offsite_payments 2.0.0

data/lib/offsite_payments/integrations/pxpay.rb

@@ -0,0 +1,271 @@
+require 'rexml/document'
+
+module OffsitePayments #:nodoc:
+  module Integrations #:nodoc:
+    module Pxpay
+      def self.token_url
+        'https://sec.paymentexpress.com/pxpay/pxaccess.aspx'
+      end
+
+      def self.notification(post, options={})
+        Notification.new(post, options)
+      end
+
+      def self.return(query_string, options={})
+        Return.new(query_string, options)
+      end
+
+      class Helper < OffsitePayments::Helper
+        include ActiveMerchant::PostsData
+
+        attr_reader :token_parameters, :redirect_parameters
+
+        def initialize(order, account, options = {})
+          @token_parameters = {
+            'PxPayUserId'       => account,
+            'PxPayKey'          => options[:credential2],
+            'CurrencyInput'     => options[:currency],
+            'MerchantReference' => order,
+            'EmailAddress'      => options[:customer_email],
+            'TxnData1'          => options[:custom1],
+            'TxnData2'          => options[:custom2],
+            'TxnData3'          => options[:custom3],
+            'AmountInput'       => "%.2f" % options[:amount].to_f.round(2),
+            'EnableAddBillCard' => '0',
+            'TxnType'           => 'Purchase',
+            'UrlSuccess'        => options[:return_url],
+            'UrlFail'           => options[:return_url]
+          }
+          @redirect_parameters = {}
+
+          super
+
+          raise ArgumentError, "error - must specify return_url"        if token_parameters['UrlSuccess'].blank?
+          raise ArgumentError, "error - must specify cancel_return_url" if token_parameters['UrlFail'].blank?
+        end
+
+        def credential_based_url
+          raw_response = ssl_post(Pxpay.token_url, generate_request)
+          result = parse_response(raw_response)
+
+          raise ActionViewHelperError, "error - failed to get token - message was #{result[:redirect]}" unless result[:valid] == "1"
+
+          url = URI.parse(result[:redirect])
+
+          if url.query
+            @redirect_parameters = CGI.parse(url.query)
+            url.query = nil
+          end
+
+          url.to_s
+        end
+
+        def form_method
+          "GET"
+        end
+
+        def form_fields
+          redirect_parameters
+        end
+
+        private
+        def generate_request
+          xml = REXML::Document.new
+          root = xml.add_element('GenerateRequest')
+
+          token_parameters.each do | k, v |
+            next if v.blank?
+
+            v = v.to_s.slice(0, 50) if k == "MerchantReference"
+            root.add_element(k).text = v
+          end
+
+          xml.to_s
+        end
+
+        def parse_response(raw_response)
+          xml = REXML::Document.new(raw_response)
+          root = REXML::XPath.first(xml, "//Request")
+          valid = root.attributes["valid"]
+          redirect = root.elements["URI"].try(:text)
+          valid, redirect = "0", root.elements["ResponseText"].try(:text) unless redirect
+
+          # example valid response:
+          # <Request valid="1"><URI>https://sec.paymentexpress.com/pxpay/pxpay.aspx?userid=PxpayUser&amp;request=REQUEST_TOKEN</URI></Request>
+          # <Request valid='1'><Reco>IP</Reco><ResponseText>Invalid Access Info</ResponseText></Request>
+
+          # example invalid response:
+          # <Request valid="0"><URI>Invalid TxnType</URI></Request>
+
+          {:valid => valid, :redirect => redirect}
+        end
+      end
+
+      class Notification < OffsitePayments::Notification
+        include ActiveMerchant::PostsData
+        include ActiveMerchant::RequiresParameters
+
+        def initialize(query_string, options={})
+          # PxPay appends ?result=...&userid=... to whatever return_url was specified, even if that URL ended with a ?query.
+          # So switch the first ? if present to a &
+          query_string[/\?/] = '&' if query_string[/\?/]
+          super
+
+          @encrypted_params = @params
+          @params = {}
+
+          requires! @encrypted_params, "result"
+          requires! @options, :credential1, :credential2
+
+          decrypt_transaction_result(@encrypted_params["result"])
+        end
+
+        # was the notification a validly formed request?
+        def acknowledge(authcode = nil)
+          @valid == '1'
+        end
+
+        def status
+          return 'Failed' unless success?
+          return 'Completed' if complete?
+          'Error'
+        end
+
+        def complete?
+          @params['TxnType'] == 'Purchase' && success?
