module ActiveMerchant #:nodoc: module Billing #:nodoc: class PayTraceGateway < Gateway self.test_url = 'https://api.paytrace.com' self.live_url = 'https://api.paytrace.com' self.supported_countries = ['US'] self.default_currency = 'USD' self.supported_cardtypes = %i[visa master american_express discover] self.homepage_url = 'https://paytrace.com/' self.display_name = 'PayTrace' # Response codes based on API Response Codes found here: https://developers.paytrace.com/support/home#14000041297 STANDARD_ERROR_CODE_MAPPING = { '1' => STANDARD_ERROR_CODE[:error_occurred], '102' => STANDARD_ERROR_CODE[:declined], '103' => STANDARD_ERROR_CODE[:auto_voided], '107' => STANDARD_ERROR_CODE[:unsuccessful_refund], '108' => STANDARD_ERROR_CODE[:test_refund], '110' => STANDARD_ERROR_CODE[:unsuccessful_void], '113' => STANDARD_ERROR_CODE[:unsuccessful_capture] } ENDPOINTS = { customer_id_sale: 'transactions/sale/by_customer', keyed_sale: 'transactions/sale/keyed', customer_id_auth: 'transactions/authorization/by_customer', keyed_auth: 'transactions/authorization/keyed', capture: 'transactions/authorization/capture', transaction_refund: 'transactions/refund/for_transaction', transaction_void: 'transactions/void', store: 'customer/create', redact: 'customer/delete', level_3_visa: 'level_three/visa', level_3_mastercard: 'level_three/mastercard', ach_sale: 'checks/sale/by_account', ach_customer_sale: 'checks/sale/by_customer', ach_authorize: 'checks/hold/by_account', ach_customer_authorize: 'checks/hold/by_customer', ach_refund: 'checks/refund/by_transaction', ach_capture: 'checks/manage/fund', ach_void: 'checks/manage/void' } def initialize(options = {}) requires!(options, :username, :password, :integrator_id) super acquire_access_token end def purchase(money, payment_or_customer_id, options = {}) if visa_or_mastercard?(options) MultiResponse.run(:use_first_response) do |r| endpoint = customer_id?(payment_or_customer_id) ? ENDPOINTS[:customer_id_sale] : ENDPOINTS[:keyed_sale] r.process { commit(endpoint, build_purchase_request(money, payment_or_customer_id, options)) } r.process { commit(ENDPOINTS[:"level_3_#{options[:visa_or_mastercard]}"], send_level_3_data(r, options)) } end else post = build_purchase_request(money, payment_or_customer_id, options) endpoint = if payment_or_customer_id.kind_of?(Check) ENDPOINTS[:ach_sale] elsif options[:check_transaction] ENDPOINTS[:ach_customer_sale] elsif post[:customer_id] ENDPOINTS[:customer_id_sale] else ENDPOINTS[:keyed_sale] end response = commit(endpoint, post) check_token_response(response, endpoint, post, options) end end def authorize(money, payment_or_customer_id, options = {}) post = {} add_amount(post, money, options) if customer_id?(payment_or_customer_id) post[:customer_id] = payment_or_customer_id endpoint = if options[:check_transaction] ENDPOINTS[:ach_customer_authorize] else ENDPOINTS[:customer_id_auth] end else add_payment(post, payment_or_customer_id) add_address(post, payment_or_customer_id, options) add_customer_data(post, options) endpoint = payment_or_customer_id.kind_of?(Check) ? ENDPOINTS[:ach_authorize] : ENDPOINTS[:keyed_auth] end response = commit(endpoint, post) check_token_response(response, endpoint, post, options) end def capture(money, authorization, options = {}) if visa_or_mastercard?(options) MultiResponse.run do |r| r.process { commit(ENDPOINTS[:capture], build_capture_request(money, authorization, options)) } r.process { commit(ENDPOINTS[:"level_3_#{options[:visa_or_mastercard]}"], send_level_3_data(r, options)) } end else post = build_capture_request(money, authorization, options) endpoint = if options[:check_transaction] ENDPOINTS[:ach_capture] else ENDPOINTS[:capture] end response = commit(endpoint, post) check_token_response(response, endpoint, post, options) end end def refund(money, authorization, options = {}) # currently only support full and partial refunds of settled transactions via a transaction ID post = {} add_amount(post, money, options) if options[:check_transaction] post[:check_transaction_id] = authorization endpoint = ENDPOINTS[:ach_refund] else post[:transaction_id] = authorization endpoint = ENDPOINTS[:transaction_refund] end response = commit(endpoint, post) check_token_response(response, endpoint, post, options) end def void(authorization, options = {}) post = {} if options[:check_transaction] post[:check_transaction_id] = authorization endpoint = ENDPOINTS[:ach_void] else post[:transaction_id] = authorization endpoint = ENDPOINTS[:transaction_void] end response = commit(endpoint, post) check_token_response(response, endpoint, post, options) end def verify(credit_card, options = {}) authorize(0, credit_card, options) end # The customer_IDs that come from storing cards can be used for auth and purchase transaction types def store(credit_card, options = {}) post = {} post[:customer_id] = options[:customer_id] || SecureRandom.hex(12) add_payment(post, credit_card) add_address(post, credit_card, options) response = commit(ENDPOINTS[:store], post) check_token_response(response, ENDPOINTS[:store], post, options) end def unstore(customer_id) post = {} post[:customer_id] = customer_id response = commit(ENDPOINTS[:redact], post) check_token_response(response, ENDPOINTS[:redact], post, options) end def supports_scrubbing? true end def scrub(transcript) transcript. gsub(%r((Authorization: Bearer )[a-zA-Z0-9:_]+), '\1[FILTERED]'). gsub(%r(("credit_card\\?":{\\?"number\\?":\\?")