rails-gp-webpay 0.1.0

data/config/wsdl/swaref.xsd

@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Copyright (c) 2002-2004 by The Web Services-Interoperability Organization (WS-I) and 
+  Certain of its Members. All Rights Reserved.
+	
+  Notice
+  The material contained herein is not a license, either expressly or impliedly, to any 
+  intellectual property owned or controlled by any of the authors or developers of this 
+  material or WS-I. The material contained herein is provided on an "AS IS" basis and to 
+  the maximum extent permitted by applicable law, this material is provided AS IS AND WITH 
+  ALL FAULTS, and the authors and developers of this material and WS-I hereby disclaim all 
+  other warranties and conditions, either express, implied or statutory, including, but not 
+  limited to, any (if any) implied warranties, duties or conditions of  merchantability, 
+  of fitness for a particular purpose, of accuracy or completeness of responses, of results, 
+  of workmanlike effort, of lack of viruses, and of lack of negligence. ALSO, THERE IS NO 
+  WARRANTY OR CONDITION OF TITLE, QUIET ENJOYMENT, QUIET POSSESSION, CORRESPONDENCE TO 
+  DESCRIPTION OR NON-INFRINGEMENT WITH REGARD TO THIS MATERIAL.
+	
+  IN NO EVENT WILL ANY AUTHOR OR DEVELOPER OF THIS MATERIAL OR WS-I BE LIABLE TO ANY OTHER 
+  PARTY FOR THE COST OF PROCURING SUBSTITUTE GOODS OR SERVICES, LOST PROFITS, LOSS OF USE, 
+  LOSS OF DATA, OR ANY INCIDENTAL, CONSEQUENTIAL, DIRECT, INDIRECT, OR SPECIAL DAMAGES 
+  WHETHER UNDER CONTRACT, TORT, WARRANTY, OR OTHERWISE, ARISING IN ANY WAY OUT OF THIS OR 
+  ANY OTHER AGREEMENT RELATING TO THIS MATERIAL, WHETHER OR NOT SUCH PARTY HAD ADVANCE 
+  NOTICE OF THE POSSIBILITY OF SUCH DAMAGES.
+	
+  WS-I License Information
+  Use of this WS-I Material is governed by the WS-I Test License and other licenses.  Information on these 
+  licenses are contained in the README.txt and ReleaseNotes.txt files.  By downloading this file, you agree 
+  to the terms of these licenses.
+	
+  How To Provide Feedback
+  The Web Services-Interoperability Organization (WS-I) would like to receive input, 
+  suggestions and other feedback ("Feedback") on this work from a wide variety of 
+  industry participants to improve its quality over time. 
+	
+  By sending email, or otherwise communicating with WS-I, you (on behalf of yourself if 
+  you are an individual, and your company if you are providing Feedback on behalf of the 
+  company) will be deemed to have granted to WS-I, the members of WS-I, and other parties 
+  that have access to your Feedback, a non-exclusive, non-transferable, worldwide, perpetual, 
+  irrevocable, royalty-free license to use, disclose, copy, license, modify, sublicense or 
+  otherwise distribute and exploit in any manner whatsoever the Feedback you provide regarding 
+  the work. You acknowledge that you have no expectation of confidentiality with respect to 
+  any Feedback you provide. You represent and warrant that you have rights to provide this 
+  Feedback, and if you are providing Feedback on behalf of a company, you represent and warrant 
+  that you have the rights to provide Feedback on behalf of your company. You also acknowledge 
+  that WS-I is not required to review, discuss, use, consider or in any way incorporate your 
+  Feedback into future versions of its work. If WS-I does incorporate some or all of your 
+  Feedback in a future version of the work, it may, but is not obligated to include your name 
+  (or, if you are identified as acting on behalf of your company, the name of your company) on 
+  a list of contributors to the work. If the foregoing is not acceptable to you and any company 
+  on whose behalf you are acting, please do not provide any Feedback.
+	
+  Feedback on this document should be directed to wsi-test-comments@ws-i.org. 
+-->
+<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://ws-i.org/profiles/basic/1.1/xsd" xmlns="http://ws-i.org/profiles/basic/1.1/xsd">
+	<xsd:simpleType name="swaRef">
+		<xsd:restriction base="xsd:anyURI"/>
+	</xsd:simpleType>
+</xsd:schema>

