swiss-crm-activemerchant 1.0.12

data/lib/active_merchant/billing/gateways/micropayment.rb

@@ -0,0 +1,182 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class MicropaymentGateway < Gateway
+      self.display_name = 'micropayment'
+      self.homepage_url = 'https://www.micropayment.de/'
+
+      self.test_url = self.live_url = 'https://sipg.micropayment.de/public/creditcardpsp/v1/nvp/'
+
+      self.supported_countries = %w(DE)
+      self.default_currency = 'EUR'
+      self.money_format = :cents
+      self.supported_cardtypes = %i[visa master american_express]
+
+      def initialize(options = {})
+        requires!(options, :access_key)
+        super
+      end
+
+      def purchase(amount, payment_method, options = {})
+        post = {}
+        add_invoice(post, amount, options)
+        add_payment_method(post, payment_method, options)
+        add_customer_data(post, options)
+        add_address(post, options)
+        commit('purchase', post)
+      end
+
+      def authorize(amount, payment_method, options = {})
+        post = {}
+        add_invoice(post, amount, options)
+        add_payment_method(post, payment_method, options)
+        add_customer_data(post, options)
+        add_address(post, options)
+        commit('authorize', post)
+      end
+
+      def capture(amount, authorization, options = {})
+        post = {}
+        add_reference(post, authorization)
+        add_invoice(post, amount, options)
+        commit('capture', post)
+      end
+
+      def void(authorization, options = {})
+        post = {}
+        add_reference(post, authorization)
+        commit('void', post)
+      end
+
+      def refund(amount, authorization, options = {})
+        post = {}
+        add_reference(post, authorization)
+        add_invoice(post, amount, options)
+        commit('refund', post)
+      end
+
+      def verify(credit_card, options = {})
+        MultiResponse.run(:use_first_response) do |r|
+          r.process { authorize(250, credit_card, options) }
+          r.process(:ignore_result) { void(r.authorization, options) }
+        end
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r((accessKey=)\w+), '\1[FILTERED]').
+          gsub(%r((number=)\d+), '\1[FILTERED]').
+          gsub(%r((cvc2=)\d+), '\1[FILTERED]')
+      end
+
+      private
+
+      def add_invoice(post, money, options)
+        if money
+          post[:amount] = amount(money)
+          post[:currency] = options[:currency] || currency(money)
+        end
+        post[:project] = options[:project] if options[:project]
+        post['params[title]'] = options[:description] if options[:description]
+      end
+
+      def add_payment_method(post, payment_method, options = {})
+        post[:number] = payment_method.number
+        post[:recurring] = 1 if options[:recurring] == true
+        post[:cvc2] = payment_method.verification_value
+        post[:expiryYear] = format(payment_method.year, :four_digits)
+        post[:expiryMonth] = format(payment_method.month, :two_digits)
+
+        post['params[firstname]'] = payment_method.first_name
+        post['params[surname]'] = payment_method.last_name
+      end
+
+      def add_customer_data(post, options)
+        post['params[email]'] = options[:email] if options[:email]
+        post['params[ip]'] = options[:ip] || '1.1.1.1'
+        post['params[sendMail]'] = options[:send_mail] || 'false'
+      end
+
+      def add_address(post, options)
+        address = options[:billing_address]
+        return unless address
+
+        post['params[address]'] = address[:address1] if address[:address1]
+        post['params[zipcode]'] = address[:zip] if address[:zip]
+        post['params[town]'] = address[:city] if address[:city]
+        post['params[country]'] = address[:country] if address[:country]
+      end
+
+      def add_reference(post, authorization)
+        session_id, transaction_id = split_authorization(authorization)
+        post[:sessionId] = session_id
+        post[:transactionId] = transaction_id
+      end
+
+      def commit(action, params)
+        params[:testMode] = 1 if test?
+        params[:accessKey] = @options[:access_key]
+        params[:apiKey] = @options[:api_key] || 'af1fd841af792f4c50131414ff76e004'
+
+        response = parse(ssl_post(url(action), post_data(action, params), headers))
+
+        Response.new(
+          succeeded = success_from(response),
+          message_from(succeeded, response),
+          response,
+          authorization: authorization_from(response, params),
+          avs_result: AVSResult.new(code: response['some_avs_result_key']),
+          cvv_result: CVVResult.new(response['some_cvv_result_key']),
+          test: test?
