FILE__) + '/quickpay/notification.rb'
+       
+        mattr_accessor :service_url
+        self.service_url = 'https://secure.quickpay.dk/form/'
+
+        def self.notification(post)
+          Notification.new(post)
+        end  
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/integrations/quickpay/helper.rb

@@ -0,0 +1,72 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    module Integrations #:nodoc:
+      module Quickpay
+        class Helper < ActiveMerchant::Billing::Integrations::Helper
+
+          def initialize(order, account, options = {})
+            super
+            add_field('protocol', '3')
+            add_field('msgtype', 'authorize')
+            add_field('language', 'da')
+            add_field('autocapture', 0)
+            add_field('testmode', 0)
+            add_field('ordernumber', format_order_number(order))
+          end
+              
+          def md5secret(value)
+            @md5secret = value
+          end
+          
+          def form_fields
+            @fields.merge('md5check' => generate_md5check)
+          end
+            
+          def generate_md5string
+            MD5_CHECK_FIELDS.map {|key| @fields[key.to_s]} * "" + @md5secret
+          end
+          
+          def generate_md5check
+            Digest::MD5.hexdigest(generate_md5string)
+          end
+
+          # Limited to 20 digits max
+          def format_order_number(number)
+            number.to_s.gsub(/[^\w_]/, '').rjust(4, "0")[0...20]
+          end
+          
+          MD5_CHECK_FIELDS = [
+            :protocol, :msgtype, :merchant, :language, :ordernumber, 
+            :amount, :currency, :continueurl, :cancelurl, :callbackurl,
+            :autocapture, :cardtypelock, :description, :ipaddress, :testmode
+          ]
+
+          mapping :protocol, 'protocol'
+          mapping :msgtype, 'msgtype'
+          mapping :account, 'merchant'
+          mapping :language, 'language'
+          mapping :amount, 'amount'
+          mapping :currency, 'currency'
+          
+          mapping :return_url, 'continueurl'
+          mapping :cancel_return_url, 'cancelurl'
+          mapping :notify_url, 'callbackurl'
+
+          mapping :autocapture, 'autocapture'
+          mapping :cardtypelock, 'cardtypelock'
+
+          mapping :description, 'description'
+          mapping :ipaddress, 'ipaddress'
+          mapping :testmode, 'testmode'
+
+          mapping :md5secret, 'md5secret'
+
+          mapping :customer, ''
+          mapping :billing_address, {}
+          mapping :tax, ''
+          mapping :shipping, ''
+        end
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/integrations/quickpay/notification.rb

@@ -0,0 +1,74 @@
+require 'net/http'
+
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    module Integrations #:nodoc:
+      module Quickpay
+        class Notification < ActiveMerchant::Billing::Integrations::Notification
+          def complete?
+            status == '000'
+          end 
+
+          def item_id
+            params['ordernumber']
+          end
+
+          def transaction_id
+            params['transaction']
+          end
+
+          def received_at
+            Time.parse("20#{params['time']}")
+          end
+
+          def gross
+            "%.2f" % (gross_cents / 100.0)
+          end
+
+          def gross_cents
+            params['amount'].to_i
+          end
+
+          def test?
+            params['testmode'] == 'Yes'
+          end
+
+          def status
+            params['qpstat']
+          end
+
+          def currency
+            params['currency']
+          end
+          
+          # Provide access to raw fields from quickpay
+          %w(msgtype ordernumber state chstat chstatmsg qpstat qpstatmsg merchant merchantemail cardtype cardnumber).each do |attr|
+            define_method(attr) do
+              params[attr]
+            end
+          end
+
+          MD5_CHECK_FIELDS = [
+            :msgtype, :ordernumber, :amount, :currency, :time, :state,
+            :chstat, :chstatmsg, :qpstat, :qpstatmsg, :merchant, :merchantemail,
+            :transaction, :cardtype, :cardnumber, :testmode
+          ]
+
+          def generate_md5string
+            MD5_CHECK_FIELDS.map { |key| params[key.to_s] } * "" + @options[:md5secret]
+          end
+          
+          def generate_md5check
+            Digest::MD5.hexdigest(generate_md5string)
+          end
+          
+          # Quickpay doesn't do acknowledgements of callback notifications
+          # Instead it uses and MD5 hash of all parameters
+          def acknowledge      
+            generate_md5check == params['md5check']
+          end
+        end
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/integrations/return.rb

@@ -0,0 +1,37 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    module Integrations #:nodoc:
+      class Return
+        attr_accessor :params
+        attr_reader :notification
+      
+        def initialize(query_string, options = {})
+          @params  = parse(query_string)
+          @options = options
+        end
+      
+        # Successful by default. Overridden in the child class
+        def success?
+          true
+        end
+      
+        def message
+          
+        end
+        
+        def parse(query_string)
+          return {} if query_string.blank?
+          
+          query_string.split('&').inject({}) do |memo, chunk|
+            next if chunk.empty?
+            key, value = chunk.split('=', 2)
+            next if key.empty?
+            value = value.nil? ? nil : CGI.unescape(value)
+            memo[CGI.unescape(key)] = value
+            memo
+          end
+        end 
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/integrations/sage_pay_form.rb

