module ActiveMerchant #:nodoc: module Billing #:nodoc: class PaysafeGateway < Gateway self.test_url = 'https://api.test.paysafe.com' self.live_url = 'https://api.paysafe.com' self.supported_countries = %w(AL AT BE BA BG CA HR CY CZ DK EE FI FR DE GR HU IS IE IT LV LI LT LU MT ME NL MK NO PL PT RO RS SK SI ES SE CH TR GB US) self.supported_cardtypes = %i[visa master american_express discover] self.homepage_url = 'https://www.paysafe.com/' self.display_name = 'Paysafe' def initialize(options = {}) requires!(options, :username, :password, :account_id) super end def purchase(money, payment, options = {}) post = {} add_auth_purchase_params(post, money, payment, options) add_airline_travel_details(post, options) add_split_pay_details(post, options) post[:settleWithAuth] = true commit(:post, 'auths', post, options) end def authorize(money, payment, options = {}) post = {} add_auth_purchase_params(post, money, payment, options) commit(:post, 'auths', post, options) end def capture(money, authorization, options = {}) post = {} add_invoice(post, money, options) commit(:post, "auths/#{authorization}/settlements", post, options) end def refund(money, authorization, options = {}) post = {} add_invoice(post, money, options) commit(:post, "settlements/#{authorization}/refunds", post, options) end def void(authorization, options = {}) post = {} money = options[:amount] add_invoice(post, money, options) commit(:post, "auths/#{authorization}/voidauths", post, options) end def credit(money, payment, options = {}) post = {} add_invoice(post, money, options) add_payment(post, payment) commit(:post, 'standalonecredits', post, options) end # This is a '$0 auth' done at a specific verification endpoint at the gateway def verify(payment, options = {}) post = {} add_payment(post, payment) add_billing_address(post, options) add_customer_data(post, payment, options) unless payment.is_a?(String) commit(:post, 'verifications', post, options) end def store(payment, options = {}) post = {} add_payment(post, payment) add_address_for_vaulting(post, options) add_profile_data(post, payment, options) add_store_data(post, payment, options) commit(:post, 'profiles', post, options) end def unstore(pm_profile_id) commit(:delete, "profiles/#{get_id_from_store_auth(pm_profile_id)}", nil, nil) end def supports_scrubbing? true end def scrub(transcript) transcript. gsub(%r((Authorization: Basic )[a-zA-Z0-9:_]+), '\1[FILTERED]'). gsub(%r(("cardNum\\?":\\?")\d+), '\1[FILTERED]'). gsub(%r(("cvv\\?":\\?")\d+), '\1[FILTERED]') end private def add_auth_purchase_params(post, money, payment, options) add_invoice(post, money, options) add_payment(post, payment) add_billing_address(post, options) add_merchant_details(post, options) add_customer_data(post, payment, options) unless payment.is_a?(String) add_three_d_secure(post, payment, options) if options[:three_d_secure] add_stored_credential(post, options) if options[:stored_credential] add_funding_transaction(post, options) end # Customer data can be included in transactions where the payment method is a credit card # but should not be sent when the payment method is a token def add_customer_data(post, creditcard, options) post[:profile] = {} post[:profile][:firstName] = creditcard.first_name post[:profile][:lastName] = creditcard.last_name post[:profile][:email] = options[:email] if options[:email] post[:customerIp] = options[:ip] if options[:ip] end def add_billing_address(post, options) return unless address = options[:billing_address] || options[:address] post[:billingDetails] = {} post[:billingDetails][:street] = truncate(address[:address1], 50) post[:billingDetails][:street2] = truncate(address[:address2], 50) post[:billingDetails][:city] = truncate(address[:city], 40) post[:billingDetails][:state] = truncate(address[:state], 40) post[:billingDetails][:country] = address[:country] post[:billingDetails][:zip] = truncate(address[:zip], 10) post[:billingDetails][:phone] = truncate(address[:phone], 40) end # The add_address_for_vaulting method is applicable to the store method, as the APIs address # object is formatted differently from the standard transaction billing address def add_address_for_vaulting(post, options) return unless address = options[:billing_address] || options[:address] post[:card][:billingAddress] = {} post[:card][:billingAddress][:street] = truncate(address[:address1], 50) post[:card][:billingAddress][:street2] = truncate(address[:address2], 