require "nokogiri" require "cgi" module ActiveMerchant #:nodoc: module Billing #:nodoc: class EwayRapidGateway < Gateway self.test_url = "https://api.sandbox.ewaypayments.com/" self.live_url = "https://api.ewaypayments.com/" self.money_format = :cents self.supported_countries = ["AU"] self.supported_cardtypes = [:visa, :master, :american_express, :diners_club] self.homepage_url = "http://www.eway.com.au/" self.display_name = "eWAY Rapid 3.0" self.default_currency = "AUD" def initialize(options = {}) requires!(options, :login, :password) super end # Public: Run a purchase transaction. Treats the Rapid 3.0 transparent # redirect as an API endpoint in order to conform to the standard # ActiveMerchant #purchase API. # # amount - The monetary amount of the transaction in cents. # options - A standard ActiveMerchant options hash: # :order_id - A merchant-supplied identifier for the # transaction (optional). # :description - A merchant-supplied description of the # transaction (optional). # :currency - Three letter currency code for the # transaction (default: "AUD") # :billing_address - Standard ActiveMerchant address hash # (optional). # :shipping_address - Standard ActiveMerchant address hash # (optional). # :ip - The ip of the consumer initiating the # transaction (optional). # :application_id - A string identifying the application # submitting the transaction # (default: "https://github.com/Shopify/active_merchant") # # Returns an ActiveMerchant::Billing::Response object def purchase(amount, payment_method, options={}) MultiResponse.new.tap do |r| # Rather than follow the redirect, we detect the 302 and capture the # token out of the Location header in the run_purchase step. But we # still need a placeholder url to pass to eWay, and that is what # example.com is used for here. r.process{setup_purchase(amount, options.merge(:redirect_url => "http://example.com/"))} r.process{run_purchase(r.authorization, payment_method, r.params["formactionurl"])} r.process{status(r.authorization)} end end # Public: Acquire the token necessary to run a transparent redirect. # # amount - The monetary amount of the transaction in cents. # options - A supplemented ActiveMerchant options hash: # :redirect_url - The url to return the customer to after # the transparent redirect is completed # (required). # :order_id - A merchant-supplied identifier for the # transaction (optional). # :description - A merchant-supplied description of the # transaction (optional). # :currency - Three letter currency code for the # transaction (default: "AUD") # :billing_address - Standard ActiveMerchant address hash # (optional). # :shipping_address - Standard ActiveMerchant address hash # (optional). # :ip - The ip of the consumer initiating the # transaction (optional). # :application_id - A string identifying the application # submitting the transaction # (default: "https://github.com/Shopify/active_merchant") # # Returns an EwayRapidResponse object, which conforms to the # ActiveMerchant::Billing::Response API, but also exposes #form_url. def setup_purchase(amount, options={}) requires!(options, :redirect_url) request = build_xml_request("CreateAccessCodeRequest") do |doc| add_metadata(doc, options) add_invoice(doc, amount, options) add_customer_data(doc, options) end commit(url_for("CreateAccessCode"), request) end # Public: Retrieve the status of a transaction. # # identification - The Eway Rapid 3.0 access code for the transaction # (returned as the response.authorization by # #setup_purchase). # # Returns an EwayRapidResponse object. def status(identification) request = build_xml_request("GetAccessCodeResultRequest") do |doc| doc.AccessCode identification end commit(url_for("GetAccessCodeResult"), request) end # Public: Store card details and return a valid token # # options - A supplemented ActiveMerchant options hash: # :order_id - A merchant-supplied identifier for the # transaction (optional). # :billing_address - Standard ActiveMerchant address hash # (required). # :ip - The ip of the consumer initiating the # transaction (optional). # :application_id - A string identifying the application # submitting the transaction # (default: "https://github.com/Shopify/active_merchant") def store(payment_method, options = {}) requires!