offsite_payments_migs 1.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 70fe4e7f16a7259ddbd7d02438db6489d87f8dc4
+  data.tar.gz: 600547c5546a2c67c907d01aff2c0d5a07716f7b
+SHA512:
+  metadata.gz: 43d778c0d1a020cb0294d1dafd4b69480d55ea9928051fc69cb165b78ef689a0e7baaf6ef074fd0683b00e6cca8d070f495a1c19ae5b76f8c100f8ba98b2cff6
+  data.tar.gz: 820c77803bbceca7e096fc97c9d8e585b41cc00e4a41d7c5311e2f8bf1da64df3ceb265f16596bca4d5ea8f3ab9080a5c3253692294ce8d055d2f3285cdaef52

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2005-2014 Tobias Luetke
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,31 @@
+# Offsite Payments
+
+Offsite Payments is an extraction from the ecommerce system [Shopify](http://www.shopify.com). Shopify's requirements for a simple and unified API to handle dozens of different offsite payment pages (often called hosted payment pages) with very different exposed APIs was the chief principle in designing the library.
+
+It was developed for usage in Ruby on Rails web applications and integrates seamlessly
+as a Rails plugin. It should also work as a stand alone Ruby library, but much of the benefit is in the ActionView helpers which are Rails-specific.
+
+This gem provides integration for [MiGS](https://en.wikipedia.org/wiki/Mastercard_Internet_Gateway_Service)
+through the Offsite Payments gem.
+
+## Installation
+
+### From Git
+
+You can check out the latest source from git:
+
+    git clone https://github.com/sealink/offsite_payments_migs.git
+
+### From RubyGems
+
+Installation from RubyGems:
+
+    gem install offsite_payments_migs
+
+Or, if you're using Bundler, just add the following to your Gemfile:
+
+    gem 'offsite_payments_migs'
+
+## Misc.
+
+- This library is MIT licensed.

