swiss-activemerchant 1.0.1

data/lib/active_merchant/billing/gateways/secure_pay_au.rb

@@ -0,0 +1,290 @@
+require 'rexml/document'
+
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class SecurePayAuGateway < Gateway
+      API_VERSION = 'xml-4.2'
+      PERIODIC_API_VERSION = 'spxml-3.0'
+
+      class_attribute :test_periodic_url, :live_periodic_url
+
+      self.test_url = 'https://test.api.securepay.com.au/xmlapi/payment'
+      self.live_url = 'https://api.securepay.com.au/xmlapi/payment'
+
+      self.test_periodic_url = 'https://test.securepay.com.au/xmlapi/periodic'
+      self.live_periodic_url = 'https://api.securepay.com.au/xmlapi/periodic'
+
+      self.supported_countries = ['AU']
+      self.supported_cardtypes = %i[visa master american_express diners_club jcb]
+
+      # The homepage URL of the gateway
+      self.homepage_url = 'http://securepay.com.au'
+
+      # The name of the gateway
+      self.display_name = 'SecurePay'
+
+      class_attribute :request_timeout
+      self.request_timeout = 60
+
+      self.money_format = :cents
+      self.default_currency = 'AUD'
+
+      # 0 Standard Payment
+      # 4 Refund
+      # 6 Client Reversal (Void)
+      # 10 Preauthorise
+      # 11 Preauth Complete (Advice)
+      TRANSACTIONS = {
+        purchase:       0,
+        authorization:  10,
+        capture:        11,
+        void:           6,
+        refund:         4
+      }
+
+      PERIODIC_ACTIONS = {
+        add_triggered:      'add',
+        remove_triggered:   'delete',
+        trigger:            'trigger'
+      }
+
+      PERIODIC_TYPES = {
+        add_triggered:    4,
+        remove_triggered: nil,
+        trigger:          nil
+      }
+
+      SUCCESS_CODES = %w[00 08 11 16 77]
+
+      def initialize(options = {})
+        requires!(options, :login, :password)
+        super
+      end
+
+      def purchase(money, credit_card_or_stored_id, options = {})
+        if credit_card_or_stored_id.respond_to?(:number)
+          requires!(options, :order_id)
+          commit :purchase, build_purchase_request(money, credit_card_or_stored_id, options)
+        else
+          options[:billing_id] = credit_card_or_stored_id.to_s
+          commit_periodic(build_periodic_item(:trigger, money, nil, options))
+        end
+      end
+
+      def authorize(money, credit_card, options = {})
+        requires!(options, :order_id)
+        commit :authorization, build_purchase_request(money, credit_card, options)
+      end
+
+      def capture(money, reference, options = {})
+        commit :capture, build_reference_request(money, reference)
+      end
+
+      def refund(money, reference, options = {})
+        commit :refund, build_reference_request(money, reference)
+      end
+
+      def credit(money, reference, options = {})
+        ActiveMerchant.deprecated CREDIT_DEPRECATION_MESSAGE
+        refund(money, reference)
+      end
+
+      def void(reference, options = {})
+        commit :void, build_reference_request(nil, reference)
+      end
+
+      def store(creditcard, options = {})
+        requires!(options, :billing_id, :amount)
+        commit_periodic(build_periodic_item(:add_triggered, options[:amount], creditcard, options))
+      end
+
+      def unstore(identification, options = {})
+        options[:billing_id] = identification
+        commit_periodic(build_periodic_item(:remove_triggered, options[:amount], nil, options))
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r((<merchantID>).+(</merchantID>)), '\1[FILTERED]\2').
+          gsub(%r((<password>).+(</password>)), '\1[FILTERED]\2').
+          gsub(%r((<cardNumber>).+(</cardNumber>)), '\1[FILTERED]\2').