data/lib/gp_webpay.rb

@@ -0,0 +1,55 @@
+require 'nokogiri'
+require 'savon'
+require 'active_support/core_ext/hash'
+require 'active_support/core_ext/object'
+
+require 'gp_webpay/error'
+require 'gp_webpay/version'
+require 'gp_webpay/engine'
+require 'gp_webpay/service'
+require 'gp_webpay/openssl_security'
+require 'gp_webpay/configuration'
+require 'gp_webpay/response'
+
+require 'gp_webpay/http/base_signed_request'
+require 'gp_webpay/http/external_url'
+require 'gp_webpay/http/http_response'
+require 'gp_webpay/http/http_request'
+require 'gp_webpay/http/create_order'
+require 'gp_webpay/http/verify_card'
+require 'gp_webpay/http/validate_result'
+
+require 'gp_webpay/ws/ws_request'
+require 'gp_webpay/ws/validate_result'
+require 'gp_webpay/ws/ws_response'
+require 'gp_webpay/ws/base_signed_request'
+require 'gp_webpay/ws/echo'
+
+require 'gp_webpay/ws/services/get_master_payment_status'
+require 'gp_webpay/ws/services/get_payment_status'
+require 'gp_webpay/ws/services/get_token_status'
+require 'gp_webpay/ws/services/process_cancel_capture'
+require 'gp_webpay/ws/services/process_capture_reverse'
+require 'gp_webpay/ws/services/process_card_on_file_payment'
+require 'gp_webpay/ws/services/process_master_payment_revoke'
+require 'gp_webpay/ws/services/process_recurring_payment'
+require 'gp_webpay/ws/services/process_refund_payment'
+require 'gp_webpay/ws/services/process_token_payment'
+require 'gp_webpay/ws/services/process_token_revoke'
+require 'gp_webpay/ws/services/process_usage_based_payment'
+
+module GpWebpay
+  @configuration = Configuration.new
+
+  def self.config
+    @configuration
+  end
+
+  def self.configure
+    yield(@configuration)
+  end
+
+  def self.root
+    File.dirname(__dir__)
+  end
+end

data/lib/gp_webpay/configuration.rb

@@ -0,0 +1,65 @@
+module GpWebpay
+  class Configuration
+    attr_accessor :configurations, :parent_controller, :mount_at, :orders_controller, :cards_controller
+
+    def initialize
+      @configurations = {}
+      @parent_controller = 'AbstractController::Base'
+      @mount_at = '/gp_webpay'
+      @orders_controller = 'OrdersController'
+      @cards_controller = 'CardsController'
+    end
+
+    def default
+      @configurations[:default]
+    end
+
+    def [](config_name)
+      @configurations[config_name]
+    end
+
+    def add_configuration(merchant_number:, default: false)
+      @configurations[merchant_number] = MerchantConfig.new(merchant_number)
+      yield(@configurations[merchant_number])
+      @configurations[:default] = @configurations[merchant_number] if default || !@configurations[:default]
+    end
+
+    def remove_configuration(merchant_number:)
+      @configurations[merchant_number] = nil
+      @configurations[:default] = @configurations[@configurations.keys[0]]
+    end
+
+    class MerchantConfig
+      attr_accessor :merchant_number, :merchant_pem, :merchant_password, :gpe_pem, :wsdl_file, :provider, :enabled_methods, :production
+      attr_writer :http_url, :ws_url
+
+      DEFAULT_HTTP_URL = 'https://3dsecure.gpwebpay.com/pgw/order.do'.freeze
+      DEFAULT_HTTP_TEST_URL = 'https://test.3dsecure.gpwebpay.com/pgw/order.do'.freeze
+      DEFAULT_WS_URL = 'https://3dsecure.gpwebpay.com/pay-ws/v1/PaymentService'.freeze
+      DEFAULT_WS_TEST_URL = 'https://test.3dsecure.gpwebpay.com/pay-ws/v1/PaymentService'.freeze
+
+      def initialize(merchant_number)
+        @merchant_number = merchant_number
+        @production = false
+        @wsdl_file = File.read("#{GpWebpay.root}/config/wsdl/cws_v1.wsdl")
+        @enabled_methods = 'credit_card,transfer'
+      end
+
+      def http_url
+        if @http_url.nil?
+          production ? DEFAULT_HTTP_URL : DEFAULT_HTTP_TEST_URL
+        else
+          @http_url
+        end
+      end
+
+      def ws_url
+        if @ws_url.nil?
+          production ? DEFAULT_WS_URL : DEFAULT_WS_TEST_URL
+        else
+          @ws_url
+        end
+      end
+    end
+  end
+end

data/lib/gp_webpay/engine.rb

@@ -0,0 +1,7 @@
+if Object.const_defined?(:Rails)
+  module GpWebpay
+    class Engine < ::Rails::Engine
+      isolate_namespace GpWebpay
+    end
+  end
+end

