swiss-activemerchant 1.0.1

data/lib/active_merchant/billing/gateways/reach.rb

@@ -0,0 +1,277 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class ReachGateway < Gateway
+      self.test_url = 'https://checkout.rch.how/'
+      self.live_url = 'https://checkout.rch.io/'
+
+      self.supported_countries = ['US']
+      self.default_currency = 'USD'
+      self.supported_cardtypes = %i[visa diners_club american_express jcb master discover maestro]
+
+      self.homepage_url = 'https://www.withreach.com/'
+      self.display_name = 'Reach'
+      self.currencies_without_fractions = %w(BIF BYR CLF CLP CVE DJF GNF ISK JPY KMF KRW PYG RWF UGX UYI VND VUV XAF XOF XPF IDR MGA MRO)
+
+      API_VERSION = 'v2.22'.freeze
+      STANDARD_ERROR_CODE_MAPPING = {}
+      PAYMENT_METHOD_MAP = {
+        american_express: 'AMEX',
+        cabal: 'CABAL',
+        check: 'ACH',
+        dankort: 'DANKORT',
+        diners_club: 'DINERS',
+        discover: 'DISC',
+        elo: 'ELO',
+        jcb: 'JCB',
+        maestro: 'MAESTRO',
+        master: 'MC',
+        naranja: 'NARANJA',
+        union_pay: 'UNIONPAY',
+        visa: 'VISA'
+      }
+
+      def initialize(options = {})
+        requires!(options, :merchant_id, :secret)
+        super
+      end
+
+      def authorize(money, payment, options = {})
+        request = build_checkout_request(money, payment, options)
+        add_custom_fields_data(request, options)
+        add_customer_data(request, options, payment)
+        add_stored_credentials(request, options)
+        post = { request: request, card: add_payment(payment, options) }
+        if options[:stored_credential]
+          MultiResponse.run(:use_first_response) do |r|
+            r.process { commit('checkout', post) }
+            r.process do
+              r2 = get_network_payment_reference(r.responses[0])
+              r.params[:network_transaction_id] = r2.message
+              r2
+            end
+          end
+        else
+          commit('checkout', post)
+        end
+      end
+
+      def purchase(money, payment, options = {})
+        options[:capture] = true
+        authorize(money, payment, options)
+      end
+
+      def capture(money, authorization, options = {})
+        post = { request: { MerchantId: @options[:merchant_id], OrderId: authorization } }
+        commit('capture', post)
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r(((MerchantId)[% \w]+[%]\d{2})[\w -]+), '\1[FILTERED]').
+          gsub(%r((signature=)[\w%]+), '\1[FILTERED]\2').
+          gsub(%r((Number%22%3A%22)[\d]+), '\1[FILTERED]\2').
+          gsub(%r((VerificationCode%22%3A)[\d]+), '\1[FILTERED]\2')
+      end
+
+      def refund(amount, authorization, options = {})
+        currency = options[:currency] || currency(options[:amount])
+        post = {
+          request: {
+            MerchantId: @options[:merchant_id],
+            OrderId: authorization,
+            ReferenceId: options[:order_id] || options[:reference_id],
+            Amount: localized_amount(amount, currency)
+          }
+        }
+        commit('refund', post)
+      end
+
+      def void(authorization, options = {})
+        post = {
+          request: {
+            MerchantId: @options[:merchant_id],
+            OrderId: authorization
+          }
+        }
+
+        commit('cancel', post)
+      end
+
+      def verify(credit_card, options = {})
+        MultiResponse.run(:use_first_response) do |r|
+          r.process { authorize(100, credit_card, options) }
+          r.process(:ignore_result) { void(r.authorization, options) }
+        end
+      end
+
+      private
+
+      def build_checkout_request(amount, payment, options)
+        currency = options[:currency] || currency(options[:amount])
+        {
+          MerchantId: @options[:merchant_id],
+          ReferenceId: options[:order_id],
+          ConsumerCurrency: currency,
+          Capture: options[:capture] || false,
+          PaymentMethod: PAYMENT_METHOD_MAP.fetch(payment.brand.to_sym, 'unsupported'),
+          Items: [
+            Sku: options[:item_sku] || SecureRandom.alphanumeric,
+            ConsumerPrice: localized_amount(amount, currency),
+            Quantity: (options[:item_quantity] || 1)
+          ]
+        }
+      end
+
+      def add_payment(payment, options)
+        ntid = options.dig(:stored_credential, :network_transaction_id)
+        cvv_or_previos_reference = (ntid ? { PreviousNetworkPaymentReference: ntid } : { VerificationCode: payment.verification_value })
+        {
+          Name: payment.name,
+          Number: payment.number,
+          Expiry: { Month: payment.month, Year: payment.year }
+        }.merge!(cvv_or_previos_reference)
+      end
+
+      def add_customer_data(request, options, payment)
+        address = options[:billing_address] || options[:address]
+
+        return if address.blank?
