workarea-authorize_cim 2.1.1

data/Rakefile

@@ -0,0 +1,50 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require "rdoc/task"
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = "rdoc"
+  rdoc.title    = "Category Overview Content Block"
+  rdoc.options << "--line-numbers"
+  rdoc.rdoc_files.include("README.md")
+  rdoc.rdoc_files.include("lib/**/*.rb")
+end
+
+APP_RAKEFILE = File.expand_path('../test/dummy/Rakefile', __FILE__)
+load 'rails/tasks/engine.rake'
+load 'rails/tasks/statistics.rake'
+load "workarea/changelog.rake"
+
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+task default: :test
+
+$LOAD_PATH.unshift File.expand_path('../lib', __FILE__)
+require 'workarea/authorize_cim/version'
+
+desc "Release version #{Workarea::AuthorizeCim::VERSION} of the gem"
+task :release do
+  host = "https://#{ENV['BUNDLE_GEMS__WEBLINC__COM']}@gems.weblinc.com"
+
+  #Rake::Task["workarea:changelog"].execute
+  #system "git add CHANGELOG.md"
+  #system 'git commit -m "Update CHANGELOG"'
+  #system "git push origin HEAD"
+
+  system "git tag -a v#{Workarea::AuthorizeCim::VERSION} -m 'Tagging #{Workarea::AuthorizeCim::VERSION}'"
+  system 'git push --tags'
+
+  system 'gem build workarea-authorize_cim.gemspec'
+  system "gem push workarea-authorize_cim-#{Workarea::AuthorizeCim::VERSION}.gem"
+  system "gem push workarea-authorize_cim-#{Workarea::AuthorizeCim::VERSION}.gem --host #{host}"
+  system "rm workarea-authorize_cim-#{Workarea::AuthorizeCim::VERSION}.gem"
+end

data/app/errors/workarea/payment/create_profile_error.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Workarea
+  class Payment
+    # Thrown when Authorize.net can't create the payment profile for
+    # some reason. This is typically caught and hidden from erroring out
+    # to the user, instead preferring to notify the developers of the
+    # issue via a reporting service.
+    #
+    # The web application will defer to the frontend to actually report
+    # this error to the user.
+    class CreateProfileError < StandardError
+      def initialize(message, parameters: {})
+        @parameters = parameters
+        super "Payment profile could not be created: #{message}"
+      end
+    end
+  end
+end

data/app/models/workarea/payment.decorator

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+module Workarea
+  decorate Payment, with: :cim do
+    def successful_captures
+      transactions.select { |t| t.success? && (t.capture? || t.purchase?) }
+    end
+
+    def eligible_for_refund?
+      return true unless credit_card? && successful_captures.present?
+
+      successful_captures.first.created_at < Time.now - 24.hours
+    end
+  end
+end

data/app/models/workarea/payment/authorize/credit_card.decorator

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+module Workarea
+  decorate Payment::Authorize::CreditCard, with: :cim do
+    def complete!
+      return unless Workarea::Payment::StoreCreditCard.new(tender, options).save!
+
+      transaction.response = handle_active_merchant_errors do
+        gateway.create_customer_profile_transaction(auth_args)
+      end
+    end
+
+    def cancel!
+      return unless transaction.success?
+
+      transaction.cancellation = handle_active_merchant_errors do
+        gateway.create_customer_profile_transaction(void_args)
+      end
+    end
+
+    private
+
+    def auth_args
+      {
+        transaction: {
+          type: :auth_only,
+          customer_profile_id: customer_profile_id,
+          customer_payment_profile_id: customer_payment_profile_id,
+          amount: auth_amount,
+          order: {
+            invoice_number: tender.payment.id.first(20) # auth net has max length 20 for this field
+          }
+        }
+      }
+    end
+
+    def void_args
+      {
+        transaction: {
+          type: :void,
+          customer_profile_id: customer_profile_id,
+          customer_payment_profile_id: customer_payment_profile_id,
+          trans_id: transaction.response.authorization
+        }
+      }
+    end
+
+    def customer_profile_id
+      tender.gateway_profile_id
+    end
+
+    def customer_payment_profile_id
+      tender.token
+    end
+
+    # cim requeires dollar amount (not cents)
+    # eg $4.25
+    def auth_amount
+      tender.amount.cents / 100.00
+    end
+  end
+end

