swiss-activemerchant 1.0.1

data/lib/active_merchant/billing/gateways/mercury.rb

@@ -0,0 +1,352 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    # The Mercury gateway integration by default requires that the Mercury
+    # account being used has tokenization turned. This enables the use of
+    # capture/refund/void without having to pass the credit card back in each
+    # time. Only the "OneTime" tokenization is used; there is no use of
+    # "Recurring" tokenization.
+    #
+    # If you don't wish to enable Mercury tokenization, you can pass
+    # <code>:tokenization => false</code> as an option when creating the
+    # gateway. If you do so, then passing a +:credit_card+ option to +capture+
+    # and +refund+ will become mandatory.
+    class MercuryGateway < Gateway
+      URLS = {
+        test: 'https://w1.mercurycert.net/ws/ws.asmx',
+        live: 'https://w1.mercurypay.com/ws/ws.asmx'
+      }
+
+      self.homepage_url = 'http://www.mercurypay.com'
+      self.display_name = 'Mercury'
+      self.supported_countries = %w[US CA]
+      self.supported_cardtypes = %i[visa master american_express discover diners_club jcb]
+      self.default_currency = 'USD'
+
+      STANDARD_ERROR_CODE_MAPPING = {
+        '100204' => STANDARD_ERROR_CODE[:invalid_number],
+        '100205' => STANDARD_ERROR_CODE[:invalid_expiry_date],
+        '000000' => STANDARD_ERROR_CODE[:card_declined]
+      }
+
+      def initialize(options = {})
+        requires!(options, :login, :password)
+        @use_tokenization = (!options.has_key?(:tokenization) || options[:tokenization])
+        super
+      end
+
+      def purchase(money, credit_card, options = {})
+        requires!(options, :order_id)
+
+        request = build_non_authorized_request('Sale', money, credit_card, options)
+        commit('Sale', request)
+      end
+
+      def credit(money, credit_card, options = {})
+        requires!(options, :order_id)
+
+        request = build_non_authorized_request('Return', money, credit_card, options)
+        commit('Return', request)
+      end
+
+      def authorize(money, credit_card, options = {})
+        requires!(options, :order_id)
+
+        request = build_non_authorized_request('PreAuth', money, credit_card, options.merge(authorized: money))
+        commit('PreAuth', request)
+      end
+
+      def capture(money, authorization, options = {})
+        requires!(options, :credit_card) unless @use_tokenization
+
+        request = build_authorized_request('PreAuthCapture', money, authorization, options[:credit_card], options.merge(authorized: money))
+        commit('PreAuthCapture', request)
+      end
+
+      def refund(money, authorization, options = {})
+        requires!(options, :credit_card) unless @use_tokenization
+
+        request = build_authorized_request('Return', money, authorization, options[:credit_card], options)
+        commit('Return', request)
+      end
+
+      def void(authorization, options = {})
+        requires!(options, :credit_card) unless @use_tokenization
+
+        request = build_authorized_request('VoidSale', nil, authorization, options[:credit_card], options)
+        commit('VoidSale', request)
+      end
+
+      def store(credit_card, options = {})
+        request = build_card_lookup_request(credit_card, options)
+        commit('CardLookup', request)
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r(&lt;), '<').
+          gsub(%r(&gt;), '>').
+          gsub(%r((<pw>).*(</pw>))i, '\1[FILTERED]\2').
+          gsub(%r((<AcctNo>)(\d|x)*(</AcctNo>))i, '\1[FILTERED]\3').
+          gsub(%r((<CVVData>)\d*(</CVVData>))i, '\1[FILTERED]\2')
+      end
+
+      private
+
+      def build_non_authorized_request(action, money, credit_card, options)
+        xml = Builder::XmlMarkup.new
+
+        xml.tag! 'TStream' do
+          xml.tag! 'Transaction' do
+            xml.tag! 'TranType', 'Credit'
+            xml.tag! 'TranCode', action
+            xml.tag! 'PartialAuth', 'Allow' if options[:allow_partial_auth] && %w[PreAuth Sale].include?(action)
+            add_invoice(xml, options[:order_id], nil, options)
+            add_reference(xml, 'RecordNumberRequested')
+            add_customer_data(xml, options)
+            add_amount(xml, money, options)
+            add_credit_card(xml, credit_card, action)
+            add_address(xml, options) unless credit_card.track_data.present?