+
+        request[:Consumer] = {
+          Name: payment.respond_to?(:name) ? payment.name : address[:name],
+          Email: options[:email],
+          Address: address[:address1],
+          City: address[:city],
+          Country: address[:country]
+        }.compact
+      end
+
+      def add_stored_credentials(request, options)
+        request[:PaymentModel] = payment_model(options) || ''
+        request[:DeviceFingerprint] = options[:device_fingerprint] if options[:device_fingerprint]
+      end
+
+      def payment_model(options)
+        stored_credential = options[:stored_credential]
+        return options[:payment_model] if options[:payment_model]
+        return 'CIT-One-Time' unless stored_credential
+
+        payment_model_options = {
+          initial_transaction: {
+            'cardholder' => {
+              'installment' => 'CIT-Setup-Scheduled',
+              'unscheduled' => 'CIT-Setup-Unscheduled-MIT',
+              'recurring' => 'CIT-Setup-Unscheduled'
+            }
+          },
+          no_initial_transaction: {
+            'cardholder' => {
+              'unscheduled' => 'CIT-Subsequent-Unscheduled'
+            },
+            'merchant' => {
+              'recurring' => 'MIT-Subsequent-Scheduled',
+              'unscheduled' => 'MIT-Subsequent-Unscheduled'
+            }
+          }
+        }
+        initial = stored_credential[:initial_transaction] ? :initial_transaction : :no_initial_transaction
+        payment_model_options[initial].dig(stored_credential[:initiator], stored_credential[:reason_type])
+      end
+
+      def add_custom_fields_data(request, options)
+        add_shipping_data(request, options) if options[:taxes].present?
+        request[:RateOfferId] = options[:rate_offer_id] if options[:rate_offer_id].present?
+        request[:Items] = options[:items] if options[:items].present?
+      end
+
+      def add_shipping_data(request, options)
+        request[:Shipping] = {
+          ConsumerPrice: options[:price],
+          ConsumerTaxes: options[:taxes],
+          ConsumerDuty: options[:duty]
+        }
+        request[:Consignee] = {
+          Name: options[:consignee_name],
+          Address: options[:consignee_address],
+          City: options[:consignee_city],
+          Country: options[:consignee_country]
+        }
+      end
+
+      def sign_body(body)
+        Base64.strict_encode64(OpenSSL::HMAC.digest('sha256', @options[:secret].encode('utf-8'), body.encode('utf-8')))
+      end
+
+      def parse(body)
+        hash_response = URI.decode_www_form(body).to_h
+        hash_response['response'] = JSON.parse(hash_response['response'])
+
+        hash_response
+      end
+
+      def format_and_sign(post)
+        post[:request] = post[:request].to_json
+        post[:card] = post[:card].to_json if post[:card].present?
