swiss-crm-activemerchant 1.0.12

data/lib/active_merchant/billing/gateways/cyber_source_rest.rb

@@ -0,0 +1,454 @@
+require 'active_merchant/billing/gateways/cyber_source/cyber_source_common'
+
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class CyberSourceRestGateway < Gateway
+      include ActiveMerchant::Billing::CyberSourceCommon
+
+      self.test_url = 'https://apitest.cybersource.com'
+      self.live_url = 'https://api.cybersource.com'
+
+      self.supported_countries = ActiveMerchant::Billing::CyberSourceGateway.supported_countries
+      self.default_currency = 'USD'
+      self.currencies_without_fractions = ActiveMerchant::Billing::CyberSourceGateway.currencies_without_fractions
+
+      self.supported_cardtypes = %i[visa master american_express discover diners_club jcb maestro elo union_pay cartes_bancaires mada]
+
+      self.homepage_url = 'http://www.cybersource.com'
+      self.display_name = 'Cybersource REST'
+
+      CREDIT_CARD_CODES = {
+        american_express: '003',
+        cartes_bancaires: '036',
+        dankort: '034',
+        diners_club: '005',
+        discover: '004',
+        elo: '054',
+        jcb: '007',
+        maestro: '042',
+        master: '002',
+        unionpay: '062',
+        visa: '001'
+      }
+
+      PAYMENT_SOLUTION = {
+        apple_pay: '001',
+        google_pay: '012'
+      }
+
+      def initialize(options = {})
+        requires!(options, :merchant_id, :public_key, :private_key)
+        super
+      end
+
+      def purchase(money, payment, options = {})
+        authorize(money, payment, options, true)
+      end
+
+      def authorize(money, payment, options = {}, capture = false)
+        post = build_auth_request(money, payment, options)
+        post[:processingInformation][:capture] = true if capture
+
+        commit('payments', post, options)
+      end
+
+      def capture(money, authorization, options = {})
+        payment = authorization.split('|').first
+        post = build_reference_request(money, options)
+
+        commit("payments/#{payment}/captures", post, options)
+      end
+
+      def refund(money, authorization, options = {})
+        payment = authorization.split('|').first
+        post = build_reference_request(money, options)
+        commit("payments/#{payment}/refunds", post, options)
+      end
+
+      def credit(money, payment, options = {})
+        post = build_credit_request(money, payment, options)
+        commit('credits', post)
+      end
+
+      def void(authorization, options = {})
+        payment, amount = authorization.split('|')
+        post = build_void_request(amount)
+        commit("payments/#{payment}/reversals", post)
+      end
+
+      def verify(credit_card, options = {})
+        amount = eligible_for_zero_auth?(credit_card, options) ? 0 : 100
+        MultiResponse.run(:use_first_response) do |r|
+          r.process { authorize(amount, credit_card, options) }
+          r.process(:ignore_result) { void(r.authorization, options) }
+        end
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(/(\\?"number\\?":\\?")\d+/, '\1[FILTERED]').
+          gsub(/(\\?"routingNumber\\?":\\?")\d+/, '\1[FILTERED]').
+          gsub(/(\\?"securityCode\\?":\\?")\d+/, '\1[FILTERED]').
+          gsub(/(signature=")[^"]*/, '\1[FILTERED]').
+          gsub(/(keyid=")[^"]*/, '\1[FILTERED]').
+          gsub(/(Digest: SHA-256=)[\w\/\+=]*/, '\1[FILTERED]')
+      end
+
+      private
+
+      def build_void_request(amount = nil)
+        { reversalInformation: { amountDetails: { totalAmount: nil } } }.tap do |post|
+          add_reversal_amount(post, amount.to_i) if amount.present?