+        )
+      end
+
+      def headers
+        { 'Content-Type' => 'application/x-www-form-urlencoded;charset=UTF-8' }
+      end
+
+      def post_data(action, params)
+        params.map { |k, v| "#{CGI.escape(k.to_s)}=#{CGI.escape(v.to_s)}" }.join('&')
+      end
+
+      def url(action)
+        action_url = test? ? test_url : live_url
+        "#{action_url}?action=#{action}"
+      end
+
+      def parse(body)
+        body.split(/\r?\n/).inject({}) do |acc, pair|
+          key, value = pair.split('=')
+          acc[key] = CGI.unescape(value)
+          acc
+        end
+      end
+
+      def success_from(response)
+        response['error'] == '0' &&
+          response['transactionResultCode'] == '00' &&
+          response['transactionStatus'] == 'SUCCESS'
+      end
+
+      def message_from(succeeded, response)
+        if succeeded
+          'Succeeded'
+        else
+          response['errorMessage'] || response['transactionResultMessage']
+        end
+      end
+
+      def split_authorization(authorization)
+        authorization.split('|')
+      end
+
+      def authorization_from(response, request_params)
+        session_id = response['sessionId'] || request_params[:sessionId]
+        "#{session_id}|#{response['transactionId']}"
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/gateways/migs/migs_codes.rb

@@ -0,0 +1,100 @@
+module ActiveMerchant
+  module Billing
+    module MigsCodes
+      TXN_RESPONSE_CODES = {
+        '?' => 'Response Unknown',
+        '0' => 'Transaction Successful',
+        '1' => 'Transaction Declined - Bank Error',
+        '2' => 'Bank Declined Transaction',
+        '3' => 'Transaction Declined - No Reply from Bank',
+        '4' => 'Transaction Declined - Expired Card',
+        '5' => 'Transaction Declined - Insufficient funds',
+        '6' => 'Transaction Declined - Error Communicating with Bank',
+        '7' => 'Payment Server Processing Error - Typically caused by invalid input data such as an invalid credit card number. Processing errors can also occur',
+        '8' => 'Transaction Declined - Transaction Type Not Supported',
+        '9' => 'Bank Declined Transaction (Do not contact Bank)',
+        'A' => 'Transaction Aborted',
+        'C' => 'Transaction Cancelled',
+        'D' => 'Deferred Transaction',
+        'E' => 'Issuer Returned a Referral Response',
+        'F' => '3D Secure Authentication Failed',
+        'I' => 'Card Security Code Failed',
+        'L' => 'Shopping Transaction Locked (This indicates that there is another transaction taking place using the same shopping transaction number)',
+        'N' => 'Cardholder is not enrolled in 3D Secure (Authentication Only)',
+        'P' => 'Transaction is Pending',
+        'R' => 'Retry Limits Exceeded, Transaction Not Processed',
+        'S' => 'Duplicate OrderInfo used. (This is only relevant for Payment Servers that enforce the uniqueness of this field)',
+        'U' => 'Card Security Code Failed'
+      }
+
+      ISSUER_RESPONSE_CODES = {
+        '00' => 'Approved',
+        '01' => 'Refer to Card Issuer',
+        '02' => 'Refer to Card Issuer',
+        '03' => 'Invalid Merchant',
+        '04' => 'Pick Up Card',
+        '05' => 'Do Not Honor',
+        '07' => 'Pick Up Card',
+        '12' => 'Invalid Transaction',
+        '14' => 'Invalid Card Number (No such Number)',
+        '15' => 'No Such Issuer',
+        '33' => 'Expired Card',
+        '34' => 'Suspected Fraud',
+        '36' => 'Restricted Card',
+        '39' => 'No Credit Account',
+        '41' => 'Card Reported Lost',
+        '43' => 'Stolen Card',
+        '51' => 'Insufficient Funds',
+        '54' => 'Expired Card',
+        '57' => 'Transaction Not Permitted',
+        '59' => 'Suspected Fraud',
+        '62' => 'Restricted Card',
+        '65' => 'Exceeds withdrawal frequency limit',
+        '91' => 'Cannot Contact Issuer'
+      }
+
+      VERIFIED_3D_CODES = {
+        'Y' => 'The cardholder was successfully authenticated.',
+        'E' => 'The cardholder is not enrolled.',
+        'N' => 'The cardholder was not verified.',
+        'U' => 'The cardholder\'s Issuer was unable to authenticate due to a system error at the Issuer.',
+        'F' => 'An error exists in the format of the request from the merchant. For example, the request did not contain all required fields, or the format of some fields was invalid.',
+        'A' => 'Authentication of your Merchant ID and Password to the Directory Server Failed (see "What does a Payment Authentication Status of "A" mean?" on page 85).',
+        'D' => 'Error communicating with the Directory Server, for example, the Payment Server could not connect to the directory server or there was a versioning mismatch.',
+        'C' => 'The card type is not supported for authentication.',
+        'M' => 'This indicates that attempts processing was used. Verification is marked with status M - ACS attempts processing used. Payment is performed with authentication. Attempts is when a cardholder has successfully passed the directory server but decides not to continue with the authentication process and cancels.',
+        'S' => 'The signature on the response received from the Issuer could not be validated. This should be considered a failure.',
+        'T' => 'ACS timed out. The Issuer\'s ACS did not respond to the Authentication request within the time out period.',
+        'P' => 'Error parsing input from Issuer.',
+        'I' => 'Internal Payment Server system error. This could be caused by a temporary DB failure or an error in the security module or by some error in an internal system.'