+        end
+
+        def cancelled?
+          !success?
+        end
+
+        # for field definitions see
+        # http://www.paymentexpress.com/Technical_Resources/Ecommerce_Hosted/PxPay
+
+        def success?
+          @params['Success'] == '1'
+        end
+
+        def gross
+          @params['AmountSettlement']
+        end
+
+        def currency
+          @params['CurrencySettlement']
+        end
+
+        def account
+          @params['userid']
+        end
+
+        def item_id
+          @params['MerchantReference']
+        end
+
+        def currency_input
+          @params['CurrencyInput']
+        end
+
+        def auth_code
+          @params['AuthCode']
+        end
+
+        def card_type
+          @params['CardName']
+        end
+
+        def card_holder_name
+          @params['CardHolderName']
+        end
+
+        def card_number
+          @params['CardNumber']
+        end
+
+        def expiry_date
+          @params['DateExpiry']
+        end
+
+        def client_ip
+          @params['ClientInfo']
+        end
+
+        def order_id
+          item_id
+        end
+
+        def payer_email
+          @params['EmailAddress']
+        end
+
+        def transaction_id
+          @params['DpsTxnRef']
+        end
+
+        def settlement_date
+          @params['DateSettlement']
+        end
+
+        # Indication of the uniqueness of a card number
+        def txn_mac
+          @params['TxnMac']
+        end
+
+        def message
+          @params['ResponseText']
+        end
+
+        def optional_data
+          [@params['TxnData1'],@fields['TxnData2'],@fields['TxnData3']]
+        end
+
+        # When was this payment was received by the client.
+        def received_at
+          settlement_date
+        end
+
+        # Was this a test transaction?
+        def test?
+          nil
+        end
+
+        private
+
+        def decrypt_transaction_result(encrypted_result)
+          request_xml = REXML::Document.new
+          root = request_xml.add_element('ProcessResponse')
+
+          root.add_element('PxPayUserId').text = @options[:credential1]
+          root.add_element('PxPayKey').text = @options[:credential2]
+          root.add_element('Response').text = encrypted_result
+
+          @raw = ssl_post(Pxpay.token_url, request_xml.to_s)
+
+          response_xml = REXML::Document.new(@raw)
+          root = REXML::XPath.first(response_xml)
+          @valid = root.attributes["valid"]
+          @params = {}
+          root.elements.each { |e| @params[e.name] = e.text }
+        end
+      end
+
+      class Return < OffsitePayments::Return
+        def initialize(query_string, options={})
+          @notification = Notification.new(query_string, options)
+        end
+
+        def success?
+          @notification && @notification.complete?
+        end
+
+        def cancelled?
+          @notification && @notification.cancelled?
+        end
+
+        def message
+          @notification.message
+        end
+      end
+    end
+  end
+end

data/lib/offsite_payments/integrations/quickpay.rb

@@ -0,0 +1,232 @@
+module OffsitePayments #:nodoc:
+  module Integrations #:nodoc:
+    module Quickpay
+      mattr_accessor :service_url
+      self.service_url = 'https://secure.quickpay.dk/form/'
+
+      def self.notification(post, options = {})
+        Notification.new(post)
+      end
+
+      def self.return(post, options = {})
+        Return.new(post, options)
+      end
+
+      class Helper < OffsitePayments::Helper
+        def initialize(order, account, options = {})
+          md5secret options.delete(:credential2)
+          super
+          add_field('protocol', '7')
+          add_field('msgtype', 'authorize')
+          add_field('language', 'da')
+          add_field('autocapture', 0)
+          add_field('testmode', test? ? 1 : 0)
+          add_field('ordernumber', format_order_number(order))
+        end
+
+        def md5secret(value)
+          @md5secret = value
+        end
+
+        def form_fields
+          @fields.merge('md5check' => generate_md5check)
+        end
+
+        def generate_md5string
+          MD5_CHECK_FIELDS.map {|key| @fields[key.to_s]} * "" + @md5secret
+        end
+
+        def generate_md5check
+          Digest::MD5.hexdigest(generate_md5string)
+        end
+
+        # Limited to 20 digits max
+        def format_order_number(number)
+          number.to_s.gsub(/[^\w]/, '').rjust(4, "0")[0...20]
+        end
+
+        MD5_CHECK_FIELDS = [
+          :protocol,
+          :msgtype,
+          :merchant,
+          :language,
