swiss-activemerchant 1.0.1

data/lib/active_merchant/billing/gateways/netbanx.rb

@@ -0,0 +1,376 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class NetbanxGateway < Gateway
+      # Netbanx is the new REST based API for Optimal Payments / Paysafe
+      self.test_url = 'https://api.test.netbanx.com/'
+      self.live_url = 'https://api.netbanx.com/'
+
+      self.supported_countries = %w(AF AX AL DZ AS AD AO AI AQ AG AR AM AW AU AT AZ BS BH BD BB BY BE BZ BJ BM BT BO BQ BA BW BV BR IO BN BG BF BI KH CM CA CV KY CF TD CL CN CX CC CO KM CG CD CK CR CI HR CU CW CY CZ DK DJ DM DO EC EG SV GQ ER EE ET FK FO FJ FI FR GF PF TF GA GM GE DE GH GI GR GL GD GP GU GT GG GN GW GY HT HM HN HK HU IS IN ID IR IQ IE IM IL IT JM JP JE JO KZ KE KI KP KR KW KG LA LV LB LS LR LY LI LT LU MO MK MG MW MY MV ML MT MH MQ MR MU YT MX FM MD MC MN ME MS MA MZ MM NA NR NP NC NZ NI NE NG NU NF MP NO OM PK PW PS PA PG PY PE PH PN PL PT PR QA RE RO RU RW BL SH KN LC MF VC WS SM ST SA SN RS SC SL SG SX SK SI SB SO ZA GS SS ES LK PM SD SR SJ SZ SE CH SY TW TJ TZ TH NL TL TG TK TO TT TN TR TM TC TV UG UA AE GB US UM UY UZ VU VA VE VN VG VI WF EH YE ZM ZW)
+      self.default_currency = 'CAD'
+      self.supported_cardtypes = %i[
+        american_express
+        diners_club
+        discover
+        jcb
+        master
+        maestro
+        visa
+      ]
+
+      self.money_format = :cents
+
+      self.homepage_url = 'https://processing.paysafe.com/'
+      self.display_name = 'Netbanx by PaySafe'
+
+      AVS_CODE_CONVERTER = {
+        'MATCH' => 'X',
+        'MATCH_ADDRESS_ONLY' => 'A',
+        'MATCH_ZIP_ONLY' => 'Z',
+        'NO_MATCH' => 'N',
+        'NOT_PROCESSED' => 'U',
+        'UNKNOWN' => 'Q'
+      }
+
+      CVV_CODE_CONVERTER = {
+        'MATCH' => 'M',
+        'NO_MATCH' => 'N',
+        'NOT_PROCESSED' => 'P',
+        'UNKNOWN' => 'U'
+      }
+
+      def initialize(options = {})
+        requires!(options, :account_number, :api_key)
+        super
+      end
+
+      def purchase(money, payment, options = {})
+        # Do a Verification with AVS prior to purchase
+        verification_response = verify(payment, options)
+        return verification_response if verification_response.message != 'OK'
+
+        post = {}
+        add_invoice(post, money, options)
+        add_settle_with_auth(post)
+        add_payment(post, payment, options)
+        add_customer_detail_data(post, options)
+
+        commit(:post, 'auths', post)
+      end
+
+      def authorize(money, payment, options = {})
+        # Do a Verification with AVS prior to Auth + Settle
+        verification_response = verify(payment, options)
+        return verification_response if verification_response.message != 'OK'
+
+        post = {}
+        add_invoice(post, money, options)
+        add_payment(post, payment, options)
+        add_customer_detail_data(post, options)
+
+        commit(:post, 'auths', post)
+      end
+
+      def capture(money, authorization, options = {})
+        post = {}
+        add_invoice(post, money, options)
+
+        commit(:post, "auths/#{authorization}/settlements", post)
+      end
+
+      def refund(money, authorization, options = {})
+        # If the transactions that are pending, API call needs to be Cancellation
+        settlement_data = get_settlement(authorization)
+        return settlement_data if settlement_data.message != 'OK'
+
+        post = {}
+        if settlement_data.params['status'] == 'PENDING' && money == settlement_data.params['amount']
+          post[:status] = 'CANCELLED'
+          commit(:put, "settlements/#{authorization}", post)
+        elsif settlement_data.params['status'] == 'PENDING' && (money < settlement_data.params['amount'] || money > settlement_data.params['amount'])
+          return Response.new(false, 'Transaction not settled. Either do a full refund or try partial refund after settlement.')
