spree_vpago 2.2.2.pre.pre28 → 2.2.2.pre.pre29

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f4223baa916c63136d13cdc1e6a10e0cab90401325df3fde6bcd05e837d28556
-  data.tar.gz: ffff5d2363666590557c939385c4d366a81abb05a05dd0b8914590c8e33af5cc
+  metadata.gz: ffd067f1f6d9c43a32e0cd36af72cef8ef042118ea0530119849a8c6440717c3
+  data.tar.gz: 6bf1d2fb42028a807548ad022e79bd2f42801a2279032b0adc57149253d793da
 SHA512:
-  metadata.gz: dcc8364443a80c55cb2f8b91212bbdf96dd7adf91b80802066bea239a6827759f4201f2f434dc65e1a60ec7106af1bbbafe2b10133cbd1379c704fcf8cf3e4f8
-  data.tar.gz: 6675fda061cd27a3b34057a304d5f5f7fb93830ee0698df9d7e0d83435668f59d867d1c6b4af22c638469e0075b96651ab899399ccebcf924f2d7a34f6c141a0
+  metadata.gz: 47958c255b8149390ff8edcc8607aee7ed16222005b6225e1f2d2b9d8c98b1611fb6cfbff280f686ac916feed853c793e2aec98668b29457712457188c903ece
+  data.tar.gz: 070a058604d02f921248fe080989ee1d4502e789aeff0db7a58a40803f401bc14ac44fc71b6cbfefc00508ef436c80da41a9f33e4e7d3672979aeb09d7bbc3d8

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    spree_vpago (2.2.2.pre.pre28)
+    spree_vpago (2.2.2.pre.pre29)
       faraday
       google-cloud-firestore
       spree_api (>= 4.5)
@@ -96,7 +96,7 @@ GEM
       bundler
       rake
       thor (>= 0.14.0)
-    ast (2.4.2)
+    ast (2.4.3)
     async (1.31.0)
       console (~> 1.10)
       nio4r (~> 2.3)
@@ -284,7 +284,10 @@ GEM
       railties (>= 3.2.16)
     jsbundling-rails (1.3.1)
       railties (>= 6.0.0)
-    json (2.6.3)
+    json (2.19.2)
+    json-schema (6.2.0)
+      addressable (~> 2.8)
+      bigdecimal (>= 3.1, < 5)
     jsonapi-rspec (0.0.11)
       rspec-core
       rspec-expectations
@@ -303,8 +306,10 @@ GEM
       activerecord
       kaminari-core (= 1.2.2)
     kaminari-core (1.2.2)
+    language_server-protocol (3.17.0.5)
     launchy (2.5.2)
       addressable (~> 2.8)
+    lint_roller (1.1.0)
     loofah (2.21.3)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
@@ -315,6 +320,8 @@ GEM
       net-smtp
     marcel (1.0.2)
     matrix (0.4.2)
+    mcp (0.9.0)
+      json-schema (>= 4.1)
     method_source (1.0.0)
     mini_magick (4.12.0)
     mini_mime (1.1.2)
@@ -342,14 +349,16 @@ GEM
       faraday (>= 1, < 3)
       sawyer (~> 0.9)
     os (1.1.4)
-    parallel (1.23.0)
+    parallel (1.27.0)
     paranoia (2.6.1)
       activerecord (>= 5.1, < 7.1)
-    parser (3.2.2.1)
+    parser (3.3.10.2)
       ast (~> 2.4.1)
+      racc
     pg (1.5.3)
     polyglot (0.3.5)
     popper_js (1.16.1)
+    prism (1.9.0)
     protocol-hpack (1.4.2)
     protocol-http (0.24.1)
     protocol-http1 (0.15.0)
@@ -408,11 +417,12 @@ GEM
       redis-client (>= 0.9.0)
     redis-client (0.14.1)
       connection_pool
-    regexp_parser (2.8.0)
+    regexp_parser (2.11.3)
     responders (3.2.0)
       actionpack (>= 7.0)
       railties (>= 7.0)
-    rexml (3.2.5)
+    rexml (3.2.9)
+      strscan
     rspec-activemodel-mocks (1.1.0)
       activemodel (>= 3.0)
       activesupport (>= 3.0)
@@ -438,18 +448,21 @@ GEM
     rspec-support (3.12.0)
     rspec_junit_formatter (0.6.0)
       rspec-core (>= 2, < 4, != 2.12.0)
-    rubocop (1.51.0)
+    rubocop (1.85.1)
       json (~> 2.3)
+      language_server-protocol (~> 3.17.0.2)
+      lint_roller (~> 1.1.0)
+      mcp (~> 0.6)
       parallel (~> 1.10)
-      parser (>= 3.2.0.0)
+      parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.8, < 3.0)
-      rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.28.0, < 2.0)
+      regexp_parser (>= 2.9.3, < 3.0)
+      rubocop-ast (>= 1.49.0, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.28.1)
-      parser (>= 3.2.1.0)
+      unicode-display_width (>= 2.4.0, < 4.0)
+    rubocop-ast (1.49.1)
+      parser (>= 3.3.7.2)
+      prism (~> 1.7)
     rubocop-rails (2.19.1)
       activesupport (>= 4.2.0)
       rack (>= 1.1)
@@ -606,6 +619,7 @@ GEM
     stimulus-rails (1.3.4)
       railties (>= 6.0.0)
     stringex (2.8.6)
+    strscan (3.1.7)
     thor (1.2.2)
     tilt (2.1.0)
     timecop (0.9.6)
@@ -619,7 +633,9 @@ GEM
       railties (>= 6.0.0)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-    unicode-display_width (2.4.2)
+    unicode-display_width (3.2.0)
+      unicode-emoji (~> 4.1)
+    unicode-emoji (4.2.0)
     validates_zipcode (0.5.2)
       activemodel (>= 4.2.0)
     vcr (6.2.0)