+          end
+        end
+        xml = xml.target!
+      end
+
+      def build_authorized_request(action, money, authorization, credit_card, options)
+        xml = Builder::XmlMarkup.new
+
+        invoice_no, ref_no, auth_code, acq_ref_data, process_data, record_no, amount = split_authorization(authorization)
+        ref_no = '1' if ref_no.blank?
+
+        xml.tag! 'TStream' do
+          xml.tag! 'Transaction' do
+            xml.tag! 'TranType', 'Credit'
+            xml.tag! 'PartialAuth', 'Allow' if options[:allow_partial_auth] && (action == 'PreAuthCapture')
+            xml.tag! 'TranCode', (@use_tokenization ? (action + 'ByRecordNo') : action)
+            add_invoice(xml, invoice_no, ref_no, options)
+            add_reference(xml, record_no)
+            add_customer_data(xml, options)
+            add_amount(xml, (money || amount.to_i), options)
+            add_credit_card(xml, credit_card, action) if credit_card
+            add_address(xml, options)
+            xml.tag! 'TranInfo' do
+              xml.tag! 'AuthCode', auth_code
+              xml.tag! 'AcqRefData', acq_ref_data
+              xml.tag! 'ProcessData', process_data
+            end
+          end
+        end
+        xml = xml.target!
+      end
+
+      def build_card_lookup_request(credit_card, options)
+        xml = Builder::XmlMarkup.new
+
+        xml.tag! 'TStream' do
+          xml.tag! 'Transaction' do
+            xml.tag! 'TranType', 'CardLookup'
+            xml.tag! 'RecordNo', 'RecordNumberRequested'
+            xml.tag! 'Frequency', 'OneTime'
+
+            xml.tag! 'Memo', options[:description]
+            add_customer_data(xml, options)
+            add_credit_card(xml, credit_card, options)
+          end
+        end
+        xml.target!
+      end
+
+      def add_invoice(xml, invoice_no, ref_no, options)
+        xml.tag! 'InvoiceNo', invoice_no
+        xml.tag! 'RefNo', (ref_no || invoice_no)
+        xml.tag! 'OperatorID', options[:merchant] if options[:merchant]
+        xml.tag! 'Memo', options[:description] if options[:description]
+      end
+
+      def add_reference(xml, record_no)
+        if @use_tokenization
+          xml.tag! 'Frequency', 'OneTime'
+          xml.tag! 'RecordNo', record_no
+        end
+      end
+
+      def add_customer_data(xml, options)
+        xml.tag! 'IpAddress', options[:ip] if options[:ip]
+        if options[:customer]
+          xml.tag! 'TranInfo' do
+            xml.tag! 'CustomerCode', options[:customer]
+          end
+        end
+        xml.tag! 'MerchantID', @options[:login]
+      end
+
+      def add_amount(xml, money, options = {})
+        xml.tag! 'Amount' do
+          xml.tag! 'Purchase', amount(money)
+          xml.tag! 'Tax', options[:tax] if options[:tax]
+          xml.tag! 'Authorize', amount(options[:authorized]) if options[:authorized]
+          xml.tag! 'Gratuity', amount(options[:tip]) if options[:tip]
+        end
+      end
+
+      CARD_CODES = {
+        'visa' => 'VISA',
+        'master' => 'M/C',
+        'american_express' => 'AMEX',
+        'discover' => 'DCVR',
+        'diners_club' => 'DCLB',
+        'jcb' => 'JCB'
+      }
+
+      def add_credit_card(xml, credit_card, action)
+        xml.tag! 'Account' do
+          if credit_card.track_data.present?
+            # Track 1 has a start sentinel (STX) of '%' and track 2 is ';'
+            # Track 1 and 2 have identical end sentinels (ETX) of '?'
