start_activemerchant 1.50.0

data/lib/active_merchant/billing/gateways/iats_payments.rb

@@ -0,0 +1,277 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class IatsPaymentsGateway < Gateway
+      class_attribute :live_na_url, :live_uk_url
+
+      self.live_na_url = 'https://www.iatspayments.com/NetGate'
+      self.live_uk_url = 'https://www.uk.iatspayments.com/NetGate'
+
+      self.supported_countries = %w(AU BR CA CH DE DK ES FI FR GR HK IE IT NL NO PT SE SG TR GB US TH ID PH BE)
+      self.default_currency = 'USD'
+      self.supported_cardtypes = [:visa, :master, :american_express, :discover]
+
+      self.homepage_url = 'http://home.iatspayments.com/'
+      self.display_name = 'iATS Payments'
+
+      ACTIONS = {
+        purchase: "ProcessCreditCardV1",
+        purchase_check: "ProcessACHEFTV1",
+        refund: "ProcessCreditCardRefundWithTransactionIdV1",
+        refund_check: "ProcessACHEFTRefundWithTransactionIdV1",
+        store: "CreateCreditCardCustomerCodeV1",
+        unstore: "DeleteCustomerCodeV1"
+      }
+
+      def initialize(options={})
+        if(options[:login])
+          ActiveMerchant.deprecated("The 'login' option is deprecated in favor of 'agent_code' and will be removed in a future version.")
+          options[:agent_code] = options[:login]
+        end
+
+        options[:region] = 'na' unless options[:region]
+
+        requires!(options, :agent_code, :password, :region)
+        super
+      end
+
+      def purchase(money, payment, options={})
+        post = {}
+        add_invoice(post, money, options)
+        add_payment(post, payment)
+        add_address(post, options)
+        add_ip(post, options)
+        add_description(post, options)
+
+        commit((payment.is_a?(Check) ? :purchase_check : :purchase), post)
+      end
+
+      def refund(money, authorization, options={})
+        post = {}
+        transaction_id, payment_type = split_authorization(authorization)
+        post[:transaction_id] = transaction_id
+        add_invoice(post, -money, options)
+        add_ip(post, options)
+        add_description(post, options)
+
+        commit((payment_type == 'check' ? :refund_check : :refund), post)
+      end
+
+      def store(credit_card, options = {})
+        post = {}
+        add_payment(post, credit_card)
+        add_address(post, options)
+        add_ip(post, options)
+        add_description(post, options)
+        add_store_defaults(post)
+
+        commit(:store, post)
+      end
+
+      def unstore(authorization, options = {})
+        post = {}
+        post[:customer_code] = authorization
+        add_ip(post, options)
+
+        commit(:unstore, post)
+      end
+
+      private
+
+      def add_ip(post, options)
+        post[:customer_ip_address] = options[:ip] if options.has_key?(:ip)
+      end
+
+      def add_address(post, options)
+        billing_address = options[:billing_address] || options[:address]
+        if(billing_address)
+          post[:address] = billing_address[:address1]
+          post[:city] = billing_address[:city]
+          post[:state] = billing_address[:state]
+          post[:zip_code] = billing_address[:zip]
+        end
+      end
+
+      def add_invoice(post, money, options)
+        post[:invoice_num] = options[:order_id] if options[:order_id]
+        post[:total] = amount(money)
+      end
+
+      def add_description(post, options)
+        post[:comment] = options[:description] if options[:description]
+      end
+
+      def add_payment(post, payment)
+        if payment.is_a?(Check)
+          add_check(post, payment)
+        else
+          add_credit_card(post, payment)
+        end
+      end
+
+      def add_credit_card(post, payment)
+        post[:first_name] = payment.first_name
+        post[:last_name] = payment.last_name
+        post[:credit_card_num] = payment.number
+        post[:credit_card_expiry] = expdate(payment)
+        post[:cvv2] = payment.verification_value if payment.verification_value?
