offsite_payments 2.0.0

data/lib/offsite_payments/integrations/rbkmoney.rb

@@ -0,0 +1,110 @@
+module OffsitePayments #:nodoc:
+  module Integrations #:nodoc:
+    module Rbkmoney
+      mattr_accessor :service_url
+      self.service_url = 'https://rbkmoney.ru/acceptpurchase.aspx'
+
+      def self.notification(*args)
+        Notification.new(*args)
+      end
+
+      class Helper < OffsitePayments::Helper
+        mapping :account, 'eshopId'
+        mapping :amount, 'recipientAmount'
+
+        # NOTE: rbkmoney uses outdated currency code 'RUR'
+        mapping :currency, 'recipientCurrency'
+
+        mapping :order, 'orderId'
+
+        mapping :customer, :email => 'user_email'
+
+        mapping :credential2, 'serviceName'
+        mapping :credential3, 'successUrl'
+        mapping :credential4, 'failUrl'
+      end
+
+      class Notification < OffsitePayments::Notification
+        %w(
+          eshopId
+          paymentId
+          orderId
+          eshopAccount
+          serviceName
+          recipientAmount
+          recipientCurrency
+          paymentStatus
+          userName
+          userEmail
+          paymentData
+          secretKey
+          hash
+        ).each do |param_name|
+          define_method(param_name.underscore){ params[param_name] }
+        end
+
+        def complete?
+          (payment_status == '5')
+        end
+
+        def test?
+          false
+        end
+
+        def status
+          case payment_status
+          when '3'
+            'pending'
+          when '5'
+            'completed'
+          else 'unknown'
+          end
+        end
+
+        def user_fields
+          params.inject({}) do |fields, (k,v)|
+            if /\AuserField_[\d+]\z/.match(k)
+              fields[k] = v
+            end
+            fields
+          end
+        end
+
+        alias_method :client_id, :eshop_id
+        alias_method :item_id, :order_id
+        alias_method :transaction_id, :payment_id
+        alias_method :received_at, :payment_data
+        alias_method :payer_email, :user_email
+        alias_method :gross, :recipient_amount
+        alias_method :currency, :recipient_currency
+
+        def acknowledge(authcode = nil)
+          string = [
+            eshop_id,
+            order_id,
+            service_name,
+            eshop_account,
+            recipient_amount,
+            recipient_currency,
+            payment_status,
+            user_name,
+            user_email,
+            payment_data,
+            @options[:secret]
+          ].join '::'
+
+          signature = case hash.to_s.length
+          when 32
+            Digest::MD5.hexdigest(string)
+          when 128
+            Digest::SHA512.hexdigest(string)
+          else
+            return false
+          end
+
+          signature == hash
+        end
+      end
+    end
+  end
+end

data/lib/offsite_payments/integrations/robokassa.rb

@@ -0,0 +1,154 @@
+module OffsitePayments #:nodoc:
+  module Integrations #:nodoc:
+    # Documentation: http://robokassa.ru/Doc/En/Interface.aspx
+    module Robokassa
+      # Overwrite this if you want to change the Robokassa test url
+      mattr_accessor :test_url
+      self.test_url = 'http://test.robokassa.ru/Index.aspx'
+
+      # Overwrite this if you want to change the Robokassa production url
+      mattr_accessor :production_url
+      self.production_url = 'https://merchant.roboxchange.com/Index.aspx'
+
+      mattr_accessor :signature_parameter_name
+      self.signature_parameter_name = 'SignatureValue'
+
+      def self.service_url
+        mode = OffsitePayments.mode
+        case mode
+        when :production
+          self.production_url
+        when :test
+          self.test_url
+        else
+          raise StandardError, "Integration mode set to an invalid value: #{mode}"
+        end
+      end
+
+      def self.helper(order, account, options = {})
+        Helper.new(order, account, options)
+      end
+
+      def self.notification(query_string, options = {})
+        Notification.new(query_string, options)
+      end
+