+        else
+          add_invoice(post, money, options)
+
+          # Setting merchantRefNumber to a unique id for each refund
+          # This is to support multiple partial refunds for the same order
+          post[:merchantRefNum] = SecureRandom.uuid
+
+          commit(:post, "settlements/#{authorization}/refunds", post)
+        end
+      end
+
+      def get_settlement(authorization)
+        post = {}
+        commit(:get, "settlements/#{authorization}", post)
+      end
+
+      def void(authorization, options = {})
+        post = {}
+        add_order_id(post, options)
+
+        commit(:post, "auths/#{authorization}/voidauths", post)
+      end
+
+      def verify(credit_card, options = {})
+        post = {}
+        add_payment(post, credit_card, options)
+        add_order_id(post, options)
+
+        commit(:post, 'verifications', post)
+      end
+
+      # note: when passing options[:customer] we only attempt to add the
+      #       card to the profile_id passed as the options[:customer]
+      def store(credit_card, options = {})
+        # locale can only be one of en_US, fr_CA, en_GB
+        requires!(options, :locale)
+        post = {}
+        add_credit_card(post, credit_card, options)
+        add_customer_data(post, options)
+
+        commit(:post, 'customervault/v1/profiles', post)
+      end
+
+      def unstore(identification, options = {})
+        customer_id, card_id = identification.split('|')
+
+        if card_id.nil?
+          # deleting the profile
+          commit(:delete, "customervault/v1/profiles/#{CGI.escape(customer_id)}", nil)
+        else
+          # deleting the card from the profile
+          commit(:delete, "customervault/v1/profiles/#{CGI.escape(customer_id)}/cards/#{CGI.escape(card_id)}", nil)
+        end
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r((Authorization: Basic )\w+), '\1[FILTERED]').
+          gsub(%r(("card\\?":{\\?"cardNum\\?":\\?")\d+), '\1[FILTERED]').
+          gsub(%r(("cvv\\?":\\?")\d+), '\1[FILTERED]')
+      end
+
+      private
+
+      def add_settle_with_auth(post)
+        post[:settleWithAuth] = true
+      end
+
+      def add_customer_data(post, options)
+        post[:merchantCustomerId] = (options[:merchant_customer_id] || SecureRandom.uuid)
+        post[:locale] = options[:locale]
+      end
+
+      def add_customer_detail_data(post, options)
+        post[:profile] ||= {}
+        post[:profile][:email] = options[:email] if options[:email]
+        post[:customerIp] = options[:ip] if options[:ip]
+        if (billing_address = options[:billing_address])
+          post[:profile][:firstName], post[:profile][:lastName] = split_names(billing_address[:name])
+        end
+      end
+
+      def add_credit_card(post, credit_card, options = {})
+        post[:card] ||= {}
+        post[:card][:cardNum]    = credit_card.number
+        post[:card][:holderName] = credit_card.name
+        post[:card][:cvv]        = credit_card.verification_value
+        post[:card][:cardExpiry] = expdate(credit_card)
+
+        post[:authentication] = map_3ds(options[:three_d_secure]) if options[:three_d_secure]
+        post[:card][:billingAddress] = map_address(options[:billing_address]) if options[:billing_address]
+      end
+
+      def add_invoice(post, money, options)
+        post[:amount] = amount(money)
+        add_order_id(post, options)
+      end
+
+      def add_payment(post, credit_card_reference, options = {})
+        post[:card] ||= {}
+        if credit_card_reference.is_a?(String)
+          post[:card][:paymentToken] = credit_card_reference
+        else
+          post[:card][:cardNum]    = credit_card_reference.number
+          post[:card][:cvv]        = credit_card_reference.verification_value
+          post[:card][:cardExpiry] = expdate(credit_card_reference)
+        end
+
+        post[:currencyCode] = options[:currency] if options[:currency]
+        post[:billingDetails]  = map_address(options[:billing_address]) if options[:billing_address]
+        post[:authentication]  = map_3ds(options[:three_d_secure]) if options[:three_d_secure]
+      end
+
+      def expdate(credit_card)
+        year  = format(credit_card.year, :four_digits)
+        month = format(credit_card.month, :two_digits)
+
+        # returns a hash (necessary in the card JSON object)
+        { month: month, year: year }
+      end
+
+      def add_order_id(post, options)
+        post[:merchantRefNum] = (options[:order_id] || SecureRandom.uuid)
+      end
+
+      def map_address(address)
+        return {} if address.nil?