data/lib/gp_webpay/error.rb

@@ -0,0 +1,4 @@
+module GpWebpay
+  class Error < StandardError
+  end
+end

data/lib/gp_webpay/http/base_signed_request.rb

@@ -0,0 +1,72 @@
+##
+# Service object signs request which can be send to GP Webpay payment gateway.
+#
+# 1. Use request value object to translate attributes to correct GP Webpay format and order.
+# 2. Append generated digest to attributes.
+# 3. prepare url to send for GP Webpay
+#
+# @param [Hash] optional attributes for GP Webpay
+#
+# @return [Hash] data needed to make request:
+#                 full url for GET request or
+#                 url_root and list of attributes for POST request.
+
+module GpWebpay
+  module Http
+    class BaseSignedRequest < Service
+      attr_reader :attributes, :locale, :operation, :config, :url_attributes
+
+      def initialize(attributes, locale, operation, merchant_number: :default, url_attributes: {})
+        super()
+        @attributes = attributes
+        @locale = locale
+        @merchant_number = merchant_number
+        @operation = operation
+        @url_attributes = url_attributes
+        @config = GpWebpay.config[@merchant_number] || GpWebpay.config.default
+      end
+
+      def call
+        request = HttpRequest.new(
+          attributes.merge(
+            merchant_number: @config.merchant_number,
+            operation: operation,
+            url: callback_url
+          )
+        ).to_gpwebpay
+
+        attrs_with_digest = payment_attributes_with_digest(request)
+        uri = URI(@config.http_url)
+
+        ExternalUrl.new(
+          url: uri.to_s,
+          full_url: build_full_url(uri, attrs_with_digest),
+          params: attrs_with_digest
+        )
+      end
+
+      def callback_url
+        raise NotImplementedError
+      end
+
+      private
+
+      def build_full_url(uri, attrs)
+        uri.query = URI.encode_www_form(attrs)
+        uri.to_s
+      end
+
+      def digest_text(attrs)
+        attrs.values.join('|')
+      end
+
+      def payment_attributes_with_digest(attrs)
+        digest = OpensslSecurity.generate_digest(@config, digest_text(attrs))
+        attrs.merge(
+          'DIGEST' => digest,
+          'LANG' => locale
+        )
+      end
+    end
+  end
+end

data/lib/gp_webpay/http/create_order.rb

@@ -0,0 +1,24 @@
+##
+# Service object creates request data for GP Webpay CREATE_ORDER operation.
+#
+# Examples:
+# => Create order which will remember credit card and send back TOKEN.
+# > GpWebpay::Http::CreateOrder.call(order_number: 146, amount: 456, currency: 978, deposit_flag: 1, user_param1: 'T')
+# => Use returned token to skip adding card again:
+# > GpWebpay::Http::CreateOrder.call(order_number: 147, amount: 456, currency: 978, deposit_flag: 1, user_param1: 'S', token: 'TOKEN')
+
+module GpWebpay
+  module Http
+    class CreateOrder < BaseSignedRequest
+      def initialize(attributes, locale, merchant_number: nil, url_attributes: {})
+        super(attributes, locale, 'CREATE_ORDER', merchant_number: merchant_number, url_attributes: url_attributes)
+      end
+
+      protected
+
+      def callback_url
+        GpWebpay::Engine.routes.url_helpers.gp_webpay_orders_path({ merchant_number: config.merchant_number, locale: locale }.merge(url_attributes))
+      end
+    end
+  end
+end

data/lib/gp_webpay/http/external_url.rb

@@ -0,0 +1,13 @@
+module GpWebpay
+  module Http
+    class ExternalUrl
+      attr_accessor :url, :full_url, :params
+
+      def initialize(url:, full_url:, params:)
+        @url = url
+        @full_url = full_url
+        @params = params
+      end
+    end
+  end
+end

data/lib/gp_webpay/http/http_request.rb

@@ -0,0 +1,63 @@
+module GpWebpay
+  module Http
+    class HttpRequest
+      attr_accessor :attributes
+
+      ATTRS_TO_GP_MAPPER = {
+        'MERCHANTNUMBER' => :merchant_number,
+        'OPERATION' => :operation,
+        'ORDERNUMBER' => :order_number,
+        'AMOUNT' => :amount,
+        'CURRENCY' => :currency,
+        'DEPOSITFLAG' => :deposit_flag,
+        'MERORDERNUM' => :mer_order_num,
+        'URL' => :url,
+        'DESCRIPTION' => :description,
+        'MD' => :md,
+        'USERPARAM1' => :user_param1,
+        'FASTPAYID' => :fast_pay_id,
+        'PAYMETHOD' => :paymethod,
+        'DISABLEPAYMETHOD' => :disable_paymethod,
+        'PAYMETHODS' => :paymethods,
+        'EMAIL' => :email,
+        'REFERENCENUMBER' => :reference_number,
+        'ADDINFO' => :add_info_to_xml,
+        'FASTTOKEN' => :fast_token
+      }.freeze
+
+      def initialize(attributes)
+        @attributes = attributes || {}
+      end
+
+      def to_gpwebpay
+        @to_gpwebpay ||= transform_to_gpwebpay
+      end
+
+      private
+
+      def transform_to_gpwebpay
+        result = ATTRS_TO_GP_MAPPER.each_with_object({}) do |(k, v), attrs|
+          attribute_value = attributes[v] || attributes[v.to_s]
+          attrs[k] = attribute_value if attribute_value
+        end
+        result = result.merge({ 'ADDINFO' => add_info_to_xml }) if attributes[:add_info] || attributes['add_info']
+        result
+      end
+
+      def add_info_to_xml
+        builder = Nokogiri::XML::Builder.new(encoding: 'UTF-8') do |xml|
+          xml.additionalInfoRequest(xmlns: 'http://gpe.cz/gpwebpay/additionalInfo/request',
+                                    'xmlns:xsi': 'http://www.w3.org/2001/XMLSchema-instance',
+                                    version: 4.0) do
+            xml.requestReturnInfo do
+              xml.requestCardsDetails true
+            end
+          end
+        end
+        builder.to_xml(
+          save_with: Nokogiri::XML::Node::SaveOptions::AS_XML
+        ).strip.gsub("\n", '')
+      end
+    end
+  end
+end