+      def self.return(query_string)
+        Return.new(query_string)
+      end
+
+      module Common
+        def generate_signature_string
+          custom_param_keys = params.keys.select {|key| key =~ /^shp/}.sort
+          custom_params = custom_param_keys.map {|key| "#{key}=#{params[key]}"}
+          [main_params, secret, custom_params.compact].flatten.join(':')
+        end
+
+        def generate_signature
+          Digest::MD5.hexdigest(generate_signature_string)
+        end
+      end
+
+      class Helper < OffsitePayments::Helper
+        include Common
+
+        def initialize(order, account, options = {})
+          @md5secret = options.delete(:secret)
+          super
+        end
+
+        def form_fields
+          @fields.merge(OffsitePayments::Integrations::Robokassa.signature_parameter_name => generate_signature)
+        end
+
+        def main_params
+          [:account, :amount, :order].map {|key| @fields[mappings[key]]}
+        end
+
+        def params
+          @fields
+        end
+
+        def secret
+          @md5secret
+        end
+
+        def method_missing(method_id, *args)
+          method_id = method_id.to_s.gsub(/=$/, '')
+
+          # support for robokassa custom parameters
+          if method_id =~ /^shp/
+            add_field method_id, args.last
+          end
+
+          super
+        end
+
+        mapping :account, 'MrchLogin'
+        mapping :amount, 'OutSum'
+        mapping :currency, 'IncCurrLabel'
+        mapping :order, 'InvId'
+        mapping :description, 'Desc'
+        mapping :email, 'Email'
+      end
+
+      class Notification < OffsitePayments::Notification
+        include Common
+
+        def self.recognizes?(params)
+          params.has_key?('InvId') && params.has_key?('OutSum')
+        end
+
+        def complete?
+          true
+        end
+
+        def amount
+          BigDecimal.new(gross)
+        end
+
+        def item_id
+          params['InvId']
+        end
+
+        def security_key
+          params[OffsitePayments::Integrations::Robokassa.signature_parameter_name].to_s.downcase
+        end
+
+        def gross
+          params['OutSum']
+        end
+
+        def status
+          'success'
+        end
+
+        def secret
+          @options[:secret]
+        end
+
+        def main_params
+          [gross, item_id]
+        end
+
+        def acknowledge(authcode = nil)
+          security_key == generate_signature
+        end
+
+        def success_response(*args)
+          "OK#{item_id}"
+        end
+      end
+
+      class Return < OffsitePayments::Return
+        def item_id
+          @params['InvId']
+        end
+
+        def amount
+          @params['OutSum']
+        end
+      end
+    end
+  end
+end

data/lib/offsite_payments/integrations/sage_pay_form.rb

@@ -0,0 +1,425 @@
+module OffsitePayments #:nodoc:
+  module Integrations #:nodoc:
+    module SagePayForm
+      mattr_accessor :production_url
+      mattr_accessor :test_url
+      mattr_accessor :simulate_url
+      self.production_url = 'https://live.sagepay.com/gateway/service/vspform-register.vsp'
+      self.test_url       = 'https://test.sagepay.com/gateway/service/vspform-register.vsp'
+      self.simulate_url   = 'https://test.sagepay.com/Simulator/VSPFormGateway.asp'
+
+      def self.return(query_string, options = {})
+        Return.new(query_string, options)
+      end
+
+      def self.service_url
+        mode = OffsitePayments.mode
+        case mode
+        when :production
+          self.production_url
+        when :test
+          self.test_url
+        when :simulate
+          self.simulate_url
+        else
+          raise StandardError, "Integration mode set to an invalid value: #{mode}"
+        end
+      end
+
+      module Encryption
+        def sage_encrypt(plaintext, key)
+          encrypted = cipher(:encrypt, key, plaintext)
+          "@#{encrypted.upcase}"
+        end
+
+        def sage_decrypt(ciphertext, key)
+          ciphertext = ciphertext[1..-1] # remove @ symbol at the beginning of a string
