tlconnor-activemerchant 1.20.4

data/lib/active_merchant/billing/integrations.rb

@@ -0,0 +1,17 @@
+module ActiveMerchant
+  module Billing
+    module Integrations        
+    
+      Dir[File.dirname(__FILE__) + '/integrations/*.rb'].each do |f|      
+      
+        # Get camelized class name 
+        filename = File.basename(f, '.rb')
+        # Camelize the string to get the class name
+        gateway_class = filename.camelize.to_sym
+              
+        # Register for autoloading
+        autoload gateway_class, f      
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/integrations/action_view_helper.rb

@@ -0,0 +1,72 @@
+require 'action_pack'
+
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    module Integrations #:nodoc:
+      module ActionViewHelper
+        # This helper allows the usage of different payment integrations
+        # through a single form helper.  Payment integrations are the
+        # type of service where the user is redirected to the secure
+        # site of the service, like Paypal or Chronopay.
+        #
+        # The helper creates a scope around a payment service helper
+        # which provides the specific mapping for that service.
+        # 
+        #  <% payment_service_for 1000, 'paypalemail@mystore.com',
+        #                               :amount => 50.00, 
+        #                               :currency => 'CAD', 
+        #                               :service => :paypal, 
+        #                               :html => { :id => 'payment-form' } do |service| %>
+        #
+        #    <% service.customer :first_name => 'Cody',
+        #                       :last_name => 'Fauser',
+        #                       :phone => '(555)555-5555',
+        #                       :email => 'cody@example.com' %>
+        #
+        #    <% service.billing_address :city => 'Ottawa',
+        #                              :address1 => '21 Snowy Brook Lane',
+        #                              :address2 => 'Apt. 36',
+        #                              :state => 'ON',
+        #                              :country => 'CA',
+        #                              :zip => 'K1J1E5' %>
+        #
+        #    <% service.invoice '#1000' %>
+        #    <% service.shipping '0.00' %>
+        #    <% service.tax '0.00' %>
+        #
+        #    <% service.notify_url url_for(:only_path => false, :action => 'notify') %>
+        #    <% service.return_url url_for(:only_path => false, :action => 'done') %>
+        #    <% service.cancel_return_url 'http://mystore.com' %>
+        #  <% end %>
+        #
+        def payment_service_for(order, account, options = {}, &proc)          
+          raise ArgumentError, "Missing block" unless block_given?
+
+          integration_module = ActiveMerchant::Billing::Integrations.const_get(options.delete(:service).to_s.camelize)
+
+          result = []
+          result << form_tag(integration_module.service_url, options.delete(:html) || {})
+          
+          service_class = integration_module.const_get('Helper')
+          service = service_class.new(order, account, options)
+
+          result << capture(service, &proc)
+
+          service.form_fields.each do |field, value|
+            result << hidden_field_tag(field, value)
+          end
+          
+          service.raw_html_fields.each do |field, value|
+            result << "<input id=\"#{field}\" name=\"#{field}\" type=\"hidden\" value=\"#{value}\" />\n"
+          end
+          
+          result << '</form>'
+          result= result.join("\n")
+          
+          concat(result.respond_to?(:html_safe) ? result.html_safe : result)
+          nil
+        end
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/integrations/authorize_net_sim.rb

@@ -0,0 +1,38 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    module Integrations #:nodoc:
+      module AuthorizeNetSim 
+        autoload :Helper, 'active_merchant/billing/integrations/authorize_net_sim/helper.rb'
+        autoload :Notification, 'active_merchant/billing/integrations/authorize_net_sim/notification.rb'
+
+        # Overwrite this if you want to change the ANS test url
+        mattr_accessor :test_url
+        self.test_url = 'https://test.authorize.net/gateway/transact.dll'
+        
+        # Overwrite this if you want to change the ANS production url
+        mattr_accessor :production_url 
+        self.production_url = 'https://secure.authorize.net/gateway/transact.dll' 
+        
+        def self.service_url
+          mode = ActiveMerchant::Billing::Base.integration_mode
+          case mode
+          when :production
+            self.production_url    
+          when :test
+            self.test_url
+          else
+            raise StandardError, "Integration mode set to an invalid value: #{mode}"
+          end
+        end
+            
+        def self.notification(post)
+          Notification.new(post)
+        end
+        
+        def self.return(query_string)
+          Return.new(query_string)
+        end
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/integrations/authorize_net_sim/helper.rb

@@ -0,0 +1,228 @@
+require 'active_support/core_ext/float/rounding.rb' # Float#round(precision)
+
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    module Integrations #:nodoc:
+      module AuthorizeNetSim
+        # An example. Note the username as a parameter and transaction key you
+        # will want to use later. The amount that you pass in will be *rounded*,
+        # so preferably pass in X.2 decimal so that no rounding occurs. It is
+        # rounded because if it looks like 00.000 Authorize.Net fails the
+        # transaction as incorrectly formatted.