+            # Tracks may or may not have checksum (LRC) after the ETX
+            # If the track has no STX or is corrupt, we send it as track 1, to let Mercury
+            # handle with the validation error as it sees fit.
+            # Track 2 requires having the STX and ETX stripped. Track 1 does not.
+            # Max-length track 1s require having the STX and ETX stripped. Max is 79 bytes including LRC.
+            is_track2 = credit_card.track_data[0] == ';'
+            etx_index = credit_card.track_data.rindex('?') || credit_card.track_data.length
+            is_max_track1 = etx_index >= 77
+
+            if is_track2
+              xml.tag! 'Track2', credit_card.track_data[1...etx_index]
+            elsif is_max_track1
+              xml.tag! 'Track1', credit_card.track_data[1...etx_index]
+            else
+              xml.tag! 'Track1', credit_card.track_data
+            end
+          else
+            xml.tag! 'AcctNo', credit_card.number
+            xml.tag! 'ExpDate', expdate(credit_card)
+          end
+        end
+        xml.tag! 'CardType', CARD_CODES[credit_card.brand] if credit_card.brand
+
+        include_cvv = !%w(Return PreAuthCapture).include?(action) && !credit_card.track_data.present?
+        xml.tag! 'CVVData', credit_card.verification_value if include_cvv && credit_card.verification_value
+      end
+
+      def add_address(xml, options)
+        if billing_address = options[:billing_address] || options[:address]
+          xml.tag! 'AVS' do
+            xml.tag! 'Address', billing_address[:address1]
+            xml.tag! 'Zip', billing_address[:zip]
+          end
+        end
+      end
+
+      def parse(action, body)
+        response = {}
+        hashify_xml!(unescape_xml(body), response)
+        response
+      end
+
+      def hashify_xml!(xml, response)
+        xml = REXML::Document.new(xml)
+
+        xml.elements.each('//CmdResponse/*') do |node|
+          response[node.name.underscore.to_sym] = node.text
+        end
+
+        xml.elements.each('//TranResponse/*') do |node|
+          if node.name.to_s == 'Amount'
+            node.elements.each do |amt|
+              response[amt.name.underscore.to_sym] = amt.text
+            end
+          else
+            response[node.name.underscore.to_sym] = node.text
+          end
+        end
+      end
+
+      def endpoint_url
+        URLS[test? ? :test : :live]
+      end
+
+      def build_soap_request(body)
+        xml = Builder::XmlMarkup.new
+
+        xml.instruct!
+        xml.tag! 'soap:Envelope', ENVELOPE_NAMESPACES do
+          xml.tag! 'soap:Body' do
+            xml.tag! 'CreditTransaction', 'xmlns' => homepage_url do
+              xml.tag! 'tran' do
+                xml << escape_xml(body)
+              end
+              xml.tag! 'pw', @options[:password]
+            end
+          end
+        end
+        xml.target!
