offsite_payments 2.5.0 → 2.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6dbb49e3c6e9875cd51b4b6c3083adacfb7f52ca
-  data.tar.gz: 3c221668d16554ddd7a6382a863d4e11df4681a7
+  metadata.gz: 73115ca84dcd4112cff7a48a4edf5d3be556c741
+  data.tar.gz: 5a30a82fdad39b6b31375fffbde56d51990d5713
 SHA512:
-  metadata.gz: 42de1a61d962eebcc882dde55931b8510a962d05dc68b1e9655cf2c0ef56c612c15d79fdb8620ef7a4676cde336702d9b02b9a6bed10c0b61729a5b6b859bc6a
-  data.tar.gz: 569f2135cc94d0edb84aeab8f8a87fc391a59df2035d70de26fd63b6258092a62201fd3cc0f637f81d8128174bfd4622de7d873dc788411829cdc979d186ec1b
+  metadata.gz: bef97be330df21fcd7c37d7a6ebcaa66f7712b773d43913b4ca87e9dfe713ff3bfb0e52da520fb0e57ebc183c4b79c1e0d0ad7f6f4103a934ea7cea2bef7b1e4
+  data.tar.gz: 274c019786d06ff21eecfa4316cb683e92b8a26296149be08c0fc1296761a1cf86561273f08424d671e395b163828f8b71350d4f3509ae1d3e9e2ce24f4012e6

data/lib/offsite_payments/integrations/bit_pay.rb

@@ -89,7 +89,6 @@ module OffsitePayments #:nodoc:
 
         def item_id
           JSON.parse(params['posData'])['orderId']
-        rescue JSON::ParserError
         end
 
         def status
@@ -132,14 +131,12 @@ module OffsitePayments #:nodoc:
           retrieved_json = JSON.parse(@raw).tap { |j| j.delete('currentTime') }
 
           posted_json == retrieved_json
-        rescue JSON::ParserError
         end
 
         private
         def parse(body)
           @raw = body
           @params = JSON.parse(@raw)
-        rescue JSON::ParserError
         end
       end
 

data/lib/offsite_payments/integrations/epay.rb

@@ -125,7 +125,7 @@ module OffsitePayments #:nodoc:
           return false
         end
 
-        %w(txnid orderid amount currency date time hash fraud payercountry issuercountry txnfee subscriptionid paymenttype cardno).each do |attr|
+        %w(txnid orderid currency date time hash fraud payercountry issuercountry txnfee subscriptionid paymenttype cardno).each do |attr|
           define_method(attr) do
             params[attr]
           end
@@ -135,10 +135,6 @@ module OffsitePayments #:nodoc:
           CURRENCY_CODES.invert[params['currency']].to_s
         end
 
-        def amount
-          Money.new(params['amount'].to_i, currency)
-        end
-
         def generate_md5string
           md5string = String.new
           for line in @raw.split('&')

data/lib/offsite_payments/integrations/mollie.rb

@@ -14,7 +14,7 @@ module OffsitePayments #:nodoc:
 
         def get_request(resource, params = nil)
           uri = URI.parse(MOLLIE_API_V1_URI + resource)
-          uri.query = params.map { |k,v| "#{CGI.escape(k)}=#{CGI.escape(v)}}"}.join('&') if params
+          uri.query = params.map { |k,v| "#{CGI.escape(k)}=#{CGI.escape(v)}"}.join('&') if params
           headers = { "Authorization" => "Bearer #{token}", "Content-Type" => "application/json" }
           JSON.parse(ssl_get(uri.to_s, headers))
         end
@@ -29,4 +29,4 @@ module OffsitePayments #:nodoc:
 
     end
   end
-end
+end

data/lib/offsite_payments/integrations/moneybookers.rb

@@ -2,7 +2,7 @@ module OffsitePayments #:nodoc:
   module Integrations #:nodoc:
     module Moneybookers
       mattr_accessor :production_url
-      self.production_url = 'https://www.moneybookers.com/app/payment.pl'
+      self.production_url = 'https://pay.skrill.com'
 
       def self.service_url
         self.production_url

data/lib/offsite_payments/integrations/paytm.rb

@@ -1,151 +1,216 @@
 module OffsitePayments #:nodoc:
   module Integrations #:nodoc:
     module Paytm
-    
+      CIPHER = 'AES-128-CBC'
+      SALT_ALPHABET = ['a'..'z', 'A'..'Z', '0'..'9'].flat_map { |i| i.to_a }
+      SALT_LENGTH = 4
+      STATIC_IV = '@@@@&&&&####$$$$'
+
+      mattr_accessor :test_url
+      mattr_accessor :production_url
+
+      self.test_url = 'https://pguat.paytm.com/oltp-web/processTransaction'
+      self.production_url = 'https://secure.paytm.in/oltp-web/processTransaction'
+
+      def self.service_url
+        OffsitePayments.mode == :production ? production_url : test_url
+      end
+
       def self.notification(post, options = {})
         Notification.new(post, options)
       end
 