+        # 
+        #  payment_service_for('order_id', 'authorize_net_account', :service => :authorize_net_sim,  :amount => 157.0) do |service|
+        # 
+        #    # You must call setup_hash and invoice
+        #    
+        #    service.setup_hash :transaction_key => '8CP6zJ7uD875J6tY',
+        #        :order_timestamp => 1206836763
+        #    service.customer_id 8
+        #    service.customer :first_name => 'g',
+        #                       :last_name => 'g',
+        #                       :email => 'g@g.com',
+        #                       :phone => '3'
+        #   service.billing_address :zip => 'g',
+        #                   :country => 'United States of America',
+        #                   :address => 'g'
+        # 
+        #   service.ship_to_address :first_name => 'g',
+        #                            :last_name => 'g',
+        #                            :city => '',
+        #                            :address => 'g',
+        #                            :address2 => '',
+        #                            :state => address.state,
+        #                            :country => 'United States of America',
+        #                            :zip => 'g'
+        # 
+        #   service.invoice "516428355" # your invoice number
+        #   # The end-user is presented with the HTML produced by the notify_url.
+        #   service.notify_url "http://t/authorize_net_sim/payment_received_notification_sub_step"
+        #   service.payment_header 'My store name'
+        #   service.add_line_item :name => 'item name', :quantity => 1, :unit_price => 0
+        #   service.test_request 'true' # only if it's just a test
+        #   service.shipping '25.0'
+        #   # Tell it to display a "0" line item for shipping, with the price in
+        #   # the name, otherwise it isn't shown at all, leaving the end user to
+        #   # wonder why the total is different than the sum of the line items.
+        #   service.add_shipping_as_line_item
+        #   server.add_tax_as_line_item # same with tax
+        #   # See the helper.rb file for various custom fields
+        # end
+         
+        class Helper < ActiveMerchant::Billing::Integrations::Helper           
+          mapping :order, 'x_fp_sequence'
+          mapping :account, 'x_login'
+          
+          mapping :customer, :first_name => 'x_first_name',
+                             :last_name  => 'x_last_name',
+                             :email      => 'x_email',
+                             :phone      => 'x_phone'
+                            
+          mapping :notify_url, 'x_relay_url'
+          mapping :return_url, '' # unused
+          mapping :cancel_return_url, '' # unused
+          
+          # Custom fields for Authorize.net SIM.
+          # See http://www.Authorize.Net/support/SIM_guide.pdf for more descriptions.
+          mapping :fax, 'x_fax'
+          mapping :customer_id, 'x_cust_id'
+          mapping :description, 'x_description'
+          mapping :tax, 'x_tax'
+          mapping :shipping, 'x_freight'
+          
+          # True or false, or 0 or 1 same effect [not required to send one,
+          # defaults to false].
+          mapping :test_request, 'x_test_request'
+          
+          # This one is necessary for the notify url to be able to parse its
+          # information later! They also pass back customer id, if that's
+          # useful.
+          def invoice(number)
+            add_field 'x_invoice_num', number
+          end
+          
+          # Set the billing address. Call like service.billing_address {:city =>
+          # 'provo, :state => 'UT'}...