+          cipher(:decrypt, key, ciphertext)
+        rescue OpenSSL::Cipher::CipherError => e
+          return '' if e.message == 'wrong final block length'
+          raise
+        end
+
+        def sage_encrypt_salt(min, max)
+          length = rand(max - min + 1) + min
+          SecureRandom.base64(length + 4)[0, length]
+        end
+
+        private
+
+        def cipher(action, key, payload)
+          if action == :decrypt
+            payload = [payload].pack('H*')
+          end
+
+          cipher = OpenSSL::Cipher::AES128.new(:CBC)
+          cipher.public_send(action)
+          cipher.key = key
+          cipher.iv = key
+          result = cipher.update(payload) + cipher.final
+
+          if action == :encrypt
+            result = result.unpack('H*')[0]
+          end
+
+          result
+        end
+      end
+
+      class Helper < OffsitePayments::Helper
+        include Encryption
+
+        mapping :credential2, 'EncryptKey'
+
+        mapping :account, 'Vendor'
+        mapping :amount, 'Amount'
+        mapping :currency, 'Currency'
+
+        mapping :order, 'VendorTxCode'
+
+        mapping :customer,
+          :first_name => 'BillingFirstnames',
+          :last_name  => 'BillingSurname',
+          :email      => 'CustomerEMail',
+          :phone      => 'BillingPhone',
+          :send_email_confirmation => 'SendEmail'
+
+        mapping :billing_address,
+          :city     => 'BillingCity',
+          :address1 => 'BillingAddress1',
+          :address2 => 'BillingAddress2',
+          :state    => 'BillingState',
+          :zip      => 'BillingPostCode',
+          :country  => 'BillingCountry'
+
+        mapping :shipping_address,
+          :city     => 'DeliveryCity',
+          :address1 => 'DeliveryAddress1',
+          :address2 => 'DeliveryAddress2',
+          :state    => 'DeliveryState',
+          :zip      => 'DeliveryPostCode',
+          :country  => 'DeliveryCountry'
+
+        mapping :return_url, 'SuccessURL'
+        mapping :description, 'Description'
+
+        class_attribute :referrer_id
+
+        def shipping_address(params = {})
+          @shipping_address_set = true unless params.empty?
+
+          params.each do |k, v|
+            field = mappings[:shipping_address][k]
+            add_field(field, v) unless field.nil?
+          end
+        end
+
+        def map_billing_address_to_shipping_address
+          %w(City Address1 Address2 State PostCode Country).each do |field|
+            fields["Delivery#{field}"] = fields["Billing#{field}"]
+          end
+        end
+
+        def form_fields
+          map_billing_address_to_shipping_address unless @shipping_address_set
+
+          fields['DeliveryFirstnames'] ||= fields['BillingFirstnames']
+          fields['DeliverySurname']    ||= fields['BillingSurname']
+
+          fields['FailureURL'] ||= fields['SuccessURL']
+
+          fields['BillingPostCode'] ||= "0000"
+          fields['DeliveryPostCode'] ||= "0000"
+
+          crypt_skip = ['Vendor', 'EncryptKey', 'SendEmail']
+          crypt_skip << 'BillingState'  unless fields['BillingCountry']  == 'US'
+          crypt_skip << 'DeliveryState' unless fields['DeliveryCountry'] == 'US'
+          crypt_skip << 'CustomerEMail' unless fields['SendEmail']
+          key = fields['EncryptKey']
+          @crypt ||= create_crypt_field(fields.except(*crypt_skip), key)
+
+          result = {
+            'VPSProtocol' => '3.00',
+            'TxType' => 'PAYMENT',
+            'Vendor' => @fields['Vendor'],
+            'Crypt'  => @crypt
+          }
+          result['ReferrerID'] = referrer_id if referrer_id
+          result
+        end
+
+        private
+
+        def create_crypt_field(fields, key)
+          parts = fields.map { |k, v| "#{k}=#{sanitize(k, v)}" unless v.nil? }.compact.shuffle
+          parts.unshift(sage_encrypt_salt(key.length, key.length * 2))
+          sage_encrypt(parts.join('&'), key)
+        rescue OpenSSL::Cipher::CipherError => e
+          if e.message == 'key length too short'
+            raise ActionViewHelperError, 'Invalid encryption key.'