+        post[:mop] = creditcard_brand(payment.brand)
+      end
+
+      def add_check(post, payment)
+        post[:first_name] = payment.first_name
+        post[:last_name] = payment.last_name
+        post[:account_num] = "#{payment.routing_number}#{payment.account_number}"
+        post[:account_type] = payment.account_type.upcase
+      end
+
+      def add_store_defaults(post)
+        post[:recurring] = false
+        post[:begin_date] = Time.now.xmlschema
+        post[:end_date] = Time.now.xmlschema
+        post[:amount] = 0
+      end
+
+      def expdate(creditcard)
+        year  = sprintf("%.4i", creditcard.year)
+        month = sprintf("%.2i", creditcard.month)
+
+        "#{month}/#{year[-2..-1]}"
+      end
+
+      def creditcard_brand(brand)
+        case brand
+        when "visa" then "VISA"
+        when "master" then "MC"
+        when "discover" then "DSC"
+        when "american_express" then "AMX"
+        when "maestro" then "MAESTR"
+        else
+          raise "Unhandled credit card brand #{brand}"
+        end
+      end
+
+      def commit(action, parameters)
+        response = parse(ssl_post(url(action), post_data(action, parameters),
+         { 'Content-Type' => 'application/soap+xml; charset=utf-8'}))
+
+        Response.new(
+          success_from(response),
+          message_from(response),
+          response,
+          authorization: authorization_from(action, response),
+          test: test?
+        )
+      end
+
+      def endpoints
+        {
+          purchase: "ProcessLink.asmx",
+          purchase_check: "ProcessLink.asmx",
+          refund: "ProcessLink.asmx",
+          refund_check: "ProcessLink.asmx",
+          store: "CustomerLink.asmx",
+          unstore: "CustomerLink.asmx"
+        }
+      end
+
+      def url(action)
+        base_url = @options[:region] == 'uk' ? live_uk_url : live_na_url
+        "#{base_url}/#{endpoints[action]}?op=#{ACTIONS[action]}"
+      end
+
+      def parse(body)
+        response = {}
+        hashify_xml!(body, response)
+        response
+      end
+
+      def dexmlize_param_name(name)
+        names = {
+          'AUTHORIZATIONRESULT' => :authorization_result,
+          'SETTLEMENTBATCHDATE' => :settlement_batch_date,
+          'SETTLEMENTDATE' => :settlement_date,
+          'TRANSACTIONID' => :transaction_id
+        }
+        names[name] || name.to_s.downcase.intern
+      end
+
+      def hashify_xml!(xml, response)
+        xml = REXML::Document.new(xml)
+
+        xml.elements.each("//IATSRESPONSE/*") do |node|
+          recursively_parse_element(node, response)
+        end
+      end
+
+      def recursively_parse_element(node, response)
+        if(node.has_elements?)
+          node.elements.each { |n| recursively_parse_element(n, response) }
+        else
+          response[dexmlize_param_name(node.name)] = (node.text ? node.text.strip : nil)
+        end
+      end
+
+      def successful_result_message?(response)
+        response[:authorization_result].start_with?('OK')
+      end
+
+      def success_from(response)
+        response[:status] == "Success" && successful_result_message?(response)
+      end
+
+      def message_from(response)
+        if(!successful_result_message?(response))
+          return response[:authorization_result].strip
+        elsif(response[:status] == 'Failure')
+          return response[:errors]
+        else
+          response[:status]
+        end
+      end
+
+      def authorization_from(action, response)
+        if [:store, :unstore].include?(action)
+          response[:customercode]
+        elsif [:purchase_check].include?(action)
+          response[:transaction_id] ? "#{response[:transaction_id]}|check" : nil
+        else
+          response[:transaction_id]
+        end
+      end
+
+      def split_authorization(authorization)
+        authorization.split("|")
+      end
+
+      def envelope_namespaces
+        {
+          "xmlns:xsi" => "http://www.w3.org/2001/XMLSchema-instance",
+          "xmlns:xsd" => "http://www.w3.org/2001/XMLSchema",
+          "xmlns:soap12" => "http://www.w3.org/2003/05/soap-envelope"
+        }
+      end
+
+      def post_data(action, parameters = {})
+        xml = Builder::XmlMarkup.new
+        xml.instruct!(:xml, :version => '1.0', :encoding => 'utf-8')
+        xml.tag! 'soap12:Envelope', envelope_namespaces do
+          xml.tag! 'soap12:Body' do
+            xml.tag! ACTIONS[action], { "xmlns" => "https://www.iatspayments.com/NetGate/" } do
+              xml.tag!('agentCode', @options[:agent_code])
+              xml.tag!('password', @options[:password])
+              parameters.each do |name, value|
+                xml.tag!(xmlize_param_name(name), value)
+              end
+            end
+          end
+        end
+        xml.target!
