module ActiveMerchant #:nodoc: module Billing #:nodoc: class QbmsGateway < Gateway API_VERSION = '4.0' class_attribute :test_url, :live_url self.test_url = 'https://webmerchantaccount.ptc.quickbooks.com/j/AppGateway' self.live_url = 'https://webmerchantaccount.quickbooks.com/j/AppGateway' self.homepage_url = 'http://payments.intuit.com/' self.display_name = 'QuickBooks Merchant Services' self.default_currency = 'USD' self.supported_cardtypes = %i[visa master discover american_express diners_club jcb] self.supported_countries = ['US'] TYPES = { authorize: 'CustomerCreditCardAuth', capture: 'CustomerCreditCardCapture', purchase: 'CustomerCreditCardCharge', refund: 'CustomerCreditCardTxnVoidOrRefund', void: 'CustomerCreditCardTxnVoid', query: 'MerchantAccountQuery' } # Creates a new QbmsGateway # # The gateway requires that a valid app id, app login, and ticket be passed # in the +options+ hash. # # ==== Options # # * :login -- The App Login (REQUIRED) # * :ticket -- The Connection Ticket. (REQUIRED) # * :pem -- The PEM-encoded SSL client key and certificate. (REQUIRED) # * :test -- +true+ or +false+. If true, perform transactions against the test server. # Otherwise, perform transactions against the production server. # def initialize(options = {}) requires!(options, :login, :ticket) super end # Performs an authorization, which reserves the funds on the customer's credit card, but does not # charge the card. # # ==== Parameters # # * money -- The amount to be authorized as an Integer value in cents. # * creditcard -- The CreditCard details for the transaction. # * options -- A hash of optional parameters. # def authorize(money, creditcard, options = {}) commit(:authorize, money, options.merge(credit_card: creditcard)) end # Perform a purchase, which is essentially an authorization and capture in a single operation. # # ==== Parameters # # * money -- The amount to be purchased as an Integer value in cents. # * creditcard -- The CreditCard details for the transaction. # * options -- A hash of optional parameters. # def purchase(money, creditcard, options = {}) commit(:purchase, money, options.merge(credit_card: creditcard)) end # Captures the funds from an authorized transaction. # # ==== Parameters # # * money -- The amount to be captured as an Integer value in cents. # * authorization -- The authorization returned from the previous authorize request. # def capture(money, authorization, options = {}) commit(:capture, money, options.merge(transaction_id: authorization)) end # Void a previous transaction # # ==== Parameters # # * authorization - The authorization returned from the previous authorize request. # def void(authorization, options = {}) commit(:void, nil, options.merge(transaction_id: authorization)) end # Credit an account. # # This transaction is also referred to as a Refund and indicates to the gateway that # money should flow from the merchant to the customer. # # ==== Parameters # # * money -- The amount to be credited to the customer as an Integer value in cents. # * identification -- The ID of the original transaction against which the credit is being issued. # * options -- A hash of parameters. # # def credit(money, identification, options = {}) ActiveMerchant.deprecated CREDIT_DEPRECATION_MESSAGE refund(money, identification, {}) end def refund(money, identification, options = {}) commit(:refund, money, options.merge(transaction_id: identification)) end # Query the merchant account status def query commit(:query, nil, {}) end def supports_scrubbing? true end def scrub(transcript) transcript. gsub(%r(()[^<]*())i, '\1[FILTERED]\2'). gsub(%r(()[^<]*())i, '\1[FILTERED]\2'). gsub(%r(()[^<]*())i, '\1[FILTERED]\2') end private def hosted? @options[:pem] end def commit(action, money, parameters) url = test? ? self.test_url : self.live_url type = TYPES[action] parameters[:trans_request_id] ||= SecureRandom.hex(10) req = build_request(type, money, parameters) data = ssl_post(url, req, 'Content-Type' => 'application/x-qbmsxml') response = parse(type, data) message = (response[:status_message] || '').strip Response.new(success?