workarea-forter 1.2.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 8677c1ba833efc27b03b9268a5b3fec4c1ec08e489e7129b1a4cd06e4b2a80b1
+  data.tar.gz: 10b6c5bb01c38a7b24c2d255f03100dc5685169a2f7caaecda03d8935bb606d8
+SHA512:
+  metadata.gz: 0bc6361719646f98994bdee5bdbe868becb86bd45d3cc28a2997a02dbfffeb609e77c2bc810c61c836b39eda7acbf03cf96c72497dd01f7b6e5ed635b5dfb469
+  data.tar.gz: e3a963a6e9155da34bfeee2bfcca89ca2603e8e8895dad5978b86033f23a3f109e2414a22c348ca58f9e238d6d75a42ce2367ea0d98712e4be1fd346fa29010d

data/.editorconfig

@@ -0,0 +1,20 @@
+# editorconfig.org
+root = true
+
+[*]
+charset = utf-8
+indent_style = space
+end_of_line = lf
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[{*.rb,*.haml,*.decorator,*.yml,*.yaml,*.jbuilder}]
+indent_size = 2
+indent_style = space
+
+[{*.js,*.jst,*.ejs,*.scss}]
+indent_size = 4
+
+[*.md]
+indent_size = 4
+trim_trailing_whitespace = false

data/.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,37 @@
+---
+name: Bug report
+about: Create a report to help us improve Workarea
+title: ''
+labels: bug
+assignees: ''
+
+---
+
+⚠️**Before you create**⚠️
+Please verify the issue you're experiencing is not part of your Workarea project customizations. The best way to do this is with a [vanilla Workarea installation](https://developer.workarea.com/articles/create-a-new-host-application.html). This will help us spend time on fixes/improvements for the whole community. Thank you!
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Workarea Setup (please complete the following information):**
+ - Workarea Version: [e.g. v3.4.6]
+ - Plugins [e.g. workarea-blog, workarea-sitemaps]
+
+**Attachments**
+If applicable, add any attachments to help explain your problem, things like:
+- screenshots
+- Gemfile.lock
+- test cases
+
+**Additional context**
+Add any other context about the problem here.

data/.github/ISSUE_TEMPLATE/documentation-request.md

@@ -0,0 +1,17 @@
+---
+name: Documentation request
+about: Suggest documentation
+title: ''
+labels: documentation
+assignees: ''
+
+---
+
+**Is your documentation related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm confused by [...]
+
+**Describe the article you'd like**
+A clear and concise description of what would be in the documentation article.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

data/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for Workarea
+title: ''
+labels: enhancement
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

data/.gitignore

@@ -0,0 +1,17 @@
+.bundle/
+log/*.log
+pkg/
+test/dummy/db/*.sqlite3
+test/dummy/db/*.sqlite3-journal
+test/dummy/log/*.log
+test/dummy/tmp/
+.DS_Store
+.byebug_history
+.bundle/
+.sass-cache/
+Gemfile.lock
+test/dummy/public/
+node_modules
+coverage/
+package.json
+yarn.lock

data/CHANGELOG.md

@@ -0,0 +1,63 @@
+Workarea Forter 1.2.2 (2019-08-21)
+--------------------------------------------------------------------------------
+
+*   Open Source!
+ 
+ 
+ 
+Workarea Forter 1.2.1 (2019-08-06)
+--------------------------------------------------------------------------------
+
+*   Add API version to configuration.
+
+    FORTER-15
+    Jeff Yucis
+
+*   Set the BIN for saved cards added from my account section
+
+    FORTER-17
+    Jeff Yucis
+
+
+
+Workarea Forter 1.2.0 (2019-04-30)
+--------------------------------------------------------------------------------
+
+*   Add support for checkout.com payment processor
+
+    Extracts the payment processor response code used by forter when
+    evaluating for fraud.
+
+    FORTER-13
+    Jeff Yucis
+
+
+
+Workarea Forter 1.1.0 (2019-03-19)
+--------------------------------------------------------------------------------
+
+*   * Remove checkout controller decorator, user agent functionality is part of Workarea now
+
+    FORTER-12
+    Jake Beresford
+
+*   Update for v3.4
+
+    * Update CI scripts
+    * Remove user_agent decoration from order.rb, this is part of Workarea::Order as of v3.4
+    * Update gemspec dependency for workarea to >= 3.4
+
+    FORTER-12
+    Jake Beresford
+
+
+
+Workarea Forter 1.0.0 (2019-03-05)
+--------------------------------------------------------------------------------
+
+*   Forter fraud protection integration. Automatic decision at checkout with no intervention required from admins.
+
+    Jeff Yucis
+
+
+

