use Carp qw( croak );
use Cpanel::JSON::XS;
-use Data::Dumper; $Data::Dumper::Sortkeys = 1;
+use Data::Dumper;
+ $Data::Dumper::Sortkeys = 1;
+ $Data::Dumper::Indent = 1;
+use LWP::UserAgent;
use MIME::Base64;
+use Time::HiRes;
use Unicode::Truncate qw( truncate_egc );
use URI::Escape;
use vars qw/ $VERSION $DEBUG /;
-$VERSION = '0.01';
-$DEBUG = 0;
+$VERSION = '0.1';
+$DEBUG = 1;
if ( $DEBUG ) {
$Data::Dumper::Sortkeys = 1;
# Create accessors for
$self->build_subs(qw/
+ card_token
expiry_month
expiry_year
invoice_number
if ( $content->{card_number} ) {
$post{payment_method} = 'card';
- # Parse the expiration date into expiry_month and expiry_year
- $self->set_expiration;
+ # Add card payment details to %post
+ $post{card} = $self->jhref_card;
+ return if $self->error_message;
+
+ # Designate recurring payment label
+ $post{card}->{recurring_payment} = $content->{recurring_payment} ? 1 : 0;
- $post{card} = {
- number => $self->truncate( $content->{card_number}, 20 ),
- name => $self->truncate( $content->{owner}, 64 ),
- expiry_month => sprintf( '%02d', $content->{expiry_month} ),
- expiry_year => sprintf( '%02d', $content->{expiry_year} ),
- cvd => $content->{cvv2},
- recurring_payment => $content->{recurring_payment} ? 1 : 0,
- complete => 1,
- };
+ # Direct API to issue a complete auth, instead of pre-auth
+ $post{card}->{complete} = 1;
+
+ # $post{card} = {
+ # number => $self->truncate( $content->{card_number}, 20 ),
+ # name => $self->truncate( $content->{owner}, 64 ),
+ # expiry_month => sprintf( '%02d', $content->{expiry_month} ),
+ # expiry_year => sprintf( '%02d', $content->{expiry_year} ),
+ # cvd => $content->{cvv2},
+ # recurring_payment => $content->{recurring_payment} ? 1 : 0,
+ # complete => 1,
+ # };
} else {
- die 'unknown/unsupported payment method!';
+ croak 'unknown/unsupported payment method!';
}
my $action = lc $content->{action};
if ( $action eq 'normal authorization' ) {
+ # Perform complete authorization
$self->path('/v1/payments');
+
} elsif ( $action eq 'authorization only' ) {
+ # Perform pre-authorization
$self->path('/v1/payments');
- if ( ref $post{card} ) {
- $post{card}->{complete} = 0;
- }
+ $post{card}->{complete} = 0;
+
} elsif ( $action eq 'post authorization' ) {
+ # Complete a pre-authorization
croak 'post authorization cannot be completed - '.
- 'bambora transaction_id must be set as order_number '.
+ 'bambora transaction_id must be set as content order_number '.
'before using submit()'
unless $content->{order_number};
if ( $DEBUG ) {
warn Dumper({
+ path => $self->path,
post_body => $post_body,
post_href => \%post,
});
my $response = $self->submit_api_request( $post_body );
- # Error messages already populated upon failure
+ # Any error messages will have been populated by submit_api_request
return unless $self->is_success;
# Populate transaction result values
}
}
+ # The posted JSON string needs only contain the amount.
+ # The bambora order_number being voided is passed in the URL
my %post = (
-# order_number => $self->truncate( $content->{invoice_number}, 30 ),
amount => $content->{amount},
);
my $post_body = encode_json( \%post );
$self->path( sprintf '/v1/payments/%s/returns', $content->{order_number} );
my $response = $self->submit_api_request( $post_body );
+}
+
+=head2 submit_tokenize
+
+Bambora tokenization is based on the Payment Profile feature of their API.
+
+The token created by this method represnets the Bambora customer_code for the
+Payment Profile. The token resembles a credit card number. It is 16 digits
+long, beginning with 99. No valid card number can begin with the digits 99.
+
+This method creates the payment profile, then replaces the customer_code
+generated by Bambora with the card number resembling token.
+
+=cut
+
+sub submit_tokenize {
+ my $self = shift;
+ my $content = $self->{_content};
+
+ # Check if given card number is already a bambora customer_code
+ # under this module's token rules
+ croak "card_number is already tokenized"
+ if $content->{card_number} =~ /^99\d{14}$/;
+
+ my %post = (
+ customer_code => $self->generate_token,
+ card => $self->jhref_card,
+ billing => $self->jhref_billing_address,
+ validate => 0,
+ );
+
+ # jhref_card may have generated an exception
+ return if $self->error_message;
+
+ $self->path('/v1/profiles');
+
+ my $post_body = encode_json( \%post );
+ if ( $DEBUG ) {
+ warn Dumper({
+ path => $self->path,
+ post_body => $post_body,
+ post_href => \%post,
+ });
+ }
+
+ my $response = $self->submit_api_request( $post_body );
+ if ( $DEBUG ) {
+ warn Dumper({
+ response => $response,
+ is_success => $self->is_success,
+ error_message => $self->error_message,
+ });
+ }
+ return unless $self->is_success;
+
+ my $customer_code = $response->{customer_code};
+ if ( !$customer_code ) {
+ # Should not happen...