+        post[:signature] = sign_body(post[:request])
+        post
+      end
+
+      def get_network_payment_reference(response)
+        parameters = { request: { MerchantId: @options[:merchant_id], OrderId: response.params['response']['OrderId'] } }
+        body = post_data format_and_sign(parameters)
+
+        raw_response = ssl_request :post, url('query'), body, {}
+        response = parse(raw_response)
+        message = response.dig('response', 'Payment', 'NetworkPaymentReference')
+        Response.new(true, message, {})
+      end
+
+      def commit(action, parameters)
+        body = post_data format_and_sign(parameters)
+        raw_response = ssl_post url(action), body
+        response = parse(raw_response)
+
+        Response.new(
+          success_from(response),
+          message_from(response) || '',
+          response,
+          authorization: authorization_from(response['response']),
+          # avs_result: AVSResult.new(code: response['some_avs_response_key']),
+          # cvv_result: CVVResult.new(response['some_cvv_response_key']),
+          test: test?,
+          error_code: error_code_from(response)
+        )
+      rescue ActiveMerchant::ResponseError => e
+        Response.new(false, (e.response.body.present? ? e.response.body : e.response.msg), {}, test: test?)
+      end
+
+      def success_from(response)
+        response.dig('response', 'Error').blank?
+      end
+
+      def message_from(response)
+        success_from(response) ? '' : response.dig('response', 'Error', 'ReasonCode')
+      end
+
+      def authorization_from(response)
+        response['OrderId']
+      end
+
+      def post_data(params)
+        params.map { |k, v| "#{k}=#{CGI.escape(v.to_s)}" }.join('&')
+      end
+
+      def error_code_from(response)
+        response['response']['Error']['Code'] unless success_from(response)
+      end
+
+      def url(action)
+        "#{test? ? test_url : live_url}#{API_VERSION}/#{action}"
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/gateways/realex.rb

@@ -0,0 +1,400 @@
+require 'nokogiri'
+require 'digest/sha1'
+
+module ActiveMerchant
+  module Billing
+    # Realex is the leading CC gateway in Ireland
+    # see http://www.realexpayments.com
+    # Contributed by John Ward (john@ward.name)
+    # see http://thinedgeofthewedge.blogspot.com
+    #
+    # Realex works using the following
+    # login - The unique id of the merchant
+    # password - The secret is used to digitally sign the request
+    # account - This is an optional third part of the authentication process
+    # and is used if the merchant wishes do distinguish cc traffic from the different sources
+    # by using a different account. This must be created in advance
+    #
+    # the Realex team decided to make the orderid unique per request,
+    # so if validation fails you can not correct and resend using the
+    # same order id
+    class RealexGateway < Gateway
+      self.live_url = self.test_url = 'https://epage.payandshop.com/epage-remote.cgi'
+
+      CARD_MAPPING = {
+        'master'            => 'MC',
+        'visa'              => 'VISA',
+        'american_express'  => 'AMEX',
+        'diners_club'       => 'DINERS',
+        'maestro'           => 'MC'
+      }
+
+      self.money_format = :cents
+      self.default_currency = 'EUR'
+      self.supported_cardtypes = %i[visa master american_express diners_club]
+      self.supported_countries = %w(IE GB FR BE NL LU IT US CA ES)
+      self.homepage_url = 'http://www.realexpayments.com/'
+      self.display_name = 'Realex'
+
+      SUCCESS, DECLINED          = 'Successful', 'Declined'
+      BANK_ERROR = REALEX_ERROR  = 'Gateway is in maintenance. Please try again later.'
+      ERROR = CLIENT_DEACTIVATED = 'Gateway Error'
+
+      def initialize(options = {})
+        requires!(options, :login, :password)
+        options[:refund_hash] = Digest::SHA1.hexdigest(options[:rebate_secret]) if options[:rebate_secret].present?
+        options[:credit_hash] = Digest::SHA1.hexdigest(options[:refund_secret]) if options[:refund_secret].present?
+        super
+      end
+
+      def purchase(money, credit_card, options = {})
+        requires!(options, :order_id)
+
+        request = build_purchase_or_authorization_request(:purchase, money, credit_card, options)
+        commit(request)
+      end
+
+      def authorize(money, creditcard, options = {})
+        requires!(options, :order_id)
+
+        request = build_purchase_or_authorization_request(:authorization, money, creditcard, options)
+        commit(request)
+      end
+
+      def capture(money, authorization, options = {})
+        request = build_capture_request(money, authorization, options)
+        commit(request)
+      end
+
+      def refund(money, authorization, options = {})
+        request = build_refund_request(money, authorization, options)
+        commit(request)
+      end
+
+      def credit(money, creditcard, options = {})
+        request = build_credit_request(money, creditcard, options)
+        commit(request)
+      end
+
+      def void(authorization, options = {})
+        request = build_void_request(authorization, options)
+        commit(request)
+      end
+
+      def verify(credit_card, options = {})
+        requires!(options, :order_id)
+
+        request = build_verify_request(credit_card, options)
+        commit(request)
+      end
+
+      def supports_scrubbing
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r((Authorization: Basic )\w+), '\1[FILTERED]').