+          :ordernumber,
+          :amount,
+          :currency,
+          :continueurl,
+          :cancelurl,
+          :callbackurl,
+          :autocapture,
+          :autofee,
+          :cardtypelock,
+          :description,
+          :group,
+          :testmode,
+          :splitpayment,
+          :forcemobile,
+          :deadline,
+          :cardhash
+        ]
+
+        mapping :protocol, 'protocol'
+        mapping :msgtype, 'msgtype'
+        mapping :account, 'merchant'
+        mapping :language, 'language'
+        mapping :amount, 'amount'
+        mapping :currency, 'currency'
+
+        mapping :return_url, 'continueurl'
+        mapping :cancel_return_url, 'cancelurl'
+        mapping :notify_url, 'callbackurl'
+
+        mapping :autocapture, 'autocapture'
+        mapping :autofee, 'autofee'
+        mapping :cardtypelock, 'cardtypelock'
+
+        mapping :ipaddress, 'ipaddress'
+
+        mapping :description, 'description'
+        mapping :group, 'group'
+        mapping :testmode, 'testmode'
+
+        mapping :splitpayment, 'splitpayment'
+        mapping :forcemobile, 'forcemobile'
+        mapping :deadline, 'deadline'
+        mapping :cardhash, 'cardhash'
+
+        mapping :customer, ''
+        mapping :billing_address, {}
+        mapping :tax, ''
+        mapping :shipping, ''
+      end
+
+      class Notification < OffsitePayments::Notification
+        def complete?
+          status == '000'
+        end
+
+        def item_id
+          params['ordernumber']
+        end
+
+        def transaction_id
+          params['transaction']
+        end
+
+        def received_at
+          time = params['time']
+          # If time only contains 12 integers then it's pre v5 format
+          time = "20#{params['time']}" if /[0-9]{12}/.match(params['time'])
+          Time.parse(time)
+        end
+
+        def gross
+          "%.2f" % (gross_cents / 100.0)
+        end
+
+        def gross_cents
+          params['amount'].to_i
+        end
+
+        def status
+          params['qpstat']
+        end
+
+        def currency
+          params['currency']
+        end
+
+        # Provide access to raw fields from quickpay
+        %w(
+          msgtype
+          ordernumber
+          state
+          chstat
+          chstatmsg
+          qpstat
+          qpstatmsg
+          merchant
+          merchantemail
+          cardtype
+          cardnumber
+          cardhash
+          cardexpire
+          splitpayment
+          fraudprobability
+          fraudremarks
+          fraudreport
+          fee
+        ).each do |attr|
+          define_method(attr) do
+            params[attr]
+          end
+        end
+
+        MD5_CHECK_FIELDS = [
+          :msgtype,
+          :ordernumber,
+          :amount,
+          :currency,
+          :time,
+          :state,
+          :qpstat,
+          :qpstatmsg,
+          :chstat,
+          :chstatmsg,
+          :merchant,
+          :merchantemail,
+          :transaction,
+          :cardtype,
+          :cardnumber,
+          :cardhash,
+          :cardexpire,
+          :splitpayment,
+          :fraudprobability,
+          :fraudremarks,
+          :fraudreport,
+          :fee
+        ]
+
+        def generate_md5string
+          MD5_CHECK_FIELDS.map { |key| params[key.to_s] } * "" + @options[:credential2].to_s
+        end
+
+        def generate_md5check
+          Digest::MD5.hexdigest(generate_md5string)
+        end
+
+        # Quickpay doesn't do acknowledgements of callback notifications
+        # Instead it uses and MD5 hash of all parameters
+        def acknowledge(authcode = nil)
+          generate_md5check == params['md5check']
+        end
+
+        # Take the posted data and move the relevant data into a hash
+        def parse(post)
+          # 30 + 12
+          #------------------------------8a827a0e6829
+          #Content-Disposition: form-data; name="msgtype"
+          #
+          #subscribe
+          #------------------------------8a827a0e6829
+          #Content-Disposition: form-data; name="ordernumber"
+          #
+          #BILP94406
+
+          if post =~ /-{20,40}\w{6,24}/
+            @raw = post.to_s
+            post.split(/-{20,40}\w{6,24}[\n\r]*/m).each do |part|
+              part.scan(/([^\n\r]+)[\n\r]+([^\n\r]*)/m) do |header, value|
+                if header.match(/name=["'](.*)["']/)
+                  params[$1] = value.strip
+                end
+              end
+            end
+          else
+            super
+          end
+        end
+      end
+    end
+  end
+end