data/app/controllers/spree/admin/payment_methods_controller_decorator.rb

@@ -5,16 +5,14 @@ module Spree
         scope = current_store.payment_methods_including_vendor.accessible_by(current_ability, :index)
 
         if params[:tab] == 'vendors'
-          scope = scope.where.not(vendor_id: nil)
+          scope.where.not(vendor_id: nil)
         elsif params[:tab] == 'tenants'
-          scope = scope.joins(:vendor)
-                       .where.not(vendor_id: nil)
-                       .where.not(spree_vendors: { tenant_id: nil })
+          scope.joins(:vendor)
+               .where.not(vendor_id: nil)
+               .where.not(spree_vendors: { tenant_id: nil })
         else
-          scope = scope.where(vendor_id: nil)
+          scope.where(vendor_id: nil)
         end
-
-        scope
       end
 
       # override
@@ -51,7 +49,7 @@ module Spree
         end
 
         attributes = payment_method_params.merge(preferences_params)
-        attributes.each do |k, _v|
+        attributes.each_key do |k|
           attributes.delete(k) if k.include?('password') && attributes[k].blank?
         end
 

data/app/helpers/vpago/vpago_payments_helper.rb

@@ -15,7 +15,7 @@ module Vpago
 
     # Each payment method may have their own additional processing script,
     # so we will look for the partial based on the payment method class name.
-    # 
+    #
     # eg. processing_scripts/spree/gateway/payway_v2
     def render_additional_processing_script(payment)
       processing_script_partial_path = "spree/vpago_payments/processing_scripts/#{payment.payment_method.class.to_s.underscore}"

data/app/models/spree/gateway/payway_v2.rb

@@ -156,7 +156,14 @@ module Spree
     end
 
     def check_transaction(payment)
-      checker = Vpago::PaywayV2::TransactionStatus.new(payment)
+      # ABA requires the use of the v2 API, but it does not yet support payout responses.
+      # Until v2 fully supports payouts, we fall back to v1 when payouts are enabled.
+      # Otherwise, we use v2 by default.
+      checker = if enable_payout?
+                  Vpago::PaywayV2::TransactionStatus.new(payment)
+                else
+                  Vpago::PaywayV2::TransactionStatusV2.new(payment)
+                end
       checker.call
       checker
     end
@@ -199,7 +206,7 @@ module Spree
 
       return nil if payouts_response.nil? || !payouts_response.is_a?(Array) || payouts_response.empty?
 
-      payouts_response.map { |payout| payout['amt'].to_f || 0 }.sum
+      payouts_response.map { |payout| payout['amt'].to_f }.sum
     end
   end
 end

data/app/views/spree/vpago_payments/forms/spree/gateway/_payway_v2.html.erb

@@ -19,13 +19,9 @@
   }
 
   function openUrl(url, delay = 0) {
-    if(delay > 0) {
-      setTimeout(function() {
-        window.location.href = url;
-      }, delay);
-    } else {
+    setTimeout(function() {
       window.location.href = url;
-    }
+    }, delay);
   }
 
   function showRedirectContainer(buttonLabel = null, onClick = null) {
@@ -57,12 +53,11 @@
         return response.json();
       })
       .then(function(data) {
-        var shouldDelayBeforeOpenCheckoutUrl = false;
         var shouldShowRedirectContainer = false;
 
         console.log("[Vpago] checkout response data:", JSON.stringify(data));
 
