workarea-kount 3.3.0

data/LICENSE.md

@@ -0,0 +1,3 @@
+View this plugin's license here: 
+
+<https://github.com/workarea-commerce/workarea/blob/master/LICENSE.md>

data/README.md

@@ -0,0 +1,98 @@
+# Workarea Kount
+
+Kount plugin for the Workarea platform.
+
+## Kount Response Codes
+
+Kount's Risk Inquiry Services will return one of three values.
+
+Approved - the order is not suspected as fraud
+
+Decline - the order is fraud
+
+Hold for manager review - the order is suspected fraud
+
+## Kount Order Flow
+
+### In Checkout
+
+The Kount plugin sends the credit card and paypal orders to Kount before payment
+is captured. Based on the response from Kount different actions will be taken.
+
+#### Approved - The order is not fraud
+
+The order is placed.
+
+#### Decline - The order is fraud
+
+An error is shown to the customer and redirected back to the payment step.
+
+#### Hold for manager review - the order is suspected fraud
+
+The credit card is tokenized and inventory is captured but the payment is not
+authorized/purchased. The customer is shown the order confirmation as if the
+order is placed. A Kount admin user needs to use approve or decline the order
+via the Kount admin.
+
+The Kount Event Notificaion System (ENS) will post the data back to Workarea.
+
+If the admin declines the order in Kount, the order is canceled and the customer
+recieves a cancelation email.
+
+If the admin approves the order, the payment is attemped to be captured. If the
+payment captures successfully the order is placed.  If the payment fails
+authorization/purchase, the order is canceled and the customer recives a
+cancelation email.
+
+## Configuration
+
+Add values for `merchant_id`, `version`, `key`, and `ksalt` to your application secrets
+
+```yaml
+  kount:
+    merchant_id:
+    version:
+    key:
+    ksalt:
+    ens_username: username for basic auth for ENS
+    ens_password: password for basic auth for ENS
+    kount_site: <site name for ENS>
+```
+
+### Event Notification System Configuration
+
+The Kount ENS requires configuration in Workarea to match configuration in Kount.
+If the ENS is not configured properly, Kount review decisions will not be
+received by Workarea.
+
+Workarea uses basic auth credentials `ens_username:ens_password` to authenticate
+requests from the Kount ENS. If your application is behind basic_auth (e.g. in
+staging or QA) you should configure these credentials to match your basic auth
+credentials for the environment. If your application is not behind basic auth
+these credentials can be anything you want, as long as they are secure.
+
+#### Kount Site
+
+The `kount_site` configuration is used by kount ENS to determine which endpoint
+events should be sent to. If no `kount_site` is provided the DEFAULT site will
+be used. `kount_site` can be used to configure different ENS endpoints for
+testing inQA and Staging, or for multi-site implementations.
+
+#### Configure ENS in Kount
+
+In the Kount admin navigate to: Fraud Control -> Websites -> Add Website
+
+The ENS Api URL should look like `https://ENS_USERNAME:ENS_PASSWORD@WEBSITE_DOMAIN/kount_orders`
+
+Example: `https://kount:aksjei8243d8@www.example.com/kount_orders`
+
+## Workarea Platform Documentation
+
+See [http://developer.workarea.com](http://developer.workarea.com) for Workarea
+platform documentation.
+
+## Copyright & Licensing
+
+Copyright WebLinc 2018. All rights reserved.
+
+For licensing, contact sales@weblinc.com.

data/Rakefile

@@ -0,0 +1,53 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Tasker'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path('../test/dummy/Rakefile', __FILE__)
+load 'rails/tasks/engine.rake'
+load 'rails/tasks/statistics.rake'
+load 'workarea/changelog.rake'
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+task default: :test
+
+$LOAD_PATH.unshift File.expand_path('../lib', __FILE__)
+require 'workarea/kount/version'
+
+desc "Release version #{Workarea::Kount::VERSION} of the gem"
+task :release do
+  host = "https://#{ENV['BUNDLE_GEMS__WORKAREA__COM']}@gems.workarea.com"
+
+  Rake::Task['workarea:changelog'].execute
+  system 'git add CHANGELOG.md'
+  system 'git commit -m "Update CHANGELOG"'
+  system 'git push origin HEAD'
+
+  system "git tag -a v#{Workarea::Kount::VERSION} -m 'Tagging #{Workarea::Kount::VERSION}'"
+  system 'git push --tags'
+
+  system 'gem build workarea-kount.gemspec'
+  system "gem push workarea-kount-#{Workarea::Kount::VERSION}.gem"
+  system "gem push workarea-kount-#{Workarea::Kount::VERSION}.gem --host #{host}"
+  system "rm workarea-kount-#{Workarea::Kount::VERSION}.gem"
+end

data/app/controllers/workarea/admin/orders_controller.decorator

@@ -0,0 +1,5 @@
+module Workarea
+  decorate Admin::OrdersController, with: :kount do
+    def kount; end
+  end
+end

data/app/controllers/workarea/storefront/checkout/place_order_controller.decorator