+
+        country = Country.find(address[:country]) if address[:country]
+        mapped = {
+          street: address[:address1],
+          city: address[:city],
+          zip: address[:zip],
+          state: address[:state]
+        }
+        mapped[:country] = country.code(:alpha2).value unless country.blank?
+
+        mapped
+      end
+
+      def map_3ds(three_d_secure_options)
+        mapped = {
+          eci: three_d_secure_options[:eci],
+          cavv: three_d_secure_options[:cavv],
+          xid: three_d_secure_options[:xid],
+          threeDResult: three_d_secure_options[:directory_response_status],
+          threeDSecureVersion: three_d_secure_options[:version],
+          directoryServerTransactionId: three_d_secure_options[:ds_transaction_id]
+        }
+
+        mapped
+      end
+
+      def parse(body)
+        body.blank? ? {} : JSON.parse(body)
+      end
+
+      def commit(method, uri, parameters)
+        params = parameters.to_json unless parameters.nil?
+        response =
+          begin
+            if method == :get
+              parse(ssl_request(method, get_url(uri), nil, headers))
+            else
+              parse(ssl_request(method, get_url(uri), params, headers))
+            end
+          rescue ResponseError => e
+            return Response.new(false, 'Invalid Login') if e.response.code == '401'
+
+            parse(e.response.body)
+          end
+
+        success = success_from(response)
+        Response.new(
+          success,
+          message_from(success, response),
+          response,
+          test: test?,
+          error_code: error_code_from(response),
+          authorization: authorization_from(success, get_url(uri), method, response),
+          avs_result: avs_result(response),
+          cvv_result: cvv_result(response)
+        )
+      end
+
+      def avs_result(response)
+        AVSResult.new(code: AVS_CODE_CONVERTER[response['avsResponse']])
+      end
+
+      def cvv_result(response)
+        CVVResult.new(CVV_CODE_CONVERTER[response['cvvVerification']])
+      end
+
+      def get_url(uri)
+        url = (test? ? test_url : live_url)
+        if /^customervault/.match?(uri)
+          "#{url}#{uri}"
+        else
+          "#{url}cardpayments/v1/accounts/#{@options[:account_number]}/#{uri}"
+        end
+      end
+
+      def success_from(response)
+        response.blank? || !response.key?('error')
+      end
+
+      def message_from(success, response)
+        success ? 'OK' : (response['error']['message'] || 'Unknown error - please contact Netbanx-Paysafe')
+      end
+
+      def authorization_from(success, url, method, response)
+        if success && response.present? && url.match(/cardpayments\/v1\/accounts\/.*\//)
+          response['id']
+        elsif method == :post && url.match(/customervault\/.*\//)
+          # auth for tokenised customer vault is returned as
+          # customer_profile_id|card_id|payment_method_token
+          #
+          # customer_profile_id is the uuid that identifies the customer
+          # card_id is the uuid that identifies the card
+          # payment_method_token is the token that needs to be used when
+          #                      calling purchase with a token
+          #
+          # both id's are used to unstore, the payment token is only used for
+          # purchase transactions
+          [response['id'], response['cards'].first['id'], response['cards'].first['paymentToken']].join('|')
+        end
+      end
+
+      # Builds the auth and U-A headers for the request
+      def headers
+        {
+          'Accept'        => 'application/json',
+          'Content-type'  => 'application/json',
+          'Authorization' => "Basic #{Base64.strict_encode64(@options[:api_key].to_s)}",
+          'User-Agent'    => "Netbanx-Paysafe v1.0/ActiveMerchant #{ActiveMerchant::VERSION}"
+        }
+      end
+
+      def error_code_from(response)
+        unless success_from(response)
+          case response['errorCode']
+          when '3002' then STANDARD_ERROR_CODE[:invalid_number] # You submitted an invalid card number or brand or combination of card number and brand with your request.