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,3 @@
+View this plugin's code of conduct here:
+
+<https://github.com/workarea-commerce/workarea/blob/master/CODE_OF_CONDUCT.md>

data/CONTRIBUTING.md

@@ -0,0 +1,3 @@
+View this plugin's contribution guidelines here:
+
+<https://github.com/workarea-commerce/workarea/blob/master/CONTRIBUTING.md>

data/Gemfile

@@ -0,0 +1,25 @@
+source 'https://rubygems.org'
+git_source(:github) { |repo| "git@github.com:#{repo}.git" }
+
+gemspec
+
+gem 'workarea'
+gem 'byebug'
+group :test do
+  gem 'simplecov', require: false
+
+  case ENV['CC_PROCESSOR']
+  when 'braintree'
+    gem 'workarea-braintree'
+  when 'moneris'
+    gem 'workarea-moneris'
+  when 'authorize_cim'
+    gem 'workarea-authorize_cim'
+  when 'payflow_pro'
+    gem 'workarea-payflow_pro'
+  when 'cyber_source'
+    gem 'workarea-cyber_source'
+  when 'checkoutdotcom'
+    gem 'workarea-checkoutdotcom'
+  end
+end

data/LICENSE

@@ -0,0 +1,52 @@
+WebLinc
+Business Source License
+
+Licensor: WebLinc Corporation, 22 S. 3rd Street, 2nd Floor, Philadelphia PA 19106
+
+Licensed Work: Workarea Commerce Platform
+               The Licensed Work is (c) 2019 WebLinc Corporation
+
+Additional Use Grant:
+                      You may make production use of the Licensed Work without an additional license agreement with WebLinc so long as you do not use the Licensed Work for a Commerce Service.
+
+                      A "Commerce Service" is a commercial offering that allows third parties (other than your employees and contractors) to access the functionality of the Licensed Work by creating or managing commerce functionality, the products, taxonomy, assets and/or content of which are controlled by such third parties. 
+
+                      For information about obtaining an additional license agreement with WebLinc, contact licensing@workarea.com.
+
+Change Date: 2019-08-20
+
+Change License: Version 2.0 or later of the GNU General Public License as published by the Free Software Foundation
+
+Terms
+
+The Licensor hereby grants you the right to copy, modify, create derivative works, redistribute, and make non-production use of the Licensed Work. The Licensor may make an Additional Use Grant, above, permitting limited production use.
+
+Effective on the Change Date, or the fourth anniversary of the first publicly available distribution of a specific version of the Licensed Work under this License, whichever comes first, the Licensor hereby grants you rights under the terms of the Change License, and the rights granted in the paragraph above terminate.
+
+If your use of the Licensed Work does not comply with the requirements currently in effect as described in this License, you must purchase a commercial license from the Licensor, its affiliated entities, or authorized resellers, or you must refrain from using the Licensed Work.
+
+All copies of the original and modified Licensed Work, and derivative works of the Licensed Work, are subject to this License. This License applies separately for each version of the Licensed Work and the Change Date may vary for each version of the Licensed Work released by Licensor.
+
+You must conspicuously display this License on each original or modified copy of the Licensed Work. If you receive the Licensed Work in original or modified form from a third party, the terms and conditions set forth in this License apply to your use of that work.
+
+Any use of the Licensed Work in violation of this License will automatically terminate your rights under this License for the current and all other versions of the Licensed Work.
+
+This License does not grant you any right in any trademark or logo of Licensor or its affiliates (provided that you may use a trademark or logo of Licensor as expressly required by this License). TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON AN "AS IS" BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND TITLE. MariaDB hereby grants you permission to use this License’s text to license your works and to refer to it using the trademark "Business Source License" as long as you comply with the Covenants of Licensor below.
+
+Covenants of Licensor
+In consideration of the right to use this License’s text and the "Business Source License" name and trademark, Licensor covenants to MariaDB, and to all other recipients of the licensed work to be provided by Licensor:
+
+To specify as the Change License the GPL Version 2.0 or any later version, or a license that is compatible with GPL Version 2.0 or a later version, where "compatible" means that software provided under the Change License can be included in a program with software provided under GPL Version 2.0 or a later version. Licensor may specify additional Change Licenses without limitation.
+
+To either: (a) specify an additional grant of rights to use that does not impose any additional restriction on the right granted in this License, as the Additional Use Grant; or (b) insert the text "None."
+
+To specify a Change Date.
+
+Not to modify this License in any other way.
+
+Notice
+The Business Source License (this document, or the "License") is not an Open Source license. However, the Licensed Work will eventually be made available under an Open Source License, as stated in this License.
+
+For more information on the use of the Business Source License generally, please visit the Adopting and Developing Business Source License FAQ.
+
+License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved. "Business Source License" is a trademark of MariaDB Corporation Ab.

