app/controllers/effective/providers/moneris.rb in effective_orders-4.0.0beta1 vs app/controllers/effective/providers/moneris.rb in effective_orders-4.0.0beta2

@@ -1,5 +1,7 @@
+require 'net/http'
+
 module Effective
   module Providers
     module Moneris
       extend ActiveSupport::Concern
 
@@ -15,36 +17,43 @@
         # Delete the Purchased and Declined Redirect URLs
         purchased_url = params.delete(:rvar_purchased_url)
         declined_url = params.delete(:rvar_declined_url)
 
         if @order.purchased?  # Fallback to a success condition of the Order is already purchased
-          order_purchased(details: params, provider: 'moneris', card: params[:card], purchased_url: purchased_url)
-          return
+          return order_purchased(payment: params, provider: 'moneris', card: params[:card], purchased_url: purchased_url)
         end
 
-        if params[:result].to_s == '1' && params[:transactionKey].present?
-          verify_params = parse_moneris_response(send_moneris_verify_request(params[:transactionKey])) || {}
+        # Invalid Result
+        if params[:result].to_s != '1' || params[:transactionKey].blank?
+          return order_declined(payment: params, provider: 'moneris', card: params[:card], declined_url: declined_url)
+        end
 
-          response_code = verify_params[:response_code].to_i # Sometimes moneris sends us the string 'null'
+        # Verify response from moneris
+        payment = params.merge(verify_moneris_transaction(params[:transactionKey]))
+        valid = (1..49).include?(payment[:response_code].to_i)  # Must be > 0 and < 50 to be valid. Sometimes we get the string 'null'
 
-          if response_code > 0 && response_code < 50  # Less than 50 means a successful validation
-            order_purchased(details: params.merge(verify_params), provider: 'moneris', card: params[:card], purchased_url: purchased_url)
-          else
-            order_declined(details: params.merge(verify_params), provider: 'moneris', card: params[:card], declined_url: declined_url)
-          end
-        else
-          order_declined(details: params, provider: 'moneris', card: params[:card], declined_url: declined_url)
+        if valid == false
+          return order_declined(payment: payment, provider: 'moneris', card: params[:card], declined_url: declined_url)
         end
+
+        order_purchased(payment: payment, provider: 'moneris', card: params[:card], purchased_url: purchased_url)
       end
 
       private
 
-      def parse_moneris_response(text)
-        text.split("<br>").inject(Hash.new()) { |h, i| h[i.split(' ').first.to_sym] = i.split(' ').last ; h } rescue {response: text}
-      end
+      def verify_moneris_transaction(transactionKey)
+        # Send a verification POST request
+        uri = URI.parse(EffectiveOrders.moneris[:verify_url])
+        params = { ps_store_id: EffectiveOrders.moneris[:ps_store_id], hpp_key: EffectiveOrders.moneris[:hpp_key], transactionKey: transactionKey }
+        headers = { 'Referer': effective_orders.moneris_postback_orders_url }
 
-      def send_moneris_verify_request(verify_key)
-        `curl -F ps_store_id='#{EffectiveOrders.moneris[:ps_store_id]}' -F hpp_key='#{EffectiveOrders.moneris[:hpp_key]}' -F transactionKey='#{verify_key}' --referer #{effective_orders.moneris_postback_orders_url} #{EffectiveOrders.moneris[:verify_url]}`
+        http = Net::HTTP.new(uri.host, uri.port)
+        http.use_ssl = true
+
+        body = http.post(uri.path, params.to_query, headers).body
+
+        # Parse response into a Hash
+        body.split('<br>').inject({}) { |h, i| h[i.split(' ').first.to_sym] = i.split(' ').last; h }
       end
 
     end
   end
 end