+          gsub(%r((<number>)\d+(</number>))i, '\1[FILTERED]\2')
+      end
+
+      private
+
+      def commit(request)
+        response = parse(ssl_post(self.live_url, request))
+
+        Response.new(
+          (response[:result] == '00'),
+          message_from(response),
+          response,
+          test: (response[:message] =~ %r{\[ test system \]}),
+          authorization: authorization_from(response),
+          avs_result: AVSResult.new(code: response[:avspostcoderesponse]),
+          cvv_result: CVVResult.new(response[:cvnresult])
+        )
+      end
+
+      def parse(xml)
+        response = {}
+
+        doc = Nokogiri::XML(xml)
+        doc.xpath('//response/*').each do |node|
+          if node.elements.size == 0
+            response[node.name.downcase.to_sym] = normalize(node.text)
+          else
+            node.elements.each do |childnode|
+              name = "#{node.name.downcase}_#{childnode.name.downcase}"
+              response[name.to_sym] = normalize(childnode.text)
+            end
+          end
+        end unless doc.root.nil?
+
+        response
+      end
+
+      def authorization_from(parsed)
+        [parsed[:orderid], parsed[:pasref], parsed[:authcode]].join(';')
+      end
+
+      def build_purchase_or_authorization_request(action, money, credit_card, options)
+        timestamp = new_timestamp
+        xml = Builder::XmlMarkup.new indent: 2
+        xml.tag! 'request', 'timestamp' => timestamp, 'type' => 'auth' do
+          add_merchant_details(xml, options)
+          xml.tag! 'orderid', sanitize_order_id(options[:order_id])
+          add_amount(xml, money, options)
+          add_card(xml, credit_card)
+          xml.tag! 'autosettle', 'flag' => auto_settle_flag(action)
+          add_signed_digest(xml, timestamp, @options[:login], sanitize_order_id(options[:order_id]), amount(money), (options[:currency] || currency(money)), credit_card.number)
+          if credit_card.is_a?(NetworkTokenizationCreditCard)
+            add_network_tokenization_card(xml, credit_card)
+          else
+            add_three_d_secure(xml, options)
+          end
+          add_stored_credential(xml, options)
+          add_comments(xml, options)
+          add_address_and_customer_info(xml, options)
+        end
+        xml.target!
+      end
+
+      def build_capture_request(money, authorization, options)
+        timestamp = new_timestamp
+        xml = Builder::XmlMarkup.new indent: 2
+        xml.tag! 'request', 'timestamp' => timestamp, 'type' => 'settle' do
+          add_merchant_details(xml, options)
+          add_amount(xml, money, options)
+          add_transaction_identifiers(xml, authorization, options)
+          add_comments(xml, options)
+          add_signed_digest(xml, timestamp, @options[:login], sanitize_order_id(options[:order_id]), amount(money), (options[:currency] || currency(money)), nil)
+        end
+        xml.target!
+      end
+
+      def build_refund_request(money, authorization, options)
+        timestamp = new_timestamp
+        xml = Builder::XmlMarkup.new indent: 2
+        xml.tag! 'request', 'timestamp' => timestamp, 'type' => 'rebate' do
+          add_merchant_details(xml, options)
+          add_transaction_identifiers(xml, authorization, options)
+          xml.tag! 'amount', amount(money), 'currency' => options[:currency] || currency(money)
+          xml.tag! 'refundhash', @options[:refund_hash] if @options[:refund_hash]
+          xml.tag! 'autosettle', 'flag' => 1
+          add_comments(xml, options)
+          add_signed_digest(xml, timestamp, @options[:login], sanitize_order_id(options[:order_id]), amount(money), (options[:currency] || currency(money)), nil)
+        end
+        xml.target!