data/LICENSE.md

@@ -0,0 +1,3 @@
+View this plugin's license here: 
+
+<https://github.com/workarea-commerce/workarea/blob/master/LICENSE.md>

data/README.md

@@ -0,0 +1,113 @@
+Workarea Forter
+================================================================================
+
+Forter fraud protection for the Workarea platform that offers guarantees against charge-backs for eligible transactions.
+
+This solution currently works for a pre-authorization model of payment, meaning that funds are authorized at checkout then captured at a later date, usually when the product ships.
+
+Payments use the following flow:
+1. A user enters their payment in checkout.
+2. The payment is authorized.
+3. An API call is made to Forter.
+  + On approval or no-decision the order is placed as usual.
+  + On decline the authorized payments are voided and a message is displayed to the user.
+
+This plugin is compatible with following Workarea supported payment types:
++ Credit Cards
++ Paypal
++ Gift cards
++ Store credit
+
+Payment types not in this list will still function but are not eligible for fraud protection.
+
+Configuration
+--------------------------------------------------------------------------------
+Add the secret key to your secrets file:
+
+```
+forter:
+  secret_key: XXXXXXXX
+```
+
+Add the site ID to an initializer file in your host app:
+
+```ruby
+  Workarea.config.forter.site_id = nil
+```
+
+You can specify which version of the API via configuration:
+
+```ruby
+  Workarea.config.forter.api_version = "2.4"
+```
+
+If no API version is configured the default of **2.2** will be used.
+
+Implementation Notes
+--------------------------------------------------------------------------------
+**Verifcation Data**
+
+Forter relies on verification data returned from the credit processor when validating credit card transactions. This data can vary by credit card processor.
+
+Be sure to test that the following data is sent in the **verificationResults**  hash sent with each credit card:
+```
+  {
+      "avsFullResult": "",
+      "cvvResult": "",
+      "avsNameResult": "",
+      "authorizationCode": "",
+      "processorResponseCode": "",
+      "processorResponseText": ""
+  }
+```
+**Rolling Back Fraud Transactions**
+
+Credit card authorizations are voided when a transaction is deemed to be fraudulent. The void action relies on the #cancel! method implemented on each tenders authorization class. It is very important to implement and test this method when creating a new payment type.
+
+
+Getting Started
+--------------------------------------------------------------------------------
+
+This gem contains a rails engine that must be mounted onto a host Rails application.
+
+To access Workarea gems and source code, you must be an employee of WebLinc or a licensed retailer or partner.
+
+Workarea gems are hosted privately at https://gems.weblinc.com/.
+You must have individual or team credentials to install gems from this server. Add your gems server credentials to Bundler:
+
+    bundle config gems.weblinc.com my_username:my_password
+
+Or set the appropriate environment variable in a shell startup file:
+
+    export BUNDLE_GEMS__WEBLINC__COM='my_username:my_password'
+
+Then add the gem to your application's Gemfile specifying the source:
+
+    # ...
+    gem 'workarea-forter', source: 'https://gems.weblinc.com'
+    # ...
+
+Or use a source block:
+
+    # ...
+    source 'https://gems.weblinc.com' do
+      gem 'workarea-forter'
+    end
+    # ...
+
+Update your application's bundle.
+
+    cd path/to/application
+    bundle
+
+Workarea Platform Documentation
+--------------------------------------------------------------------------------
+
+See [http://developer.weblinc.com](http://developer.weblinc.com) for Workarea platform documentation.
+
+Copyright & Licensing
+--------------------------------------------------------------------------------
+
+Copyright WebLinc 2018. All rights reserved.
+
+For licensing, contact sales@workarea.com.

