require 'digest/md5'
module ActiveMerchant #:nodoc:
module Billing #:nodoc:
class BluePayGateway < Gateway
class_attribute :rebilling_url, :ignore_http_status
self.live_url = 'https://secure.bluepay.com/interfaces/bp20post'
self.rebilling_url = 'https://secure.bluepay.com/interfaces/bp20rebadmin'
self.ignore_http_status = true
CARD_CODE_ERRORS = %w( N S )
AVS_ERRORS = %w( A E N R W Z )
AVS_REASON_CODES = %w(27 45)
FIELD_MAP = {
'TRANS_ID' => :transaction_id,
'STATUS' => :response_code,
'AVS' => :avs_result_code,
'CVV2'=> :card_code,
'AUTH_CODE' => :authorization,
'MESSAGE' => :message,
'REBID' => :rebid,
'TRANS_TYPE' => :trans_type,
'PAYMENT_ACCOUNT_MASK' => :acct_mask,
'CARD_TYPE' => :card_type
}
REBILL_FIELD_MAP = {
'REBILL_ID' => :rebill_id,
'ACCOUNT_ID'=> :account_id,
'USER_ID' => :user_id,
'TEMPLATE_ID' => :template_id,
'STATUS' => :status,
'CREATION_DATE' => :creation_date,
'NEXT_DATE' => :next_date,
'LAST_DATE' => :last_date,
'SCHED_EXPR' => :schedule,
'CYCLES_REMAIN' => :cycles_remain,
'REB_AMOUNT' => :rebill_amount,
'NEXT_AMOUNT' => :next_amount,
'USUAL_DATE' => :undoc_usual_date, # Not found in the bp20rebadmin API doc.
'CUST_TOKEN' => :cust_token
}
self.supported_countries = ['US', 'CA']
self.supported_cardtypes = [:visa, :master, :american_express, :discover, :diners_club, :jcb]
self.homepage_url = 'http://www.bluepay.com/'
self.display_name = 'BluePay'
self.money_format = :dollars
# Creates a new BluepayGateway
#
# The gateway requires that a valid Account ID and Secret Key be passed
# in the +options+ hash.
#
# ==== Options
#
# * :account_id -- The BluePay gateway Account ID (REQUIRED)
# * :secret_key -- The BluePay gateway Secret Key (REQUIRED)
# * :test -- set to true for TEST mode or false for LIVE mode
def initialize(options = {})
requires!(options, :login, :password)
super
end
# Performs an authorization, which reserves the funds on the customer's credit card. This does not actually take funds from the customer
# This is referred to an AUTH transaction in BluePay
#
# ==== Parameters
#
# * money -- The amount to be authorized as an Integer value in cents.
# * payment_object -- This can either be one of three things:
# A CreditCard object,
# A Check object,
# or a token. The token is called the Master ID. This is a unique transaction ID returned from a previous transaction. This token associates all the stored information for a previous transaction.
# * options -- A hash of optional parameters.
def authorize(money, payment_object, options = {})
post = {}
add_payment_method(post, payment_object)
add_invoice(post, options)
add_address(post, options)
add_customer_data(post, options)
add_rebill(post, options) if options[:rebill]
add_duplicate_override(post, options)
post[:TRANS_TYPE] = 'AUTH'
commit('AUTH_ONLY', money, post, options)
end
# Perform a purchase, which is essentially an authorization and capture in a single operation.
# This is referred to a SALE transaction in BluePay
#
# ==== Parameters
#
# * money -- The amount to be purchased as an Integer value in cents.
# * payment_object -- This can either be one of three things:
# A CreditCard object,
# A Check object,
# or a token. The token is called the Master ID. This is a unique transaction ID returned from a previous transaction. This token associates all the stored information for a previous transaction.
# * options -- A hash of optional parameters.,
def purchase(money, payment_object, options = {})
post = {}
add_payment_method(post, payment_object)
add_invoice(post, options)
add_address(post, options)
add_customer_data(post, options)
add_rebill(post, options) if options[:rebill]
add_duplicate_override(post, options)
post[:TRANS_TYPE] = 'SALE'
commit('AUTH_CAPTURE', money, post, options)
