tlconnor-activemerchant 1.20.4

data/lib/active_merchant/billing/integrations/quickpay/notification.rb

@@ -0,0 +1,74 @@
+require 'net/http'
+
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    module Integrations #:nodoc:
+      module Quickpay
+        class Notification < ActiveMerchant::Billing::Integrations::Notification
+          def complete?
+            status == '000'
+          end 
+
+          def item_id
+            params['ordernumber']
+          end
+
+          def transaction_id
+            params['transaction']
+          end
+
+          def received_at
+            Time.parse("20#{params['time']}")
+          end
+
+          def gross
+            "%.2f" % (gross_cents / 100.0)
+          end
+
+          def gross_cents
+            params['amount'].to_i
+          end
+
+          def test?
+            params['testmode'] == 'Yes'
+          end
+
+          def status
+            params['qpstat']
+          end
+
+          def currency
+            params['currency']
+          end
+          
+          # Provide access to raw fields from quickpay
+          %w(msgtype ordernumber state chstat chstatmsg qpstat qpstatmsg merchant merchantemail cardtype cardnumber).each do |attr|
+            define_method(attr) do
+              params[attr]
+            end
+          end
+
+          MD5_CHECK_FIELDS = [
+            :msgtype, :ordernumber, :amount, :currency, :time, :state,
+            :chstat, :chstatmsg, :qpstat, :qpstatmsg, :merchant, :merchantemail,
+            :transaction, :cardtype, :cardnumber, :testmode
+          ]
+
+          def generate_md5string
+            MD5_CHECK_FIELDS.map { |key| params[key.to_s] } * "" + @options[:credential2]
+          end
+          
+          def generate_md5check
+            Digest::MD5.hexdigest(generate_md5string)
+          end
+          
+          # Quickpay doesn't do acknowledgements of callback notifications
+          # Instead it uses and MD5 hash of all parameters
+          def acknowledge      
+            generate_md5check == params['md5check']
+          end
+        end
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/integrations/return.rb

@@ -0,0 +1,42 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    module Integrations #:nodoc:
+      class Return
+        attr_accessor :params
+        attr_reader :notification
+      
+        def initialize(query_string, options = {})
+          @params  = parse(query_string)
+          @options = options
+        end
+      
+        # Successful by default. Overridden in the child class
+        def success?
+          true
+        end
+
+        # Not cancelled by default.  Overridden in the child class.
+        def cancelled?
+          false
+        end
+
+        def message
+          
+        end
+        
+        def parse(query_string)
+          return {} if query_string.blank?
+          
+          query_string.split('&').inject({}) do |memo, chunk|
+            next if chunk.empty?
+            key, value = chunk.split('=', 2)
+            next if key.empty?
+            value = value.nil? ? nil : CGI.unescape(value)
+            memo[CGI.unescape(key)] = value
+            memo
+          end
+        end 
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/integrations/sage_pay_form.rb

@@ -0,0 +1,37 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    module Integrations #:nodoc:
+      module SagePayForm 
+        autoload :Helper,       File.dirname(__FILE__) + '/sage_pay_form/helper.rb'
+        autoload :Return,       File.dirname(__FILE__) + '/sage_pay_form/return.rb'
+        autoload :Notification, File.dirname(__FILE__) + '/sage_pay_form/notification.rb'
+        autoload :Encryption,   File.dirname(__FILE__) + '/sage_pay_form/encryption.rb'
+
+        mattr_accessor :production_url
+        mattr_accessor :test_url
+        mattr_accessor :simulate_url
+        self.production_url = 'https://live.sagepay.com/gateway/service/vspform-register.vsp'
+        self.test_url       = 'https://test.sagepay.com/gateway/service/vspform-register.vsp'
+        self.simulate_url   = 'https://test.sagepay.com/Simulator/VSPFormGateway.asp'
+
+        def self.return(query_string, options = {})
+          Return.new(query_string, options)
+        end
+
+        def self.service_url
+          mode = ActiveMerchant::Billing::Base.integration_mode
+          case mode
+          when :production
+            self.production_url    
+          when :test
+            self.test_url
+          when :simulate
+            self.simulate_url
+          else
+            raise StandardError, "Integration mode set to an invalid value: #{mode}"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/integrations/sage_pay_form/encryption.rb