+          gsub(%r((<cvv>).+(</cvv>)), '\1[FILTERED]\2')
+      end
+
+      private
+
+      def build_purchase_request(money, credit_card, options)
+        xml = Builder::XmlMarkup.new
+
+        currency = options[:currency] || currency(money)
+
+        xml.tag! 'amount', localized_amount(money, currency)
+        xml.tag! 'currency', currency
+        xml.tag! 'purchaseOrderNo', options[:order_id].to_s.gsub(/[ ']/, '')
+
+        xml.tag! 'CreditCardInfo' do
+          xml.tag! 'cardNumber', credit_card.number
+          xml.tag! 'expiryDate', expdate(credit_card)
+          xml.tag! 'cvv', credit_card.verification_value if credit_card.verification_value?
+        end
+
+        xml.target!
+      end
+
+      def build_reference_request(money, reference)
+        xml = Builder::XmlMarkup.new
+
+        transaction_id, order_id, preauth_id, original_amount = reference.split('*')
+
+        xml.tag! 'amount', (money ? amount(money) : original_amount)
+        xml.tag! 'currency', options[:currency] || currency(money)
+        xml.tag! 'txnID', transaction_id
+        xml.tag! 'purchaseOrderNo', order_id
+        xml.tag! 'preauthID', preauth_id
+
+        xml.target!
+      end
+
+      def build_request(action, body)
+        xml = Builder::XmlMarkup.new
+        xml.instruct!
+        xml.tag! 'SecurePayMessage' do
+          xml.tag! 'MessageInfo' do
+            xml.tag! 'messageID', SecureRandom.hex(15)
+            xml.tag! 'messageTimestamp', generate_timestamp
+            xml.tag! 'timeoutValue', request_timeout
+            xml.tag! 'apiVersion', API_VERSION
+          end
+
+          xml.tag! 'MerchantInfo' do
+            xml.tag! 'merchantID', @options[:login]
+            xml.tag! 'password', @options[:password]
+          end
+
+          xml.tag! 'RequestType', 'Payment'
+          xml.tag! 'Payment' do
+            xml.tag! 'TxnList', 'count' => 1 do
+              xml.tag! 'Txn', 'ID' => 1 do
+                xml.tag! 'txnType', TRANSACTIONS[action]
+                xml.tag! 'txnSource', 23
+                xml << body
+              end
+            end
+          end
+        end
+
+        xml.target!
+      end
+
+      def commit(action, request)
+        response = parse(ssl_post(test? ? self.test_url : self.live_url, build_request(action, request)))
+
+        Response.new(success?(response), message_from(response), response,
+          test: test?,
+          authorization: authorization_from(response))
+      end
+
+      def build_periodic_item(action, money, credit_card, options)
+        xml = Builder::XmlMarkup.new
+
+        xml.tag! 'actionType', PERIODIC_ACTIONS[action]
+        xml.tag! 'clientID', options[:billing_id].to_s
+
+        if credit_card
+          xml.tag! 'CreditCardInfo' do
+            xml.tag! 'cardNumber', credit_card.number
+            xml.tag! 'expiryDate', expdate(credit_card)
+            xml.tag! 'cvv', credit_card.verification_value if credit_card.verification_value?
+          end
+        end
+        xml.tag! 'amount', amount(money)
+        xml.tag! 'periodicType', PERIODIC_TYPES[action] if PERIODIC_TYPES[action]
+
+        xml.target!
+      end
+
+      def build_periodic_request(body)
+        xml = Builder::XmlMarkup.new
+        xml.instruct!
+        xml.tag! 'SecurePayMessage' do
+          xml.tag! 'MessageInfo' do
+            xml.tag! 'messageID', SecureRandom.hex(15)
+            xml.tag! 'messageTimestamp', generate_timestamp
+            xml.tag! 'timeoutValue', request_timeout
+            xml.tag! 'apiVersion', PERIODIC_API_VERSION
+          end
+
+          xml.tag! 'MerchantInfo' do
+            xml.tag! 'merchantID', @options[:login]
+            xml.tag! 'password', @options[:password]
+          end
+
+          xml.tag! 'RequestType', 'Periodic'
+          xml.tag! 'Periodic' do
+            xml.tag! 'PeriodicList', 'count' => 1 do
+              xml.tag! 'PeriodicItem', 'ID' => 1 do
+                xml << body
+              end
+            end
+          end
+        end
+        xml.target!