data/app/models/workarea/payment/capture/credit_card.decorator

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+module Workarea
+  decorate Payment::Capture::CreditCard, with: :cim do
+    def complete!
+      validate_reference!
+
+      transaction.response = handle_active_merchant_errors do
+        gateway.create_customer_profile_transaction(capture_args)
+      end
+    end
+
+    def cancel!
+      # noop, can't cancel a capture
+    end
+
+    private
+
+    def capture_args
+      {
+        transaction: {
+          type: :prior_auth_capture,
+          amount: auth_amount,
+          trans_id: transaction_ref_id
+        }
+      }
+    end
+
+    def transaction_ref_id
+      transaction.reference.response.params['direct_response']['transaction_id']
+    end
+
+    # cim requires dollar amount (not cents)
+    # eg $4.25
+    def auth_amount
+      transaction.amount.to_s.to_f
+    end
+  end
+end

data/app/models/workarea/payment/profile.decorator

@@ -0,0 +1,169 @@
+# frozen_string_literal: true
+module Workarea
+  decorate Payment::Profile, with: :cim do
+    decorated do
+      before_validation :create_gateway_profile, if: :needs_gateway_profile?, on: :create
+      before_destroy :delete_gateway_profile, if: :on_gateway?
+    end
+
+    protected
+
+    # Create a new payment profile on the gateway, and log an error when
+    # this cannot be accomplished. First, this checks to make sure a
+    # +Payment::Profile+ doesn't already exist locally for the current
+    # email. If that is true, we attempt to either find an existing
+    # profile on Authorize.net or create a new one. Eventually,
+    # +gateway_id+ should be set to something after this method is
+    # called, and if not, a validation error is logged.
+    #
+    # @protected
+    # @return [Boolean] +true+
+    def create_gateway_profile
+      self.gateway_id = previous_profile_id || remote_profile_id
+      errors.add :gateway, 'error occurred' unless gateway_id.present?
+    end
+
+    # When destroying this record, also delete the payment profile from
+    # Authorize.net.
+    #
+    # @protected
+    # @return [Boolean] whether the operation was successful
+    def delete_gateway_profile
+      gateway.delete_customer_profile(
+        customer_profile_id: gateway_id
+      ).tap do |response|
+        errors.add :response, response.inspect unless response.success?
+      end.success?
+    end
+
+    # Test whether we need to ask Authorize.Net for a payment profile.
+    #
+    # @protected
+    # @return [Boolean] whether we need a payment profile
+    def needs_gateway_profile?
+      email.present? && gateway_id.blank?
+    end
+
+    # Test whether we have a gateway ID.
+    #
+    # @protected
+    # @return [Boolean]
+    def on_gateway?
+      gateway_id.present?
+    end
+
+    private
+
+    # The credit card gateway we're using to communicate with
+    # Authorize.Net
+    #
+    # @private
+    # @return [ActiveMerchant::Billing::Gateway]
+    def gateway
+      Workarea.config.gateways.credit_card
+    end
+
+    # Find an existing +Payment::Profile+ record with a gateway_id for
+    # this User, and use it in this record to save a roundtrip to
+    # Authorize.Net.
+    #
+    # @private
+    # @return [String] or +nil+ if none can be found.
+    def previous_profile_id
+      @ppid ||= Workarea::Payment::Profile.where(
+        email: email,
+        :gateway_id.ne => nil
+      ).pluck(:gateway_id).first
+    end
+
+    # Attempt to create a new customer profile on Authorize.Net, either
+    # by doing it outright or going through the duplicate payment
+    # profile motions.
+    #
+    # @private
+    # @return [String] The new payment profile ID from Authorize.net or
+    # +nil+ if it cannot be created.
+    def remote_profile_id
+      response = gateway.create_customer_profile(profile: { email: email })
+      return response.params['customer_profile_id'] if response.success?
+      return duplicate_payment_profile_id(response) if duplicate_profile?(response)
+      raise Payment::CreateProfileError.new(
+        response.message,
+        parameters: {
+          email: email,
+          response: debug_response(response)
+        }
+      )
+    end
+
+    # Attempt to pull the existing customer profile Authorize.Net using
+    # the original response's message and another API call.
+    #
+    # @private
+    # @param original_response [ActiveMerchant::Billing::Response]
+    # @return [String] Existing profile ID for this user
+    # @raise [Payment::CreateProfileError] if still can't be created.
+    def duplicate_payment_profile_id(original_response)
+      gateway_id = get_id_from_message(original_response)
+      response = gateway.get_customer_profile(customer_profile_id: gateway_id)
+
+      if response.success? && email_match?(response)
+        gateway_id
+      else
+        raise Payment::CreateProfileError, response.message
+      end
+    end
+
+    # Test whether the email in this response matches the email in the
+    # +Payment::Profile+ we're trying to create, so as not to
+    # accidentally assign the wrong gateway_id to the wrong user.
+    #
+    # @private
+    # @param response [ActiveMerchant::Billing::Response]
+    # @return [Boolean] whether the email matches
+    def email_match?(response)
+      response.params['profile']['email'] == email
+    end
+
+    # Test whether the response's error code matches the duplicate
+    # profile creation error code of +E00039+, which triggers a lookup
+    # in the error message of the payment profile ID.
+    #
+    # @private
+    # @param response [ActiveMerchant::Billing::Response]
+    # @return [Boolean] whether the error code matches E00039
+    def duplicate_profile?(response)
+      response.params['messages'].try(:[], 'message').try(:[], 'code') == 'E00039'
+    end
+
+    # Attempt to parse out the gateway ID from the error message that is
+    # given for duplicate record creation.
+    #
+    # @private
+    # @param response [ActiveMerchant::Billing::Response]
+    # @return [String] ID of the existing profile.
+    def get_id_from_message(response)
+      text = response.params['messages']['message']['text']
+      return unless text.present?
+      text.match(/A duplicate record with ID (\d+) already exists/)[1]
+    end
+
+    # Picks out the relevant pieces of the ActiveMerchant response for
+    # an exception object.
+    #
+    # @private
+    # @param response [ActiveMerchant::Billing::Response]
+    # @return [Hash]
+    def debug_response(response)
+      {
+        authorization: response.authorization,
+        avs_result: response.avs_result,
+        cvv_result: response.cvv_result,
+        error_code: response.error_code,
+        message: response.message,
+        params: response.params,
+        test: response.test
+      }
+    end
+  end
+end