+          else
+            raise
+          end
+        end
+
+        def sanitize(key, value)
+          reject = exact = nil
+
+          case key
+          when /URL$/
+            # allow all
+          when 'VendorTxCode'
+            reject = /[^A-Za-z0-9{}._-]+/
+          when /[Nn]ames?$/
+            reject = %r{[^[:alpha:] /\\.'-]+}
+          when /(?:Address[12]|City)$/
+            reject = %r{[^[:alnum:] +'/\\:,.\n()-]+}
+          when /PostCode$/
+            reject = /[^A-Za-z0-9 -]+/
+          when /Phone$/
+            reject = /[^0-9A-Za-z+ ()-]+/
+          when 'Currency'
+            exact = /^[A-Z]{3}$/
+          when /State$/
+            exact = /^[A-Z]{2}$/
+          when 'Description'
+            value = value[0...100]
+          else
+            reject = /&+/
+          end
+
+          if exact
+            raise ArgumentError, "Invalid value for #{key}: #{value.inspect}" unless value =~ exact
+            value
+          elsif reject
+            value.gsub(reject, ' ')
+          else
+            value
+          end
+        end
+      end
+
+      class Notification < OffsitePayments::Notification
+        class CryptError < StandardError; end
+
+        include Encryption
+
+        def initialize(post_data, options)
+          super
+          load_crypt_params(params['crypt'], options[:credential2])
+        end
+
+        # Was the transaction complete?
+        def complete?
+          status_code == 'OK'
+        end
+
+        # Was the transaction cancelled?
+        # Unfortunately, we can't distinguish "user abort" from "idle too long".
+        def cancelled?
+          status_code == 'ABORT'
+        end
+
+        # Text version of #complete?, since we don't support Pending.
+        def status
+          complete? ? 'Completed' : 'Failed'
+        end
+
+        # Status of transaction. List of possible values:
+        # <tt>OK</tt>:: Transaction completed successfully.
+        # <tt>NOTAUTHED</tt>:: Incorrect card details / insufficient funds.
+        # <tt>MALFORMED</tt>:: Invalid input data.
+        # <tt>INVALID</tt>:: Valid input data, but some fields are incorrect.
+        # <tt>ABORT</tt>:: User hit cancel button or went idle for 15+ minutes.
+        # <tt>REJECTED</tt>:: Rejected by account fraud screening rules.
+        # <tt>AUTHENTICATED</tt>:: Authenticated card details secured at SagePay.
+        # <tt>REGISTERED</tt>:: Non-authenticated card details secured at SagePay.
+        # <tt>ERROR</tt>:: Problem internal to SagePay.
+        def status_code
+          params['Status']
+        end
+
+        # Check this if #completed? is false.
+        def message
+          params['StatusDetail']
+        end
+
+        # Vendor-supplied code (:order mapping).
+        def item_id
+          params['VendorTxCode']
+        end
+
+        # Internal SagePay code, typically "{LONG-UUID}".
+        def transaction_id
+          params['VPSTxId']
+        end
+
+        # Authorization number (only if #completed?).
+        def auth_id
+          params['TxAuthNo']
+        end
+
+        # Total amount (no fees).
+        def gross
+          params['Amount'].gsub(/,(?=\d{3}\b)/, '')
+        end
+
+        # AVS and CV2 check results.  Possible values:
+        # <tt>ALL MATCH</tt>::
+        # <tt>SECURITY CODE MATCH ONLY</tt>::
+        # <tt>ADDRESS MATCH ONLY</tt>::
+        # <tt>NO DATA MATCHES</tt>::
+        # <tt>DATA NOT CHECKED</tt>::
+        def avs_cv2_result
+          params['AVSCV2']
+        end
+
+        # Numeric address check.  Possible values:
+        # <tt>NOTPROVIDED</tt>::
+        # <tt>NOTCHECKED</tt>::
+        # <tt>MATCHED</tt>::
+        # <tt>NOTMATCHED</tt>::
+        def address_result
+          params['AddressResult']
+        end
+
+        # Post code check.  Possible values:
+        # <tt>NOTPROVIDED</tt>::
+        # <tt>NOTCHECKED</tt>::
+        # <tt>MATCHED</tt>::
+        # <tt>NOTMATCHED</tt>::
+        def post_code_result
+          params['PostCodeResult']
+        end
+
+        # CV2 code check.  Possible values:
+        # <tt>NOTPROVIDED</tt>::
+        # <tt>NOTCHECKED</tt>::
+        # <tt>MATCHED</tt>::
+        # <tt>NOTMATCHED</tt>::
+        def cv2_result
+          params['CV2Result']
+        end
+
+        # Was the Gift Aid box checked?