+          def billing_address(options)
+            for setting in [:city, :state, :zip, :country, :po_num] do
+              add_field 'x_' + setting.to_s, options[setting]
+            end
+            raise 'must use address1 and address2' if options[:address]
+            add_field 'x_address', (options[:address1].to_s + ' ' + options[:address2].to_s).strip
+          end
+          
+          # Adds a custom field which you submit to Authorize.Net. These fields
+          # are all passed back to you verbatim when it does its relay
+          # (callback) to you note that if you call it twice with the same name,
+          # this function only uses keeps the second value you called it with.          
+          def add_custom_field(name, value)
+            add_field name, value
+          end
+          
+          # Displays tax as a line item, so they can see it. Otherwise it isn't
+          # displayed.
+          def add_tax_as_line_item
+            raise unless @fields['x_tax']
+            add_line_item :name => 'Total Tax', :quantity => 1, :unit_price => @fields['x_tax'], :tax => 0, :line_title => 'Tax'
+          end
+          
+          # Displays shipping as a line item, so they can see it. Otherwise it
+          # isn't displayed.
+          def add_shipping_as_line_item(extra_options = {})
+            raise 'must set shipping/freight before calling this' unless @fields['x_freight']
+            add_line_item extra_options.merge({:name => 'Shipping and Handling Cost', :quantity => 1, :unit_price => @fields['x_freight'], :line_title => 'Shipping'})
+          end
+          
+          # Add ship_to_address in the same format as the normal address is
+          # added.
+          def ship_to_address(options)
+            for setting in [:first_name, :last_name, :company, :city, :state, :zip, :country] do
+              if options[setting] then
+                add_field 'x_ship_to_' + setting.to_s, options[setting]
+              end
+            end
+            raise 'must use :address1 and/or :address2' if options[:address]
+            add_field 'x_ship_to_address', (options[:address1].to_s + ' ' + options[:address2].to_s).strip
+          end
+          
+          # These control the look of the SIM payment page. Note that you can
+          # include a CSS header in descriptors, etc.
+          mapping :color_link, 'x_color_link'
+          mapping :color_text, 'x_color_text'
+          mapping :logo_url, 'x_logo_url'
+          mapping :background_url, 'x_background_url' # background image url for the page
+          mapping :payment_header, 'x_header_html_payment_form'
+          mapping :payment_footer, 'x_footer_html_payment_form'
+          
+          # For this to work you must have also passed in an email for the
+          # purchaser.
+          def yes_email_customer_from_authorizes_side
+            add_field 'x_email_customer', 'TRUE'
+          end
+
+          # Add a line item to Authorize.Net.
+          # Call line add_line_item {:name => 'orange', :unit_price => 30, :tax_value => 'Y', :quantity => 3, }
+          # Note you can't pass in a negative unit price, and you can add an
+          # optional :line_title => 'special name' if you don't want it to say
+          # 'Item 1' or what not, the default coded here.
+          # Cannot have a negative price, nor a name with "'s or $
+          # You can use the :line_title for the product name and then :name for description, if desired
+          def add_line_item(options)
+            raise 'needs name' unless options[:name]
+            
+            if @line_item_count == 30
+              # Add a note that we are not showing at least one -- AN doesn't
+              # display more than 30 or so.
+              description_of_last = @raw_html_fields[-1][1]
+              # Pull off the second to last section, which is the description.
+              description_of_last =~ />([^>]*)<\|>[YN]$/
+              # Create a new description, which can't be too big, so truncate here.
+              @raw_html_fields[-1][1] = description_of_last.gsub($1, $1[0..200] + ' + more unshown items after this one.')
+            end
+            
+            name = options[:name]
+            quantity = options[:quantity] || 1
+            line_title = options[:line_title] || ('Item ' + (@line_item_count + 1).to_s) # left most field
+            unit_price = options[:unit_price] || 0
+            unit_price = unit_price.to_f.round(2)
+            tax_value = options[:tax_value] || 'N'
+            
+            # Sanitization, in case they include a reserved word here, following
+            # their guidelines; unfortunately, they require 'raw' fields here,
+            # not CGI escaped, using their own delimiters.
+            # 
+            # Authorize.net ignores the second field (sanitized_short_name)
+            raise 'illegal char for line item <|>' if name.include? '<|>'
+            raise 'illegal char for line item "' if name.include? '"'
+            raise 'cannot pass in dollar sign' if unit_price.to_s.include? '$'
+            raise 'must have positive or 0 unit price' if unit_price.to_f < 0
+            # Using CGI::escape causes the output to be formated incorrectly in
+            # the HTML presented to the end-user's browser (e.g., spaces turn
+            # into +'s).