+      end
+
+      def xmlize_param_name(name)
+        names = { customer_ip_address: 'customerIPAddress' }
+        names[name] || name.to_s.camelcase(:lower)
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/gateways/ideal/ideal_base.rb

@@ -0,0 +1,246 @@
+require 'active_merchant/billing/gateways/ideal/ideal_response'
+
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    # Implementation contains some simplifications
+    # - does not support multiple subID per merchant
+    # - language is fixed to 'nl'
+    class IdealBaseGateway < Gateway
+      class_attribute :server_pem, :pem_password, :default_expiration_period
+      self.default_expiration_period = 'PT10M'
+      self.default_currency = 'EUR'
+      self.pem_password = true
+
+      self.abstract_class = true
+
+      # These constants will never change for most users
+      AUTHENTICATION_TYPE = 'SHA1_RSA'
+      LANGUAGE = 'nl'
+      SUB_ID = '0'
+      API_VERSION = '1.1.0'
+
+      def initialize(options = {})
+        requires!(options, :login, :password, :pem)
+
+        options[:pem_password] = options[:password]
+        super
+      end
+
+      # Setup transaction. Get redirect_url from response.service_url
+      def setup_purchase(money, options = {})
+        requires!(options, :issuer_id, :return_url, :order_id, :currency, :description, :entrance_code)
+
+        commit(build_transaction_request(money, options))
+      end
+
+      # Check status of transaction and confirm payment
+      # transaction_id must be a valid transaction_id from a prior setup.
+      def capture(transaction, options = {})
+        options[:transaction_id] = transaction
+        commit(build_status_request(options))
+      end
+
+      # Get list of issuers from response.issuer_list
+      def issuers
+        commit(build_directory_request)
+      end
+
+      private
+
+      def url
+        (test? ? test_url : live_url)
+      end
+
+      def token
+        @token ||= create_fingerprint(@options[:pem])
+      end
+
+      # <?xml version="1.0" encoding="UTF-8"?>
+      # <AcquirerTrxReq xmlns="http://www.idealdesk.com/Message" version="1.1.0">
+      #  <createDateTimeStamp>2001-12-17T09:30:47.0Z</createDateTimeStamp>
+      #  <Issuer>
+      #   <issuerID>1003</issuerID>
+      #  </Issuer>
+      #   <Merchant>
+      #     <merchantID>000123456</merchantID>
+      #     <subID>0</subID>
+      #     <authentication>passkey</authentication>
+      #     <token>1</token>
+      #     <tokenCode>3823ad872eff23</tokenCode>
+      #     <merchantReturnURL>https://www.mijnwinkel.nl/betaalafhandeling
+      #      </merchantReturnURL>
+      #   </Merchant>
+      #   <Transaction>
+      #     <purchaseID>iDEAL-aankoop 21</purchaseID>
+      #     <amount>5999</amount>
+      #     <currency>EUR</currency>
+      #     <expirationPeriod>PT3M30S</expirationPeriod>
+      #     <language>nl</language>
+      #     <description>Documentensuite</description>
+      #     <entranceCode>D67tyx6rw9IhY71</entranceCode>
+      #   </Transaction>
+      # </AcquirerTrxReq>
+      def build_transaction_request(money, options)
+        date_time_stamp = create_time_stamp
+        message  = date_time_stamp +
+                   options[:issuer_id] +
+                   @options[:login] +
+                   SUB_ID +
+                   options[:return_url] +
+                   options[:order_id] +
+                   money.to_s +
+                   (options[:currency] || currency(money)) +
+                   LANGUAGE +
+                   options[:description] +
+                   options[:entrance_code]
+        token_code = sign_message(@options[:pem], @options[:password], message)
+
+        xml = Builder::XmlMarkup.new(:indent => 2)
+        xml.instruct!