+      end
+
+      def build_header
+        {
+          'SOAPAction' => 'http://www.mercurypay.com/CreditTransaction',
+          'Content-Type' => 'text/xml; charset=utf-8'
+        }
+      end
+
+      SUCCESS_CODES = %w[Approved Success]
+
+      def commit(action, request)
+        response = parse(action, ssl_post(endpoint_url, build_soap_request(request), build_header))
+
+        success = SUCCESS_CODES.include?(response[:cmd_status])
+        message = success ? 'Success' : message_from(response)
+
+        Response.new(success, message, response,
+          test: test?,
+          authorization: authorization_from(response),
+          avs_result: { code: response[:avs_result] },
+          cvv_result: response[:cvv_result],
+          error_code: success ? nil : STANDARD_ERROR_CODE_MAPPING[response[:dsix_return_code]])
+      end
+
+      def message_from(response)
+        response[:text_response]
+      end
+
+      def authorization_from(response)
+        dollars, cents = (response[:purchase] || '').split('.').collect(&:to_i)
+        dollars ||= 0
+        cents ||= 0
+        [
+          response[:invoice_no],
+          response[:ref_no],
+          response[:auth_code],
+          response[:acq_ref_data],
+          response[:process_data],
+          response[:record_no],
+          ((dollars * 100) + cents).to_s
+        ].join(';')
+      end
+
+      def split_authorization(authorization)
+        invoice_no, ref_no, auth_code, acq_ref_data, process_data, record_no, amount = authorization.split(';')
+        [invoice_no, ref_no, auth_code, acq_ref_data, process_data, record_no, amount]
+      end
+
+      ENVELOPE_NAMESPACES = {
+        'xmlns:xsd' => 'http://www.w3.org/2001/XMLSchema',
+        'xmlns:soap' => 'http://schemas.xmlsoap.org/soap/envelope/',
+        'xmlns:xsi' => 'http://www.w3.org/2001/XMLSchema-instance'
+      }
+
+      def escape_xml(xml)
+        "\n<![CDATA[\n#{xml}\n]]>\n"
+      end
+
+      def unescape_xml(escaped_xml)
+        escaped_xml.gsub(/\&gt;/, '>').gsub(/\&lt;/, '<')
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/gateways/metrics_global.rb

@@ -0,0 +1,293 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    # For more information on the Metrics Global Payment Gateway, visit the {Metrics Global website}[www.metricsglobal.com].
+    # Further documentation on AVS and CVV response codes are available under the support section of the Metrics Global
+    # control panel.
+    #
+    # === Metrics Global Payment Gateway Authentication
+    #
+    # The login and password for the gateway are the same as the username and password used to log in to the Metrics Global
+    # control panel. Contact Metrics Global support to receive credentials for the control panel.
+    #
+    # === Demo Account
+    #
+    # There is a public demo account available with the following credentials:
+    #
+    # Login: demo
+    # Password: password
+    class MetricsGlobalGateway < Gateway
+      API_VERSION = '3.1'
+
+      class_attribute :test_url, :live_url
+
+      self.test_url = 'https://secure.metricsglobalgateway.com/gateway/transact.dll?testing=true'
+      self.live_url = 'https://secure.metricsglobalgateway.com/gateway/transact.dll'
+
+      class_attribute :duplicate_window
+
+      APPROVED, DECLINED, ERROR, FRAUD_REVIEW = 1, 2, 3, 4
+
+      RESPONSE_CODE, RESPONSE_REASON_CODE, RESPONSE_REASON_TEXT = 0, 2, 3
+      AVS_RESULT_CODE, TRANSACTION_ID, CARD_CODE_RESPONSE_CODE  = 5, 6, 38
+
+      self.supported_countries = ['US']
+      self.supported_cardtypes = %i[visa master american_express discover diners_club jcb]
+      self.homepage_url = 'http://www.metricsglobal.com'
+      self.display_name = 'Metrics Global'
+
+      CARD_CODE_ERRORS = %w(N S)
+      AVS_ERRORS = %w(A E N R W Z)
+      AVS_REASON_CODES = %w(27 45)
+
+      # Creates a new MetricsGlobalGateway
+      #
+      # The gateway requires that a valid login and password be passed
+      # in the +options+ hash.
+      #
+      # ==== Options
+      #
+      # * <tt>:login</tt> -- The username required to access the Metrics Global control panel. (REQUIRED)
+      # * <tt>:password</tt> -- The password required to access the Metrics Global control panel. (REQUIRED)
+      # * <tt>:test</tt> -- +true+ or +false+. If true, perform transactions against the test server.
+      #   Otherwise, perform transactions against the production server.
+      def initialize(options = {})
+        requires!(options, :login, :password)
+        super
+      end
+
+      # Performs an authorization, which reserves the funds on the customer's credit card, but does not
+      # charge the card.
+      #
+      # ==== Parameters
+      #
+      # * <tt>money</tt> -- The amount to be authorized as an Integer value in cents.
+      # * <tt>creditcard</tt> -- The CreditCard details for the transaction.
+      # * <tt>options</tt> -- A hash of optional parameters.