+        end.compact
+      end
+
+      def build_auth_request(amount, payment, options)
+        { clientReferenceInformation: {}, paymentInformation: {}, orderInformation: {} }.tap do |post|
+          add_customer_id(post, options)
+          add_code(post, options)
+          add_payment(post, payment, options)
+          add_mdd_fields(post, options)
+          add_amount(post, amount, options)
+          add_address(post, payment, options[:billing_address], options, :billTo)
+          add_address(post, payment, options[:shipping_address], options, :shipTo)
+          add_business_rules_data(post, payment, options)
+          add_partner_solution_id(post)
+          add_stored_credentials(post, payment, options)
+        end.compact
+      end
+
+      def build_reference_request(amount, options)
+        { clientReferenceInformation: {}, orderInformation: {} }.tap do |post|
+          add_code(post, options)
+          add_mdd_fields(post, options)
+          add_amount(post, amount, options)
+          add_partner_solution_id(post)
+        end.compact
+      end
+
+      def build_credit_request(amount, payment, options)
+        { clientReferenceInformation: {}, paymentInformation: {}, orderInformation: {} }.tap do |post|
+          add_code(post, options)
+          add_credit_card(post, payment)
+          add_mdd_fields(post, options)
+          add_amount(post, amount, options)
+          add_address(post, payment, options[:billing_address], options, :billTo)
+          add_merchant_description(post, options)
+        end.compact
+      end
+
+      def add_code(post, options)
+        return unless options[:order_id].present?
+
+        post[:clientReferenceInformation][:code] = options[:order_id]
+      end
+
+      def add_customer_id(post, options)
+        return unless options[:customer_id].present?
+
+        post[:paymentInformation][:customer] = { customerId: options[:customer_id] }
+      end
+
+      def add_reversal_amount(post, amount)
+        currency = options[:currency] || currency(amount)
+
+        post[:reversalInformation][:amountDetails] = {
+          totalAmount: localized_amount(amount, currency)
+        }
+      end
+
+      def add_amount(post, amount, options)
+        currency = options[:currency] || currency(amount)
+        post[:orderInformation][:amountDetails] = {
+          totalAmount: localized_amount(amount, currency),
+          currency: currency
+        }
+      end
+
+      def add_ach(post, payment)
+        post[:paymentInformation][:bank] = {
+          account: {
+            type: payment.account_type == 'checking' ? 'C' : 'S',
+            number: payment.account_number
+          },
+          routingNumber: payment.routing_number
+        }
+      end
+
+      def add_payment(post, payment, options)
+        post[:processingInformation] = {}
+        if payment.is_a?(NetworkTokenizationCreditCard)
+          add_network_tokenization_card(post, payment, options)
+        elsif payment.is_a?(Check)
+          add_ach(post, payment)
+        else
+          add_credit_card(post, payment)
+        end
+      end
+
+      def add_network_tokenization_card(post, payment, options)
+        post[:processingInformation][:paymentSolution] = PAYMENT_SOLUTION[payment.source]
+        post[:processingInformation][:commerceIndicator] = 'internet' unless card_brand(payment) == 'jcb'
+
+        post[:paymentInformation][:tokenizedCard] = {
+          number: payment.number,
+          expirationMonth: payment.month,
+          expirationYear: payment.year,
+          cryptogram: payment.payment_cryptogram,
+          transactionType: '1',
+          type:  CREDIT_CARD_CODES[card_brand(payment).to_sym]
+        }
+
+        if card_brand(payment) == 'master'
+          post[:consumerAuthenticationInformation] = {
+            ucafAuthenticationData: payment.payment_cryptogram,
+            ucafCollectionIndicator: '2'
+          }
+        else
+          post[:consumerAuthenticationInformation] = { cavv: payment.payment_cryptogram }
+        end
+      end
+
+      def add_credit_card(post, creditcard)
+        post[:paymentInformation][:card] = {
+          number: creditcard.number,
+          expirationMonth: format(creditcard.month, :two_digits),
+          expirationYear: format(creditcard.year, :four_digits),
+          securityCode: creditcard.verification_value,
+          type: CREDIT_CARD_CODES[card_brand(creditcard).to_sym]
+        }
+      end
+
+      def add_address(post, payment_method, address, options, address_type)
+        return unless address.present?