+          when '3004' then STANDARD_ERROR_CODE[:incorrect_zip] # The zip/postal code must be provided for an AVS check request.
+          when '3005' then STANDARD_ERROR_CODE[:incorrect_cvc] # You submitted an incorrect CVC value with your request.
+          when '3006' then STANDARD_ERROR_CODE[:expired_card] # You submitted an expired credit card number with your request.
+          when '3009' then STANDARD_ERROR_CODE[:card_declined] # Your request has been declined by the issuing bank.
+          when '3011' then STANDARD_ERROR_CODE[:card_declined] # Your request has been declined by the issuing bank because the card used is a restricted card. Contact the cardholder's credit card company for further investigation.
+          when '3012' then STANDARD_ERROR_CODE[:card_declined] # Your request has been declined by the issuing bank because the credit card expiry date submitted is invalid.
+          when '3013' then STANDARD_ERROR_CODE[:card_declined] # Your request has been declined by the issuing bank due to problems with the credit card account.
+          when '3014' then STANDARD_ERROR_CODE[:card_declined] # Your request has been declined - the issuing bank has returned an unknown response. Contact the card holder's credit card company for further investigation.
+          when '3015' then STANDARD_ERROR_CODE[:card_declined] # The bank has requested that you process the transaction manually by calling the cardholder's credit card company.
+          when '3016' then STANDARD_ERROR_CODE[:card_declined] # The bank has requested that you retrieve the card from the cardholder – it may be a lost or stolen card.
+          when '3017' then STANDARD_ERROR_CODE[:invalid_number] # You submitted an invalid credit card number with your request.
+          when '3022' then STANDARD_ERROR_CODE[:card_declined] # The card has been declined due to insufficient funds.
+          when '3023' then STANDARD_ERROR_CODE[:card_declined] # Your request has been declined by the issuing bank due to its proprietary card activity regulations.
+          when '3024' then STANDARD_ERROR_CODE[:card_declined] # Your request has been declined because the issuing bank does not permit the transaction for this card.
+          when '3032' then STANDARD_ERROR_CODE[:card_declined] # Your request has been declined by the issuing bank or external gateway because the card is probably in one of their negative databases.
+          when '3035' then STANDARD_ERROR_CODE[:card_declined] # Your request has been declined due to exceeded PIN attempts.
+          when '3036' then STANDARD_ERROR_CODE[:card_declined] # Your request has been declined due to an invalid issuer.
+          when '3037' then STANDARD_ERROR_CODE[:card_declined] # Your request has been declined because it is invalid.
+          when '3038' then STANDARD_ERROR_CODE[:card_declined] # Your request has been declined due to customer cancellation.
+          when '3039' then STANDARD_ERROR_CODE[:card_declined] # Your request has been declined due to an invalid authentication value.
+          when '3040' then STANDARD_ERROR_CODE[:card_declined] # Your request has been declined because the request type is not permitted on the card.
+          when '3041' then STANDARD_ERROR_CODE[:card_declined] # Your request has been declined due to a timeout.
+          when '3042' then STANDARD_ERROR_CODE[:card_declined] # Your request has been declined due to a cryptographic error.
+          when '3045' then STANDARD_ERROR_CODE[:invalid_expiry_date] # You submitted an invalid date format for this request.
+          when '3046' then STANDARD_ERROR_CODE[:card_declined] # The transaction was declined because the amount was set to zero.
+          when '3047' then STANDARD_ERROR_CODE[:card_declined] # The transaction was declined because the amount exceeds the floor limit.
+          when '3048' then STANDARD_ERROR_CODE[:card_declined] # The transaction was declined because the amount is less than the floor limit.
+          when '3049' then STANDARD_ERROR_CODE[:card_declined] # The bank has requested that you retrieve the card from the cardholder – the credit card has expired.