\d+), '\1[FILTERED]'). gsub(%r(("cvv\\?":\\?")\d+), '\1[FILTERED]'). gsub(%r(("username\\?":\\?")\w+@+\w+.+\w+), '\1[FILTERED]'). gsub(%r(("password\\?":\\?")\w+), '\1[FILTERED]'). gsub(%r(("integrator_id\\?":\\?")\w+), '\1[FILTERED]') end def acquire_access_token post = {} post[:grant_type] = 'password' post[:username] = @options[:username] post[:password] = @options[:password] data = post.collect { |key, value| "#{key}=#{CGI.escape(value.to_s)}" }.join('&') url = live_url + '/oauth/token' oauth_headers = { 'Accept' => '*/*', 'Content-Type' => 'application/x-www-form-urlencoded' } response = ssl_post(url, data, oauth_headers) json_response = JSON.parse(response) @options[:access_token] = json_response['access_token'] if json_response['access_token'] response end private def build_purchase_request(money, payment_or_customer_id, options) post = {} add_amount(post, money, options) if customer_id?(payment_or_customer_id) post[:customer_id] = payment_or_customer_id else add_payment(post, payment_or_customer_id) add_address(post, payment_or_customer_id, options) add_customer_data(post, options) end post end def build_capture_request(money, authorization, options) post = {} if options[:check_transaction] post[:check_transaction_id] = authorization else post[:transaction_id] = authorization end add_amount(post, money, options) post end # method can only be used to add level 3 data to any approved and unsettled sale transaction so it is built into the standard purchase workflow above def send_level_3_data(response, options) post = {} post[:transaction_id] = response.authorization add_level_3_data(post, options) post end def visa_or_mastercard?(options) return false unless options[:visa_or_mastercard] options[:visa_or_mastercard] == 'visa' || options[:visa_or_mastercard] == 'mastercard' end def customer_id?(payment_or_customer_id) payment_or_customer_id.class == String end def string_literal_to_boolean(value) return value unless value.class == String if value.casecmp('true').zero? true elsif value.casecmp('false').zero? false else return nil end end def add_customer_data(post, options) return unless options[:email] post[:email] = options[:email] end def add_address(post, creditcard, options) return unless options[:billing_address] || options[:address] address = options[:billing_address] || options[:address] post[:billing_address] = {} post[:billing_address][:name] = creditcard.name post[:billing_address][:street_address] = address[:address1] post[:billing_address][:city] = address[:city] post[:billing_address][:state] = address[:state] post[:billing_address][:zip] = address[:zip] end def add_amount(post, money, options) post[:amount] = amount(money) end def add_payment(post, payment) if payment.kind_of?(Check) post[:check] = {} post[:check][:account_number] = payment.account_number post[:check][:routing_number] = payment.routing_number else post[:credit_card] = {} post[:credit_card][:number] = payment.number post[:credit_card][:expiration_month] = payment.month post[:credit_card][:expiration_year] = payment.year end end def add_level_3_data(post, options) post[:invoice_id] = options[:invoice_id] if options[:invoice_id] post[:customer_reference_id] = options[:customer_reference_id] if options[:customer_reference_id] post[:tax_amount] = options[:tax_amount].to_i if options[:tax_amount] post[:national_tax_amount] = options[:national_tax_amount].to_i if options[:national_tax_amount] post[:merchant_tax_id] = options[:merchant_tax_id] if options[:merchant_tax_id] post[:customer_tax_id] = options[:customer_tax_id] if options[:customer_tax_id] post[:commodity_code] = options[:commodity_code] if options[:commodity_code] post[:discount_amount] = options[:discount_amount].to_i if options[:discount_amount] post[:freight_amount] = options[:freight_amount].to_i if options[:freight_amount] post[:duty_amount] = options[:duty_amount].to_i if options[:duty_amount] post[:additional_tax_amount] = options[:additional_tax_amount].to_i if options[:additional_tax_amount] post[:additional_tax_rate] = options[:additional_tax_rate].to_i if