+      end
+
+      def build_credit_request(money, credit_card, options)
+        timestamp = new_timestamp
+        xml = Builder::XmlMarkup.new indent: 2
+        xml.tag! 'request', 'timestamp' => timestamp, 'type' => 'credit' do
+          add_merchant_details(xml, options)
+          xml.tag! 'orderid', sanitize_order_id(options[:order_id])
+          add_amount(xml, money, options)
+          add_card(xml, credit_card)
+          xml.tag! 'refundhash', @options[:credit_hash] if @options[:credit_hash]
+          xml.tag! 'autosettle', 'flag' => 1
+          add_comments(xml, options)
+          add_signed_digest(xml, timestamp, @options[:login], sanitize_order_id(options[:order_id]), amount(money), (options[:currency] || currency(money)), credit_card.number)
+        end
+        xml.target!
+      end
+
+      def build_void_request(authorization, options)
+        timestamp = new_timestamp
+        xml = Builder::XmlMarkup.new indent: 2
+        xml.tag! 'request', 'timestamp' => timestamp, 'type' => 'void' do
+          add_merchant_details(xml, options)
+          add_transaction_identifiers(xml, authorization, options)
+          add_comments(xml, options)
+          add_signed_digest(xml, timestamp, @options[:login], sanitize_order_id(options[:order_id]), nil, nil, nil)
+        end
+        xml.target!
+      end
+
+      # Verify initiates an OTB (Open To Buy) request
+      def build_verify_request(credit_card, options)
+        timestamp = new_timestamp
+        xml = Builder::XmlMarkup.new indent: 2
+        xml.tag! 'request', 'timestamp' => timestamp, 'type' => 'otb' do
+          add_merchant_details(xml, options)
+          xml.tag! 'orderid', sanitize_order_id(options[:order_id])
+          add_card(xml, credit_card)
+          add_comments(xml, options)
+          add_signed_digest(xml, timestamp, @options[:login], sanitize_order_id(options[:order_id]), credit_card.number)
+        end
+        xml.target!
+      end
+
+      def add_address_and_customer_info(xml, options)
+        billing_address = options[:billing_address] || options[:address]
+        shipping_address = options[:shipping_address]
+        ipv4_address = ipv4?(options[:ip]) ? options[:ip] : nil
+
+        return unless billing_address || shipping_address || options[:customer] || options[:invoice] || ipv4_address
+
+        xml.tag! 'tssinfo' do
+          xml.tag! 'custnum', options[:customer] if options[:customer]
+          xml.tag! 'prodid', options[:invoice] if options[:invoice]
+          xml.tag! 'custipaddress', options[:ip] if ipv4_address
+
+          if billing_address
+            xml.tag! 'address', 'type' => 'billing' do
+              xml.tag! 'code', format_address_code(billing_address)
+              xml.tag! 'country', billing_address[:country]
+            end
+          end
+
+          if shipping_address
+            xml.tag! 'address', 'type' => 'shipping' do
+              xml.tag! 'code', format_address_code(shipping_address)
+              xml.tag! 'country', shipping_address[:country]
+            end
+          end
+        end
+      end
+
+      def add_merchant_details(xml, options)
+        xml.tag! 'merchantid', @options[:login]
+        xml.tag! 'account', (options[:account] || @options[:account]) if options[:account] || @options[:account]
+      end
+
+      def add_transaction_identifiers(xml, authorization, options)
+        options[:order_id], pasref, authcode = authorization.split(';')
+        xml.tag! 'orderid', sanitize_order_id(options[:order_id])
+        xml.tag! 'pasref', pasref
+        xml.tag! 'authcode', authcode
+      end
+
+      def add_comments(xml, options)
+        return unless options[:description]
+
+        xml.tag! 'comments' do
+          xml.tag! 'comment', options[:description], 'id' => 1
+        end
+      end
+
+      def add_amount(xml, money, options)