+          when '3050' then STANDARD_ERROR_CODE[:card_declined] # The bank has requested that you retrieve the card from the cardholder – fraudulent activity is suspected.
+          when '3051' then STANDARD_ERROR_CODE[:card_declined] # The bank has requested that you retrieve the card from the cardholder – contact the acquirer for more information.
+          when '3052' then STANDARD_ERROR_CODE[:card_declined] # The bank has requested that you retrieve the card from the cardholder – the credit card is restricted.
+          when '3053' then STANDARD_ERROR_CODE[:card_declined] # The bank has requested that you retrieve the card from the cardholder – please call the acquirer.
+          when '3054' then STANDARD_ERROR_CODE[:card_declined] # The transaction was declined due to suspected fraud.
+          else STANDARD_ERROR_CODE[:processing_error]
+          end
+        end
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/gateways/netbilling.rb

@@ -0,0 +1,229 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    # To perform PCI Compliant Repeat Billing
+    #
+    #   Ensure that PCI Compliant Repeat Billing is enabled on your merchant account:
+    #    "Enable PCI Compliant Repeat Billing, Up-selling and Cross-selling" in Step 6 of the Credit Cards setup page
+    #
+    #  Instead of passing a credit_card to authorize or purchase, pass the transaction id (res.authorization)
+    #  of a past Netbilling transaction
+    #
+    # To store billing information without performing an operation, use the 'store' method
+    # which invokes the tran_type 'Q' (Quasi) operation and returns a transaction id to use in future Repeat Billing operations
+    class NetbillingGateway < Gateway
+      self.live_url = self.test_url = 'https://secure.netbilling.com:1402/gw/sas/direct3.1'
+
+      TRANSACTIONS = {
+        authorization: 'A',
+        purchase:      'S',
+        refund:        'R',
+        credit:        'C',
+        capture:       'D',
+        void:          'U',
+        quasi:         'Q'
+      }
+
+      SUCCESS_CODES = %w[1 T]
+      SUCCESS_MESSAGE = 'The transaction was approved'
+      FAILURE_MESSAGE = 'The transaction failed'
+      TEST_LOGIN = '104901072025'
+
+      self.display_name = 'NETbilling'
+      self.homepage_url = 'http://www.netbilling.com'
+      self.supported_countries = ['US']
+      self.supported_cardtypes = %i[visa master american_express discover jcb diners_club]
+
+      def initialize(options = {})
+        requires!(options, :login)
+        super
+      end
+
+      def authorize(money, payment_source, options = {})
+        post = {}
+        add_amount(post, money)
+        add_invoice(post, options)
+        add_payment_source(post, payment_source)
+        add_address(post, payment_source, options)
+        add_customer_data(post, options)
+        add_user_data(post, options)
+
+        commit(:authorization, post)
+      end
+
+      def purchase(money, payment_source, options = {})
+        post = {}
+        add_amount(post, money)
+        add_invoice(post, options)
+        add_payment_source(post, payment_source)
+        add_address(post, payment_source, options)
+        add_customer_data(post, options)
+        add_user_data(post, options)
+
+        commit(:purchase, post)
+      end
+
+      def capture(money, authorization, options = {})
+        post = {}
+        add_reference(post, authorization)
+        commit(:capture, post)
+      end
+
+      def refund(money, source, options = {})
+        post = {}
+        add_amount(post, money)
+        add_reference(post, source)
+        commit(:refund, post)
+      end
+
+      def credit(money, credit_card, options = {})
+        post = {}
+        add_amount(post, money)
+        add_invoice(post, options)
+        add_credit_card(post, credit_card)
+        add_address(post, credit_card, options)
+        add_customer_data(post, options)
+        add_user_data(post, options)
+
+        commit(:credit, post)
+      end
+
+      def void(source, options = {})
+        post = {}
+        add_reference(post, source)
+        commit(:void, post)
+      end
+
+      def store(credit_card, options = {})
+        post = {}
+        add_amount(post, 0)
+        add_payment_source(post, credit_card)
+        add_address(post, credit_card, options)
+        add_customer_data(post, options)
+
+        commit(:quasi, post)
+      end
+
+      def test?
