require 'rexml/document' module ActiveMerchant #:nodoc: module Billing #:nodoc: # To learn more about the Moneris gateway, please contact # eselectplus@moneris.com for a copy of their integration guide. For # information on remote testing, please see "Test Environment Penny Value # Response Table", and "Test Environment eFraud (AVS and CVD) Penny # Response Values", available at Moneris' {eSelect Plus Documentation # Centre}[https://www3.moneris.com/connect/en/documents/index.html]. class MonerisGateway < Gateway attr_reader :url attr_reader :response attr_reader :options self.supported_countries = ['CA'] self.supported_cardtypes = [:visa, :master] self.homepage_url = 'http://www.moneris.com/' self.display_name = 'Moneris' TEST_URL = 'https://esqa.moneris.com/gateway2/servlet/MpgRequest' LIVE_URL = 'https://www3.moneris.com/gateway2/servlet/MpgRequest' # login is your Store ID # password is your API Token def initialize(options = {}) requires!(options, :login, :password) @options = { :crypt_type => 7 }.update(options) @url = test? ? TEST_URL : LIVE_URL super end # Referred to as "PreAuth" in the Moneris integration guide, this action # verifies and locks funds on a customer's card, which then must be # captured at a later date. # # Pass in +order_id+ and optionally a +customer+ parameter. def authorize(money, creditcard, options = {}) debit_commit 'preauth', money, creditcard, options end # This action verifies funding on a customer's card, and readies them for # deposit in a merchant's account. # # Pass in order_id and optionally a customer parameter def purchase(money, creditcard, options = {}) debit_commit 'purchase', money, creditcard, options end # This method retrieves locked funds from a customer's account (from a # PreAuth) and prepares them for deposit in a merchant's account. # # Note: Moneris requires both the order_id and the transaction number of # the original authorization. To maintain the same interface as the other # gateways the two numbers are concatenated together with a ; separator as # the authorization number returned by authorization def capture(money, authorization, options = {}) commit 'completion', crediting_params(authorization, :comp_amount => amount(money)) end # Voiding requires the original transaction ID and order ID of some open # transaction. Closed transactions must be refunded. Note that the only # methods which may be voided are +capture+ and +purchase+. # # Concatenate your transaction number and order_id by using a semicolon # (';'). This is to keep the Moneris interface consistent with other # gateways. (See +capture+ for details.) def void(authorization, options = {}) commit 'purchasecorrection', crediting_params(authorization) end # Performs a refund. This method requires that the original transaction # number and order number be included. Concatenate your transaction # number and order_id by using a semicolon (';'). This is to keep the # Moneris interface consistent with other gateways. (See +capture+ for # details.) def credit(money, authorization, options = {}) commit 'refund', crediting_params(authorization, :amount => amount(money)) end private # :nodoc: all def expdate(creditcard) sprintf("%.4i", creditcard.year)[-2..-1] + sprintf("%.2i", creditcard.month) end def debit_commit(commit_type, money, creditcard, options) requires!(options, :order_id) commit(commit_type, debit_params(money, creditcard, options)) end # Common params used amongst the +purchase+ and +authorization+ methods def debit_params(money, creditcard, options = {}) { :order_id => options[:order_id], :cust_id => options[:customer], :amount => amount(money), :pan => creditcard.number, :expdate => expdate(creditcard), :crypt_type => options[:crypt_type] || @options[:crypt_type] } end # Common params used amongst the +credit+, +void+ and +capture+ methods def crediting_params(authorization, options = {}) { :txn_number => split_authorization(authorization).first, :order_id => split_authorization(authorization).last, :crypt_type => options[:crypt_type] || @options[:crypt_type] }.merge(options) end # Splits an +authorization+ param and retrives the order id and # transaction number in that order. def split_authorization(authorization) if authorization.nil? || authorization.empty? || authorization !~ /;/ raise ArgumentError, 'You must include a valid authorization code (e.g. "1234;567")' else authorization.split(';') end end def commit(action, parameters = {}) # TODO This part still needs to be refactored if result = test_result_from_cc_number(parameters[:pan]) return result end @response = parse(ssl_post(@url, post_data(action, parameters))) Response.new(successful_response?(response), message_form(response[:message]), @response, :test => test?, :authorization => authorization_string(response) ) end # Generates a Moneris authorization string of the form 'trans_id;receipt_id'. def authorization_string(response = {}) if response[:trans_id] && response[:receipt_id] "#{response[:trans_id]};#{response[:receipt_id]}" end end # Tests for a successful response from Moneris' servers def successful_response?(response = {}) response[:response_code] && response[:complete] && (0..49).include?(response[:response_code].to_i) end # Parse Moneris' response XML into a convinient Hash. # # Expected XML format: # # "". # "Global Error Receipt". # "null # null". # "null # null # null". # "null # null # false". # "null # null". # "null". # "null # null". # " def parse(xml) response = { :message => "Global Error Receipt", :complete => false } hashify_xml!(xml, response) response end def hashify_xml!(xml, response) xml = REXML::Document.new(xml) return if xml.root.nil? xml.elements.each('//receipt/*') do |node| response[node.name.underscore.to_sym] = normalize(node.text) end end def post_data(action, parameters = {}) xml = REXML::Document.new root = xml.add_element("request") root.add_element("store_id").text = options[:login] root.add_element("api_token").text = options[:password] transaction = root.add_element(action) # Must add the elements in the correct order actions[action].each do |key| transaction.add_element(key.to_s).text = parameters[key] unless parameters[key].blank? end xml.to_s end def message_form(message) return 'Unspecified error' if message.blank? message.gsub(/[^\w]/, ' ').split.join(" ").capitalize end # Make a Ruby type out of the response string def normalize(field) case field when "true" then true when "false" then false when '', "null" then nil else field end end def actions { "purchase" => [:order_id, :cust_id, :amount, :pan, :expdate, :crypt_type], "preauth" => [:order_id, :cust_id, :amount, :pan, :expdate, :crypt_type], "command" => [:order_id], "refund" => [:order_id, :amount, :txn_number, :crypt_type], "indrefund" => [:order_id, :cust_id, :amount, :pan, :expdate, :crypt_type], "completion" => [:order_id, :comp_amount, :txn_number, :crypt_type], "purchasecorrection" => [:order_id, :txn_number, :crypt_type], "cavvpurcha" => [:order_id, :cust_id, :amount, :pan, :expdate, :cav], "cavvpreaut" => [:order_id, :cust_id, :amount, :pan, :expdate, :cavv], "transact" => [:order_id, :cust_id, :amount, :pan, :expdate, :crypt_type], "Batchcloseall" => [], "opentotals" => [:ecr_number], "batchclose" => [:ecr_number] } end end end end