+      def authorize(money, creditcard, options = {})
+        post = {}
+        add_invoice(post, options)
+        add_creditcard(post, creditcard)
+        add_address(post, options)
+        add_customer_data(post, options)
+        add_duplicate_window(post)
+
+        commit('AUTH_ONLY', money, post)
+      end
+
+      # Perform a purchase, which is essentially an authorization and capture in a single operation.
+      #
+      # ==== Parameters
+      #
+      # * <tt>money</tt> -- The amount to be purchased as an Integer value in cents.
+      # * <tt>creditcard</tt> -- The CreditCard details for the transaction.
+      # * <tt>options</tt> -- A hash of optional parameters.
+      def purchase(money, creditcard, options = {})
+        post = {}
+        add_invoice(post, options)
+        add_creditcard(post, creditcard)
+        add_address(post, options)
+        add_customer_data(post, options)
+        add_duplicate_window(post)
+
+        commit('AUTH_CAPTURE', money, post)
+      end
+
+      # Captures the funds from an authorized transaction.
+      #
+      # ==== Parameters
+      #
+      # * <tt>money</tt> -- The amount to be captured as an Integer value in cents.
+      # * <tt>authorization</tt> -- The authorization returned from the previous authorize request.
+      def capture(money, authorization, options = {})
+        post = { trans_id: authorization }
+        add_customer_data(post, options)
+        commit('PRIOR_AUTH_CAPTURE', money, post)
+      end
+
+      # Void a previous transaction
+      #
+      # ==== Parameters
+      #
+      # * <tt>authorization</tt> - The authorization returned from the previous authorize request.
+      def void(authorization, options = {})
+        post = { trans_id: authorization }
+        add_duplicate_window(post)
+        commit('VOID', nil, post)
+      end
+
+      # Refund a transaction.
+      #
+      # This transaction indicates to the gateway that
+      # money should flow from the merchant to the customer.
+      #
+      # ==== Parameters
+      #
+      # * <tt>money</tt> -- The amount to be credited to the customer as an Integer value in cents.
+      # * <tt>identification</tt> -- The ID of the original transaction against which the refund is being issued.
+      # * <tt>options</tt> -- A hash of parameters.
+      #
+      # ==== Options
+      #
+      # * <tt>:card_number</tt> -- The credit card number the refund is being issued to. (REQUIRED)
+      # * <tt>:first_name</tt> -- The first name of the account being refunded.
+      # * <tt>:last_name</tt> -- The last name of the account being refunded.
+      # * <tt>:zip</tt> -- The postal code of the account being refunded.
+      def refund(money, identification, options = {})
+        requires!(options, :card_number)
+
+        post = { trans_id: identification,
+                 card_num: options[:card_number] }
+
+        post[:first_name] = options[:first_name] if options[:first_name]
+        post[:last_name] = options[:last_name] if options[:last_name]
+        post[:zip] = options[:zip] if options[:zip]
+
+        add_invoice(post, options)
+        add_duplicate_window(post)
+
+        commit('CREDIT', money, post)
+      end
+
+      def credit(money, identification, options = {})
+        ActiveMerchant.deprecated CREDIT_DEPRECATION_MESSAGE
+        refund(money, identification, options)
+      end
+
+      private
+
+      def commit(action, money, parameters)
+        parameters[:amount] = amount(money) unless action == 'VOID'
+
+        # Only activate the test_request when the :test option is passed in
+        parameters[:test_request] = @options[:test] ? 'TRUE' : 'FALSE'
+
+        url = test? ? self.test_url : self.live_url
+        data = ssl_post url, post_data(action, parameters)
+
+        response = parse(data)
+
+        message = message_from(response)
+
+        # Return the response. The authorization can be taken out of the transaction_id
+        # Test Mode on/off is something we have to parse from the response text.