-      def self.return(query_string, options = {})
-        Return.new(query_string, options)
+      def self.return(post, options = {})
+        Return.new(post, options)
+      end
+
+      def self.checksum(hash, salt = nil)
+        if salt.nil?
+          salt = SALT_LENGTH.times.map { SALT_ALPHABET[SecureRandom.random_number(SALT_ALPHABET.length)] }.join
+        end
+
+        values = hash.sort.to_h.values
+        values << salt
+        Digest::SHA256.hexdigest(values.join('|')) + salt
       end
 
-      def self.sign(fields, key)
-        Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, key, fields.sort.join)).delete("\n")
+      def self.encrypt(data, key)
+        aes = OpenSSL::Cipher.new(CIPHER)
+        aes.encrypt
+        aes.key = key
+        aes.iv = STATIC_IV
+
+        encrypted_data = aes.update(data) + aes.final
+        Base64.strict_encode64(encrypted_data)
       end
 
       class Helper < OffsitePayments::Helper
-        CURRENCY_SPECIAL_MINOR_UNITS = {
-          'BIF' => 0,
-          'BYR' => 0,
-          'CLF' => 0,
-          'CLP' => 0,
-          'CVE' => 0,
-          'DJF' => 0,
-          'GNF' => 0,
-          'HUF' => 0,
-          'ISK' => 0,
-          'JPY' => 0,
-          'KMF' => 0,
-          'KRW' => 0,
-          'PYG' => 0,
-          'RWF' => 0,
-          'UGX' => 0,
-          'UYI' => 0,
-          'VND' => 0,
-          'VUV' => 0,
-          'XAF' => 0,
-          'XOF' => 0,
-          'XPF' => 0,
-          'BHD' => 3,
-          'IQD' => 3,
-          'JOD' => 3,
-          'KWD' => 3,
-          'LYD' => 3,
-          'OMR' => 3,
-          'TND' => 3,
-          'COU' => 4
-        }
+        CHECKSUM_FIELDS = %w(MID ORDER_ID CALLBACK_URL CUST_ID TXN_AMOUNT CHANNEL_ID INDUSTRY_TYPE_ID WEBSITE MERC_UNQ_REF).freeze
 
-        def initialize(order, account, options = {})
-          mid_param = { MID: account }.to_query
-          @forward_url_stag = "https://pguat.paytm.com/oltp-web/genericPT?#{mid_param}"
-          @forward_url_prod = "https://secure.paytm.in/oltp-web/genericPT?#{mid_param}"
-          @key = options[:credential2]
-          @currency = options[:currency]
+        mapping :amount, 'TXN_AMOUNT'
+        mapping :account, 'MID'
+        mapping :order, 'MERC_UNQ_REF'
+
+        mapping :customer, :email => 'CUST_ID'
+
+
+        mapping :credential3, 'INDUSTRY_TYPE_ID'
+        mapping :credential4, 'WEBSITE'
+        mapping :channel_id, 'CHANNEL_ID'
+        mapping :return_url, 'CALLBACK_URL'
+        mapping :checksum, 'CHECKSUMHASH'
 
+        def initialize(order, account, options = {})
           super
-          add_field 'x_test', @test.to_s
-        end
+          @options = options
+          @timestamp = Time.now.strftime('%Y%m%d%H%M%S')
 
-        def credential_based_url
-          @test ?  @forward_url_stag : @forward_url_prod
+          add_field(mappings[:channel_id], "WEB")
+          add_field 'ORDER_ID', "#{order}-#{@timestamp.to_i}"
+
+          self.pg = 'CC'
         end
 
         def form_fields
-          sign_fields
+          sanitize_fields
+          @fields.merge(mappings[:checksum] => encrypt_checksum)
         end
 