+        xml.tag! 'AcquirerTrxReq', 'xmlns' => 'http://www.idealdesk.com/Message', 'version' => API_VERSION do
+          xml.tag! 'createDateTimeStamp', date_time_stamp
+          xml.tag! 'Issuer' do
+            xml.tag! 'issuerID', options[:issuer_id]
+          end
+          xml.tag! 'Merchant' do
+            xml.tag! 'merchantID', @options[:login]
+            xml.tag! 'subID', SUB_ID
+            xml.tag! 'authentication', AUTHENTICATION_TYPE
+            xml.tag! 'token', token
+            xml.tag! 'tokenCode', token_code
+            xml.tag! 'merchantReturnURL', options[:return_url]
+          end
+          xml.tag! 'Transaction' do
+            xml.tag! 'purchaseID', options[:order_id]
+            xml.tag! 'amount', money
+            xml.tag! 'currency', options[:currency]
+            xml.tag! 'expirationPeriod', options[:expiration_period] || default_expiration_period
+            xml.tag! 'language', LANGUAGE
+            xml.tag! 'description', options[:description]
+            xml.tag! 'entranceCode', options[:entrance_code]
+          end
+          xml.target!
+        end
+      end
+
+      # <?xml version="1.0" encoding="UTF-8"?>
+      # <AcquirerStatusReq xmlns="http://www.idealdesk.com/Message" version="1.1.0">
+      #  <createDateTimeStamp>2001-12-17T09:30:47.0Z</createDateTimeStamp>
+      #  <Merchant>
+      #   <merchantID>000123456</merchantID>
+      #   <subID>0</subID>
+      #   <authentication>keyed hash</authentication>
+      #   <token>1</token>
+      #   <tokenCode>3823ad872eff23</tokenCode>
+      #  </Merchant>
+      #  <Transaction>
+      #   <transactionID>0001023456789112</transactionID>
+      #  </Transaction>
+      # </AcquirerStatusReq>
+      def build_status_request(options)
+        datetimestamp = create_time_stamp
+        message = datetimestamp + @options[:login] + SUB_ID + options[:transaction_id]
+        tokenCode = sign_message(@options[:pem], @options[:password], message)
+
+        xml = Builder::XmlMarkup.new(:indent => 2)
+        xml.instruct!
+        xml.tag! 'AcquirerStatusReq', 'xmlns' => 'http://www.idealdesk.com/Message', 'version' => API_VERSION do
+          xml.tag! 'createDateTimeStamp', datetimestamp
+          xml.tag! 'Merchant' do
+            xml.tag! 'merchantID', @options[:login]
+            xml.tag! 'subID', SUB_ID
+            xml.tag! 'authentication' , AUTHENTICATION_TYPE
+            xml.tag! 'token', token
+            xml.tag! 'tokenCode', tokenCode
+          end
+          xml.tag! 'Transaction' do
+            xml.tag! 'transactionID', options[:transaction_id]
+          end
+        end
+        xml.target!