-        // When status code is 4 (dublicated transaction),
+        // When status code is 4 (duplicated transaction),
         // Possibly user refresh the checkout page even after the transaction is completed.
         // So in this case, we should hide loading spinner and show redirect container UI
         // While it check transaction status in the background. It will automatically redirect user to the result page after checking.
@@ -74,12 +69,11 @@
 
         if (data.abapay_deeplink && shouldOpenAbaPayDeeplink) {
           openDeeplinkUrl(data.abapay_deeplink);
-          shouldDelayBeforeOpenCheckoutUrl = true;
           shouldShowRedirectContainer = true;
         }
 
         if (data.checkout_qr_url && shouldOpenCheckoutUrl) {
-          openUrl(data.checkout_qr_url, shouldDelayBeforeOpenCheckoutUrl ? 500 : 0);
+          openUrl(data.checkout_qr_url);
           shouldShowRedirectContainer = false;
         }
 

data/lib/spree_vpago/version.rb

@@ -1,7 +1,7 @@
 module SpreeVpago
   module_function
 
-  VERSION = '2.2.2-pre28'.freeze
+  VERSION = '2.2.2-pre29'.freeze
 
   def version
     Gem::Version.new VERSION

data/lib/vpago/payway_v2/base.rb

@@ -24,7 +24,7 @@ module Vpago
       end
 
       def amount
-        format('%.2f', (@payment.amount + transaction_fee))
+        format('%.2f', @payment.amount + transaction_fee)
       end
 
       def transaction_fee_fix
@@ -103,8 +103,15 @@ module Vpago
       end
 
       def return_deeplink_url
-        # for some cases opening from telegram webview, fb, messenger webview, deeplink back to app doesn't work.
-        # so, return nil will ensure ABA won't return back to wrong app, for android, it will auto pop which to previous app and correct behavior, for ios, it will stuck, user can click back button to go back to app.
+        # In Telegram, Facebook, and Messenger webviews, there is no reliable way for
+        # ABA to detect the originating app. Using `continue_success_url` may open the
+        # default browser instead of the intended app (e.g., Telegram or Facebook),
+        # resulting in a poor user experience.
+        #
+        # To prevent ABA from returning to the wrong app, we allow returning nil by
+        # setting `disable_return_deeplink: true`:
+        # - Android: ABA app automatically returns to the previous app (expected behavior)
+        # - iOS: no automatic redirect occurs, but users can tap "Back to <App>" at the top of ABA
         return nil if @disable_return_deeplink
 
         app_scheme = @payment.payment_method.preferences[:app_scheme]

data/lib/vpago/payway_v2/transaction_status.rb

@@ -1,52 +1,37 @@
 require 'faraday'
 
-# API documentation:
-# https://developer.payway.com.kh/check-transaction-14530826e0
 module Vpago
   module PaywayV2
     class TransactionStatus < Base
+      # status:
+      # 0 – Approved, PRE_AUTH, PREAUTH_APPROVED
+      # 1 – Created
+      # 2 – Pending
+      # 3 – Declined
+      # 4 – Refunded
+      # 5 – Wrong Hash
+      # 7 - Cancelled
+      # 11 – Other Server-side Error
       def call
         @response = check_remote_status
       end
 
-      # 00 : Success!
-      # 5 : Invalid hash
-      # 6 : Transaction not found
-      # 8 : Invalid merchant profile
-      # 11 : Internal server error
-      # 429 : Reach request limit
-      def status_code
-        status_data = json_response['status']
-        return nil unless status_data.is_a?(Hash)
-
-        status_data['code']
-      end
-
-      # APPROVED : Transaction successfully completed with the full purchase amount.
-      # PRE-AUTH : Transaction successfully processed with a pre-authorization hold on funds pending final capture.
-      # REFUNDED : Transaction has been fully or partially refunded.
-      # PENDING : Transaction is awaiting payment completion by the payer.
-      # DECLINED : Transaction has been declined.
-      # CANCELLED : Merchant canceled the pre-authorization or closed the transaction.
-      def payment_status
-        data = json_response['data']
-        return nil unless data.is_a?(Hash)
-
-        data['payment_status']
+      def status
+        json_response['status']&.to_s
       end
 
       def success?
-        %w[APPROVED PRE-AUTH].include?(payment_status)
+        status == '0'
       end
 
       # request failed does not mean payment failed.
       # but it failed when status is failed.
       def pending?
-        %w[PENDING].include?(payment_status)
+        %w[1 2].include?(status)
       end
 
       def failed?
-        %w[5 6 8].include?(status_code) || %w[DECLINED CANCELLED].include?(payment_status)
+        %w[3 4 5 7].include?(status)
       end
 
       def check_remote_status
@@ -69,7 +54,7 @@ module Vpago
 
         return nil if payouts_response.nil? || !payouts_response.is_a?(Array) || payouts_response.empty?
 