+      end
+
+      def commit_periodic(request)
+        my_request = build_periodic_request(request)
+        response = parse(ssl_post(test? ? self.test_periodic_url : self.live_periodic_url, my_request))
+
+        Response.new(success?(response), message_from(response), response,
+          test: test?,
+          authorization: authorization_from(response))
+      end
+
+      def success?(response)
+        SUCCESS_CODES.include?(response[:response_code])
+      end
+
+      def authorization_from(response)
+        [response[:txn_id], response[:purchase_order_no], response[:preauth_id], response[:amount]].join('*')
+      end
+
+      def message_from(response)
+        response[:response_text] || response[:status_description]
+      end
+
+      def expdate(credit_card)
+        "#{format(credit_card.month, :two_digits)}/#{format(credit_card.year, :two_digits)}"
+      end
+
+      def parse(body)
+        xml = REXML::Document.new(body)
+
+        response = {}
+
+        xml.root.elements.to_a.each do |node|
+          parse_element(response, node)
+        end
+
+        response
+      end
+
+      def parse_element(response, node)
+        if node.has_elements?
+          node.elements.each { |element| parse_element(response, element) }
+        else
+          response[node.name.underscore.to_sym] = node.text
+        end
+      end
+
+      # YYYYDDMMHHNNSSKKK000sOOO
+      def generate_timestamp
+        time = Time.now.utc
+        time.strftime("%Y%d%m%H%M%S#{time.usec}+000")
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/gateways/secure_pay_tech.rb

@@ -0,0 +1,103 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class SecurePayTechGateway < Gateway
+      class SecurePayTechPostData < PostData
+        self.required_fields = %i[OrderReference CardNumber CardExpiry CardHolderName CardType MerchantID MerchantKey Amount Currency]
+      end
+
+      self.live_url = self.test_url = 'https://tx.securepaytech.com/web/HttpPostPurchase'
+
+      PAYMENT_GATEWAY_RESPONSES = {
+        1 => 'Transaction OK',
+        2 => 'Insufficient funds',
+        3 => 'Card expired',
+        4 => 'Card declined',
+        5 => 'Server error',
+        6 => 'Communications error',
+        7 => 'Unsupported transaction type',
+        8 => 'Bad or malformed request',
+        9 => 'Invalid card number'
+      }
+
+      self.default_currency = 'NZD'
+      self.supported_countries = ['NZ']
+      self.supported_cardtypes = %i[visa master american_express diners_club]
+      self.homepage_url = 'http://www.securepaytech.com/'
+      self.display_name = 'SecurePayTech'
+
+      def initialize(options = {})
+        requires!(options, :login, :password)
+        super
+      end
+
+      def purchase(money, creditcard, options = {})
+        post = SecurePayTechPostData.new
+
+        add_invoice(post, money, options)
+        add_creditcard(post, creditcard)
+
+        commit(:purchase, post)
+      end
+
+      private
+
+      def add_invoice(post, money, options)
+        post[:Amount] = amount(money)
+        post[:Currency] = options[:currency] || currency(money)
+
+        post[:OrderReference] = options[:order_id]
+      end
+
+      def add_creditcard(post, creditcard)
+        post[:CardNumber] = creditcard.number
+        post[:CardExpiry] = expdate(creditcard)
+        post[:CardHolderName] = creditcard.name
+
+        if creditcard.verification_value?