+
+        first_name, last_name = address_names(address[:name], payment_method)
+
+        post[:orderInformation][address_type] = {
+          firstName:             first_name,
+          lastName:              last_name,
+          address1:              address[:address1],
+          address2:              address[:address2],
+          locality:              address[:city],
+          administrativeArea:    address[:state],
+          postalCode:            address[:zip],
+          country:               lookup_country_code(address[:country])&.value,
+          email:                 options[:email].presence || 'null@cybersource.com',
+          phoneNumber:           address[:phone]
+          # merchantTaxID:         ship_to ? options[:merchant_tax_id] : nil,
+          # company:               address[:company],
+          # companyTaxID:          address[:companyTaxID],
+          # ipAddress:             options[:ip],
+          # driversLicenseNumber:  options[:drivers_license_number],
+          # driversLicenseState:   options[:drivers_license_state],
+        }.compact
+      end
+
+      def add_merchant_description(post, options)
+        return unless options[:merchant_descriptor_name] || options[:merchant_descriptor_address1] || options[:merchant_descriptor_locality]
+
+        merchant = post[:merchantInformation][:merchantDescriptor] = {}
+        merchant[:name] = options[:merchant_descriptor_name] if options[:merchant_descriptor_name]
+        merchant[:address1] = options[:merchant_descriptor_address1] if options[:merchant_descriptor_address1]
+        merchant[:locality] = options[:merchant_descriptor_locality] if options[:merchant_descriptor_locality]
+      end
+
+      def add_stored_credentials(post, payment, options)
+        return unless stored_credential = options[:stored_credential]
+
+        options = stored_credential_options(stored_credential, options.fetch(:reason_code, ''))
+        post[:processingInformation][:commerceIndicator] = options.fetch(:transaction_type, 'internet')
+        stored_credential[:initial_transaction] ? initial_transaction(post, options) : subsequent_transaction(post, options)
+      end
+
+      def stored_credential_options(options, reason_code)
+        transaction_type = options[:reason_type]
+        transaction_type = 'install' if transaction_type == 'installment'
+        initiator = options[:initiator] if  options[:initiator]
+        initiator = 'customer' if initiator == 'cardholder'
+        stored_on_file = options[:reason_type] == 'recurring'
+        options.merge({
+          transaction_type: transaction_type,
+          initiator: initiator,
+          reason_code: reason_code,
+          stored_on_file: stored_on_file
+        })
+      end
+
+      def add_processing_information(initiator, merchant_initiated_transaction_hash = {})
+        {
+          authorizationOptions: {
+            initiator: {
+              type: initiator,
+              merchantInitiatedTransaction: merchant_initiated_transaction_hash,
+              storedCredentialUsed: true
+            }
+          }
+        }.compact
+      end
+
+      def initial_transaction(post, options)
+        processing_information = add_processing_information(options[:initiator], {
+          reason: options[:reason_code]
+        })
+
+        post[:processingInformation].merge!(processing_information)
+      end
+
+      def subsequent_transaction(post, options)
+        network_transaction_id = options[:network_transaction_id] || options.dig(:stored_credential, :network_transaction_id) || ''
+        processing_information = add_processing_information(options[:initiator], {
+          originalAuthorizedAmount: post.dig(:orderInformation, :amountDetails, :totalAmount),
+          previousTransactionID: network_transaction_id,
+          reason: options[:reason_code],
+          storedCredentialUsed: options[:stored_on_file]
+        })
+        post[:processingInformation].merge!(processing_information)
+      end
+
+      def network_transaction_id_from(response)
+        response.dig('processorInformation', 'networkTransactionId')
+      end
+
+      def url(action)
+        "#{(test? ? test_url : live_url)}/pts/v2/#{action}"
+      end
+
+      def host
+        URI.parse(url('')).host
+      end
+
+      def parse(body)
+        JSON.parse(body)
+      end
+
+      def commit(action, post, options = {})
+        add_reconciliation_id(post, options)
+        add_sec_code(post, options)
+        add_invoice_number(post, options)
+        response = parse(ssl_post(url(action), post.to_json, auth_headers(action, post)))
+        Response.new(
+          success_from(response),
+          message_from(response),
+          response,
+          authorization: authorization_from(response),
+          avs_result: AVSResult.new(code: response.dig('processorInformation', 'avs', 'code')),
+          # cvv_result: CVVResult.new(response['some_cvv_response_key']),
+          network_transaction_id: network_transaction_id_from(response),
+          test: test?,
+          error_code: error_code_from(response)
+        )
+      rescue ActiveMerchant::ResponseError => e
+        response = e.response.body.present? ? parse(e.response.body) : { 'response' => { 'rmsg' => e.response.msg } }
+        message = response.dig('response', 'rmsg') || response.dig('message')
+        Response.new(false, message, response, test: test?)