+        (@options[:login] == TEST_LOGIN || super)
+      end
+
+      def supports_scrubbing
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r((Authorization: Basic )\w+), '\1[FILTERED]').
+          gsub(%r((&?card_number=)[^&]*), '\1[FILTERED]').
+          gsub(%r((&?card_cvv2=)[^&]*), '\1[FILTERED]')
+      end
+
+      private
+
+      def add_amount(post, money)
+        post[:amount] = amount(money)
+      end
+
+      def add_reference(post, reference)
+        post[:orig_id] = reference
+      end
+
+      def add_customer_data(post, options)
+        post[:cust_email] = options[:email]
+        post[:cust_ip] = options[:ip]
+      end
+
+      def add_address(post, credit_card, options)
+        if billing_address = options[:billing_address] || options[:address]
+          post[:bill_street]     = billing_address[:address1]
+          post[:cust_phone]      = billing_address[:phone]
+          post[:bill_zip]        = billing_address[:zip]
+          post[:bill_city]       = billing_address[:city]
+          post[:bill_country]    = billing_address[:country]
+          post[:bill_state]      = billing_address[:state]
+        end
+
+        if shipping_address = options[:shipping_address]
+          post[:ship_name1], post[:ship_name2] = split_names(shipping_address[:name])
+          post[:ship_street]     = shipping_address[:address1]
+          post[:ship_zip]        = shipping_address[:zip]
+          post[:ship_city]       = shipping_address[:city]
+          post[:ship_country]    = shipping_address[:country]
+          post[:ship_state]      = shipping_address[:state]
+        end
+      end
+
+      def add_invoice(post, options)
+        post[:description] = options[:description]
+      end
+
+      def add_payment_source(params, source)
+        if source.is_a?(String)
+          add_transaction_id(params, source)
+        else
+          add_credit_card(params, source)
+        end
+      end
+
+      def add_user_data(post, options)
+        post[:user_data] = "order_id:#{options[:order_id]}" if options[:order_id]
+      end
+
+      def add_transaction_id(post, transaction_id)
+        post[:card_number] = 'CS:' + transaction_id
+      end
+
+      def add_credit_card(post, credit_card)
+        post[:bill_name1] = credit_card.first_name
+        post[:bill_name2] = credit_card.last_name
+        post[:card_number] = credit_card.number
+        post[:card_expire] = expdate(credit_card)
+        post[:card_cvv2] = credit_card.verification_value
+      end
+
+      def parse(body)
+        results = {}
+        body.split(/&/).each do |pair|
+          key, val = pair.split(/\=/)
+          results[key.to_sym] = CGI.unescape(val)
+        end
+        results
+      end
+
+      def commit(action, parameters)
+        response = parse(ssl_post(self.live_url, post_data(action, parameters)))
+
+        Response.new(success?(response), message_from(response), response,
+          test: test_response?(response),
+          authorization: response[:trans_id],
+          avs_result: { code: response[:avs_code] },
+          cvv_result: response[:cvv2_code])
+      rescue ActiveMerchant::ResponseError => e
+        raise unless e.response.code =~ /^[67]\d\d$/
+
+        return Response.new(false, e.response.message, { status_code: e.response.code }, test: test?)
+      end
+
+      def test_response?(response)
+        !!(test? || response[:auth_msg] =~ /TEST/)
+      end
+
+      def success?(response)
+        SUCCESS_CODES.include?(response[:status_code])
+      end
+
+      def message_from(response)
+        success?(response) ? SUCCESS_MESSAGE : (response[:auth_msg] || FAILURE_MESSAGE)
+      end
+
+      def post_data(action, parameters = {})
+        parameters[:account_id] = @options[:login]
+        parameters[:site_tag] = @options[:site_tag] if @options[:site_tag].present?
+        parameters[:pay_type] = 'C'
+        parameters[:tran_type] = TRANSACTIONS[action]
+
+        parameters.reject { |_k, v| v.blank? }.collect { |key, value| "#{key}=#{CGI.escape(value.to_s)}" }.join('&')
+      end
+    end
+  end
+end