+      }
+
+      class CreditCardType
+        attr_accessor :am_code, :migs_code, :migs_long_code, :name
+        def initialize(am_code, migs_code, migs_long_code, name)
+          @am_code        = am_code
+          @migs_code      = migs_code
+          @migs_long_code = migs_long_code
+          @name           = name
+        end
+      end
+
+      CARD_TYPES = [
+        # The following are 4 different representations of credit card types
+        # am_code: The active merchant code
+        # migs_code: Used in response for purchase/authorize/status
+        # migs_long_code: Used to pre-select card for server_purchase_url
+        # name: The nice display name
+        %w(american_express AE Amex American\ Express),
+        %w(diners_club DC Dinersclub Diners\ Club),
+        %w(jcb JC JCB JCB\ Card),
+        %w(maestro MS Maestro Maestro\ Card),
+        %w(master MC Mastercard MasterCard),
+        %w(na PL PrivateLabelCard Private\ Label\ Card),
+        %w(visa VC Visa Visa\ Card)
+      ].map do |am_code, migs_code, migs_long_code, name|
+        CreditCardType.new(am_code, migs_code, migs_long_code, name)
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/gateways/migs.rb

@@ -0,0 +1,329 @@
+require 'active_merchant/billing/gateways/migs/migs_codes'
+
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class MigsGateway < Gateway
+      include MigsCodes
+
+      API_VERSION = 1
+
+      class_attribute :server_hosted_url, :merchant_hosted_url
+
+      self.server_hosted_url = 'https://migs.mastercard.com.au/vpcpay'
+      self.merchant_hosted_url = 'https://migs.mastercard.com.au/vpcdps'
+
+      self.live_url = self.server_hosted_url
+
+      # MiGS is supported throughout Asia Pacific, Middle East and Africa
+      # MiGS is used in Australia (AU) by ANZ (eGate), CBA (CommWeb) and more
+      # Source of Country List: http://www.scribd.com/doc/17811923
+      self.supported_countries = %w(AU AE BD BN EG HK ID JO KW LB LK MU MV MY NZ OM PH QA SA SG TT VN)
+
+      # The card types supported by the payment gateway
+      self.supported_cardtypes = %i[visa master american_express diners_club jcb]
+
+      self.money_format = :cents
+      self.currencies_without_fractions = %w(IDR)
+
+      # The homepage URL of the gateway
+      self.homepage_url = 'http://mastercard.com/mastercardsps'
+
+      # The name of the gateway
+      self.display_name = 'MasterCard Internet Gateway Service (MiGS)'
+
+      # Creates a new MigsGateway
+      # The advanced_login/advanced_password fields are needed for
+      # advanced methods such as the capture, refund and status methods
+      #
+      # ==== Options
+      #
+      # * <tt>:login</tt> -- The MiGS Merchant ID (REQUIRED)
+      # * <tt>:password</tt> -- The MiGS Access Code (REQUIRED)
+      # * <tt>:secure_hash</tt> -- The MiGS Secure Hash
+      # (Required for Server Hosted payments)
+      # * <tt>:advanced_login</tt> -- The MiGS AMA User
+      # * <tt>:advanced_password</tt> -- The MiGS AMA User's password
+      def initialize(options = {})
+        requires!(options, :login, :password)
+        super
+      end
+
+      # ==== Options
+      #
+      # * <tt>:order_id</tt> -- A reference for tracking the order (REQUIRED)
+      # * <tt>:unique_id</tt> -- A unique id for this request (Max 40 chars).
+      # If not supplied one will be generated.
+      def purchase(money, creditcard, options = {})
+        requires!(options, :order_id)
+
+        post = {}
+
+        add_amount(post, money, options)
+        add_invoice(post, options)
+        add_creditcard(post, creditcard)
+        add_standard_parameters('pay', post, options[:unique_id])
+        add_3ds(post, options)
+        add_tx_source(post, options)
+
+        commit(post)
+      end
+
+      # MiGS works by merchants being either purchase only or authorize/capture
+      # So authorize is the same as purchase when in authorize mode
+      alias authorize purchase
+
+      # ==== Options
+      #
+      # * <tt>:unique_id</tt> -- A unique id for this request (Max 40 chars).