data/app/models/workarea/payment/purchase/credit_card.decorator

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+module Workarea
+  decorate Payment::Purchase::CreditCard, with: :cim do
+    def complete!
+      return unless Workarea::Payment::StoreCreditCard.new(tender, options).save!
+
+      transaction.response = handle_active_merchant_errors do
+        gateway.create_customer_profile_transaction(auth_capture_args)
+      end
+    end
+
+    def cancel!
+      return unless transaction.success?
+
+      transaction.cancellation = handle_active_merchant_errors do
+        gateway.create_customer_profile_transaction(void_args)
+      end
+    end
+
+    private
+
+    def auth_capture_args
+      {
+        transaction: {
+          type: :auth_capture,
+          customer_profile_id: customer_profile_id,
+          customer_payment_profile_id: customer_payment_profile_id,
+          amount: auth_amount,
+          order: {
+            invoice_number: tender.payment.id.first(20) # auth net has max length 20 for this field
+          }
+        }
+      }
+    end
+
+    def void_args
+      {
+        transaction: {
+          type: :void,
+          customer_profile_id: customer_profile_id,
+          customer_payment_profile_id: customer_payment_profile_id,
+          trans_id: transaction.response.authorization
+        }
+      }
+    end
+
+    def customer_profile_id
+      tender.gateway_profile_id
+    end
+
+    def customer_payment_profile_id
+      tender.token
+    end
+
+    # cim requeires dollar amount (not cents)
+    # eg $4.25
+    def auth_amount
+      tender.amount.to_s.to_f
+    end
+  end
+end

data/app/models/workarea/payment/refund.decorator

@@ -0,0 +1,19 @@
+module Workarea
+  decorate Payment::Refund, with: :cim do
+    decorated { validate :has_refundable_transactions }
+
+    private
+
+    def has_refundable_transactions
+      amounts_with_tenders.each do |tender, _amount|
+        next unless tender.slug == :credit_card
+
+        tender.transactions.successful.not_canceled.captures_or_purchased.each do |transaction|
+          if transaction.created_at >= Time.now - 24.hours
+            errors.add(:credit_card, "This transaction hasn't been settled yet, and isn't eligble for refunding")
+          end
+        end
+      end
+    end
+  end
+end

data/app/models/workarea/payment/refund/credit_card.decorator

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+module Workarea
+  decorate Payment::Refund::CreditCard, with: :cim do
+    def complete!
+      return false unless tender.valid_capture_date?
+
+      validate_reference!
+
+      transaction.response = handle_active_merchant_errors do
+        gateway.create_customer_profile_transaction_for_refund(options)
+      end
+    end
+
+    private
+
+    def options
+      {
+        transaction: {
+          customer_profile_id: customer_profile_id,
+          customer_payment_profile_id: customer_payment_profile_id,
+          amount: refund_amount,
+          trans_id: transaction.reference.response.params['direct_response']['transaction_id']
+        }
+      }
+    end
+
+    def refund_amount
+      transaction.amount.to_s.to_f
+    end
+
+    def customer_profile_id
+      tender.gateway_profile_id
+    end
+
+    def customer_payment_profile_id
+      tender.token
+    end
+  end
+end