+          post[:EnableCSC] = true
+          post[:CSC] = creditcard.verification_value
+        end
+
+        # SPT will autodetect this
+        post[:CardType] = 0
+      end
+
+      def parse(body)
+        response = CGI.unescape(body).split(',')
+
+        result = {}
+        result[:result_code] = response[0].to_i
+
+        if response.length == 2
+          result[:fail_reason] = response[1]
+        else
+          result[:merchant_transaction_reference] = response[1]
+          result[:receipt_number] = response[2]
+          result[:transaction_number] = response[3]
+          result[:authorisation_id] = response[4]
+          result[:batch_number] = response[5]
+        end
+
+        result
+      end
+
+      def commit(action, post)
+        response = parse(ssl_post(self.live_url, post_data(action, post)))
+
+        Response.new(response[:result_code] == 1, message_from(response), response,
+          test: test?,
+          authorization: response[:merchant_transaction_reference])
+      end
+
+      def message_from(result)
+        PAYMENT_GATEWAY_RESPONSES[result[:result_code]]
+      end
+
+      def post_data(action, post)
+        post[:MerchantID] = @options[:login]
+        post[:MerchantKey] = @options[:password]
+        post.to_s
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/gateways/securion_pay.rb

@@ -0,0 +1,305 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class SecurionPayGateway < Gateway
+      self.test_url = 'https://api.securionpay.com/'
+      self.live_url = 'https://api.securionpay.com/'
+
+      self.supported_countries = %w(AD BE BG CH CY CZ DE DK EE ES FI FO FR GI GL GR GS GT HR HU IE IS IT LI LR LT
+                                    LU LV MC MT MU MV MW NL NO PL RO SE SI)
+
+      self.default_currency = 'USD'
+      self.money_format = :cents
+      self.supported_cardtypes = %i[visa master american_express discover jcb diners_club]
+
+      self.homepage_url = 'https://securionpay.com/'
+      self.display_name = 'SecurionPay'
+
+      STANDARD_ERROR_CODE_MAPPING = {
+        'incorrect_number' => STANDARD_ERROR_CODE[:incorrect_number],
+        'invalid_number' => STANDARD_ERROR_CODE[:invalid_number],
+        'invalid_expiry_month' => STANDARD_ERROR_CODE[:invalid_expiry_date],
+        'invalid_expiry_year' => STANDARD_ERROR_CODE[:invalid_expiry_date],
+        'invalid_cvc' => STANDARD_ERROR_CODE[:invalid_cvc],
+        'expired_card' => STANDARD_ERROR_CODE[:expired_card],
+        'insufficient_funds' => STANDARD_ERROR_CODE[:card_declined],
+        'incorrect_cvc' => STANDARD_ERROR_CODE[:incorrect_cvc],
+        'incorrect_zip' => STANDARD_ERROR_CODE[:incorrect_zip],
+        'card_declined' => STANDARD_ERROR_CODE[:card_declined],
+        'processing_error' => STANDARD_ERROR_CODE[:processing_error],
+        'lost_or_stolen' => STANDARD_ERROR_CODE[:card_declined],
+        'suspected_fraud' => STANDARD_ERROR_CODE[:card_declined],
+        'expired_token' => STANDARD_ERROR_CODE[:card_declined]
+      }
+
+      def initialize(options = {})
+        requires!(options, :secret_key)
+        super
+      end
+
+      def purchase(money, payment, options = {})
+        post = create_post_for_auth_or_purchase(money, payment, options)
+        commit('charges', post, options)
+      end
+
+      def authorize(money, payment, options = {})
+        post = create_post_for_auth_or_purchase(money, payment, options)
+        post[:captured] = 'false'
+        commit('charges', post, options)
+      end
+
+      def capture(money, authorization, options = {})
+        post = {}
+        add_amount(post, money, options)
+        commit("charges/#{CGI.escape(authorization)}/capture", post, options)
+      end
+
+      def refund(money, authorization, options = {})
+        post = {}
+        add_amount(post, money, options)
+        commit("charges/#{CGI.escape(authorization)}/refund", post, options)
+      end
+
+      def void(authorization, options = {})
+        commit("charges/#{CGI.escape(authorization)}/refund", {}, options)
+      end
+
+      def verify(credit_card, options = {})
+        MultiResponse.run(:use_first_response) do |r|
+          r.process { authorize(100, credit_card, options) }
+          r.process(:ignore_result) { void(r.authorization, options) }
+        end
+      end
+
+      def store(credit_card, options = {})
+        if options[:customer_id].blank?