end
# Captures the funds from an authorize transaction.
# This is referred to a CAPTURE transaction in BluePay
#
# ==== Parameters
#
# * money -- The amount to be captured as an Integer value in cents.
# * identification -- The Master ID, or token, returned from the previous authorize transaction.
def capture(money, identification, options = {})
post = {}
add_address(post, options)
add_customer_data(post, options)
post[:MASTER_ID] = identification
post[:TRANS_TYPE] = 'CAPTURE'
commit('PRIOR_AUTH_CAPTURE', money, post, options)
end
# Void a previous transaction
# This is referred to a VOID transaction in BluePay
#
# ==== Parameters
#
# * identification - The Master ID, or token, returned from a previous authorize transaction.
def void(identification, options = {})
post = {}
post[:MASTER_ID] = identification
post[:TRANS_TYPE] = 'VOID'
commit('VOID', nil, post, options)
end
# Performs a credit.
#
# This transaction indicates that money should flow from the merchant to the customer.
#
# ==== Parameters
#
# * money -- The amount to be credited to the customer as an Integer value in cents.
# * payment_object -- This can either be one of three things:
# A CreditCard object,
# A Check object,
# or a token. The token is called the Master ID. This is a unique transaction ID returned from a previous transaction. This token associates all the stored information for a previous transaction.
# If the payment_object is a token, then the transaction type will reverse a previous capture or purchase transaction, returning the funds to the customer. If the amount is nil, a full credit will be processed. This is referred to a REFUND transaction in BluePay.
# If the payment_object is either a CreditCard or Check object, then the transaction type will be an unmatched credit placing funds in the specified account. This is referred to a CREDIT transaction in BluePay.
# * options -- A hash of parameters.
def refund(money, identification, options = {})
if(identification && !identification.kind_of?(String))
ActiveMerchant.deprecated 'refund should only be used to refund a referenced transaction'
return credit(money, identification, options)
end
post = {}
post[:PAYMENT_ACCOUNT] = ''
post[:MASTER_ID] = identification
post[:TRANS_TYPE] = 'REFUND'
post[:NAME1] = options[:first_name] || ''
post[:NAME2] = options[:last_name] if options[:last_name]
post[:ZIP] = options[:zip] if options[:zip]
add_invoice(post, options)
add_address(post, options)
add_customer_data(post, options)
commit('CREDIT', money, post, options)
end
def credit(money, payment_object, options = {})
if payment_object&.kind_of?(String)
ActiveMerchant.deprecated 'credit should only be used to credit a payment method'
return refund(money, payment_object, options)
end
post = {}
post[:PAYMENT_ACCOUNT] = ''
add_payment_method(post, payment_object)
post[:TRANS_TYPE] = 'CREDIT'
post[:NAME1] = options[:first_name] || ''
post[:NAME2] = options[:last_name] if options[:last_name]
post[:ZIP] = options[:zip] if options[:zip]
add_invoice(post, options)
add_address(post, options)
add_customer_data(post, options)
commit('CREDIT', money, post, options)
end
# Create a new recurring payment.
#
# ==== Parameters
#
# * money -- The amount to charge the customer at the time of the recurring payment setup, in cents. Set to zero if you do not want the customer to be charged at this time.
# * payment_object -- This can either be one of three things:
# A CreditCard object,
# A Check object,
# or a token. The token is called the Master ID. This is a unique transaction ID returned from a previous transaction. This token associates all the stored information for a previous transaction.
# * options -- A hash of optional parameters.,
# ==== Options
#
# * :rebill_start_date is a string that tells the gateway when to start the rebill. (REQUIRED)
# Has two valid formats:
# "YYYY-MM-DD HH:MM:SS" Hours, minutes, and seconds are optional.
# "XX UNITS" Relative date as explained below. Marked from the time of the
# transaction (i.e.: 10 DAYS, 1 MONTH, 1 YEAR)
# * :rebill_expression is the period of time in-between rebillings. (REQUIRED)
# It uses the same "XX UNITS" format as rebill_start_date, explained above.
# Optional parameters include:
# * rebill_cycles: Number of times to rebill. Don't send or set to nil for infinite rebillings (or
# until canceled).
# * rebill_amount: Amount to rebill. Defaults to amount of transaction for rebillings.
#
# For example, to charge the customer $19.95 now and then charge $39.95 in 60 days every 3 months for 5 times, the options hash would be as follows:
# :rebill_start_date => '60 DAYS',
# :rebill_expression => '3 MONTHS',
# :rebill_cycles => '5',
# :rebill_amount => '39.95'
# A money object of 1995 cents would be passed into the 'money' parameter.
def recurring(money, payment_object, options = {})
ActiveMerchant.deprecated RECURRING_DEPRECATION_MESSAGE
requires!(options, :rebill_start_date, :rebill_expression)
options[:rebill] = true
if money
purchase(money, payment_object, options)
else
authorize(money, payment_object, options)
end
end
# View a recurring payment
#
# This will pull data associated with a current recurring billing
#
# ==== Parameters
#
# * rebill_id -- A string containing the rebill_id of the recurring billing that is already active (REQUIRED)
def status_recurring(rebill_id)
ActiveMerchant.deprecated RECURRING_DEPRECATION_MESSAGE
post = {}
requires!(rebill_id)
post[:REBILL_ID] = rebill_id
post[:TRANS_TYPE] = 'GET'
commit('rebill', 'nil', post)