+      # If not supplied one will be generated.
+      def capture(money, authorization, options = {})
+        requires!(@options, :advanced_login, :advanced_password)
+
+        post = options.merge(TransNo: authorization)
+
+        add_amount(post, money, options)
+        add_advanced_user(post)
+        add_standard_parameters('capture', post, options[:unique_id])
+        add_tx_source(post, options)
+
+        commit(post)
+      end
+
+      # ==== Options
+      #
+      # * <tt>:unique_id</tt> -- A unique id for this request (Max 40 chars).
+      # If not supplied one will be generated.
+      def refund(money, authorization, options = {})
+        requires!(@options, :advanced_login, :advanced_password)
+
+        post = options.merge(TransNo: authorization)
+
+        add_amount(post, money, options)
+        add_advanced_user(post)
+        add_standard_parameters('refund', post, options[:unique_id])
+        add_tx_source(post, options)
+
+        commit(post)
+      end
+
+      def void(authorization, options = {})
+        requires!(@options, :advanced_login, :advanced_password)
+
+        post = options.merge(TransNo: authorization)
+
+        add_advanced_user(post)
+        add_standard_parameters('voidAuthorisation', post, options[:unique_id])
+        add_tx_source(post, options)
+
+        commit(post)
+      end
+
+      def credit(money, authorization, options = {})
+        ActiveMerchant.deprecated CREDIT_DEPRECATION_MESSAGE
+        refund(money, authorization, options)
+      end
+
+      def verify(credit_card, options = {})
+        MultiResponse.run do |r|
+          r.process { authorize(100, credit_card, options) }
+          r.process(:ignore_result) { void(r.authorization, options) }
+        end
+      end
+
+      # Checks the status of a previous transaction
+      # This can be useful when a response is not received due to network issues
+      #
+      # ==== Parameters
+      #
+      # * <tt>unique_id</tt> -- Unique id of transaction to find.
+      #   This is the value of the option supplied in other methods or
+      #   if not supplied is returned with key :MerchTxnRef
+      def status(unique_id)
+        requires!(@options, :advanced_login, :advanced_password)
+
+        post = {}
+        add_advanced_user(post)
+        add_standard_parameters('queryDR', post, unique_id)
+
+        commit(post)
+      end
+
+      # Generates a URL to redirect user to MiGS to process payment
+      # Once user is finished MiGS will redirect back to specified URL
+      # With a response hash which can be turned into a Response object
+      # with purchase_offsite_response
+      #
+      # ==== Options
+      #
+      # * <tt>:order_id</tt> -- A reference for tracking the order (REQUIRED)
+      # * <tt>:locale</tt> -- Change the language of the redirected page
+      #   Values are 2 digit locale, e.g. en, es
+      # * <tt>:return_url</tt> -- the URL to return to once the payment is complete
+      # * <tt>:card_type</tt> -- Providing this skips the card type step.
+      #   Values are ActiveMerchant formats: e.g. master, visa, american_express, diners_club
+      # * <tt>:unique_id</tt> -- Unique id of transaction to find.
+      #   If not supplied one will be generated.
+      def purchase_offsite_url(money, options = {})
+        requires!(options, :order_id, :return_url)
+        requires!(@options, :secure_hash)
+
+        post = {}
+
+        add_amount(post, money, options)
+        add_invoice(post, options)
+        add_creditcard_type(post, options[:card_type]) if options[:card_type]
+
+        post[:Locale] = options[:locale] || 'en'
+        post[:ReturnURL] = options[:return_url]
+
+        add_standard_parameters('pay', post, options[:unique_id])
+
+        add_secure_hash(post)
+
+        self.server_hosted_url + '?' + post_data(post)
+      end
+
+      # Parses a response from purchase_offsite_url once user is redirected back
+      #
+      # ==== Parameters
+      #
+      # * <tt>data</tt> -- All params when offsite payment returns
+      # e.g. returns to http://company.com/return?a=1&b=2, then input "a=1&b=2"
+      def purchase_offsite_response(data)
+        requires!(@options, :secure_hash)
+
+        response_hash = parse(data)
+
+        expected_secure_hash = calculate_secure_hash(response_hash, @options[:secure_hash])
+        raise SecurityError, 'Secure Hash mismatch, response may be tampered with' unless response_hash[:SecureHash] == expected_secure_hash
+
+        response_object(response_hash)
+      end
+
+      def test?