+          MultiResponse.run() do |r|
+            # create charge object
+            r.process { authorize(100, credit_card, options) }
+            # create customer and save card
+            r.process { create_customer_add_card(r.authorization, options) }
+            # void the charge
+            r.process(:ignore_result) { void(r.params['metadata']['chargeId'], options) }
+          end
+        else
+          verify(credit_card, options)
+        end
+      end
+
+      def customer(options = {})
+        if options[:customer_id].blank?
+          return nil
+        else
+          commit("customers/#{CGI.escape(options[:customer_id])}", nil, options, :get)
+        end
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r((Authorization: Basic )\w+), '\1[FILTERED]').
+          gsub(%r((card\[number\]=)\d+), '\1[FILTERED]').
+          gsub(%r((card\[cvc\]=)\d+), '\1[FILTERED]')
+      end
+
+      private
+
+      def create_customer_add_card(authorization, options)
+        post = {}
+        post[:email] = options[:email]
+        post[:description] = options[:description]
+        post[:card] = authorization
+        post[:metadata] = {}
+        post[:metadata][:chargeId] = authorization
+        commit('customers', post, options)
+      end
+
+      def add_customer(post, payment, options)
+        post[:customerId] = options[:customer_id] if options[:customer_id]
+      end
+
+      def add_customer_data(post, options)
+        post[:description] = options[:description]
+        post[:ip] =          options[:ip]
+        post[:user_agent] =  options[:user_agent]
+        post[:referrer] =    options[:referrer]
+      end
+
+      def create_post_for_auth_or_purchase(money, payment, options)
+        post = {}
+        add_amount(post, money, options, true)
+        add_creditcard(post, payment, options)
+        add_customer(post, payment, options)
+        add_customer_data(post, options)
+        add_external_three_ds(post, options)
+        if options[:email]
+          post[:metadata] = {}
+          post[:metadata][:email] = options[:email]
+        end
+        post
+      end
+
+      def add_external_three_ds(post, options)
+        return if options[:three_d_secure].blank?
+
+        post[:threeDSecure] = {
+          external: {
+            version: options[:three_d_secure][:version],
+            authenticationValue: options[:three_d_secure][:cavv],
+            acsTransactionId: options[:three_d_secure][:acs_transaction_id],
+            status: options[:three_d_secure][:authentication_response_status],
+            eci: options[:three_d_secure][:eci]
+          }.merge(xid_or_ds_trans_id(options[:three_d_secure]))
+        }
+      end
+
+      def xid_or_ds_trans_id(three_ds)
+        if three_ds[:version].to_f >= 2.0
+          { dsTransactionId: three_ds[:ds_transaction_id] }
+        else
+          { xid: three_ds[:xid] }
+        end
+      end
+
+      def validate_three_ds_params(three_ds)
+        errors = {}
+        supported_version = %w{1.0.2 2.1.0 2.2.0}.include?(three_ds[:version])
+        supported_auth_response = ['Y', 'N', 'U', 'R', 'E', 'A', nil].include?(three_ds[:status])
+
+        errors[:three_ds_version] = 'ThreeDs version not supported' unless supported_version
+        errors[:auth_response] = 'Authentication response value not supported' unless supported_auth_response
+        errors.compact!
+
+        errors.present? ? Response.new(false, 'ThreeDs data is invalid', errors) : nil
+      end
+
+      def add_amount(post, money, options, include_currency = false)
+        currency = (options[:currency] || default_currency)
+        post[:amount] = localized_amount(money, currency)
+        post[:currency] = currency.downcase if include_currency
+      end
+
+      def add_creditcard(post, creditcard, options)
+        card = {}
+        if creditcard.respond_to?(:number)
+          card[:number] = creditcard.number
+          card[:expMonth] = creditcard.month
+          card[:expYear] = creditcard.year
+          card[:cvc] = creditcard.verification_value if creditcard.verification_value?