end
# Update a recurring payment's details.
#
# This transaction updates an existing recurring billing
#
# ==== Options
#
# * :rebill_id -- The 12 digit rebill ID used to update a particular rebilling cycle. (REQUIRED)
# * :rebill_amount -- A string containing the new rebilling amount.
# * :rebill_next_date -- A string containing the new rebilling next date.
# * :rebill_expression -- A string containing the new rebilling expression.
# * :rebill_cycles -- A string containing the new rebilling cycles.
# * :rebill_next_amount -- A string containing the next rebilling amount to charge the customer. This ONLY affects the next scheduled charge; all other rebillings will continue at the regular (rebill_amount) amount.
# Take a look above at the recurring_payment method for similar examples on how to use.
def update_recurring(options = {})
ActiveMerchant.deprecated RECURRING_DEPRECATION_MESSAGE
post = {}
requires!(options, :rebill_id)
post[:REBILL_ID] = options[:rebill_id]
post[:TRANS_TYPE] = 'SET'
post[:REB_AMOUNT] = amount(options[:rebill_amount]) if options[:rebill_amount]
post[:NEXT_DATE] = options[:rebill_next_date]
post[:REB_EXPR] = options[:rebill_expression]
post[:REB_CYCLES] = options[:rebill_cycles]
post[:NEXT_AMOUNT] = options[:rebill_next_amount]
commit('rebill', 'nil', post)
end
# Cancel a recurring payment.
#
# This transaction cancels an existing recurring billing.
#
# ==== Parameters
#
# * rebill_id -- A string containing the rebill_id of the recurring billing that you wish to cancel/stop (REQUIRED)
def cancel_recurring(rebill_id)
ActiveMerchant.deprecated RECURRING_DEPRECATION_MESSAGE
post = {}
requires!(rebill_id)
post[:REBILL_ID] = rebill_id
post[:TRANS_TYPE] = 'SET'
post[:STATUS] = 'stopped'
commit('rebill', 'nil', post)
end
def supports_scrubbing
true
end
def scrub(transcript)
transcript.
gsub(%r((Authorization: Basic )\w+), '\1[FILTERED]').
gsub(%r((&?card_num=)[^&]*)i, '\1[FILTERED]').
gsub(%r((&?CARD_CVV2=)[^&]*)i, '\1[FILTERED]').
gsub(%r((&?PAYMENT_ACCOUNT=)[^&]*)i, '\1[FILTERED]').
gsub(%r((&?TAMPER_PROOF_SEAL=)[^&"]*)i, '\1[FILTERED]')
end
private
def commit(action, money, fields, options = {})
fields[:AMOUNT] = amount(money) unless(fields[:TRANS_TYPE] == 'VOID' || action == 'rebill')
fields[:MODE] = (test? ? 'TEST' : 'LIVE')
fields[:ACCOUNT_ID] = @options[:login]
fields[:CUSTOMER_IP] = options[:ip] if options[:ip]
if action == 'rebill'
url = rebilling_url
fields[:TAMPER_PROOF_SEAL] = calc_rebill_tps(fields)
else
url = live_url
fields[:TAMPER_PROOF_SEAL] = calc_tps(amount(money), fields)
end
parse(ssl_post(url, post_data(action, fields)))
end
def parse_recurring(response_fields, opts={}) # expected status?
parsed = {}
response_fields.each do |k, v|
mapped_key = REBILL_FIELD_MAP.include?(k) ? REBILL_FIELD_MAP[k] : k
parsed[mapped_key] = v
end
success = parsed[:status] != 'error'
message = parsed[:status]
Response.new(success, message, parsed,
:test => test?,
:authorization => parsed[:rebill_id])
end
def parse(body)
# The bp20api has max one value per form field.
response_fields = Hash[CGI::parse(body).map { |k, v| [k.upcase, v.first] }]
if response_fields.include? 'REBILL_ID'
return parse_recurring(response_fields)
end
parsed = {}
response_fields.each do |k, v|
mapped_key = FIELD_MAP.include?(k) ? FIELD_MAP[k] : k
parsed[mapped_key] = v
end
# normalize message
message = message_from(parsed)
success = parsed[:response_code] == '1'
Response.new(success, message, parsed,
:test => test?,
:authorization => (parsed[:rebid] && parsed[:rebid] != '' ? parsed[:rebid] : parsed[:transaction_id]),
:avs_result => { :code => parsed[:avs_result_code] },
:cvv_result => parsed[:card_code]
)
end
def message_from(parsed)
message = parsed[:message]
if(parsed[:response_code].to_i == 2)
if CARD_CODE_ERRORS.include?(parsed[:card_code])
message = CVVResult.messages[parsed[:card_code]]
elsif AVS_ERRORS.include?(parsed[:avs_result_code])
message = AVSResult.messages[parsed[:avs_result_code]]
else
message = message.chomp('.')