-        def amount=(amount)
-          add_field 'x_amount', format_amount(amount, @currency)
+        def encrypt_checksum
+          payload_items = CHECKSUM_FIELDS.reduce({}) do |items, field|
+            items[field] = @fields[field]
+          end
+          Paytm.encrypt(Paytm.checksum(payload_items), @options[:credential2])
         end
 
-        def sign_fields
-          @fields.merge!('x_signature' => generate_signature)
+        def sanitize_fields
+          %w(email phone).each do |field|
+            @fields[field].gsub!(/[^a-zA-Z0-9\-_@\/\s.]/, '') if @fields[field]
+          end
         end
+      end
 
-        def generate_signature
-          Paytm.sign(@fields, @key)
+      class Notification < OffsitePayments::Notification
+        PAYTM_RESPONSE_PARAMS = %w(MID BANKTXNID TXNAMOUNT CURRENCY STATUS RESPCODE RESPMSG TXNDATE GATEWAYNAME BANKNAME PAYMENTMODE PROMO_CAMP_ID PROMO_STATUS PROMO_RESPCODE ORDERID TXNID REFUNDAMOUNT REFID MERC_UNQ_REF CUSTID).freeze
+
+        def initialize(post, options = {})
+          super
+          @secret_key = options[:credential2]
         end
 
-        mapping :account,          'x_account_id'
-        mapping :currency,         'x_currency'
-        mapping :order,            'x_reference'
-        mapping :description,      'x_description'
-        mapping :invoice,          'x_invoice'
-        mapping :credential3,      'x_credential3'
-        mapping :credential4,      'x_credential4'
+        def complete?
+          status == 'Completed'
+        end
 
-        mapping :customer, :email      => 'x_customer_email',
-                           :phone      => 'x_customer_phone'
+        def status
+          if transaction_status.casecmp("TXN_SUCCESS").zero?
+            'Completed'
+          elsif transaction_status.casecmp("pending").zero?
+            'Pending'
+          else
+            'Failed'
+          end
+        end
 
-        mapping        :notify_url, 'x_url_callback'
-        mapping        :return_url, 'x_url_complete'
-        mapping :cancel_return_url, 'x_url_cancel'
+        def invoice_ok?(order_id)
+          order_id.to_s == invoice.to_s
+        end
 
-        private
+        # Order amount should be equal to gross
+        def amount_ok?(order_amount)
+          BigDecimal.new(original_gross) == order_amount
+        end
 
-        def format_amount(amount, currency)
-          units = CURRENCY_SPECIAL_MINOR_UNITS[currency] || 2
-          sprintf("%.#{units}f", amount)
+        # Status of transaction return from the Paytm. List of possible values:
+        # <tt>TXN_SUCCESS</tt>::
+        # <tt>PENDING</tt>::
+        # <tt>TXN_FAILURE</tt>::
+        def transaction_status
+          @params['STATUS']
         end
-      end
 
-      class Notification < OffsitePayments::Notification
-        def initialize(post, options = {})
-          super
-          @key = options[:credential2]
+        # ID of this transaction (Paytm transaction id)
+        def transaction_id
+          @params['TXNID']
         end
 
-        def acknowledge(authcode = nil)
-          signature = @params['x_signature']
-          signature == generate_signature ? true : false
+        # Mode of Payment
+        #
+        # 'CC' for credit-card
+        # 'NB' for net-banking
+        # 'PPI' for wallet
+        def type
+          @params['PAYMENTMODE']
+        end
+
+        # What currency have we been dealing with
+        def currency
+          @params['CURRENCY']
         end
 
         def item_id
-          @params['x_reference']
+          @params['MERC_UNQ_REF']
         end
 
-        def currency
-          @params['x_currency']
+        # This is the invoice which you passed to Paytm
+        def invoice
+          @params['MERC_UNQ_REF']
         end
 
-        def gross
-          @params['x_amount']
+        # Merchant Id provided by the Paytm
+        def account
+          @params['MID']
         end
 
-        def transaction_id
-          @params['x_gateway_reference']
+        # original amount send by merchant
+        def original_gross
+          @params['TXNAMOUNT']
         end
 
-        def status
-          result = @params['x_result']
-          result && result.capitalize
+        def gross
+          parse_and_round_gross_amount(@params['TXNAMOUNT'])
         end
 
         def message
-          @params['x_message']
+          @params['RESPMSG']
+        end
+
+        def checksum
+          @params['CHECKSUMHASH']
         end
 