data/Rakefile

@@ -0,0 +1,60 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Forter'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+load 'rails/tasks/statistics.rake'
+load 'workarea/changelog.rake'
+
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+task default: :test
+
+$LOAD_PATH.unshift File.expand_path('../lib', __FILE__)
+require 'workarea/forter/version'
+
+desc "Release version #{Workarea::Forter::VERSION} of the gem"
+task :release do
+  host = "https://#{ENV['BUNDLE_GEMS__WEBLINC__COM']}@gems.weblinc.com"
+
+  #Rake::Task['workarea:changelog'].execute
+  #system 'git add CHANGELOG.md'
+  #system 'git commit -m "Update CHANGELOG"'
+  #system 'git push origin HEAD'
+
+  system "git tag -a v#{Workarea::Forter::VERSION} -m 'Tagging #{Workarea::Forter::VERSION}'"
+  system 'git push --tags'
+
+  system "gem build workarea-forter.gemspec"
+  system "gem push workarea-forter-#{Workarea::Forter::VERSION}.gem"
+  system "gem push workarea-forter-#{Workarea::Forter::VERSION}.gem --host #{host}"
+  system "rm workarea-forter-#{Workarea::Forter::VERSION}.gem"
+end
+
+desc 'Run the JavaScript tests'
+ENV['TEASPOON_RAILS_ENV'] = File.expand_path('../test/dummy/config/environment', __FILE__)
+task teaspoon: 'app:teaspoon'
+
+desc 'Start a server at http://localhost:3000/teaspoon for JavaScript tests'
+task :teaspoon_server do
+  Dir.chdir("test/dummy")
+  teaspoon_env = File.expand_path('../test/teaspoon_env.rb', __FILE__)
+  system "RAILS_ENV=test TEASPOON_ENV=#{teaspoon_env} rails s"
+end

data/app/controllers/workarea/admin/orders_controller.decorator

@@ -0,0 +1,6 @@
+module Workarea
+  decorate Admin::OrdersController, with: :forter do
+    def fraud
+    end
+  end
+end

data/app/controllers/workarea/storefront/application_controller.decorator

@@ -0,0 +1,10 @@
+module Workarea
+  decorate Storefront::ApplicationController, with: :forter do
+
+    def current_order
+      super.tap do |order|
+        order.forter_tracking_code = cookies[:forterToken]
+      end
+    end
+  end
+end

data/app/models/search/admin/order.decorator

@@ -0,0 +1,7 @@
+module Workarea
+  decorate Search::Admin::Order, with: :forter do
+    def should_be_indexed?
+      model.placed? || model.flagged_for_fraud?
+    end
+  end
+end

data/app/models/workarea/checkout/collect_payment.decorator

@@ -0,0 +1,75 @@
+module Workarea
+  decorate Checkout::CollectPayment, with: :forter do
+    def purchase
+      collect_result = super
+
+      begin
+        decision = Forter::Decision.find_or_create_by(id: @order.id)
+        order_hash = Forter::Order.new(@order).to_h
+
+        response = get_decision(@order_id, order_hash, decision)
+
+        # Rollback all transactions if the original collection
+        # was successful but the forter decision was a decline.
+        if collect_result && response.suspected_fraud?
+          payment.rollback!
+          payment.flagged_for_fraud = true
+
+          payment.save!
+          false
+        else
+          # need to re-add errors indicating the payment operation failed
+          error_messages = payment.errors.messages.clone
+          payment.update_attribute(:flagged_for_fraud, false)
+          error_messages.each do |attribute, message|
+            payment.errors.add(attribute, message)
+          end
+          collect_result
+        end
+
+      rescue => e
+        Forter.log_error(e)
+        return collect_result
+      ensure
+        decision.save!
+      end
+    end
+
+    private
+
+      ERROR_STATUSES = 500..599
+      MAX_RETRIES = 2
+
+      # Gets forter decision and builds decision responses on the Forter Decision
+      # model
+      #
+      # @raises Error
+      #
+      # @return [Workarea::Forter::DecisionResponse] response
+      #
+      def get_decision(order_id, order_hash, decision)
+        count = 1
+        begin
+          fraud_response = Forter.gateway.create_decision(@order.id, order_hash)
+          body = JSON.parse(fraud_response.body)
+          response = Forter::DecisionResponse.new(body)
+
+          decision.responses.build(decision_response: response)
+          raise if ERROR_STATUSES.include? fraud_response.status
+
+          response
+        rescue => error
+          decision.responses.build(
+            timed_out: error.is_a?(Faraday::Error::TimeoutError),
+            error: error.message
+          )
+          if count < MAX_RETRIES
+            count += 1
+            retry
+          else
+            raise error
+          end
+        end
+      end
+  end
+end