+          card[:cardholderName] = creditcard.name if creditcard.name
+
+          post[:card] = card
+          add_address(post, options)
+        elsif creditcard.kind_of?(String)
+          post[:card] = creditcard
+        else
+          raise ArgumentError.new("Unhandled payment method #{creditcard.class}.")
+        end
+      end
+
+      def add_address(post, options)
+        return unless post[:card]&.kind_of?(Hash)
+
+        if address = options[:billing_address]
+          post[:card][:addressLine1] = address[:address1] if address[:address1]
+          post[:card][:addressLine2] = address[:address2] if address[:address2]
+          post[:card][:addressCountry] = address[:country] if address[:country]
+          post[:card][:addressZip] = address[:zip] if address[:zip]
+          post[:card][:addressState] = address[:state] if address[:state]
+          post[:card][:addressCity] = address[:city] if address[:city]
+        end
+      end
+
+      def parse(body)
+        JSON.parse(body)
+      end
+
+      def commit(url, parameters = nil, options = {}, method = nil)
+        if parameters.present? && parameters[:threeDSecure].present?
+          three_ds_errors = validate_three_ds_params(parameters[:threeDSecure][:external])
+          return three_ds_errors if three_ds_errors
+        end
+
+        response = api_request(url, parameters, options, method)
+        success = !response.key?('error')
+
+        Response.new(success,
+          (success ? 'Transaction approved' : response['error']['message']),
+          response,
+          test: test?,
+          authorization: (success ? response['id'] : response['error']['charge']),
+          error_code: (success ? nil : STANDARD_ERROR_CODE_MAPPING[response['error']['code']]))
+      end
+
+      def headers(options = {})
+        secret_key = options[:secret_key] || @options[:secret_key]
+
+        headers = {
+          'Authorization' => 'Basic ' + Base64.encode64(secret_key.to_s + ':').strip,
+          'User-Agent' => "SecurionPay/v1 ActiveMerchantBindings/#{ActiveMerchant::VERSION}"
+        }
+        headers
+      end
+
+      def response_error(raw_response)
+        parse(raw_response)
+      rescue JSON::ParserError
+        json_error(raw_response)
+      end
+
+      def post_data(params)
+        return nil unless params
+
+        params.map do |key, value|
+          next if value.blank?
+
+          if value.is_a?(Hash)
+            h = {}
+            value.each do |k, v|
+              h["#{key}[#{k}]"] = v unless v.blank?
+            end
+            post_data(h)
+          elsif value.is_a?(Array)
+            value.map { |v| "#{key}[]=#{CGI.escape(v.to_s)}" }.join('&')
+          else
+            "#{key}=#{CGI.escape(value.to_s)}"
+          end
+        end.compact.join('&')
+      end
+
+      def api_request(endpoint, parameters = nil, options = {}, method = nil)
+        raw_response = response = nil
+        begin
+          if method.blank?
+            raw_response = ssl_post(self.live_url + endpoint, post_data(parameters), headers(options))
+          else
+            raw_response = ssl_request(method, self.live_url + endpoint, post_data(parameters), headers(options))
+          end
+          response = parse(raw_response)
+        rescue ResponseError => e
+          raw_response = e.response.body
+          response = response_error(raw_response)
+        rescue JSON::ParserError
+          response = json_error(raw_response)
+        end
+        response
+      end
+
+      def json_error(raw_response)
+        msg = 'Invalid response received from the SecurionPay API.'
+        msg += "  (The raw response returned by the API was #{raw_response.inspect})"
+        {
+          'error' => {
+            'message' => msg
+          }
+        }
+      end
+
+      def test?
+        (@options[:secret_key]&.include?('_test_'))
+      end
+    end
+  end
+end