+            sanitized_short_name = name[0..30]
+            name = name[0..255]            
+
+            add_raw_html_field "x_line_item", "#{line_title}<|>#{sanitized_short_name}<|>#{name}<|>#{quantity}<|>#{unit_price}<|>#{tax_value}"
+
+            @line_item_count += 1
+          end
+            
+          # If you call this it will e-mail to this address a copy of a receipt
+          # after successful, from Authorize.Net.
+          def email_merchant_from_authorizes_side(to_this_email)
+            add_field 'x_email_merchant', to_this_email
+          end
+          
+          # You MUST call this at some point for it to actually work. Options
+          # must include :transaction_key and :order_timestamp
+          def setup_hash(options)
+            raise unless options[:transaction_key]
+            raise unless options[:order_timestamp]
+            amount = @fields['x_amount']
+            data = "#{@fields['x_login']}^#{@fields['x_fp_sequence']}^#{options[:order_timestamp].to_i}^#{amount}^#{@fields['x_currency_code']}"
+            hmac = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('md5'), options[:transaction_key], data)
+            add_field 'x_fp_hash', hmac
+            add_field 'x_fp_timestamp', options[:order_timestamp].to_i
+          end
+          
+          # Note that you should call #invoice and #setup_hash as well, for the
+          # response_url to actually work.
+          def initialize(order, account, options = {})
+            super
+            raise 'missing parameter' unless order and account and options[:amount]
+            raise 'error -- amount with no digits!' unless options[:amount].to_s =~ /\d/
+            add_field('x_type', 'AUTH_CAPTURE') # the only one we deal with, for now.  Not refunds or anything else, currently.
+            add_field 'x_show_form', 'PAYMENT_FORM'
+            add_field 'x_relay_response', 'TRUE'
+            add_field 'x_duplicate_window', '28800' # large default duplicate window.
+            add_field 'x_currency_code', currency_code
+          	add_field 'x_version' , '3.1' # version from doc
+            add_field 'x_amount', options[:amount].to_f.round(2)
+          	@line_item_count = 0
+          end
+
+        end
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/integrations/authorize_net_sim/notification.rb

@@ -0,0 +1,340 @@
+require 'net/http'
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    module Integrations #:nodoc:
+      
+      # # Example:
+      # parser = AuthorizeNetSim::Notification.new(request.raw_post)
+      # passed = parser.complete?
+      # 
+      # order = Order.find_by_order_number(parser.invoice_num)
+      # 
+      # unless order
+      #   @message = 'Error--unable to find your transaction! Please contact us directly.'
+      #   return render :partial => 'authorize_net_sim_payment_response'
+      # end
+      #       
+      # if order.total != parser.gross.to_f
+      #   logger.error "Authorize.Net sim said they paid for #{parser.gross} and it should have been #{order.total}!"
+      #   passed = false
+      # end
+      # 
+      # # Theoretically, Authorize.net will *never* pass us the same transaction
+      # # ID twice, but we can double check that... by using
+      # # parser.transaction_id, and checking against previous orders' transaction
+      # # id's (which you can save when the order is completed)....      
+      # unless parser.acknowledge MD5_HASH_SET_IN_AUTHORIZE_NET, AUTHORIZE_LOGIN
+      #  passed = false
+      #  logger.error "ALERT POSSIBLE FRAUD ATTEMPT either that or you haven't setup your md5 hash setting right in #{__FILE__} 
+      #    because a transaction came back from Authorize.Net with the wrong hash value--rejecting!"
+      # end
+      # 
+      # unless parser.cavv_matches? and parser.avs_code_matches?
+      #   logger.error 'Warning--non matching CC!' + params.inspect
+      #   # Could fail them here, as well (recommended)...
+      # end
+      # 
+      # if passed
+      #  # Set up your session, and render something that will redirect them to
+      #  # your site, most likely.