-        def test?
-          @params['x_test'] == 'true'
+        def acknowledge
+          checksum_ok?
+        end
+
+        def checksum_ok?
+          normalized_data = checksum.delete("\n").tr(' ', '+')
+          encrypted_data = Base64.strict_decode64(normalized_data)
+
+          aes = OpenSSL::Cipher::Cipher.new(CIPHER)
+          aes.decrypt
+          aes.key = @secret_key
+          aes.iv = STATIC_IV
+          received_checksum = aes.update(encrypted_data) + aes.final
+
+          salt = received_checksum[-SALT_LENGTH..-1]
+          expected_params = @params.keep_if { |k| PAYTM_RESPONSE_PARAMS.include?(k) }.sort.to_h
+          expected_checksum = Paytm.checksum(expected_params, salt)
+
+          if received_checksum == expected_checksum
+            @message = @params['RESPMSG']
+            @params['RESPCODE'] == '01'
+          else
+            @message = 'Return checksum not matching the data provided'
+            false
+          end
         end
 
         private
 
-        def generate_signature
-          signature_params = @params.select { |k| k.start_with? 'x_' }.reject { |k| k == 'x_signature' }
-          Paytm.sign(signature_params, @key)
+        def parse_and_round_gross_amount(amount)
+          rounded_amount = (amount.to_f * 100.0).round
+          sprintf('%.2f', rounded_amount / 100.00)
         end
       end
 
@@ -155,8 +220,20 @@ module OffsitePayments #:nodoc:
           @notification = Notification.new(query_string, options)
         end
 
+        def transaction_id
+          @notification.transaction_id
+        end
+
+        def status(order_id, order_amount)
+          if @notification.invoice_ok?(order_id) && @notification.amount_ok?(BigDecimal.new(order_amount))
+            @notification.status
+          else
+            'Mismatch'
+          end
+        end
+
         def success?
-          @notification.acknowledge
+          status(@params['MERC_UNQ_REF'], @params['TXNAMOUNT']) == 'Completed'
         end
 
         def message
@@ -165,4 +242,4 @@ module OffsitePayments #:nodoc:
       end
     end
   end
-end
+end

data/lib/offsite_payments/integrations/sage_pay_form.rb

@@ -127,6 +127,8 @@ module OffsitePayments #:nodoc:
         end
 
         def form_fields
+          fields.delete('locale')
+
           map_billing_address_to_shipping_address unless @shipping_address_set
 
           fields['DeliveryFirstnames'] ||= fields['BillingFirstnames']

data/lib/offsite_payments/notification.rb

@@ -30,11 +30,10 @@ module OffsitePayments #:nodoc:
       (gross.to_f * 100.0).round
     end
 
-    # This combines the gross and currency and returns a proper Money object.
-    # this requires the money library located at http://rubymoney.github.io/money/
     def amount
-      return Money.new(gross_cents, currency) rescue ArgumentError
-      return Money.new(gross_cents) # maybe you have an own money object which doesn't take a currency?
+      amount = gross ? gross.to_d : 0
+      return Money.from_amount(amount, currency) rescue ArgumentError
+      return Money.from_amount(amount) # maybe you have an own money object which doesn't take a currency?
     end
 
     # reset the notification.

data/lib/offsite_payments/version.rb

@@ -1,3 +1,3 @@
 module OffsitePayments
-  VERSION = "2.5.0"
+  VERSION = "2.6.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: offsite_payments
 version: !ruby/object:Gem::Version
-  version: 2.5.0
+  version: 2.6.0
 platform: ruby
 authors:
 - Tobias Luetke
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-05-17 00:00:00.000000000 Z
+date: 2017-08-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -19,7 +19,7 @@ dependencies:
         version: 3.2.14
     - - "<"
       - !ruby/object:Gem::Version
-        version: 6.x
+        version: '5.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: 3.2.14
     - - "<"
       - !ruby/object:Gem::Version
-        version: 6.x
+        version: '5.2'
 - !ruby/object:Gem::Dependency
   name: i18n
   requirement: !ruby/object:Gem::Requirement
@@ -115,7 +115,7 @@ dependencies:
         version: 3.2.20
     - - "<"
       - !ruby/object:Gem::Version
-        version: 6.x
+        version: '5.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -125,7 +125,7 @@ dependencies:
         version: 3.2.20
     - - "<"
       - !ruby/object:Gem::Version
-        version: 6.x
+        version: '5.2'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement