swiss-crm-activemerchant 1.0.12

data/lib/active_merchant/billing/gateways/quickpay/quickpay_common.rb

@@ -0,0 +1,184 @@
+module QuickpayCommon
+  MD5_CHECK_FIELDS = {
+    3 => {
+      authorize: %w(protocol msgtype merchant ordernumber amount
+                    currency autocapture cardnumber expirationdate
+                    cvd cardtypelock testmode),
+
+      capture: %w(protocol msgtype merchant amount finalize transaction),
+
+      cancel: %w(protocol msgtype merchant transaction),
+
+      refund: %w(protocol msgtype merchant amount transaction),
+
+      subscribe: %w(protocol msgtype merchant ordernumber cardnumber
+                    expirationdate cvd cardtypelock description testmode),
+
+      recurring: %w(protocol msgtype merchant ordernumber amount
+                    currency autocapture transaction),
+
+      status: %w(protocol msgtype merchant transaction),
+
+      chstatus: %w(protocol msgtype merchant)
+    },
+
+    4 => {
+      authorize: %w(protocol msgtype merchant ordernumber amount
+                    currency autocapture cardnumber expirationdate cvd
+                    cardtypelock testmode fraud_remote_addr
+                    fraud_http_accept fraud_http_accept_language
+                    fraud_http_accept_encoding fraud_http_accept_charset
+                    fraud_http_referer fraud_http_user_agent apikey),
+
+      capture: %w(protocol msgtype merchant amount finalize transaction apikey),
+
+      cancel: %w(protocol msgtype merchant transaction apikey),
+
+      refund: %w(protocol msgtype merchant amount transaction apikey),
+
+      subscribe: %w(protocol msgtype merchant ordernumber cardnumber
+                    expirationdate cvd cardtypelock description testmode
+                    fraud_remote_addr fraud_http_accept fraud_http_accept_language
+                    fraud_http_accept_encoding fraud_http_accept_charset
+                    fraud_http_referer fraud_http_user_agent apikey),
+
+      recurring: %w(protocol msgtype merchant ordernumber amount currency
+                    autocapture transaction apikey),
+
+      status: %w(protocol msgtype merchant transaction apikey),
+
+      chstatus: %w(protocol msgtype merchant apikey)
+    },
+
+    5 => {
+      authorize: %w(protocol msgtype merchant ordernumber amount
+                    currency autocapture cardnumber expirationdate cvd
+                    cardtypelock testmode fraud_remote_addr
+                    fraud_http_accept fraud_http_accept_language
+                    fraud_http_accept_encoding fraud_http_accept_charset
+                    fraud_http_referer fraud_http_user_agent apikey),
+
+      capture: %w(protocol msgtype merchant amount finalize transaction apikey),
+
+      cancel: %w(protocol msgtype merchant transaction apikey),
+
+      refund: %w(protocol msgtype merchant amount transaction apikey),
+
+      subscribe: %w(protocol msgtype merchant ordernumber cardnumber
+                    expirationdate cvd cardtypelock description testmode
+                    fraud_remote_addr fraud_http_accept fraud_http_accept_language
+                    fraud_http_accept_encoding fraud_http_accept_charset
+                    fraud_http_referer fraud_http_user_agent apikey),
+
+      recurring: %w(protocol msgtype merchant ordernumber amount currency
+                    autocapture transaction apikey),
+
+      status: %w(protocol msgtype merchant transaction apikey),
+
+      chstatus: %w(protocol msgtype merchant apikey)
+    },
+
+    6 => {
+      authorize: %w(protocol msgtype merchant ordernumber amount
+                    currency autocapture cardnumber expirationdate cvd
+                    cardtypelock testmode fraud_remote_addr
+                    fraud_http_accept fraud_http_accept_language
+                    fraud_http_accept_encoding fraud_http_accept_charset
+                    fraud_http_referer fraud_http_user_agent apikey),
+
+      capture: %w(protocol msgtype merchant amount finalize transaction
+                  apikey),
+
+      cancel: %w(protocol msgtype merchant transaction apikey),
+
+      refund: %w(protocol msgtype merchant amount transaction apikey),
+
+      subscribe: %w(protocol msgtype merchant ordernumber cardnumber
+                    expirationdate cvd cardtypelock description testmode
+                    fraud_remote_addr fraud_http_accept fraud_http_accept_language
+                    fraud_http_accept_encoding fraud_http_accept_charset
+                    fraud_http_referer fraud_http_user_agent apikey),
+
+      recurring: %w(protocol msgtype merchant ordernumber amount currency
+                    autocapture transaction apikey),
+
+      status: %w(protocol msgtype merchant transaction apikey),
+
+      chstatus: %w(protocol msgtype merchant apikey)
+    },
+
+    7 => {
+      authorize: %w(protocol msgtype merchant ordernumber amount
+                    currency autocapture cardnumber expirationdate cvd
+                    acquirers cardtypelock testmode fraud_remote_addr
+                    fraud_http_accept fraud_http_accept_language
+                    fraud_http_accept_encoding fraud_http_accept_charset
+                    fraud_http_referer fraud_http_user_agent apikey),
+
+      capture: %w(protocol msgtype merchant amount finalize transaction
+                  apikey),
+
+      cancel: %w(protocol msgtype merchant transaction apikey),
+
+      refund: %w(protocol msgtype merchant amount transaction apikey),
+
+      subscribe: %w(protocol msgtype merchant ordernumber amount currency
+                    cardnumber expirationdate cvd acquirers cardtypelock
+                    description testmode fraud_remote_addr fraud_http_accept
+                    fraud_http_accept_language fraud_http_accept_encoding
+                    fraud_http_accept_charset fraud_http_referer
+                    fraud_http_user_agent apikey),
+
+      recurring: %w(protocol msgtype merchant ordernumber amount currency
+                    autocapture transaction apikey),
+
+      status: %w(protocol msgtype merchant transaction apikey),
+
+      chstatus: %w(protocol msgtype merchant apikey)
+    },
+
+    10 => {
+      authorize: %w(mobile_number acquirer autofee customer_id extras
+                    zero_auth customer_ip),
+      capture: %w(extras),
+      cancel: %w(extras),
+      refund: %w(extras),
+      subscribe: %w(variables branding_id),
+      authorize_subscription: %w(mobile_number acquirer customer_ip),
+      recurring: %w(auto_capture autofee zero_auth)
+    }
+  }
+
+  RESPONSE_CODES = {
+    200 => 'OK',
+    201 => 'Created',
+    202 => 'Accepted',
+    400 => 'Bad Request',
+    401 => 'UnAuthorized',
+    402 => 'Payment Required',
+    403 => 'Forbidden',
+    404 => 'Not Found',
+    405 => 'Method Not Allowed',
+    406 => 'Not Acceptable',
+    409 => 'Conflict',
+    500 => 'Internal Server Error'
+  }
+
+  def self.included(base)
+    base.default_currency = 'DKK'
+    base.money_format = :cents
+
+    base.supported_countries = %w[DE DK ES FI FR FO GB IS NO SE]
+    base.supported_cardtypes = %i[dankort forbrugsforeningen visa master
+                                  american_express diners_club jcb maestro]
+    base.homepage_url = 'http://quickpay.net/'
+    base.display_name = 'QuickPay'
+  end
+
+  def expdate(credit_card)
+    year  = format(credit_card.year, :two_digits)
+    month = format(credit_card.month, :two_digits)
+
+    "#{year}#{month}"
+  end
+end

data/lib/active_merchant/billing/gateways/quickpay/quickpay_v10.rb

@@ -0,0 +1,297 @@
+require 'json'
+require 'active_merchant/billing/gateways/quickpay/quickpay_common'
+
+module ActiveMerchant
+  module Billing
+    class QuickpayV10Gateway < Gateway
+      include QuickpayCommon
+      API_VERSION = 10
+
+      self.live_url = self.test_url = 'https://api.quickpay.net'
+
+      def initialize(options = {})
+        requires!(options, :api_key)
+        super
+      end
+
+      def purchase(money, credit_card_or_reference, options = {})
+        MultiResponse.run do |r|
+          if credit_card_or_reference.is_a?(String)
+            r.process { create_token(credit_card_or_reference, options) }
+            credit_card_or_reference = r.authorization
+          end
+          r.process { create_payment(money, options) }
+          r.process {
+            post = authorization_params(money, credit_card_or_reference, options)
+            add_autocapture(post, false)
+            commit(synchronized_path("/payments/#{r.responses.last.params['id']}/authorize"), post)
+          }
+          r.process {
+            post = capture_params(money, credit_card_or_reference, options)
+            commit(synchronized_path("/payments/#{r.responses.last.params['id']}/capture"), post)
+          }
+        end
+      end
+
+      def authorize(money, credit_card_or_reference, options = {})
+        MultiResponse.run do |r|
+          if credit_card_or_reference.is_a?(String)
+            r.process { create_token(credit_card_or_reference, options) }
+            credit_card_or_reference = r.authorization
+          end
+          r.process { create_payment(money, options) }
+          r.process {
+            post = authorization_params(money, credit_card_or_reference, options)
+            commit(synchronized_path("/payments/#{r.responses.last.params['id']}/authorize"), post)
+          }
+        end
+      end
+
+      def void(identification, _options = {})
+        commit(synchronized_path "/payments/#{identification}/cancel")
+      end
+
+      def credit(money, identification, options = {})
+        ActiveMerchant.deprecated CREDIT_DEPRECATION_MESSAGE
+        refund(money, identification, options)
+      end
+
+      def capture(money, identification, options = {})
+        post = capture_params(money, identification, options)
+        commit(synchronized_path("/payments/#{identification}/capture"), post)
+      end
+
+      def refund(money, identification, options = {})
+        post = {}
+        add_amount(post, money, options)
+        add_additional_params(:refund, post, options)
+        commit(synchronized_path("/payments/#{identification}/refund"), post)
+      end
+
+      def verify(credit_card, options = {})
+        MultiResponse.run(:use_first_response) do |r|
+          r.process { authorize(100, credit_card, options) }
+          r.process(:ignore_result) { void(r.authorization, options) }
+        end
+      end
+
+      def store(credit_card, options = {})
+        MultiResponse.run do |r|
+          r.process { create_store(options) }
+          r.process { authorize_store(r.authorization, credit_card, options) }
+        end
+      end
+
+      def unstore(identification)
+        commit(synchronized_path "/cards/#{identification}/cancel")
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r((Authorization: Basic )\w+), '\1[FILTERED]').
+          gsub(%r(("card\\?":{\\?"number\\?":\\?")\d+), '\1[FILTERED]').
+          gsub(%r(("cvd\\?":\\?")\d+), '\1[FILTERED]')
+      end
+
+      private
+
+      def authorization_params(money, credit_card_or_reference, options = {})
+        post = {}
+
+        add_amount(post, money, options)
+        add_credit_card_or_reference(post, credit_card_or_reference, options)
+        add_additional_params(:authorize, post, options)
+
+        post
+      end
+
+      def capture_params(money, credit_card, options = {})
+        post = {}
+
+        add_amount(post, money, options)
+        add_additional_params(:capture, post, options)
+
+        post
+      end
+
+      def create_store(options = {})
+        post = {}
+        commit('/cards', post)
+      end
+
+      def authorize_store(identification, credit_card, options = {})
+        post = {}
+
+        add_credit_card_or_reference(post, credit_card, options)
+        commit(synchronized_path("/cards/#{identification}/authorize"), post)
+      end
+
+      def create_token(identification, options)
+        post = {}
+        commit(synchronized_path("/cards/#{identification}/tokens"), post)
+      end
+
+      def create_payment(money, options = {})
+        post = {}
+        add_currency(post, money, options)
+        add_invoice(post, options)
+        commit('/payments', post)
+      end
+
+      def commit(action, params = {})
+        success = false
+        begin
+          response = parse(ssl_post(self.live_url + action, params.to_json, headers))
+          success = successful?(response)
+        rescue ResponseError => e
+          response = response_error(e.response.body)
+        rescue JSON::ParserError
+          response = json_error(response)
+        end
+
+        Response.new(success, message_from(success, response), response,
+          test: test?,
+          authorization: authorization_from(response))
+      end
+
+      def authorization_from(response)
+        if response['token']
+          response['token'].to_s
+        else
+          response['id'].to_s
+        end
+      end
+
+      def add_currency(post, money, options)
+        post[:currency] = options[:currency] || currency(money)
+      end
+
+      def add_amount(post, money, options)
+        post[:amount] = options[:amount] || amount(money)
+      end
+
+      def add_autocapture(post, value)
+        post[:auto_capture] = value
+      end
+
+      def add_order_id(post, options)
+        requires!(options, :order_id)
+        post[:order_id] = format_order_id(options[:order_id])
+      end
+
+      def add_invoice(post, options)
+        add_order_id(post, options)
+
+        post[:invoice_address]  = map_address(options[:billing_address]) if options[:billing_address]
+
+        post[:shipping_address] = map_address(options[:shipping_address]) if options[:shipping_address]
+
+        %i[metadata branding_id variables].each do |field|
+          post[field] = options[field] if options[field]
+        end
+      end
+
+      def add_additional_params(action, post, options = {})
+        MD5_CHECK_FIELDS[API_VERSION][action].each do |key|
+          key       = key.to_sym
+          post[key] = options[key] if options[key]
+        end
+      end
+
+      def add_credit_card_or_reference(post, credit_card_or_reference, options = {})
+        post[:card] ||= {}
+        if credit_card_or_reference.is_a?(String)
+          post[:card][:token] = credit_card_or_reference
+        else
+          post[:card][:number]     = credit_card_or_reference.number
+          post[:card][:cvd]        = credit_card_or_reference.verification_value
+          post[:card][:expiration] = expdate(credit_card_or_reference)
+          post[:card][:issued_to]  = credit_card_or_reference.name
+        end
+
+        if options[:three_d_secure]
+          post[:card][:cavv] = options.dig(:three_d_secure, :cavv)
+          post[:card][:eci] = options.dig(:three_d_secure, :eci)
+          post[:card][:xav] = options.dig(:three_d_secure, :xid)
+        end
+      end
+
+      def parse(body)
+        JSON.parse(body)
+      end
+
+      def successful?(response)
+        has_error    = response['errors']
+        invalid_code = invalid_operation_code?(response)
+
+        !(has_error || invalid_code)
+      end
+
+      def message_from(success, response)
+        success ? 'OK' : (response['message'] || invalid_operation_message(response) || 'Unknown error - please contact QuickPay')
+      end
+
+      def invalid_operation_code?(response)
+        if response['operations']
+          operation = response['operations'].last
+          operation && operation['qp_status_code'] != '20000'
+        end
+      end
+
+      def invalid_operation_message(response)
+        response['operations'] && response['operations'].last['qp_status_msg']
+      end
+
+      def map_address(address)
+        return {} if address.nil?
+
+        requires!(address, :name, :address1, :city, :zip, :country)
+        country = Country.find(address[:country])
+        mapped = {
+          name: address[:name],
+          street: address[:address1],
+          city: address[:city],
+          region: address[:address2],
+          zip_code: address[:zip],
+          country_code: country.code(:alpha3).value
+        }
+        mapped
+      end
+
+      def format_order_id(order_id)
+        truncate(order_id.to_s.delete('#'), 20)
+      end
+
+      def headers
+        auth = Base64.strict_encode64(":#{@options[:api_key]}")
+        {
+          'Authorization'  => 'Basic ' + auth,
+          'User-Agent'     => "Quickpay-v#{API_VERSION} ActiveMerchantBindings/#{ActiveMerchant::VERSION}",
+          'Accept'         => 'application/json',
+          'Accept-Version' => "v#{API_VERSION}",
+          'Content-Type'   => 'application/json'
+        }
+      end
+
+      def response_error(raw_response)
+        parse(raw_response)
+      rescue JSON::ParserError
+        json_error(raw_response)
+      end
+
+      def json_error(raw_response)
+        msg = 'Invalid response received from the Quickpay API.'
+        msg += "  (The raw response returned by the API was #{raw_response.inspect})"
+        { 'message' => msg }
+      end
+
+      def synchronized_path(path)
+        "#{path}?synchronized"
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/gateways/quickpay/quickpay_v4to7.rb

@@ -0,0 +1,226 @@
+require 'rexml/document'
+require 'digest/md5'
+require 'active_merchant/billing/gateways/quickpay/quickpay_common'
+
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class QuickpayV4to7Gateway < Gateway
+      include QuickpayCommon
+      self.live_url = self.test_url = 'https://secure.quickpay.dk/api'
+      APPROVED = '000'
+
+      # The login is the QuickpayId
+      # The password is the md5checkword from the Quickpay manager
+      # To use the API-key from the Quickpay manager, specify :api-key
+      # Using the API-key, requires that you use version 4+. Specify :version => 4/5/6/7 in options.
+      def initialize(options = {})
+        requires!(options, :login, :password)
+        @protocol = options.delete(:version) || 7 # default to protocol version 7
+        super
+      end
+
+      def authorize(money, credit_card_or_reference, options = {})
+        post = {}
+
+        action = recurring_or_authorize(credit_card_or_reference)
+
+        add_amount(post, money, options)
+        add_invoice(post, options)
+        add_creditcard_or_reference(post, credit_card_or_reference, options)
+        add_autocapture(post, false)
+        add_fraud_parameters(post, options) if action.eql?(:authorize)
+        add_testmode(post)
+
+        commit(action, post)
+      end
+
+      def purchase(money, credit_card_or_reference, options = {})
+        post = {}
+
+        action = recurring_or_authorize(credit_card_or_reference)
+
+        add_amount(post, money, options)
+        add_creditcard_or_reference(post, credit_card_or_reference, options)
+        add_invoice(post, options)
+        add_fraud_parameters(post, options) if action.eql?(:authorize)
+        add_autocapture(post, true)
+
+        commit(action, post)
+      end
+
+      def capture(money, authorization, options = {})
+        post = {}
+
+        add_finalize(post, options)
+        add_reference(post, authorization)
+        add_amount_without_currency(post, money)
+        commit(:capture, post)
+      end
+
+      def void(identification, options = {})
+        post = {}
+
+        add_reference(post, identification)
+
+        commit(:cancel, post)
+      end
+
+      def refund(money, identification, options = {})
+        post = {}
+
+        add_amount_without_currency(post, money)
+        add_reference(post, identification)
+
+        commit(:refund, post)
+      end
+
+      def credit(money, identification, options = {})
+        ActiveMerchant.deprecated CREDIT_DEPRECATION_MESSAGE
+        refund(money, identification, options)
+      end
+
+      def store(creditcard, options = {})
+        post = {}
+
+        add_creditcard(post, creditcard, options)
+        add_amount(post, 0, options) if @protocol >= 7
+        add_invoice(post, options)
+        add_description(post, options)
+        add_fraud_parameters(post, options)
+        add_testmode(post)
+
+        commit(:subscribe, post)
+      end
+
+      private
+
+      def add_amount(post, money, options = {})
+        post[:amount]   = amount(money)
+        post[:currency] = options[:currency] || currency(money)
+      end
+
+      def add_amount_without_currency(post, money, options = {})
+        post[:amount] = amount(money)
+      end
+
+      def add_invoice(post, options)
+        post[:ordernumber] = format_order_number(options[:order_id])
+      end
+
+      def add_creditcard(post, credit_card, options)
+        post[:cardnumber]     = credit_card.number
+        post[:cvd]            = credit_card.verification_value
+        post[:expirationdate] = expdate(credit_card)
+        post[:cardtypelock]   = options[:cardtypelock] unless options[:cardtypelock].blank?
+        post[:acquirers]      = options[:acquirers] unless options[:acquirers].blank?
+      end
+
+      def add_reference(post, identification)
+        post[:transaction] = identification
+      end
+
+      def add_creditcard_or_reference(post, credit_card_or_reference, options)
+        if credit_card_or_reference.is_a?(String)
+          add_reference(post, credit_card_or_reference)
+        else
+          add_creditcard(post, credit_card_or_reference, options)
+        end
+      end
+
+      def add_autocapture(post, autocapture)
+        post[:autocapture] = autocapture ? 1 : 0
+      end
+
+      def recurring_or_authorize(credit_card_or_reference)
+        credit_card_or_reference.is_a?(String) ? :recurring : :authorize
+      end
+
+      def add_description(post, options)
+        post[:description] = options[:description] || 'Description'
+      end
+
+      def add_testmode(post)
+        return if post[:transaction].present?
+
+        post[:testmode] = test? ? '1' : '0'
+      end
+
+      def add_fraud_parameters(post, options)
+        if @protocol >= 4
+          post[:fraud_remote_addr] = options[:ip] if options[:ip]
+          post[:fraud_http_accept] = options[:fraud_http_accept] if options[:fraud_http_accept]
+          post[:fraud_http_accept_language] = options[:fraud_http_accept_language] if options[:fraud_http_accept_language]
+          post[:fraud_http_accept_encoding] = options[:fraud_http_accept_encoding] if options[:fraud_http_accept_encoding]
+          post[:fraud_http_accept_charset] = options[:fraud_http_accept_charset] if options[:fraud_http_accept_charset]
+          post[:fraud_http_referer] = options[:fraud_http_referer] if options[:fraud_http_referer]
+          post[:fraud_http_user_agent] = options[:fraud_http_user_agent] if options[:fraud_http_user_agent]
+        end
+      end
+
+      def add_finalize(post, options)
+        post[:finalize] = options[:finalize] ? '1' : '0'
+      end
+
+      def commit(action, params)
+        response = parse(ssl_post(self.live_url, post_data(action, params)))
+
+        Response.new(successful?(response), message_from(response), response,
+          test: test?,
+          authorization: response[:transaction])
+      end
+
+      def successful?(response)
+        response[:qpstat] == APPROVED
+      end
+
+      def parse(data)
+        response = {}
+
+        doc = REXML::Document.new(data)
+
+        doc.root.elements.each do |element|
+          response[element.name.to_sym] = element.text
+        end
+
+        response
+      end
+
+      def message_from(response)
+        response[:qpstatmsg].to_s
+      end
+
+      def post_data(action, params = {})
+        params[:protocol] = @protocol
+        params[:msgtype]  = action.to_s
+        params[:merchant] = @options[:login]
+        params[:apikey] = @options[:apikey] if @options[:apikey]
+        params[:md5check] = generate_check_hash(action, params)
+
+        params.collect { |key, value| "#{key}=#{CGI.escape(value.to_s)}" }.join('&')
+      end
+
+      def generate_check_hash(action, params)
+        string = MD5_CHECK_FIELDS[@protocol][action].collect do |key|
+          params[key.to_sym]
+        end.join('')
+
+        # Add the md5checkword
+        string << @options[:password].to_s
+
+        Digest::MD5.hexdigest(string)
+      end
+
+      def expdate(credit_card)
+        year  = format(credit_card.year, :two_digits)
+        month = format(credit_card.month, :two_digits)
+
+        "#{year}#{month}"
+      end
+
+      # Limited to 20 digits max
+      def format_order_number(number)
+        number.to_s.gsub(/[^\w]/, '').rjust(4, '0')[0...20]
+      end
+    end
+  end
+end