+        # It usually looks something like this
+        #
+        #   (TESTMODE) Successful Sale
+        test_mode = test? || message =~ /TESTMODE/
+
+        Response.new(success?(response), message, response,
+          test: test_mode,
+          authorization: response[:transaction_id],
+          fraud_review: fraud_review?(response),
+          avs_result: { code: response[:avs_result_code] },
+          cvv_result: response[:card_code])
+      end
+
+      def success?(response)
+        response[:response_code] == APPROVED
+      end
+
+      def fraud_review?(response)
+        response[:response_code] == FRAUD_REVIEW
+      end
+
+      def parse(body)
+        fields = split(body)
+
+        results = {
+          response_code: fields[RESPONSE_CODE].to_i,
+          response_reason_code: fields[RESPONSE_REASON_CODE],
+          response_reason_text: fields[RESPONSE_REASON_TEXT],
+          avs_result_code: fields[AVS_RESULT_CODE],
+          transaction_id: fields[TRANSACTION_ID],
+          card_code: fields[CARD_CODE_RESPONSE_CODE]
+        }
+        results
+      end
+
+      def post_data(action, parameters = {})
+        post = {}
+
+        post[:version]        = API_VERSION
+        post[:login]          = @options[:login]
+        post[:tran_key]       = @options[:password]
+        post[:relay_response] = 'FALSE'
+        post[:type]           = action
+        post[:delim_data]     = 'TRUE'
+        post[:delim_char]     = ','
+        post[:encap_char]     = '$'
+        post[:solution_ID]    = application_id if application_id
+
+        request = post.merge(parameters).collect { |key, value| "x_#{key}=#{CGI.escape(value.to_s)}" }.join('&')
+        request
+      end
+
+      def add_invoice(post, options)
+        post[:invoice_num] = options[:order_id]
+        post[:description] = options[:description]
+      end
+
+      def add_creditcard(post, creditcard)
+        post[:card_num]   = creditcard.number
+        post[:card_code]  = creditcard.verification_value if creditcard.verification_value?
+        post[:exp_date]   = expdate(creditcard)
+        post[:first_name] = creditcard.first_name
+        post[:last_name]  = creditcard.last_name
+      end
+
+      def add_customer_data(post, options)
+        if options.has_key? :email
+          post[:email] = options[:email]
+          post[:email_customer] = false
+        end
+
+        post[:cust_id] = options[:customer] if options.has_key? :customer
+
+        post[:customer_ip] = options[:ip] if options.has_key? :ip
+      end
+
+      # x_duplicate_window won't be sent by default, because sending it changes the response.
+      # "If this field is present in the request with or without a value, an enhanced duplicate transaction response will be sent."
+      def add_duplicate_window(post)
+        post[:duplicate_window] = duplicate_window unless duplicate_window.nil?
+      end
+
+      def add_address(post, options)
+        if address = options[:billing_address] || options[:address]
+          post[:address] = address[:address1].to_s
+          post[:company] = address[:company].to_s
+          post[:phone]   = address[:phone].to_s
+          post[:zip]     = address[:zip].to_s
+          post[:city]    = address[:city].to_s
+          post[:country] = address[:country].to_s
+          post[:state]   = address[:state].blank? ? 'n/a' : address[:state]
+        end
+
+        if address = options[:shipping_address]
+          post[:ship_to_first_name] = address[:first_name].to_s
+          post[:ship_to_last_name] = address[:last_name].to_s
+          post[:ship_to_address] = address[:address1].to_s
+          post[:ship_to_company] = address[:company].to_s
+          post[:ship_to_phone]   = address[:phone].to_s
+          post[:ship_to_zip]     = address[:zip].to_s
+          post[:ship_to_city]    = address[:city].to_s
+          post[:ship_to_country] = address[:country].to_s
+          post[:ship_to_state]   = address[:state].blank? ? 'n/a' : address[:state]
+        end
+      end
+
+      def message_from(results)
+        if results[:response_code] == DECLINED
+          return CVVResult.messages[results[:card_code]] if CARD_CODE_ERRORS.include?(results[:card_code])
+          return AVSResult.messages[results[:avs_result_code]] if AVS_REASON_CODES.include?(results[:response_reason_code]) && AVS_ERRORS.include?(results[:avs_result_code])
+        end
+
+        (results[:response_reason_text] ? results[:response_reason_text].chomp('.') : '')
+      end
+
+      def split(response)
+        response[1..-2].split(/\$,\$/)
+      end
+    end
+  end
+end