50) post[:card][:billingAddress][:city] = truncate(address[:city], 40) post[:card][:billingAddress][:zip] = truncate(address[:zip], 10) post[:card][:billingAddress][:country] = address[:country] post[:card][:billingAddress][:state] = truncate(address[:state], 40) if address[:state] end # This data is specific to creating a profile at the gateway's vault level def add_profile_data(post, payment, options) post[:firstName] = payment.first_name post[:lastName] = payment.last_name post[:dateOfBirth] = {} post[:dateOfBirth][:year] = options[:date_of_birth][:year] post[:dateOfBirth][:month] = options[:date_of_birth][:month] post[:dateOfBirth][:day] = options[:date_of_birth][:day] post[:email] = options[:email] if options[:email] post[:ip] = options[:ip] if options[:ip] if options[:phone] post[:phone] = options[:phone] elsif address = options[:billing_address] || options[:address] post[:phone] = address[:phone] if address[:phone] end end def add_store_data(post, payment, options) post[:merchantCustomerId] = options[:customer_id] || SecureRandom.hex(12) post[:locale] = options[:locale] || 'en_US' post[:card][:holderName] = payment.name end # Paysafe expects minor units so we are not calling amount method on money parameter def add_invoice(post, money, options) post[:amount] = money end def add_payment(post, payment) if payment.is_a?(String) post[:card] = {} post[:card][:paymentToken] = get_pm_from_store_auth(payment) else post[:card] = { cardExpiry: {} } post[:card][:cardNum] = payment.number post[:card][:cardExpiry][:month] = payment.month post[:card][:cardExpiry][:year] = payment.year post[:card][:cvv] = payment.verification_value end end def add_merchant_details(post, options) return unless options[:merchant_descriptor] post[:merchantDescriptor] = {} post[:merchantDescriptor][:dynamicDescriptor] = options[:merchant_descriptor][:dynamic_descriptor] if options[:merchant_descriptor][:dynamic_descriptor] post[:merchantDescriptor][:phone] = options[:merchant_descriptor][:phone] if options[:merchant_descriptor][:phone] end def add_three_d_secure(post, payment, options) three_d_secure = options[:three_d_secure] post[:authentication] = {} post[:authentication][:eci] = three_d_secure[:eci] post[:authentication][:cavv] = three_d_secure[:cavv] post[:authentication][:xid] = three_d_secure[:xid] if three_d_secure[:xid] post[:authentication][:threeDSecureVersion] = three_d_secure[:version] post[:authentication][:directoryServerTransactionId] = three_d_secure[:ds_transaction_id] unless payment.is_a?(String) || !mastercard?(payment) end def add_airline_travel_details(post, options) return unless options[:airline_travel_details] post[:airlineTravelDetails] = {} post[:airlineTravelDetails][:passengerName] = options[:airline_travel_details][:passenger_name] if options[:airline_travel_details][:passenger_name] post[:airlineTravelDetails][:departureDate] = options[:airline_travel_details][:departure_date] if options[:airline_travel_details][:departure_date] post[:airlineTravelDetails][:origin] = options[:airline_travel_details][:origin] if options[:airline_travel_details][:origin] post[:airlineTravelDetails][:computerizedReservationSystem] = options[:airline_travel_details][:computerized_reservation_system] if options[:airline_travel_details][:computerized_reservation_system] post[:airlineTravelDetails][:customerReferenceNumber] = options[:airline_travel_details][:customer_reference_number] if options[:airline_travel_details][:customer_reference_number] add_ticket_details(post, options) add_travel_agency_details(post, options) add_trip_legs(post, options) end def add_ticket_details(post, options) return unless ticket = options[:airline_travel_details][:ticket] post[:airlineTravelDetails][:ticket] = {} post[:airlineTravelDetails][:ticket][:ticketNumber] = ticket[:ticket_number] if ticket[:ticket_number] post[:airlineTravelDetails][:ticket][:isRestrictedTicket] = ticket[:is_restricted_ticket] if ticket[:is_restricted_ticket] end def add_travel_agency_details(post, options) return unless agency = options[:airline_travel_details][:travel_agency] post[:airlineTravelDetails][:travelAgency] = {} post[:airlineTravelDetails][:travelAgency][:name] = agency[:name] if agency[:name] post[:airlineTravelDetails][:travelAgency][:code] = agency[:code] if agency[:code] end def add_trip_legs(post, options) return unless trip_legs = options[:airline_travel_details][:trip_legs] trip_legs_hash = {} trip_legs.each.with_index(1) do |leg, i| my_leg = "leg#{i}".to_sym details = add_leg_details(my_leg, leg[1]) trip_legs_hash[my_leg] = details end post[:airlineTravelDetails][:tripLegs] = trip_legs_hash end def add_leg_details(obj, leg) details = {} add_flight_details(details, obj, leg) details[:serviceClass] = leg[:service_class] if leg[:service_class] details[:isStopOverAllowed] = leg[:is_stop_over_allowed] if leg[:is_stop_over_allowed] details[:destination] = leg[:destination] if leg[:destination] details[:fareBasis] = leg[:fare_basis] if leg[:fare_basis] details[:departureDate] = leg[:departure_date] if leg[:departure_date] details end def add_flight_details(details, obj, leg) details[:flight] = {} details[:flight][:carrierCode] = leg[:flight][:carrier_code] if leg[:flight][:carrier_code] details[:flight][:flightNumber] = leg[:flight][:flight_number] if leg[:flight][:flight_number] end def add_split_pay_details(post, options) return unless options[:split_pay] split_pay = [] options[:split_pay].each do |pmnt| split = {} split[:linkedAccount] = pmnt[:linked_account] split[:amount] = pmnt[:amount].to_i if pmnt[:amount] split[:percent] = pmnt[:percent].to_i if pmnt[:percent] split_pay << split end post[:splitpay] = split_pay end def add_funding_transaction(post, options) return unless options[:funding_transaction] post[:fundingTransaction] = {} post[:fundingTransaction][:type] = options[:funding_transaction] post[:profile] ||= {} post[:profile][:merchantCustomerId] = options[:customer_id] || SecureRandom.hex(12) end def add_stored_credential(post, options) return unless options[:stored_credential] post[:storedCredential] = {} case options[:stored_credential][:initial_transaction] when true post[:storedCredential][:occurrence] = 'INITIAL' when false post[:storedCredential][:occurrence] = 'SUBSEQUENT' end case options[:stored_credential][:reason_type] when 'recurring', 'installment' post[:storedCredential][:type] = 'RECURRING' when 'unscheduled' if options[:stored_credential][:initiator] == 'merchant' post[:storedCredential][:type] = 'TOPUP' elsif options[:stored_credential][:initiator] == 'cardholder' post[:storedCredential][:type] = 'ADHOC' else return end end post[:storedCredential][:initialTransactionId] = options[:stored_credential][:network_transaction_id] if options[:stored_credential][:network_transaction_id] end def mastercard?(payment) return false unless payment.respond_to?(:brand) payment.brand == 'master' end def parse(body) return {} if body.empty? JSON.parse(body) end def commit(method, action, parameters, options) url = url(action) raw_response = ssl_request(method, url, post_data(parameters, options), headers) response = parse(raw_response) success = success_from(response) Response.new( success, message_from(success, response), response, authorization: authorization_from(action, response), avs_result: AVSResult.new(code: response['avsResponse']), cvv_result: CVVResult.new(response['cvvVerification']), test: test?, error_code: success ? nil : error_code_from(response) ) end def headers { 'Content-Type' => 'application/json', 'Authorization' => 'Basic ' + Base64.strict_encode64("#{@options[:username]}:#{@options[:password]}") } end def url(action, options = {}) base_url = (test? ? test_url : live_url) if action.include? 'profiles' "#{base_url}/customervault/v1/#{action}" else "#{base_url}/cardpayments/v1/accounts/#{@options[:account_id]}/#{action}" end end def success_from(response) return false if response['status'] == 'FAILED' || response['error'] true end def message_from(success, response) return response['status'] unless response['error'] "Error(s)- code:#{response['error']['code']}, message:#{response['error']['message']}" end def authorization_from(action, response) if action == 'profiles' pm = response['cards'].first['paymentToken'] "#{pm}|#{response['id']}" else response['id'] end end def get_pm_from_store_auth(authorization) authorization.split('|')[0] end def get_id_from_store_auth(authorization) authorization.split('|')[1] end def post_data(parameters = {}, options = {}) return unless parameters.present? parameters[:merchantRefNum] = options[:merchant_ref_num] || options[:order_id] || SecureRandom.hex(16).to_s parameters.to_json end def error_code_from(response) return unless response['error'] response['error']['code'] end def handle_response(response) response.body end end end end