+        def gift_aid?
+          params['GiftAid'] == '1'
+        end
+
+        # Result of 3D Secure checks.  Possible values:
+        # <tt>OK</tt>:: Authenticated correctly.
+        # <tt>NOTCHECKED</tt>:: Authentication not performed.
+        # <tt>NOTAVAILABLE</tt>:: Card not auth-capable, or auth is otherwise impossible.
+        # <tt>NOTAUTHED</tt>:: User failed authentication.
+        # <tt>INCOMPLETE</tt>:: Authentication unable to complete.
+        # <tt>ERROR</tt>:: Unable to attempt authentication due to data / service errors.
+        def buyer_auth_result
+          params['3DSecureStatus']
+        end
+
+        # Encoded 3D Secure result code.
+        def buyer_auth_result_code
+          params['CAVV']
+        end
+
+        # Address confirmation status.  PayPal only.  Possible values:
+        # <tt>NONE</tt>::
+        # <tt>CONFIRMED</tt>::
+        # <tt>UNCONFIRMED</tt>::
+        def address_status
+          params['AddressStatus']
+        end
+
+        # Payer verification.  Undocumented.
+        def payer_verified?
+          params['PayerStatus'] == 'VERIFIED'
+        end
+
+        # Credit card type.  Possible values:
+        # <tt>VISA</tt>:: Visa
+        # <tt>MC</tt>:: MasterCard
+        # <tt>DELTA</tt>:: Delta
+        # <tt>SOLO</tt>:: Solo
+        # <tt>MAESTRO</tt>:: Maestro (UK and International)
+        # <tt>UKE</tt>:: Visa Electron
+        # <tt>AMEX</tt>:: American Express
+        # <tt>DC</tt>:: Diners Club
+        # <tt>JCB</tt>:: JCB
+        # <tt>LASER</tt>:: Laser
+        # <tt>PAYPAL</tt>:: PayPal
+        def credit_card_type
+          params['CardType']
+        end
+
+        # Last four digits of credit card.
+        def credit_card_last_4_digits
+          params['Last4Digits']
+        end
+
+        # Used by composition methods, but not supplied by SagePay.
+        def currency
+          nil
+        end
+
+        def test?
+          false
+        end
+
+        def acknowledge
+          true
+        end
+
+        private
+
+        def load_crypt_params(crypt, key)
+          raise MissingCryptData if crypt.blank?
+          raise MissingCryptKey  if key.blank?
+
+          crypt_data = sage_decrypt(crypt.gsub(' ', '+'), key)
+          raise InvalidCryptData unless crypt_data =~ /(^|&)Status=/
+
+          params.clear
+          parse(crypt_data)
+        end
+
+        class MissingCryptKey  < CryptError
+          def message
+            'No merchant decryption key supplied'
+          end
+        end
+        class MissingCryptData < CryptError
+          def message
+            'No data received from SagePay'
+          end
+        end
+        class InvalidCryptData < CryptError
+          def message
+            'Invalid data received from SagePay'
+          end
+        end
+      end
+
+      class Return < OffsitePayments::Return
+        def initialize(query_string, options)
+          begin
+            @notification = Notification.new(query_string, options)
+          rescue Notification::CryptError => e
+            @message = e.message
+          end
+        end
+
+        def success?
+          @notification && @notification.complete?
+        end
+
+        def cancelled?
+          @notification && @notification.cancelled?
+        end
+
+        def message
+          @message || @notification.message
+        end
+      end
+    end
+  end
+end