+      end
+
+      # <?xml version="1.0" encoding="UTF-8"?>
+      # <DirectoryReq xmlns="http://www.idealdesk.com/Message" version="1.1.0">
+      #  <createDateTimeStamp>2001-12-17T09:30:47.0Z</createDateTimeStamp>
+      #  <Merchant>
+      #   <merchantID>000000001</merchantID>
+      #   <subID>0</subID>
+      #   <authentication>1</authentication>
+      #   <token>hashkey</token>
+      #   <tokenCode>WajqV1a3nDen0be2r196g9FGFF=</tokenCode>
+      #  </Merchant>
+      # </DirectoryReq>
+      def build_directory_request
+        datetimestamp = create_time_stamp
+        message = datetimestamp + @options[:login] + SUB_ID
+        tokenCode = sign_message(@options[:pem], @options[:password], message)
+
+        xml = Builder::XmlMarkup.new(:indent => 2)
+        xml.instruct!
+        xml.tag! 'DirectoryReq', 'xmlns' => 'http://www.idealdesk.com/Message', 'version' => API_VERSION do
+          xml.tag! 'createDateTimeStamp', datetimestamp
+          xml.tag! 'Merchant' do
+            xml.tag! 'merchantID', @options[:login]
+            xml.tag! 'subID', SUB_ID
+            xml.tag! 'authentication', AUTHENTICATION_TYPE
+            xml.tag! 'token', token
+            xml.tag! 'tokenCode', tokenCode
+          end
+        end
+        xml.target!
+      end
+
+      def commit(request)
+        raw_response = ssl_post(url, request)
+        response = Hash.from_xml(raw_response.to_s)
+        response_type = response.keys[0]
+
+        case response_type
+          when 'AcquirerTrxRes', 'DirectoryRes'
+            success = true
+          when 'ErrorRes'
+            success = false
+          when 'AcquirerStatusRes'
+            raise SecurityError, "Message verification failed.", caller unless status_response_verified?(response)
+            success = (response['AcquirerStatusRes']['Transaction']['status'] == 'Success')
+          else
+            raise ArgumentError, "Unknown response type.", caller
+        end
+
+        return IdealResponse.new(success, response.keys[0], response, :test => test?)
+      end
+
+      def create_fingerprint(cert_file)
+        cert_data   = OpenSSL::X509::Certificate.new(cert_file).to_s
+        cert_data   = cert_data.sub(/-----BEGIN CERTIFICATE-----/, '')
+        cert_data   = cert_data.sub(/-----END CERTIFICATE-----/, '')
+        fingerprint = Base64.decode64(cert_data)
+        fingerprint = Digest::SHA1.hexdigest(fingerprint)
+        return fingerprint.upcase
+      end
+
+      def sign_message(private_key_data, password, data)
+        private_key  = OpenSSL::PKey::RSA.new(private_key_data, password)
+        signature = private_key.sign(OpenSSL::Digest::SHA1.new, data.gsub('\s', ''))
+        return Base64.encode64(signature).gsub(/\n/, '')
+      end
+
+      def verify_message(cert_file, data, signature)
+        public_key = OpenSSL::X509::Certificate.new(cert_file).public_key
+        return public_key.verify(OpenSSL::Digest::SHA1.new, Base64.decode64(signature), data)
+      end
+
+      def status_response_verified?(response)
+        transaction = response['AcquirerStatusRes']['Transaction']
+        message = response['AcquirerStatusRes']['createDateTimeStamp'] + transaction['transactionID' ] + transaction['status']
+        message << transaction['consumerAccountNumber'].to_s
+        verify_message(server_pem, message, response['AcquirerStatusRes']['Signature']['signatureValue'])
+      end
+
+      def create_time_stamp
+        Time.now.gmtime.strftime('%Y-%m-%dT%H:%M:%S.000Z')
+      end
+    end
+  end
+end