@@ -0,0 +1,11 @@
+module Workarea
+  decorate Storefront::Checkout::PlaceOrderController, with: :kount do
+    def try_place_order
+      if current_checkout.place_order || current_checkout.handle_kount_review
+        completed_place_order
+      else
+        incomplete_place_order
+      end
+    end
+  end
+end

data/app/controllers/workarea/storefront/kount_controller.rb

@@ -0,0 +1,19 @@
+module Workarea
+  module Storefront
+    class KountController < Workarea::Storefront::ApplicationController
+      def data_collector
+        current_order.update_attributes(kount_session_id: kount_session_id)
+
+        params = { merchant_id: Workarea::Kount.merchant_id, s: kount_session_id }
+
+        redirect_to "#{Workarea::Kount.data_collector_url}logo.htm?#{params.to_query}", status: 302
+      end
+
+      private
+
+        def kount_session_id
+          @kount_session_id ||= "#{current_order.id}#{Time.now.to_i}R#{rand(10000..99999)}"
+        end
+    end
+  end
+end

data/app/controllers/workarea/storefront/kount_orders_controller.rb

@@ -0,0 +1,40 @@
+module Workarea
+  module Storefront
+    class KountOrdersController < ApplicationController
+      skip_before_action :verify_authenticity_token, only: [:bulk]
+      before_action :authenticate
+
+      def bulk
+        event_batch = Kount::EventBatch.new(request.raw_post)
+
+        if event_batch.valid?
+          event_batch.process!
+          successful_response
+        else
+          unsuccessful_response
+        end
+      end
+
+      private
+
+        def authenticate
+          authenticated = authenticate_with_http_basic do |username, password|
+            Kount.credentials[:ens_username].present? &&
+              Kount.credentials[:ens_password].present? &&
+              username == Kount.credentials[:ens_username] &&
+              password == Kount.credentials[:ens_password]
+          end
+
+          unsuccessful_response unless authenticated
+        end
+
+        def successful_response
+          render json: { status: 200 }
+        end
+
+        def unsuccessful_response
+          head :bad_request
+        end
+    end
+  end
+end

data/app/lib/active_shipping/rate_estimate.decorator

@@ -0,0 +1,10 @@
+module ActiveShipping
+  decorate RateEstimate, with: :kount do
+    decorated { attr_accessor :kount_code }
+
+    def initialize(origin, destination, carrier, service_name, options = {})
+      super
+      self.kount_code = options[:kount_code]
+    end
+  end
+end

data/app/mailers/workarea/storefront/order_mailer.decorator

@@ -0,0 +1,14 @@
+module Workarea
+  decorate Storefront::OrderMailer, with: :kount do
+    def hold_denial(order_id)
+      order = Order.find(order_id)
+      @order = Storefront::OrderViewModel.new(order)
+      @recommendations = Storefront::EmailRecommendationsViewModel.wrap(order)
+
+      mail(
+        to: @order.email,
+        subject: t('workarea.storefront.email.hold_denial.subject', order_id: @order.id)
+      )
+    end
+  end
+end

data/app/models/workarea/checkout.decorator

@@ -0,0 +1,37 @@
+module Workarea
+  decorate Checkout, with: :kount do
+    def handle_kount_review
+      return false unless order.under_review?
+      return false unless complete?
+      return false unless shippable?
+      return false unless payable?
+
+      inventory.purchase
+      return false unless inventory.captured?
+
+      return true unless payment.uses_credit_card?
+      store_credit_card
+    end
+
+    def handle_kount_approved
+      unless payment_collection.purchase
+        captured_inventory&.rollback
+        return false
+      end
+
+      result = order.place
+      place_order_side_effects if result
+      result
+    end
+
+    private
+
+      def captured_inventory
+        @captured_inventory ||= Inventory::Transaction.captured_for_order(order.id)
+      end
+
+      def store_credit_card
+        Payment::StoreCreditCard.new(payment.credit_card).save!
+      end
+  end
+end