+      # else
+      #  # Render failure or redirect them to your site where you will render failure
+      # end
+      
+      module AuthorizeNetSim
+        class Notification < ActiveMerchant::Billing::Integrations::Notification
+
+          def unescape(val) #:nodoc:
+            if val
+              CGI::unescape val
+            else
+              val
+            end
+          end
+
+          # Passes a hash of the address the user entered in at Authorize.Net
+          def billing_address
+            all = {}
+            [:fax, :city, :company, :last_name, :country, :zip, :first_name, :address, :email, :state].each do |key_out|
+              all[key_out] = unescape params['x_' + key_out.to_s]
+            end
+            all
+          end
+
+          def customer_id
+            unescape params['x_cust_id']
+          end
+
+          def auth_code
+            unescape params['x_auth_code']
+          end
+
+          def po_num
+           unescape params['x_po_num']
+          end
+
+          def ship_to_address
+           all = {}
+            [:city, :last_name, :first_name, :country, :zip, :address].each do |key_out|
+              all[key_out] = unescape params['x_ship_to_' + key_out.to_s]
+            end
+            all
+          end
+
+          # Tax amount we sent them.
+          def tax
+            unescape params['x_tax']
+          end
+          
+          # Transaction type (probably going to be auth_capture, since that's
+          # all we set it as).
+          def transaction_type
+            unescape params['x_type'] 
+          end
+          
+          # Payment method used--almost always CC (for credit card).
+          def method
+            unescape params['x_method']
+          end
+          
+          # Ff our payment method is available. Almost always "true".
+          def method_available
+            params['x_method_available']
+          end
+          
+          # Invoice num we passed in as invoice_num to them.
+          def invoice_num
+            item_id
+          end
+          
+          # If you pass any values to authorize that aren't its expected, it
+          # will pass them back to you verbatim, returned by this method.
+          # custom values:
+          def all_custom_values_passed_in_and_now_passed_back_to_us
+            all = {}
+            params.each do |key, value|
+              if key[0..1] != 'x_'
+                all[key] = unescape value
+              end
+            end
+            all
+          end
+          
+          def duty
+            unescape params['x_duty']
+          end
+          
+          # Shipping we sent them.
+          def freight
+            unescape params['x_freight']
+          end
+          alias_method :shipping, :freight
+                    
+          def description
+            unescape params['x_description']
+          end
+          
+          # Returns the response code as a symbol.
+          # {'1' => :approved, '2' => :declined, '3' => :error, '4' => :held_for_review}
+          def response_code_as_ruby_symbol
+            map = {'1' => :approved, '2' => :declined, '3' => :error, '4' => :held_for_review}
+            map[params['x_response_code']]
+          end
+          
+          def response_reason_text
+            unescape params['x_response_reason_text']
+          end
+          
+          # The response reason text's numeric id [equivalent--just a number]
+          def response_reason_code
+            unescape params['x_response_reason_code']
+          end
+          
+          # 'used internally by their gateway'
+          def response_subcode
+            params['x_response_subcode']
+          end
+          
+          # They pass back a tax_exempt value.
+          def tax_exempt
+            params['x_tax_exempt']
+          end
+            
+          # avs [address verification] code
+          # A = Address (Street) 
+          # matches, ZIP does not 
+          # B = Address information 
+          # not provided for AVS 
+          # check 
+          # E = AVS error 
+          # G = Non-U.S. Card Issuing
+          # Bank 
+          # N = No Match on Address 
+          # (Street) or ZIP 
+          # P = AVS not applicable for
+          # this transaction 
+          # R = Retry – System 
+          # unavailable or timed out 
+          # S = Service not supported
+          # by issuer 
+          # U = Address information is
+          # unavailable 
+          # W = Nine digit ZIP 
+          # matches, Address (Street)
+          # does not 
+          # X = Address (Street) and 
+          # nine digit ZIP match 
+          # Y = Address (Street) and 
+          # five digit ZIP match 
+          # Z = Five digit ZIP matches
+          # Address (Street) does not
+          def avs_code
+            params['x_avs_code']
+          end
+          
+          # Returns true if their address completely matched [Y or X, P from
+          # #avs_code, which mean 'add+zip match', 'address + 9-zip match', and
+          # not applicable, respectively].