options[:additional_tax_rate] add_source_address(post, options) add_shipping_address(post, options) add_line_items(post, options) end def add_source_address(post, options) return unless source_address = options[:source_address] || options[:billing_address] || options[:address] post[:source_address] = {} post[:source_address][:zip] = source_address[:zip] if source_address[:zip] end def add_shipping_address(post, options) return unless shipping_address = options[:shipping_address] post[:shipping_address] = {} post[:shipping_address][:name] = shipping_address[:name] if shipping_address[:name] post[:shipping_address][:street_address] = shipping_address[:address1] if shipping_address[:address1] post[:shipping_address][:street_address2] = shipping_address[:address2] if shipping_address[:address2] post[:shipping_address][:city] = shipping_address[:city] if shipping_address[:city] post[:shipping_address][:state] = shipping_address[:state] if shipping_address[:state] post[:shipping_address][:zip] = shipping_address[:zip] if shipping_address[:zip] post[:shipping_address][:country] = shipping_address[:country] if shipping_address[:country] end def add_line_items(post, options) return unless options[:line_items] line_items = [] options[:line_items].each do |li| obj = {} obj[:additional_tax_amount] = li[:additional_tax_amount].to_i if li[:additional_tax_amount] obj[:additional_tax_included] = string_literal_to_boolean(li[:additional_tax_included]) if li[:additional_tax_included] obj[:additional_tax_rate] = li[:additional_tax_rate].to_i if li[:additional_tax_rate] obj[:amount] = li[:amount].to_i if li[:amount] obj[:commodity_code] = li[:commodity_code] if li[:commodity_code] obj[:debit_or_credit] = li[:debit_or_credit] if li[:debit_or_credit] obj[:description] = li[:description] if li[:description] obj[:discount_amount] = li[:discount_amount].to_i if li[:discount_amount] obj[:discount_rate] = li[:discount_rate].to_i if li[:discount_rate] obj[:discount_included] = string_literal_to_boolean(li[:discount_included]) if li[:discount_included] obj[:merchant_tax_id] = li[:merchant_tax_id] if li[:merchant_tax_id] obj[:product_id] = li[:product_id] if li[:product_id] obj[:quantity] = li[:quantity] if li[:quantity] obj[:transaction_id] = li[:transaction_id] if li[:transaction_id] obj[:tax_included] = string_literal_to_boolean(li[:tax_included]) if li[:tax_included] obj[:unit_of_measure] = li[:unit_of_measure] if li[:unit_of_measure] obj[:unit_cost] = li[:unit_cost].to_i if li[:unit_cost] line_items << obj end post[:line_items] = line_items end def check_token_response(response, endpoint, body = {}, options = {}) return response unless response.params['error'] == 'invalid_token' acquire_access_token commit(endpoint, body) end def parse(body) JSON.parse(body) end def commit(action, parameters) base_url = (test? ? test_url : live_url) url = base_url + '/v1/' + action raw_response = ssl_post(url, post_data(parameters), headers) response = parse(raw_response) success = success_from(response) Response.new( success, message_from(success, response), response, authorization: authorization_from(action, response), avs_result: AVSResult.new(code: response['avs_response']), cvv_result: response['csc_response'], test: test?, error_code: success ? nil : error_code_from(response) ) rescue JSON::ParserError unparsable_response(raw_response) end def unparsable_response(raw_response) message = 'Unparsable response received from PayTrace. Please contact PayTrace if you continue to receive this message.' message += " (The raw response returned by the API was #{raw_response.inspect})" return Response.new(false, message) end def headers { 'Content-type' => 'application/json', 'Authorization' => 'Bearer ' + @options[:access_token] } end def success_from(response) response['success'] end def message_from(success, response) return response['status_message'] if success if error = response['errors'] message = 'Errors-' error.each do |k, v| message.concat(" code:#{k}, message:#{v}") end else message = response['status_message'].to_s + " #{response['approval_message']}" end message end # store transactions do not return a transaction_id, but they return a customer_id that will then be used as the third_party_token for the stored payment method def authorization_from(action, response) if action == ENDPOINTS[:store] response['customer_id'] else response['transaction_id'] || response['check_transaction_id'] end end def post_data(parameters = {}) parameters[:password] = @options[:password] parameters[:username] = @options[:username] parameters[:integrator_id] = @options[:integrator_id] parameters.to_json end def error_code_from(response) STANDARD_ERROR_CODE_MAPPING[response['response_code']] end def handle_response(response) response.body end end end end