+        @options[:login].start_with?('TEST')
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r((&?CardNum=)\d*(&?)), '\1[FILTERED]\2').
+          gsub(%r((&?CardSecurityCode=)\d*(&?)), '\1[FILTERED]\2').
+          gsub(%r((&?AccessCode=)[^&]*(&?)), '\1[FILTERED]\2').
+          gsub(%r((&?Password=)[^&]*(&?)), '\1[FILTERED]\2').
+          gsub(%r((&?3DSXID=)[^&]*(&?)), '\1[FILTERED]\2').
+          gsub(%r((&?VerToken=)[^&]*(&?)), '\1[FILTERED]\2')
+      end
+
+      private
+
+      def add_amount(post, money, options)
+        post[:Amount] = localized_amount(money, options[:currency])
+        post[:Currency] = options[:currency] if options[:currency]
+      end
+
+      def add_advanced_user(post)
+        post[:User] = @options[:advanced_login]
+        post[:Password] = @options[:advanced_password]
+      end
+
+      def add_invoice(post, options)
+        post[:OrderInfo] = options[:order_id]
+      end
+
+      def add_3ds(post, options)
+        post[:VerType] = options[:ver_type] if options[:ver_type]
+        post[:VerToken] = options[:ver_token] if options[:ver_token]
+        post['3DSXID'] = options[:three_ds_xid] if options[:three_ds_xid]
+        post['3DSECI'] = options[:three_ds_eci] if options[:three_ds_eci]
+        post['3DSenrolled'] = options[:three_ds_enrolled] if options[:three_ds_enrolled]
+        post['3DSstatus'] = options[:three_ds_status] if options[:three_ds_status]
+      end
+
+      def add_tx_source(post, options)
+        post[:TxSource] = options[:tx_source] if options[:tx_source]
+      end
+
+      def add_creditcard(post, creditcard)
+        post[:CardNum] = creditcard.number
+        post[:CardSecurityCode] = creditcard.verification_value if creditcard.verification_value?
+        post[:CardExp] = format(creditcard.year, :two_digits) + format(creditcard.month, :two_digits)
+      end
+
+      def add_creditcard_type(post, card_type)
+        post[:Gateway] = 'ssl'
+        post[:card] = CARD_TYPES.detect { |ct| ct.am_code == card_type }.migs_long_code
+      end
+
+      def parse(body)
+        params = CGI::parse(body)
+        hash = {}
+        params.each do |key, value|
+          hash[key.gsub('vpc_', '').to_sym] = value[0]
+        end
+        hash
+      end
+
+      def commit(post)
+        add_secure_hash(post) if @options[:secure_hash]
+        data = ssl_post self.merchant_hosted_url, post_data(post)
+        response_hash = parse(data)
+        response_object(response_hash)
+      end
+
+      def response_object(response)
+        avs_response_code = response[:AVSResultCode]
+        avs_response_code = 'S' if avs_response_code == 'Unsupported'
+
+        cvv_result_code = response[:CSCResultCode]
+        cvv_result_code = 'P' if cvv_result_code == 'Unsupported'
+
+        Response.new(success?(response), response[:Message], response,
+          test: test?,
+          authorization: response[:TransactionNo],
+          fraud_review: fraud_review?(response),
+          avs_result: { code: avs_response_code },
+          cvv_result: cvv_result_code)
+      end
+
+      def success?(response)
+        response[:TxnResponseCode] == '0'
+      end
+
+      def fraud_review?(response)
+        ISSUER_RESPONSE_CODES[response[:AcqResponseCode]] == 'Suspected Fraud'
+      end
+
+      def add_standard_parameters(action, post, unique_id = nil)
+        post.merge!(
+          Version: API_VERSION,
+          Merchant: @options[:login],
+          AccessCode: @options[:password],
+          Command: action,
+          MerchTxnRef: unique_id || generate_unique_id.slice(0, 40)
+        )
+      end
+
+      def post_data(post)
+        post.collect { |key, value| "vpc_#{key}=#{CGI.escape(value.to_s)}" }.join('&')
+      end
+
+      def add_secure_hash(post)
+        post[:SecureHash] = calculate_secure_hash(post, @options[:secure_hash])
+        post[:SecureHashType] = 'SHA256'
+      end
+
+      def calculate_secure_hash(post, secure_hash)
+        input = post.
+                reject { |k| %i[SecureHash SecureHashType].include?(k) }.
+                sort.
+                map { |(k, v)| "vpc_#{k}=#{v}" }.
+                join('&')
+        OpenSSL::HMAC.hexdigest('SHA256', [secure_hash].pack('H*'), input).upcase
+      end
+    end
+  end
+end