+          def avs_code_matches?
+            return ['Y', 'X', 'P'].include? params['x_avs_code']
+          end
+          
+          # cvv2 response
+          # M = Match 
+          # N = No Match 
+          # P = Not Processed 
+          # S = Should have been 
+          # present 
+          # U = Issuer unable to 
+          # process request 
+          def cvv2_resp_code
+            params['x_cvv2_resp_code']
+          end
+          
+          # check if #cvv2_resp_code == 'm' for Match.  otherwise false
+          def cvv2_resp_code_matches?
+            return ['M'].include? cvv2_resp_code
+          end
+
+          # cavv_response--'cardholder authentication verification response code'--most likely not use for SIM
+          # Blank or not present  =  
+          # CAVV not validated 
+          # 0 = CAVV not validated 
+          # because erroneous data 
+          # was submitted 
+          # 1 = CAVV failed validation
+          # 2 = CAVV passed 
+          # validation 
+          # 3 = CAVV validation could
+          # not be performed; issuer 
+          # attempt incomplete 
+          # 4 = CAVV validation could
+          # not be performed; issuer 
+          # system error 
+          # 5 = Reserved for future 
+          # use 
+          # 6 = Reserved for future 
+          # use 
+          # 7 = CAVV attempt – failed
+          # validation – issuer 
+          # available (U.S.-issued 
+          # card/non-U.S acquirer) 
+          # 8 = CAVV attempt – 
+          # passed validation – issuer
+          # available (U.S.-issued 
+          # card/non-U.S. acquirer) 
+          # 9 = CAVV attempt – failed
+          # validation – issuer 
+          def cavv_response
+            params['x_cavv_response']
+          end
+          
+          # Check if #cavv_response == '', '2', '8' one of those [non failing]
+          # [blank means no validated, 2 is passed, 8 is passed issuer
+          # available]
+          def cavv_matches?
+            ['','2','8'].include? cavv_response
+          end
+           
+          # Payment is complete -- returns true if x_response_code == '1'
+          def complete?
+            params["x_response_code"] == '1'
+          end 
+
+          # Alias for invoice number--this is the only id they pass back to us
+          # that we passed to them, except customer id is also passed back.
+          def item_id
+            unescape params['x_invoice_num']
+          end
+
+          # They return this number to us [it's unique to Authorize.net].
+          def transaction_id
+            params['x_trans_id']
+          end
+
+          # When was this payment was received by the client. --unimplemented --
+          # always returns nil
+          def received_at
+            nil
+          end
+
+          # End-user's email
+          def payer_email
+            unescape params['x_email']
+          end
+
+          # They don't pass merchant email back to us -- unimplemented -- always
+          # returns nil
+          def receiver_email
+            nil
+          end 
+
+          # md5 hash used internally
+          def security_key
+            params['x_MD5_Hash']
+          end
+
+          # The money amount we received in X.2 decimal. Returns a string
+          def gross
+            unescape params['x_amount']
+          end
+
+          # Was this a test transaction?
+          def test?
+            params['x_test_request'] == 'true'
+          end
+
+          # #method_available alias
+          def status
+            complete?
+          end
+
+          # Called to request back and check if it was a valid request.
+          # Authorize.net passes us back a hash that includes a hash of our
+          # 'unique' MD5 value that we set within their system.
+          #
+          # Example: 
+          # acknowledge('my secret md5 hash that I set within Authorize.Net', 'authorize_login')
+          #
+          # Note this is somewhat unsafe unless you actually set that md5 hash
+          # to something (defaults to '' in their system).
+          def acknowledge(md5_hash_set_in_authorize_net, authorize_net_login_name)
+            Digest::MD5.hexdigest(md5_hash_set_in_authorize_net + authorize_net_login_name + params['x_trans_id'] + gross) == params['x_MD5_Hash'].downcase
+          end
+          
+         private
+
+          # Take the posted data and move the relevant data into a hash.
+          def parse(post)
+            @raw = post
+            post.split('&').each do |line|
+              key, value = *line.scan( %r{^(\w+)\=(.*)$} ).flatten
+              params[key] = value
+            end
+          end
+          
+        end
+      end
+    end
+  end
+end