data/app/models/workarea/checkout/fraud/kount_analyzer.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+module Workarea
+  class Checkout
+    module Fraud
+      class KountAnalyzer < Analyzer
+        # This is the `:mode` value used in the RIS Inquiry request to
+        # Kount. It tells Kount that this is a new order, and not an
+        # update to an existing order as used in the updater service
+        # class.
+        #
+        # @return [String]
+        MODE_Q = 'Q'
+
+        delegate :gateway, to: Workarea::Kount
+        delegate :kount_mode, :kount_request_user_defined_fields, to: :checkout
+        delegate :decision, to: :kount_response
+
+        # Tell Kount about the order and record its response.
+        #
+        # @return [Workarea::Order::FraudDecision]
+        def make_decision
+          kount_order.update_attributes!(response: kount_response)
+
+          Workarea::Order::FraudDecision.new(
+            decision: decision,
+            message: message
+          )
+        end
+
+        # Data for this Order from Kount.
+        #
+        # @return [Workarea::Kount::Order]
+        def kount_order
+          @kount_order ||= Workarea::Kount::Order.find_or_initialize_by(id: order.id)
+        end
+
+        private
+
+        # Build the RIS inquiry request.
+        #
+        # @private
+        # @return [Hash]
+        def inquiry
+          Workarea::Kount::RisInquiry.new(
+            order: order,
+            payment: payment,
+            shippings: shippings,
+            mode: MODE_Q
+          ).to_h
+        end
+
+        # Response for the Kount RIS inquiry request.
+        #
+        # @private
+        # @return [Workarea::Kount::Response]
+        def kount_response
+          @kount_response ||= gateway.call(inquiry)
+        end
+
+        # Translated message for the Kount decision.
+        #
+        # @private
+        # @return [String]
+        def message
+          I18n.t(decision, scope: 'workarea.storefront.fraud.kount')
+        end
+      end
+    end
+  end
+end

data/app/models/workarea/kount/ens_event.rb

@@ -0,0 +1,13 @@
+module Workarea
+  module Kount
+    class EnsEvent
+      include ApplicationDocument
+
+      field :xml, type: String
+
+      embedded_in :kount_order,
+        class_name: 'Workarea::Kount::Order',
+        inverse_of: :ens_events
+    end
+  end
+end

data/app/models/workarea/kount/order.rb

@@ -0,0 +1,14 @@
+module Workarea
+  module Kount
+    class Order
+      include ApplicationDocument
+
+      field :response,        type: Workarea::Kount::Response
+      field :update_response, type: Workarea::Kount::Response
+
+      embeds_many :ens_events, class_name: 'Workarea::Kount::EnsEvent'
+
+      index(created_at: -1)
+    end
+  end
+end

data/app/models/workarea/order.decorator

@@ -0,0 +1,62 @@
+module Workarea
+  decorate Order, with: :kount do
+    decorated do
+      field :kount_session_id, type: String
+      field :kount_decision, type: Symbol
+
+      scope :not_under_review, -> { where(:kount_decision.ne => :review) }
+
+      before_save :set_kount_decision, if: :fraud_decision?
+    end
+
+    class_methods do
+      # Query for orders which have expired in checkout, meaning they have been
+      # not been placed or updated for longer than the
+      # +Workarea.config.order_expiration_period+, but have started
+      # checkout. Contrast this with +Order.expired+, which does not
+      # factor in orders that have started checkout.
+      #
+      # Doesn't include orders under review or declined by kount
+      #
+      # @return [Mongoid::Criteria]
+      def expired_in_checkout
+        super.nin(kount_decision: [:review, :decline])
+      end
+
+      # Overriding method from core/models/order/queries.rb module
+      def need_reminding
+        super.where(kount_decision: nil)
+      end
+
+      # Find a current cart for a session. Returns a new order if one cannot be found.
+      #
+      # @param params [Hash]
+      # @return [Order]
+      #
+      def find_current(params = {})
+        if params[:id].present?
+          Order.not_placed.not_under_review.find(params[:id].to_s)
+        elsif params[:user_id].present?
+          Order.recently_updated.not_placed.not_under_review.find_by(params.slice(:user_id))
+        else
+          Order.new(user_id: params[:user_id])
+        end
+      rescue Mongoid::Errors::DocumentNotFound
+        Order.new(user_id: params[:user_id])
+      end
+    end
+
+    # Whether the FraudDecision#decision is `:review`.
+    def under_review?
+      !placed? && !canceled? && kount_decision == :review
+    end
+
+    def abandoned?
+      super && kount_decision.nil?
+    end
+
+    def set_kount_decision
+      self.kount_decision = fraud_decision.decision
+    end
+  end
+end