end
elsif message == 'Missing ACCOUNT_ID'
message = 'The merchant login ID or password is invalid'
elsif message =~ /Approved/
message = 'This transaction has been approved'
elsif message =~ /Expired/
message = 'The credit card has expired'
end
message
end
def add_invoice(post, options)
post[:ORDER_ID] = options[:order_id]
post[:INVOICE_ID] = options[:invoice]
post[:invoice_num] = options[:order_id]
post[:MEMO] = options[:description]
post[:description] = options[:description]
end
def add_payment_method(post, payment_object)
post[:MASTER_ID] = ''
case payment_object
when String
post[:MASTER_ID] = payment_object
when Check
add_check(post, payment_object)
else
add_creditcard(post, payment_object)
end
end
def add_creditcard(post, creditcard)
post[:PAYMENT_TYPE] = 'CREDIT'
post[:PAYMENT_ACCOUNT] = creditcard.number
post[:CARD_CVV2] = creditcard.verification_value
post[:CARD_EXPIRE] = expdate(creditcard)
post[:NAME1] = creditcard.first_name
post[:NAME2] = creditcard.last_name
end
CHECK_ACCOUNT_TYPES = {
'checking' => 'C',
'savings' => 'S'
}
def add_check(post, check)
post[:PAYMENT_TYPE] = 'ACH'
post[:PAYMENT_ACCOUNT] = [CHECK_ACCOUNT_TYPES[check.account_type], check.routing_number, check.account_number].join(':')
post[:NAME1] = check.first_name
post[:NAME2] = check.last_name
end
def add_customer_data(post, options)
post[:EMAIL] = options[:email]
post[:CUSTOM_ID] = options[:customer]
post[:CUSTOM_ID2] = options[:custom_id2]
end
def add_duplicate_override(post, options)
post[:DUPLICATE_OVERRIDE] = options[:duplicate_override]
end
def add_address(post, options)
if address = (options[:shipping_address] || options[:billing_address] || options[:address])
post[:ADDR1] = address[:address1]
post[:ADDR2] = address[:address2]
post[:COMPANY_NAME] = address[:company]
post[:PHONE] = address[:phone]
post[:CITY] = address[:city]
post[:STATE] = (address[:state].blank? ? 'n/a' : address[:state])
post[:ZIP] = address[:zip]
post[:COUNTRY] = address[:country]
end
end
def add_rebill(post, options)
post[:DO_REBILL] = '1'
post[:REB_AMOUNT] = amount(options[:rebill_amount])
post[:REB_FIRST_DATE] = options[:rebill_start_date]
post[:REB_EXPR] = options[:rebill_expression]
post[:REB_CYCLES] = options[:rebill_cycles]
end
def post_data(action, parameters = {})
post = {}
post[:version] = '1'
post[:login] = ''
post[:tran_key] = ''
post[:relay_response] = 'FALSE'
post[:type] = action
post[:delim_data] = 'TRUE'
post[:delim_char] = ','
post[:encap_char] = '$'
post[:card_num] = '4111111111111111'
post[:exp_date] = '1212'
post[:solution_ID] = application_id if application_id
post.merge(parameters).collect { |key, value| "#{key}=#{CGI.escape(value.to_s)}" }.join('&')
end
def expdate(creditcard)
year = format(creditcard.year, :two_digits)
month = format(creditcard.month, :two_digits)
"#{month}#{year}"
end
def calc_tps(amount, post)
post[:NAME1] ||= ''
Digest::MD5.hexdigest(
[
@options[:password],
@options[:login],
post[:TRANS_TYPE],
amount,
post[:MASTER_ID],
post[:NAME1],
post[:PAYMENT_ACCOUNT]
].join('')
)
end
def calc_rebill_tps(post)
Digest::MD5.hexdigest(
[
@options[:password],
@options[:login],
post[:TRANS_TYPE],
post[:REBILL_ID]
].join('')
)
end
def handle_response(response)
if ignore_http_status || (200...300).cover?(response.code.to_i)
return response.body
end
raise ResponseError.new(response)
end
end
end
end