@@ -0,0 +1,33 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    module Integrations #:nodoc:
+      module SagePayForm
+        module Encryption
+          def sage_encrypt(plaintext, key)
+            Base64.strict_encode64(sage_encrypt_xor(plaintext, key))
+          end
+
+          def sage_decrypt(ciphertext, key)
+            sage_encrypt_xor(Base64.decode64(ciphertext), key)
+          end
+          
+          def sage_encrypt_salt(min, max)
+            length = rand(max - min + 1) + min
+            SecureRandom.base64(length + 4)[0, length]
+          end
+
+          private
+
+          def sage_encrypt_xor(data, key)
+            raise 'No key provided' if key.blank?
+            
+            key *= (data.bytesize.to_f / key.bytesize.to_f).ceil
+            key = key[0, data.bytesize]
+
+            data.bytes.zip(key.bytes).map { |b1, b2| (b1 ^ b2).chr }.join
+          end
+        end
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/integrations/sage_pay_form/helper.rb

@@ -0,0 +1,127 @@
+require 'uri'
+
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    module Integrations #:nodoc:
+      module SagePayForm
+        class Helper < ActiveMerchant::Billing::Integrations::Helper
+          include Encryption
+          
+          mapping :credential2, 'EncryptKey'
+          
+          mapping :account, 'Vendor'
+          mapping :amount, 'Amount'
+          mapping :currency, 'Currency'
+        
+          mapping :order, 'VendorTxCode'
+
+          mapping :customer,
+            :first_name => 'BillingFirstnames',
+            :last_name  => 'BillingSurname',
+            :email      => 'CustomerEMail',
+            :phone      => 'BillingPhone',
+            :send_email_confirmation => 'SendEmail'
+
+          mapping :billing_address,
+            :city     => 'BillingCity',
+            :address1 => 'BillingAddress1',
+            :address2 => 'BillingAddress2',
+            :state    => 'BillingState',
+            :zip      => 'BillingPostCode',
+            :country  => 'BillingCountry'
+
+          mapping :shipping_address,
+            :city     => 'DeliveryCity',
+            :address1 => 'DeliveryAddress1',
+            :address2 => 'DeliveryAddress2',
+            :state    => 'DeliveryState',
+            :zip      => 'DeliveryPostCode',
+            :country  => 'DeliveryCountry'
+
+          mapping :return_url, 'SuccessURL'
+          mapping :description, 'Description'
+
+          def shipping_address(params = {})
+            @shipping_address_set = true unless params.empty?
+
+            params.each do |k, v|
+              field = mappings[:shipping_address][k]
+              add_field(field, v) unless field.nil?
+            end
+          end
+
+          def map_billing_address_to_shipping_address
+            %w(City Address1 Address2 State PostCode Country).each do |field|
+              fields["Delivery#{field}"] = fields["Billing#{field}"]
+            end
+          end
+
+          def form_fields
+            map_billing_address_to_shipping_address unless @shipping_address_set
+
+            fields['DeliveryFirstnames'] ||= fields['BillingFirstnames']
+            fields['DeliverySurname']    ||= fields['BillingSurname']
+
+            fields['FailureURL'] ||= fields['SuccessURL']
+
+            crypt_skip = ['Vendor', 'EncryptKey', 'SendEmail']
+            crypt_skip << 'BillingState'  unless fields['BillingCountry']  == 'US'
+            crypt_skip << 'DeliveryState' unless fields['DeliveryCountry'] == 'US'
+            crypt_skip << 'CustomerEMail' unless fields['SendEmail']
+            key = fields['EncryptKey']
+            @crypt ||= create_crypt_field(fields.except(*crypt_skip), key)
+            
+            {
+              'VPSProtocol' => '2.23',
+              'TxType' => 'PAYMENT',
+              'Vendor' => @fields['Vendor'],
+              'Crypt'  => @crypt
+            }
+          end
+
+          private
+
+          def create_crypt_field(fields, key)
+            parts = fields.map { |k, v| "#{k}=#{sanitize(k, v)}" unless v.nil? }.compact.shuffle
+            parts.unshift(sage_encrypt_salt(key.length, key.length * 2))
+            sage_encrypt(parts.join('&'), key)
+          end
+
+          def sanitize(key, value)
+            reject = exact = nil
+            
+            case key
+            when /URL$/
+              # allow all
+            when 'VendorTxCode'
+              reject = /[^A-Za-z0-9{}._-]+/
+            when /[Nn]ames?$/
+              reject = %r{[^[:alpha:] /\\.'-]+}
+            when /(?:Address[12]|City)$/
+              reject = %r{[^[:alnum:] +'/\\:,.\n()-]+}
+            when /PostCode$/
+              reject = /[^A-Za-z0-9 -]+/
+            when /Phone$/
+              reject = /[^0-9A-Za-z+ ()-]+/
+            when 'Currency'
+              exact = /^[A-Z]{3}$/
+            when /State$/
+              exact = /^[A-Z]{2}$/
+            else
+              reject = /&+/
+            end
+            
+            if exact
+              raise ArgumentError, "Invalid value for #{key}: #{value.inspect}" unless value =~ exact
+              value
+            elsif reject
+              value.gsub(reject, ' ')
+            else
+              value
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/integrations/sage_pay_form/notification.rb