(options, :billing_address) purchase(0, payment_method, options.merge(:request_method => "CreateTokenCustomer")) end private def run_purchase(identification, payment_method, endpoint) post = { "accesscode" => identification } add_credit_card(post, payment_method) commit_form(endpoint, build_form_request(post)) end def add_metadata(doc, options) doc.RedirectUrl(options[:redirect_url]) doc.CustomerIP options[:ip] if options[:ip] doc.Method options[:request_method] || "ProcessPayment" doc.DeviceID(options[:application_id] || application_id) end def add_invoice(doc, money, options) doc.Payment do doc.TotalAmount amount(money) doc.InvoiceReference options[:order_id] doc.InvoiceDescription options[:description] currency_code = (options[:currency] || currency(money) || default_currency) doc.CurrencyCode currency_code end end def add_customer_data(doc, options) doc.Customer do add_address(doc, (options[:billing_address] || options[:address]), {:email => options[:email]}) end doc.ShippingAddress do add_address(doc, options[:shipping_address], {:skip_company => true}) end end def add_address(doc, address, options={}) return unless address if name = address[:name] parts = name.split(/\s+/) doc.FirstName parts.shift if parts.size > 1 doc.LastName parts.join(" ") end doc.Title address[:title] doc.CompanyName address[:company] unless options[:skip_company] doc.Street1 address[:address1] doc.Street2 address[:address2] doc.City address[:city] doc.State address[:state] doc.PostalCode address[:zip] doc.Country address[:country].to_s.downcase doc.Phone address[:phone] doc.Fax address[:fax] doc.Email options[:email] end def add_credit_card(post, credit_card) post["cardname"] = credit_card.name post["cardnumber"] = credit_card.number post["cardexpirymonth"] = credit_card.month post["cardexpiryyear"] = credit_card.year post["cardcvn"] = credit_card.verification_value end def build_xml_request(root) builder = Nokogiri::XML::Builder.new builder.__send__(root) do |doc| yield(doc) end builder.to_xml end def build_form_request(post) request = [] post.each do |key, value| request << "EWAY_#{key.upcase}=#{CGI.escape(value.to_s)}" end request.join("&") end def url_for(action) (test? ? test_url : live_url) + action + ".xml" end def commit(url, request, form_post=false) headers = { "Authorization" => ("Basic " + Base64.strict_encode64(@options[:login].to_s + ":" + @options[:password].to_s).chomp), "Content-Type" => "text/xml" } raw = parse(ssl_post(url, request, headers)) succeeded = success?(raw) EwayRapidResponse.new( succeeded, message_from(succeeded, raw), raw, :authorization => authorization_from(raw), :test => test?, :avs_result => avs_result_from(raw), :cvv_result => cvv_result_from(raw) ) rescue ActiveMerchant::ResponseError => e return EwayRapidResponse.new(false, e.response.message, {:status_code => e.response.code}, :test => test?) end def commit_form(url, request) http_response = raw_ssl_request(:post, url, request) success = (http_response.code.to_s == "302") message = (success ? "Succeeded" : http_response.body) if success authorization = CGI.unescape(http_response["Location"].split("=").last) end Response.new(success, message, {:location => http_response["Location"]}, :authorization => authorization, :test => test?) end def parse(xml) response = {} doc = Nokogiri::XML(xml) doc.root.xpath("*").each do |node| if (node.elements.size == 0) response[node.name.downcase.to_sym] = node.text else node.elements.each do |childnode| name = "#{node.name.downcase}_#{childnode.name.downcase}" response[name.to_sym] = childnode.text end end end unless doc.root.nil? response end def success?