(response), message, response, test: test?, authorization: response[:credit_card_trans_id], fraud_review: fraud_review?(response), avs_result: { code: avs_result(response) }, cvv_result: cvv_result(response) ) end def success?(response) response[:status_code] == 0 end def fraud_review?(response) [10100, 10101].member? response[:status_code] end def parse(type, body) xml = REXML::Document.new(body) signon = REXML::XPath.first(xml, "//SignonMsgsRs/#{hosted? ? 'SignonAppCertRs' : 'SignonDesktopRs'}") status_code = signon.attributes['statusCode'].to_i if status_code != 0 return { status_code: status_code, status_message: signon.attributes['statusMessage'] } end response = REXML::XPath.first(xml, "//QBMSXMLMsgsRs/#{type}Rs") results = { status_code: response.attributes['statusCode'].to_i, status_message: response.attributes['statusMessage'] } response.elements.each do |e| name = e.name.underscore.to_sym value = e.text() if old_value = results[name] results[name] = [old_value] if !old_value.kind_of?(Array) results[name] << value else results[name] = value end end results end def build_request(type, money, parameters = {}) xml = Builder::XmlMarkup.new(indent: 0) xml.instruct!(:xml, version: '1.0', encoding: 'utf-8') xml.instruct!(:qbmsxml, version: API_VERSION) xml.tag!('QBMSXML') do xml.tag!('SignonMsgsRq') do xml.tag!(hosted? ? 'SignonAppCertRq' : 'SignonDesktopRq') do xml.tag!('ClientDateTime', Time.now.xmlschema) xml.tag!('ApplicationLogin', @options[:login]) xml.tag!('ConnectionTicket', @options[:ticket]) end end xml.tag!('QBMSXMLMsgsRq') do xml.tag!("#{type}Rq") do method("build_#{type}").call(xml, money, parameters) end end end xml.target! end def build_CustomerCreditCardAuth(xml, money, parameters) cc = parameters[:credit_card] name = "#{cc.first_name} #{cc.last_name}"[0...30] xml.tag!('TransRequestID', parameters[:trans_request_id]) xml.tag!('CreditCardNumber', cc.number) xml.tag!('ExpirationMonth', cc.month) xml.tag!('ExpirationYear', cc.year) xml.tag!('IsECommerce', 'true') xml.tag!('Amount', amount(money)) xml.tag!('NameOnCard', name) add_address(xml, parameters) xml.tag!('CardSecurityCode', cc.verification_value) if cc.verification_value? end def build_CustomerCreditCardCapture(xml, money, parameters) xml.tag!('TransRequestID', parameters[:trans_request_id]) xml.tag!('CreditCardTransID', parameters[:transaction_id]) xml.tag!('Amount', amount(money)) end def build_CustomerCreditCardCharge(xml, money, parameters) cc = parameters[:credit_card] name = "#{cc.first_name} #{cc.last_name}"[0...30] xml.tag!('TransRequestID', parameters[:trans_request_id]) xml.tag!('CreditCardNumber', cc.number) xml.tag!('ExpirationMonth', cc.month) xml.tag!('ExpirationYear', cc.year) xml.tag!('IsECommerce', 'true') xml.tag!('Amount', amount(money)) xml.tag!('NameOnCard', name) add_address(xml, parameters) xml.tag!('CardSecurityCode', cc.verification_value) if cc.verification_value? end def build_CustomerCreditCardTxnVoidOrRefund(xml, money, parameters) xml.tag!('TransRequestID', parameters[:trans_request_id]) xml.tag!('CreditCardTransID', parameters[:transaction_id]) xml.tag!('Amount', amount(money)) end def build_CustomerCreditCardTxnVoid(xml, money, parameters) xml.tag!('TransRequestID', parameters[:trans_request_id]) xml.tag!('CreditCardTransID', parameters[:transaction_id]) end # Called reflectively by build_request def build_MerchantAccountQuery(xml, money, parameters) end def add_address(xml, parameters) if address = parameters[:billing_address] || parameters[:address] xml.tag!('CreditCardAddress', (address[:address1] || '')[0...30]) xml.tag!('CreditCardPostalCode', (address[:zip] || '')[0...9]) end end def cvv_result(response) case response[:card_security_code_match] when 'Pass' then 'M' when 'Fail' then 'N' when 'NotAvailable' then 'P' end end def avs_result(response) case "#{response[:avs_street]}|#{response[:avs_zip]}" when 'Pass|Pass' then 'D' when 'Pass|Fail' then 'A' when 'Pass|NotAvailable' then 'B' when 'Fail|Pass' then 'Z' when 'Fail|Fail' then 'C' when 'Fail|NotAvailable' then 'N' when 'NotAvailable|Pass' then 'P' when 'NotAvailable|Fail' then 'N' when 'NotAvailable|NotAvailable' then 'U' end end end end end