data/lib/gp_webpay/http/http_response.rb

@@ -0,0 +1,40 @@
+module GpWebpay
+  module Http
+    class HttpResponse < Response
+      GP_TO_ATTRS_MAPPER =
+        {
+          'OPERATION' => :operation,
+          'ORDERNUMBER' => :order_number,
+          'MERORDERNUM' => :mer_order_num,
+          'MD' => :md,
+          'PRCODE' => :pr_code,
+          'SRCODE' => :sr_code,
+          'RESULTTEXT' => :result_text,
+          'USERPARAM1' => :user_param1,
+          'TOKEN' => :token,
+          'EXPIRY' => :expiry,
+          'ACSRES' => :acsres,
+          'ACCODE' => :accode,
+          'PANPATTERN' => :pan_pattern,
+          'DAYTOCAPTURE' => :day_to_capture,
+          'TOKENREGSTATUS' => :token_reg_status
+        }.freeze
+
+      def self.from_hash(hash, merchant_number)
+        params = GP_TO_ATTRS_MAPPER.each_with_object({}) do |(k, v), result|
+          value = hash[k.to_s] || hash[k.to_sym]
+          result[v] = value if value
+        end
+
+        params[:add_info] = Hash.from_xml(hash['ADDINFO']) if hash['ADDINFO']
+
+        new(original_response: hash, result_text: params[:result_text], token: params[:token], status: nil,
+            pr_code: params[:pr_code], sr_code: params[:sr_code], params: params, merchant_number: merchant_number)
+      end
+
+      def valid?
+        GpWebpay::Http::ValidateResult.call(original_response, config)
+      end
+    end
+  end
+end

data/lib/gp_webpay/http/validate_result.rb

@@ -0,0 +1,63 @@
+##
+# Service object validates result received from GP Webpay response redirect.
+#
+# 1. Use public cert of GP Webpay to verify it comes from GP Webpay.
+# 2. Whitelist allowed attributes which are expected from GP Webpay.
+# 3. Calculate digest and make sure it corresponds to received DIGEST.
+# 3. Calculate digest1 and make sure it corresponds to received DIGEST1
+#    (which includes our merchant number for extra security).
+#
+# @param [Hash] Parameters hash received in response from GP Webpay.
+#
+# @return [Boolean] true if signature is valid for both digests.
+
+module GpWebpay
+  module Http
+    class ValidateResult < Service
+      attr_reader :params, :config
+
+      def initialize(params, config)
+        super()
+        @params = params
+        @config = config
+      end
+
+      def call
+        params['DIGEST'] && params['DIGEST1'] && OpensslSecurity.validate_digests(
+          config,
+          params['DIGEST'] => digest_verification,
+          params['DIGEST1'] => digest1_verification
+        )
+      end
+
+      private
+
+      DIGEST_ALLOWED_ATTRIBUTES = %w[
+        OPERATION
+        ORDERNUMBER
+        MERORDERNUM
+        MD
+        PRCODE
+        SRCODE
+        RESULTTEXT
+        USERPARAM1
+        ADDINFO
+        TOKEN
+        EXPIRY
+        ACSRES
+        ACCODE
+        PANPATTERN
+        DAYTOCAPTURE
+        TOKENREGSTATUS
+      ].freeze
+
+      def digest_verification
+        @digest_verification ||= (DIGEST_ALLOWED_ATTRIBUTES & params.keys).map { |key| params[key] }.join('|')
+      end
+
+      def digest1_verification
+        "#{digest_verification}|#{config.merchant_number}"
+      end
+    end
+  end
+end