data/lib/offsite_payments/integrations/migs.rb

@@ -0,0 +1,236 @@
+module OffsitePayments
+  module Integrations
+    module Migs
+      API_VERSION = 1
+
+      def self.return(query_string, options = {})
+        Return.new(query_string, options)
+      end
+
+      class Helper < OffsitePayments::Helper
+        def self.base_url
+          'https://migs.mastercard.com.au/vpcpay'
+        end
+
+        def initialize(order, account, options = {})
+          @credentials = { login: account, password: options.fetch(:password) }
+          @secure_hash = options.fetch(:secure_hash)
+          @options = options.merge(order_id: order)
+        end
+
+        # Generates a URL to redirect user to MiGS to process payment
+        # Once user is finished MiGS will redirect back to specified URL
+        # With a response hash which can be turned into a Response object
+        # with purchase_offsite_response
+        #
+        # ==== Options
+        #
+        # * <tt>:order_id</tt> -- A reference for tracking the order (REQUIRED)
+        # * <tt>:locale</tt> -- Change the language of the redirected page
+        #   Values are 2 digit locale, e.g. en, es
+        # * <tt>:return_url</tt> -- the URL to return to once the payment is complete
+        # * <tt>:card_type</tt> -- Providing this skips the card type step.
+        #   Values are ActiveMerchant formats: e.g. master, visa, american_express, diners_club
+        # * <tt>:unique_id</tt> -- Unique id of transaction to find.
+        #   If not supplied one will be generated.
+        def credential_based_url
+          cents = @options.fetch(:cents)
+          builder = TransactionBuilder.new(@credentials)
+          builder.add_invoice(@options)
+          builder.add_creditcard_type(@options[:card_type]) if @options[:card_type]
+          builder.add_amount(cents)
+          builder.add_standard_parameters('pay', @options[:unique_id])
+          post = builder.post.merge(
+            Locale: @options[:locale] || 'en',
+            ReturnURL: @options.fetch(:return_url)
+          )
+          post[:SecureHash] = SecureHash.calculate(@secure_hash, post)
+          post[:SecureHashType] = 'SHA256'
+
+          self.class.base_url + '?' + post_data(post)
+        end
+
+        private
+
+        def post_data(post)
+          post.collect { |key, value| "vpc_#{key}=#{CGI.escape(value.to_s)}" }.join("&")
+        end
+      end
+
+      class Notification < OffsitePayments::Notification
+        def initialize(params, options = {})
+          @params = params
+          @response = parse
+          @options = options
+        end
+
+        def parse
+          @params.map.with_object({}) { |(key, value), hash|
+            hash[key.gsub('vpc_', '').to_sym] = value
+          }
+        end
+
+        def avs_response_code
+          avs_response_code = @response[:AVSResultCode]
+          avs_response_code = 'S' if avs_response_code == "Unsupported"
+          avs_response_code
+        end
+
+        def cvv_result_code
+          cvv_result_code = @response[:CSCResultCode]
+          cvv_result_code = 'P' if cvv_result_code == "Unsupported"
+          cvv_result_code
+        end
+
+        def success?
+          @response[:TxnResponseCode] == '0'
+        end
+
+        def fraud_review?
+          ISSUER_RESPONSE_CODES[@response[:AcqResponseCode]] == 'Suspected Fraud'
+        end
+
+        def acknowledge
+          # Failures don't include a secure hash, so return directly
+          return true unless success?
+
+          # Check SecureHash only on success (not returned otherwise)
+          unless @response[:SecureHash] == expected_secure_hash
+            raise SecurityError, "Secure Hash mismatch, response may be tampered with"
+          end
+
+          true
+        end
+
+        def expected_secure_hash
+          SecureHash.calculate(@options[:secure_hash], @response)
+        end
+
+        def gross
+          @response[:Amount].to_d / 100.0
+        end
+
+        def card_code
+          return unless @response.key?(:Card) # Card doesn't appear on failure
+          migs_code = @response[:Card]
+          CARD_TYPES.detect { |ct|
+            ct.migs_code == migs_code
+          }.am_code
+        end
+
+        def order_id
+          @response[:OrderInfo]
+        end
+
+        def uid
+          @response[:MerchTxnRef]
+        end
+
+        def transaction_id
+          @response[:TransactionNo]
+        end
+
+        def message # only when error
+          @response['Message']
+        end
+      end
+
+      def test?
+        # TEST prefix defines if login is for test system, see page 37 of:
+        # https://anz.com.au/australia/business/merchant/pdf/MIGSProductGuide.pdf
+        @options[:login].start_with?('TEST')
+      end
+
+      class SecureHash
+        require 'openssl'
+
+        DIGEST = OpenSSL::Digest.new('sha256')
+
+        def self.calculate(secure_hash, post)
+          post_without_secure_hash = post.reject { |k, _v| [:SecureHash, :SecureHashType].include? k }
+          sorted_values = post_without_secure_hash.sort_by(&:to_s).map { |key, value| "vpc_#{key}=#{value}"}
+          input = sorted_values.join('&')
+          OpenSSL::HMAC.hexdigest(DIGEST, [secure_hash].pack('H*'), input).upcase
+        end
+      end
+
+      private
+
+      class CreditCardType
+        attr_accessor :am_code, :migs_code, :migs_long_code, :name
+        def initialize(am_code, migs_code, migs_long_code, name)
+          @am_code        = am_code
+          @migs_code      = migs_code
+          @migs_long_code = migs_long_code
+          @name           = name
+        end
+      end
+
+      CARD_TYPES = [
+        # The following are 4 different representations of credit card types
+        # am_code: The active merchant code
+        # migs_code: Used in response for purchase/authorize/status
+        # migs_long_code: Used to pre-select card for server_purchase_url
+        # name: The nice display name
+        %w(american_express AE Amex             American\ Express),
+        %w(diners_club      DC Dinersclub       Diners\ Club),
+        %w(jcb              JC JCB              JCB\ Card),
+        %w(maestro          MS Maestro          Maestro\ Card),
+        %w(master           MC Mastercard       MasterCard),
+        %w(na               PL PrivateLabelCard Private\ Label\ Card),
+        %w(visa             VC Visa             Visa\ Card')
+      ].map { |am_code, migs_code, migs_long_code, name|
+        CreditCardType.new(am_code, migs_code, migs_long_code, name)
+      }
+
+      class TransactionBuilder
+        attr_reader :post
+
+        def initialize(options)
+          @options = options
+          @post = {}
+        end
+
+        def add_invoice(options)
+          post[:OrderInfo] = options.fetch(:order_id)
+        end
+
+        def add_amount(cents)
+          post[:Amount] = cents.to_s
+        end
+
+        def add_creditcard(creditcard)
+          post[:CardNum] = creditcard.number
+          post[:CardSecurityCode] = creditcard.verification_value if creditcard.verification_value?
+          post[:CardExp] = format(creditcard.year) + format(creditcard.month)
+        end
+
+        def add_creditcard_type(card_type)
+          post[:Gateway] = 'ssl'
+          post[:card] = CARD_TYPES.detect{|ct| ct.am_code == card_type}.migs_long_code
+        end
+
+        def add_advanced_user
+          post[:User] = @options[:advanced_login]
+          post[:Password] = @options[:advanced_password]
+        end
+
+        def add_standard_parameters(action, unique_id = nil)
+          post.merge!(
+            :Version     => API_VERSION,
+            :Merchant    => @options[:login],
+            :AccessCode  => @options[:password],
+            :Command     => action,
+            :MerchTxnRef => unique_id || SecureRandom.hex(16).slice(0, 40)
+          )
+        end
+
+        private
+
+        def format(number)
+          sprintf("%.2i", number.to_i)[-2..-1]
+        end
+      end
+    end
+  end
+end

data/lib/offsite_payments_migs/version.rb

@@ -0,0 +1,3 @@
+module OffsitePaymentsMigs
+  VERSION = "1.1.0"
+end

data/lib/offsite_payments_migs.rb

@@ -0,0 +1,12 @@
+module OffsitePaymentsMigs
+  require 'offsite_payments'
+  require_relative 'offsite_payments/integrations/migs'
+
+  mattr_accessor :mode
+  self.mode = :production
+
+  # A check to see if we're in test mode
+  def self.test?
+    self.mode == :test
+  end
+end

metadata

@@ -0,0 +1,91 @@
+--- !ruby/object:Gem::Specification
+name: offsite_payments_migs
+version: !ruby/object:Gem::Version
+  version: 1.1.0
+platform: ruby
+authors:
+- Stefan Cooper
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-03-27 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: offsite_payments
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: test-unit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: This gem extends the activemerchant offsite_payments gem providing integration
+  of MiGS.
+email: stefan.cooper@sealink.com.au
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- lib/offsite_payments/integrations/migs.rb
+- lib/offsite_payments_migs.rb
+- lib/offsite_payments_migs/version.rb
+homepage: https://github.com/sealink/offsite_payments_migs
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5.1
+signing_key: 
+specification_version: 4
+summary: MiGS integration for the activemerchant offsite_payments gem.
+test_files: []