+      end
+
+      def success_from(response)
+        %w(AUTHORIZED PENDING REVERSED).include?(response['status'])
+      end
+
+      def message_from(response)
+        return response['status'] if success_from(response)
+
+        response['errorInformation']['message'] || response['message']
+      end
+
+      def authorization_from(response)
+        id = response['id']
+        has_amount = response['orderInformation'] && response['orderInformation']['amountDetails'] && response['orderInformation']['amountDetails']['authorizedAmount']
+        amount = response['orderInformation']['amountDetails']['authorizedAmount'].delete('.') if has_amount
+
+        return id if amount.blank?
+
+        [id, amount].join('|')
+      end
+
+      def error_code_from(response)
+        response['errorInformation']['reason'] unless success_from(response)
+      end
+
+      # This implementation follows the Cybersource guide on how create the request signature, see:
+      # https://developer.cybersource.com/docs/cybs/en-us/payments/developer/all/rest/payments/GenerateHeader/httpSignatureAuthentication.html
+      def get_http_signature(resource, digest, http_method = 'post', gmtdatetime = Time.now.httpdate)
+        string_to_sign = {
+          host: host,
+          date: gmtdatetime,
+          "(request-target)": "#{http_method} /pts/v2/#{resource}",
+          digest: digest,
+          "v-c-merchant-id": @options[:merchant_id]
+        }.map { |k, v| "#{k}: #{v}" }.join("\n").force_encoding(Encoding::UTF_8)
+
+        {
+          keyid: @options[:public_key],
+          algorithm: 'HmacSHA256',
+          headers: "host date (request-target)#{digest.present? ? ' digest' : ''} v-c-merchant-id",
+          signature: sign_payload(string_to_sign)
+        }.map { |k, v| %{#{k}="#{v}"} }.join(', ')
+      end
+
+      def sign_payload(payload)
+        decoded_key = Base64.decode64(@options[:private_key])
+        Base64.strict_encode64(OpenSSL::HMAC.digest('sha256', decoded_key, payload))
+      end
+
+      def auth_headers(action, post, http_method = 'post')
+        digest = "SHA-256=#{Digest::SHA256.base64digest(post.to_json)}" if post.present?
+        date = Time.now.httpdate
+
+        {
+          'Accept' => 'application/hal+json;charset=utf-8',
+          'Content-Type' => 'application/json;charset=utf-8',
+          'V-C-Merchant-Id' => @options[:merchant_id],
+          'Date' => date,
+          'Host' => host,
+          'Signature' => get_http_signature(action, digest, http_method, date),
+          'Digest' => digest
+        }
+      end
+
+      def add_business_rules_data(post, payment, options)
+        post[:processingInformation][:authorizationOptions] = {}
+        post[:processingInformation][:authorizationOptions][:ignoreAvsResult] = 'true' if options[:ignore_avs].to_s == 'true'
+        post[:processingInformation][:authorizationOptions][:ignoreCvResult] = 'true' if options[:ignore_cvv].to_s == 'true'
+      end
+
+      def add_mdd_fields(post, options)
+        mdd_fields = options.select { |k, v| k.to_s.start_with?('mdd_field') && v.present? }
+        return unless mdd_fields.present?
+
+        post[:merchantDefinedInformation] = mdd_fields.map do |key, value|
+          { key: key, value: value }
+        end
+      end
+
+      def add_reconciliation_id(post, options)
+        return unless options[:reconciliation_id].present?
+
+        post[:clientReferenceInformation][:reconciliationId] = options[:reconciliation_id]
+      end
+
+      def add_sec_code(post, options)
+        return unless options[:sec_code].present?
+
+        post[:processingInformation][:bankTransferOptions] = { secCode: options[:sec_code] }
+      end
+
+      def add_invoice_number(post, options)
+        return unless options[:invoice_number].present?
+
+        post[:orderInformation][:invoiceDetails] = { invoiceNumber: options[:invoice_number] }
+      end
+
+      def add_partner_solution_id(post)
+        return unless application_id
+
+        post[:clientReferenceInformation][:partner] = { solutionId: application_id }
+      end
+    end
+  end
+end