+        xml.tag! 'amount', amount(money), 'currency' => options[:currency] || currency(money)
+      end
+
+      def add_card(xml, credit_card)
+        xml.tag! 'card' do
+          xml.tag! 'number', credit_card.number
+          xml.tag! 'expdate', expiry_date(credit_card)
+          xml.tag! 'chname', credit_card.name
+          xml.tag! 'type', CARD_MAPPING[card_brand(credit_card).to_s]
+          xml.tag! 'issueno', ''
+          xml.tag! 'cvn' do
+            xml.tag! 'number', credit_card.verification_value
+            xml.tag! 'presind', (options['presind'] || (credit_card.verification_value? ? 1 : nil))
+          end
+        end
+      end
+
+      def add_network_tokenization_card(xml, payment)
+        xml.tag! 'mpi' do
+          xml.tag! 'cavv', payment.payment_cryptogram
+          xml.tag! 'eci', payment.eci
+        end
+        xml.tag! 'supplementarydata' do
+          xml.tag! 'item', 'type' => 'mobile' do
+            xml.tag! 'field01', payment.source.to_s.tr('_', '-')
+          end
+        end
+      end
+
+      def add_three_d_secure(xml, options)
+        return unless three_d_secure = options[:three_d_secure]
+
+        version = three_d_secure.fetch(:version, '')
+        xml.tag! 'mpi' do
+          if /^2/.match?(version)
+            xml.tag! 'authentication_value', three_d_secure[:cavv]
+            xml.tag! 'ds_trans_id', three_d_secure[:ds_transaction_id]
+          else
+            xml.tag! 'cavv', three_d_secure[:cavv]
+            xml.tag! 'xid', three_d_secure[:xid]
+            version = '1'
+          end
+          xml.tag! 'eci', three_d_secure[:eci]
+          xml.tag! 'message_version', version
+        end
+      end
+
+      def add_stored_credential(xml, options)
+        return unless stored_credential = options[:stored_credential]
+
+        xml.tag! 'storedcredential' do
+          xml.tag! 'type', stored_credential_type(stored_credential[:reason_type])
+          xml.tag! 'initiator', stored_credential[:initiator]
+          xml.tag! 'sequence', stored_credential[:initial_transaction] ? 'first' : 'subsequent'
+          xml.tag! 'srd', stored_credential[:network_transaction_id]
+        end
+      end
+
+      def stored_credential_type(reason)
+        return 'oneoff' if reason == 'unscheduled'
+
+        reason
+      end
+
+      def format_address_code(address)
+        code = [address[:zip].to_s, address[:address1].to_s + address[:address2].to_s]
+        code.collect { |e| e.gsub(/\D/, '') }.reject(&:empty?).join('|')
+      end
+
+      def new_timestamp
+        Time.now.strftime('%Y%m%d%H%M%S')
+      end
+
+      def add_signed_digest(xml, *values)
+        string = Digest::SHA1.hexdigest(values.join('.'))
+        xml.tag! 'sha1hash', Digest::SHA1.hexdigest([string, @options[:password]].join('.'))
+      end
+
+      def auto_settle_flag(action)
+        action == :authorization ? '0' : '1'
+      end
+
+      def expiry_date(credit_card)
+        "#{format(credit_card.month, :two_digits)}#{format(credit_card.year, :two_digits)}"
+      end
+
+      def message_from(response)
+        case response[:result]
+        when '00'
+          SUCCESS
+        when '101'
+          response[:message]
+        when '102', '103'
+          DECLINED
+        when /^2[0-9][0-9]/
+          BANK_ERROR
+        when /^3[0-9][0-9]/
+          REALEX_ERROR
+        when /^5[0-9][0-9]/
+          response[:message]
+        when '600', '601', '603'
+          ERROR
+        when '666'
+          CLIENT_DEACTIVATED
+        else
+          DECLINED
+        end
+      end
+
+      def sanitize_order_id(order_id)
+        order_id.to_s.gsub(/[^a-zA-Z0-9\-_]/, '')
+      end
+
+      def ipv4?(ip_address)
+        return false if ip_address.nil?
+
+        !ip_address.match(/\A\d+\.\d+\.\d+\.\d+\z/).nil?
+      end
+    end
+  end
+end