@@ -0,0 +1,210 @@
+require 'net/http'
+
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    module Integrations #:nodoc:
+      module SagePayForm
+        class Notification < ActiveMerchant::Billing::Integrations::Notification
+          class CryptError < StandardError; end
+
+          include Encryption
+          
+          def initialize(post_data, options)
+            super
+            load_crypt_params(params['crypt'], options[:credential2])
+          end
+          
+          # Was the transaction complete?
+          def complete?
+            status_code == 'OK'
+          end
+
+          # Was the transaction cancelled?
+          # Unfortunately, we can't distinguish "user abort" from "idle too long".
+          def cancelled?
+            status_code == 'ABORT'
+          end
+
+          # Text version of #complete?, since we don't support Pending.
+          def status
+            complete? ? 'Completed' : 'Failed'
+          end
+
+          # Status of transaction. List of possible values:
+          # <tt>OK</tt>:: Transaction completed successfully.
+          # <tt>NOTAUTHED</tt>:: Incorrect card details / insufficient funds.
+          # <tt>MALFORMED</tt>:: Invalid input data.
+          # <tt>INVALID</tt>:: Valid input data, but some fields are incorrect.
+          # <tt>ABORT</tt>:: User hit cancel button or went idle for 15+ minutes.
+          # <tt>REJECTED</tt>:: Rejected by account fraud screening rules.
+          # <tt>AUTHENTICATED</tt>:: Authenticated card details secured at SagePay.
+          # <tt>REGISTERED</tt>:: Non-authenticated card details secured at SagePay.
+          # <tt>ERROR</tt>:: Problem internal to SagePay.
+          def status_code
+            params['Status']
+          end
+
+          # Check this if #completed? is false.
+          def message
+            params['StatusDetail']
+          end
+
+          # Vendor-supplied code (:order mapping).
+          def item_id
+            params['VendorTxCode']
+          end
+
+          # Internal SagePay code, typically "{LONG-UUID}".
+          def transaction_id
+            params['VPSTxId']
+          end
+
+          # Authorization number (only if #completed?).
+          def auth_id
+            params['TxAuthNo']
+          end
+
+          # Total amount (no fees).
+          def gross
+            params['Amount']
+          end
+          
+          # AVS and CV2 check results.  Possible values:
+          # <tt>ALL MATCH</tt>::
+          # <tt>SECURITY CODE MATCH ONLY</tt>::
+          # <tt>ADDRESS MATCH ONLY</tt>::
+          # <tt>NO DATA MATCHES</tt>::
+          # <tt>DATA NOT CHECKED</tt>::
+          def avs_cv2_result
+            params['AVSCV2']
+          end
+          
+          # Numeric address check.  Possible values:
+          # <tt>NOTPROVIDED</tt>::
+          # <tt>NOTCHECKED</tt>::
+          # <tt>MATCHED</tt>::
+          # <tt>NOTMATCHED</tt>::          
+          def address_result
+            params['AddressResult']
+          end
+          
+          # Post code check.  Possible values:
+          # <tt>NOTPROVIDED</tt>::
+          # <tt>NOTCHECKED</tt>::
+          # <tt>MATCHED</tt>::
+          # <tt>NOTMATCHED</tt>::          
+          def post_code_result
+            params['PostCodeResult']
+          end
+
+          # CV2 code check.  Possible values:
+          # <tt>NOTPROVIDED</tt>::
+          # <tt>NOTCHECKED</tt>::
+          # <tt>MATCHED</tt>::
+          # <tt>NOTMATCHED</tt>::          
+          def cv2_result
+            params['CV2Result']
+          end
+
+          # Was the Gift Aid box checked?
+          def gift_aid?
+            params['GiftAid'] == '1'
+          end
+
+          # Result of 3D Secure checks.  Possible values:
+          # <tt>OK</tt>:: Authenticated correctly.
+          # <tt>NOTCHECKED</tt>:: Authentication not performed.
+          # <tt>NOTAVAILABLE</tt>:: Card not auth-capable, or auth is otherwise impossible.
+          # <tt>NOTAUTHED</tt>:: User failed authentication.
+          # <tt>INCOMPLETE</tt>:: Authentication unable to complete.
+          # <tt>ERROR</tt>:: Unable to attempt authentication due to data / service errors.
+          def buyer_auth_result
+            params['3DSecureStatus']
+          end
+
+          # Encoded 3D Secure result code.
+          def buyer_auth_result_code
+            params['CAVV']
+          end
+
+          # Address confirmation status.  PayPal only.  Possible values:
+          # <tt>NONE</tt>:: 
+          # <tt>CONFIRMED</tt>:: 
+          # <tt>UNCONFIRMED</tt>:: 
+          def address_status
+            params['AddressStatus']
+          end
+
+          # Payer verification.  Undocumented.
+          def payer_verified?
+            params['PayerStatus'] == 'VERIFIED'
+          end
+          
+          # Credit card type.  Possible values:
+          # <tt>VISA</tt>:: Visa
+          # <tt>MC</tt>:: MasterCard
+          # <tt>DELTA</tt>:: Delta
+          # <tt>SOLO</tt>:: Solo
+          # <tt>MAESTRO</tt>:: Maestro (UK and International)
+          # <tt>UKE</tt>:: Visa Electron
+          # <tt>AMEX</tt>:: American Express
+          # <tt>DC</tt>:: Diners Club
+          # <tt>JCB</tt>:: JCB
+          # <tt>LASER</tt>:: Laser
+          # <tt>PAYPAL</tt>:: PayPal
+          def credit_card_type
+            params['CardType']
+          end
+
+          # Last four digits of credit card.
+          def credit_card_last_4_digits
+            params['Last4Digits']
+          end
+
+          # Used by composition methods, but not supplied by SagePay.
+          def currency
+            nil
+          end
+
+          def test?
+            false
+          end
+          
+          def acknowledge      
+            true
+          end
+
+          private
+
+          def load_crypt_params(crypt, key)
+            raise MissingCryptData if crypt.blank?
+            raise MissingCryptKey  if key.blank?
+            
+            crypt_data = sage_decrypt(crypt.gsub(' ', '+'), key)
+            raise InvalidCryptData unless crypt_data =~ /(^|&)Status=/
+
+            params.clear            
+            parse(crypt_data)
+          end
+
+          class MissingCryptKey  < CryptError
+            def message
+              'No merchant decryption key supplied'
+            end
+          end
+          class MissingCryptData < CryptError
+            def message
+              'No data received from SagePay'
+            end
+          end
+          class InvalidCryptData < CryptError
+            def message
+              'Invalid data received from SagePay'
+            end
+          end
+
+        end
+      end
+    end
+  end
+end