-        payouts_response.map { |payout| payout['amt'].to_f || 0 }.sum
+        payouts_response.map { |payout| payout['amt'].to_f }.sum
       end
 
       def error_message
@@ -93,7 +78,7 @@ module Vpago
       end
 
       def check_transaction_url
-        "#{host}/api/payment-gateway/v1/payments/check-transaction-2"
+        "#{host}/api/payment-gateway/v1/payments/check-transaction"
       end
     end
   end

data/lib/vpago/payway_v2/transaction_status_v2.rb

@@ -0,0 +1,95 @@
+require 'faraday'
+
+# API documentation:
+# https://developer.payway.com.kh/check-transaction-14530826e0
+module Vpago
+  module PaywayV2
+    class TransactionStatusV2 < Base
+      def call
+        @response = check_remote_status
+      end
+
+      # 00 : Success!
+      # 5 : Invalid hash
+      # 6 : Transaction not found
+      # 8 : Invalid merchant profile
+      # 11 : Internal server error
+      # 429 : Reach request limit
+      def status_code
+        status_data = json_response['status']
+        return nil unless status_data.is_a?(Hash)
+
+        status_data['code']&.to_s
+      end
+
+      # APPROVED : Transaction successfully completed with the full purchase amount.
+      # PRE-AUTH : Transaction successfully processed with a pre-authorization hold on funds pending final capture.
+      # REFUNDED : Transaction has been fully or partially refunded.
+      # PENDING : Transaction is awaiting payment completion by the payer.
+      # DECLINED : Transaction has been declined.
+      # CANCELLED : Merchant canceled the pre-authorization or closed the transaction.
+      def payment_status
+        data = json_response['data']
+        return nil unless data.is_a?(Hash)
+
+        data['payment_status']
+      end
+
+      def success?
+        %w[APPROVED PRE-AUTH].include?(payment_status)
+      end
+
+      # request failed does not mean payment failed.
+      # but it failed when status is failed.
+      def pending?
+        %w[PENDING].include?(payment_status)
+      end
+
+      def failed?
+        %w[5 6 8].include?(status_code) || %w[DECLINED CANCELLED].include?(payment_status)
+      end
+
+      def check_remote_status
+        conn = Faraday::Connection.new do |faraday|
+          faraday.request :url_encoded
+        end
+
+        data = {
+          req_time: req_time,
+          merchant_id: merchant_id,
+          tran_id: transaction_id,
+          hash: checker_hmac
+        }
+
+        conn.post(check_transaction_url, data)
+      end
+
+      def error_message
+        status_data = json_response['status']
+        return nil unless status_data.is_a?(Hash)
+
+        status_data['message']
+      end
+
+      def json_response
+        @json_response ||= begin
+          JSON.parse(@response.body)
+        rescue JSON::ParserError
+          {}
+        end
+      end
+
+      def checker_hmac
+        data = "#{req_time}#{merchant_id}#{transaction_id}"
+        hash = Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha512'), api_key, data))
+
+        # somehow php counter part are not able to decode if the \n present.
+        hash.delete("\n")
+      end
+
+      def check_transaction_url
+        "#{host}/api/payment-gateway/v1/payments/check-transaction-2"
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: spree_vpago
 version: !ruby/object:Gem::Version
-  version: 2.2.2.pre.pre28
+  version: 2.2.2.pre.pre29
 platform: ruby
 authors:
 - You
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-03-20 00:00:00.000000000 Z
+date: 2026-03-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -404,6 +404,7 @@ files:
 - lib/vpago/payway_v2/pre_auth_canceler.rb
 - lib/vpago/payway_v2/pre_auth_completer.rb
 - lib/vpago/payway_v2/transaction_status.rb
+- lib/vpago/payway_v2/transaction_status_v2.rb
 - lib/vpago/true_money/base.rb
 - lib/vpago/true_money/checkout.rb
 - lib/vpago/true_money/refund_issuer.rb