@@ -0,0 +1,37 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    module Integrations #:nodoc:
+      module SagePayForm 
+        autoload :Helper,       File.dirname(__FILE__) + '/sage_pay_form/helper.rb'
+        autoload :Return,       File.dirname(__FILE__) + '/sage_pay_form/return.rb'
+        autoload :Notification, File.dirname(__FILE__) + '/sage_pay_form/notification.rb'
+        autoload :Encryption,   File.dirname(__FILE__) + '/sage_pay_form/encryption.rb'
+
+        mattr_accessor :production_url
+        mattr_accessor :test_url
+        mattr_accessor :simulate_url
+        self.production_url = 'https://live.sagepay.com/gateway/service/vspform-register.vsp'
+        self.test_url       = 'https://test.sagepay.com/gateway/service/vspform-register.vsp'
+        self.simulate_url   = 'https://test.sagepay.com/Simulator/VSPFormGateway.asp'
+
+        def self.return(query_string, options = {})
+          Return.new(query_string, options)
+        end
+
+        def self.service_url
+          mode = ActiveMerchant::Billing::Base.integration_mode
+          case mode
+          when :production
+            self.production_url    
+          when :test
+            self.test_url
+          when :simulate
+            self.simulate_url
+          else
+            raise StandardError, "Integration mode set to an invalid value: #{mode}"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/integrations/sage_pay_form/encryption.rb

@@ -0,0 +1,33 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    module Integrations #:nodoc:
+      module SagePayForm
+        module Encryption
+          def sage_encrypt(plaintext, key)
+            ActiveSupport::Base64.encode64s(sage_encrypt_xor(plaintext, key))
+          end
+
+          def sage_decrypt(ciphertext, key)
+            sage_encrypt_xor(ActiveSupport::Base64.decode64(ciphertext), key)
+          end
+          
+          def sage_encrypt_salt(min, max)
+            length = rand(max - min + 1) + min
+            SecureRandom.base64(length + 4)[0, length]
+          end
+
+          private
+
+          def sage_encrypt_xor(data, key)
+            raise 'No key provided' if key.blank?
+            
+            key *= (data.length.to_f / key.length.to_f).ceil
+            key = key[0, data.length]
+
+            data.bytes.zip(key.bytes).map { |b1, b2| (b1 ^ b2).chr }.join
+          end
+        end
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/integrations/sage_pay_form/helper.rb

@@ -0,0 +1,109 @@
+require 'uri'
+
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    module Integrations #:nodoc:
+      module SagePayForm
+        class Helper < ActiveMerchant::Billing::Integrations::Helper
+          include Encryption
+          
+          mapping :credential2, 'EncryptKey'
+          
+          mapping :account, 'Vendor'
+          mapping :amount, 'Amount'
+          mapping :currency, 'Currency'
+        
+          mapping :order, 'VendorTxCode'
+
+          mapping :customer,
+            :first_name => 'BillingFirstnames',
+            :last_name  => 'BillingSurname',
+            :email      => 'CustomerEMail',
+            :phone      => 'BillingPhone'
+
+          mapping :billing_address,
+            :city     => 'BillingCity',
+            :address1 => 'BillingAddress1',
+            :address2 => 'BillingAddress2',
+            :state    => 'BillingState',
+            :zip      => 'BillingPostCode',
+            :country  => 'BillingCountry'
+
+          mapping :shipping_address,
+            :city     => 'DeliveryCity',
+            :address1 => 'DeliveryAddress1',
+            :address2 => 'DeliveryAddress2',
+            :state    => 'DeliveryState',
+            :zip      => 'DeliveryPostCode',
+            :country  => 'DeliveryCountry'
+
+          mapping :return_url, 'SuccessURL'
+          mapping :description, 'Description'
+
+          def form_fields
+            fields['DeliveryFirstnames'] ||= fields['BillingFirstnames']
+            fields['DeliverySurname']    ||= fields['BillingSurname']
+            
+            fields['FailureURL'] ||= fields['SuccessURL']
+
+            crypt_skip = ['Vendor', 'EncryptKey']
+            crypt_skip << 'BillingState'  unless fields['BillingCountry']  == 'US'
+            crypt_skip << 'DeliveryState' unless fields['DeliveryCountry'] == 'US'
+            
+            key = fields['EncryptKey']
+            @crypt ||= create_crypt_field(fields.except(*crypt_skip), key)
+            
+            {
+              'VPSProtocol' => '2.23',
+              'TxType' => 'PAYMENT',
+              'Vendor' => @fields['Vendor'],
+              'Crypt'  => @crypt
+            }
+          end
+
+          private
+
+          def create_crypt_field(fields, key)
+            parts = fields.map { |k, v| "#{k}=#{sanitize(k, v)}" unless v.nil? }.compact.shuffle
+            parts.unshift(sage_encrypt_salt(key.length, key.length * 2))
+            sage_encrypt(parts.join('&'), key)
+          end
+
+          def sanitize(key, value)
+            reject = exact = nil
+            
+            case key
+            when /URL$/
+              # allow all
+            when 'VendorTxCode'
+              reject = /[^A-Za-z0-9{}._-]+/
+            when /[Nn]ames?$/
+              reject = %r{[^[:alpha:] /\\.'-]+}
+            when /(?:Address[12]|City)$/
+              reject = %r{[^[:alnum:] +'/\\:,.\n()-]+}
+            when /PostCode$/
+              reject = /[^A-Za-z0-9 -]+/
+            when /Phone$/
+              reject = /[^0-9A-Za-z+ ()-]+/
+            when 'Currency'
+              exact = /^[A-Z]{3}$/
+            when /State$/
+              exact = /^[A-Z]{2}$/
+            else
+              reject = /&+/
+            end
+            
+            if exact
+              raise ArgumentError, "Invalid value for #{key}: #{value.inspect}" unless value =~ exact
+              value
+            elsif reject
+              value.gsub(reject, ' ')
+            else
+              value
+            end
+          end
+        end
+      end
+    end
+  end
+end