data/app/models/workarea/forter/decision.rb

@@ -0,0 +1,18 @@
+module Workarea
+  module Forter
+    class Decision
+      include ApplicationDocument
+
+      embeds_many :responses, class_name: 'Workarea::Forter::Response'
+      field :external_order_status, type: String, default: "PROCESSING"
+
+      index(created_at: -1)
+
+      # the last response returned from the forter service.
+      def response
+        return if responses.empty?
+        responses.sort_by { |r| r.created_at.to_i }.last.decision_response
+      end
+    end
+  end
+end

data/app/models/workarea/forter/response.rb

@@ -0,0 +1,15 @@
+module Workarea
+  module Forter
+    class Response
+      include Workarea::ApplicationDocument
+
+      field :decision_response, type: Workarea::Forter::DecisionResponse
+      field :timed_out, type: Boolean, default: false
+      field :error, type: String
+
+      def fraud_decision_action
+        decision_response&.action.presence || I18n.t('workarea.admin.orders.forter.decision_error')
+      end
+    end
+  end
+end

data/app/models/workarea/fulfillment.decorator

@@ -0,0 +1,77 @@
+module Workarea
+  decorate Fulfillment, with: :forter do
+    def ship_items(tracking_number, shipped_items)
+      shipped_items.each do |shipped_item|
+        mark_item_shipped(
+          shipped_item.merge(tracking_number: tracking_number.downcase)
+        )
+      end
+
+      save.tap do |result|
+        if result && Workarea.config.send_transactional_emails
+          Storefront::FulfillmentMailer
+            .shipped(id, tracking_number)
+            .deliver_later
+        end
+
+
+        if result
+          status_hash = {
+            orderId: id,
+            eventTime: Time.new.to_i * 1000,
+            updatedStatus: "SENT",
+            updatedMerchantStatus: status.to_s
+
+          }
+          Workarea::Forter::UpdateStatus.perform_async(id, status_hash)
+        end
+      end
+    end
+
+    def cancel_items(canceled_items)
+      return unless canceled_items.present?
+
+      occured_at = Time.current
+
+      canceled_items = canceled_items.map do |canceled_item|
+        canceled_item = canceled_item.with_indifferent_access
+        next unless canceled_item['quantity'].to_i > 0
+
+        item = items.detect { |i| i.order_item_id == canceled_item['id'].to_s }
+        next unless item.present?
+
+        item.events.build(
+          status: 'canceled',
+          quantity: canceled_item['quantity'],
+          created_at: occured_at,
+          updated_at: occured_at,
+          data: canceled_item.except('id', 'quantity')
+        )
+        [canceled_item['id'].to_s, canceled_item['quantity']]
+      end.compact
+
+      return unless canceled_items.present?
+
+      result = save
+
+      if result && Workarea.config.send_transactional_emails
+        Storefront::FulfillmentMailer
+          .canceled(id, Hash[canceled_items])
+          .deliver_later
+      end
+
+      if result
+        status_hash = {
+          orderId: id,
+          eventTime: Time.new.to_i * 1000,
+          updatedStatus: "CANCELED_BY_MERCHANT",
+          updatedMerchantStatus: status.to_s
+
+        }
+        Workarea::Forter::UpdateStatus.perform_async(id, status_hash)
+      end
+
+      result
+    end
+  end
+end