(response) if response[:errors] false elsif response[:responsecode] == "00" true elsif response[:transactionstatus] (response[:transactionstatus] == "true") else true end end def message_from(succeeded, response) if response[:errors] (MESSAGES[response[:errors]] || response[:errors]) elsif response[:responsecode] ActiveMerchant::Billing::EwayGateway::MESSAGES[response[:responsecode]] elsif response[:responsemessage] (MESSAGES[response[:responsemessage]] || response[:responsemessage]) elsif succeeded "Succeeded" else "Failed" end end def authorization_from(response) response[:accesscode] end def avs_result_from(response) code = case response[:verification_address] when "Valid" "M" when "Invalid" "N" else "I" end {:code => code} end def cvv_result_from(response) case response[:verification_cvn] when "Valid" "M" when "Invalid" "N" else "P" end end class EwayRapidResponse < ActiveMerchant::Billing::Response def form_url params["formactionurl"] end end MESSAGES = { 'V6000' => 'Validation error', 'V6001' => 'Invalid CustomerIP', 'V6002' => 'Invalid DeviceID', 'V6011' => 'Invalid Payment TotalAmount', 'V6012' => 'Invalid Payment InvoiceDescription', 'V6013' => 'Invalid Payment InvoiceNumber', 'V6014' => 'Invalid Payment InvoiceReference', 'V6015' => 'Invalid Payment CurrencyCode', 'V6016' => 'Payment Required', 'V6017' => 'Payment CurrencyCode Required', 'V6018' => 'Unknown Payment CurrencyCode', 'V6021' => 'EWAY_CARDHOLDERNAME Required', 'V6022' => 'EWAY_CARDNUMBER Required', 'V6023' => 'EWAY_CARDCVN Required', 'V6033' => 'Invalid Expiry Date', 'V6034' => 'Invalid Issue Number', 'V6035' => 'Invalid Valid From Date', 'V6040' => 'Invalid TokenCustomerID', 'V6041' => 'Customer Required', 'V6042' => 'Customer FirstName Required', 'V6043' => 'Customer LastName Required', 'V6044' => 'Customer CountryCode Required', 'V6045' => 'Customer Title Required', 'V6046' => 'TokenCustomerID Required', 'V6047' => 'RedirectURL Required', 'V6051' => 'Invalid Customer FirstName', 'V6052' => 'Invalid Customer LastName', 'V6053' => 'Invalid Customer CountryCode', 'V6058' => 'Invalid Customer Title', 'V6059' => 'Invalid RedirectURL', 'V6060' => 'Invalid TokenCustomerID', 'V6061' => 'Invalid Customer Reference', 'V6062' => 'Invalid Customer CompanyName', 'V6063' => 'Invalid Customer JobDescription', 'V6064' => 'Invalid Customer Street1', 'V6065' => 'Invalid Customer Street2', 'V6066' => 'Invalid Customer City', 'V6067' => 'Invalid Customer State', 'V6068' => 'Invalid Customer PostalCode', 'V6069' => 'Invalid Customer Email', 'V6070' => 'Invalid Customer Phone', 'V6071' => 'Invalid Customer Mobile', 'V6072' => 'Invalid Customer Comments', 'V6073' => 'Invalid Customer Fax', 'V6074' => 'Invalid Customer URL', 'V6075' => 'Invalid ShippingAddress FirstName', 'V6076' => 'Invalid ShippingAddress LastName', 'V6077' => 'Invalid ShippingAddress Street1', 'V6078' => 'Invalid ShippingAddress Street2', 'V6079' => 'Invalid ShippingAddress City', 'V6080' => 'Invalid ShippingAddress State', 'V6081' => 'Invalid ShippingAddress PostalCode', 'V6082' => 'Invalid ShippingAddress Email', 'V6083' => 'Invalid ShippingAddress Phone', 'V6084' => 'Invalid ShippingAddress Country', 'V6085' => 'Invalid ShippingAddress ShippingMethod', 'V6086' => 'Invalid ShippingAddress Fax ', 'V6091' => 'Unknown Customer CountryCode', 'V6092' => 'Unknown ShippingAddress CountryCode', 'V6100' => 'Invalid EWAY_CARDNAME', 'V6101' => 'Invalid EWAY_CARDEXPIRYMONTH', 'V6102' => 'Invalid EWAY_CARDEXPIRYYEAR', 'V6103' => 'Invalid EWAY_CARDSTARTMONTH', 'V6104' => 'Invalid EWAY_CARDSTARTYEAR', 'V6105' => 'Invalid EWAY_CARDISSUENUMBER', 'V6106' => 'Invalid EWAY_CARDCVN', 'V6107' => 'Invalid EWAY_ACCESSCODE', 'V6108' => 'Invalid CustomerHostAddress', 'V6109' => 'Invalid UserAgent', 'V6110' => 'Invalid EWAY_CARDNUMBER' } end end end