+ # API reported success codes, but
+ # customer_code value is missing
+ $self->error_message(
+ "Fatal error: API reported success, but did not return customer_code"
+ );
+ return $self->is_success(0);
+ }
+
+ if ( $customer_code ne $post{customer_code} ) {
+ # Should not happen...
+ # API reported success codes, but
+ # customer_code attached to created profiles does not match
+ # the token value we attempted to assign to the customer profile
+ $self->error_message(
+ "Fatal error: API failed to set payment profile customer_code value"
+ );
+ return $self->is_success(0);
+ }
+
+ $self->card_token( $customer_code );
+
+ return $response;
}
-=head2 submit_api_request json_string
+
+
+=head2 submit_api_request json_string [ POST | PUT ]
Make the appropriate API request with the given JSON string
sub submit_api_request {
my $self = shift;
+
my $post_body = shift
or die 'submit_api_request() requires a json_string parameter';
- my ( $response_body, $response_code, %response_headers ) = $self->https_post(
+ # Default to using https_post, unless PUT has been specified
+ my $http_method = ( $_[0] && lc $_[0] eq 'put' ) ? 'https_put' : 'https_post';
+
+ my ($response_body, $response_code, %response_headers) = $self->$http_method(
{
headers => { $self->authorization_header },
'Content-Type' => 'application/json',
});
}
- # API should always return a JSON response, likely network problem
+ # API should always return a JSON response
if ( $@ || !$response ) {
$self->error_message( $response_body || 'connection error' );
$self->is_success( 0 );
# Return the decoded json of the response back to handler
$self->is_success( 1 );
return $response;
-
}
=head2 submit_action_unsupported
my $content = $self->{_content};
- return {
+ return +{
name => $self->truncate( $content->{name}, 64 ),
address_line1 => $self->truncate( $content->{address}, 64 ),
city => $self->truncate( $content->{city}, 64 ),
};
}
+=head2 jhref_card
+
+Return a hashref for inclusin into a json object
+representing Card for the API
+
+If necessary values are missing from %content, will set
+error_message and is_success
+
+=cut
+
+sub jhref_card {
+ my $self = shift;
+ my $content = $self->{_content};
+
+ $self->set_expiration;
+
+ # Check required input
+ for my $f (qw/
+ card_number
+ owner
+ expiry_month
+ expiry_year
+ cvv2
+ /) {
+ next if $content->{$f};
+
+ $self->error_message(
+ "Cannot parse card payment - missing required content $f"
+ );
+
+ warn $self->error_message if $DEBUG;
+ $self->is_success( 0 );
+
+ return {};
+ }
+
+ return +{
+ number => $self->truncate( $content->{card_number}, 20 ),
+ name => $self->truncate( $content->{owner}, 64 ),
+ expiry_month => sprintf( '%02d', $content->{expiry_month} ),
+ expiry_year => sprintf( '%02d', $content->{expiry_year} ),
+ cvd => $content->{cvv2},
+ }
+}
+
+=head2 generate_token
+
+Generate a 16-digit numeric token, beginning with the digits 99,
+based on the current epoch time
+
+Implementation note:
+
+If this module is somehow used to tokenize multiple cardholders within
+the same microsecond, these cardholders will be assigned the same
+customer_code. In the unlikely event this does happen, the Bambora system
+will decline to process cards for either of the profiles with a duplicate
+customer_code.
+
+=cut
+
+sub generate_token {
+ my $self = shift;
+ my $time = Time::HiRes::time();
+
+ $time =~ s/\D//g;
+ $time = substr($time, 0, 14 ); # Eventually time() will contain 15 digits
+
+ "99$time";
+}
+
=head2 set_country
Country is expected to be set as an ISO-3166-1 2-letter country code
Dies unless country is a two-letter string.
Could be extended to convert country names to their respective
-country codes
+country codes, or validate country codes
See: L<https://en.wikipedia.org/wiki/ISO_3166-1>
truncate_egc( "$string", $bytes, '' );
}
+=head2 https_put { headers => \%headers }, post_body
+
+Implement a limited interface of https_get from Net::HTTPS::Any
+for PUT instead of POST -- only implementing current use case of
+submitting a JSON request body
+
+Todo: Properly implement https_put in Net::HTTPS::Any
+
+=cut
+
+sub https_put {
+ my ( $self, $args, $post_body ) = @_;
+
+ my $ua = LWP::UserAgent->new;
+
+ my %headers = %{ $args->{headers} } if ref $args->{headers};
+ for my $k ( keys %headers ) {
+ $ua->default_header( $k => $headers{$k} );
+ }
+
+ my $url = $self->server().$self->path();
+ my $res = $ua->put( $url, Content => $post_body );
+
+ $self->build_subs(qw/ response_page response_code response_headers/);
+
+ my @response_headers =
+ map { $_ => $res->header( $_ ) }
+ $res->header_field_names;
+
+ $self->response_headers( {@response_headers} );
+ $self->response_code( $res->code );
+ $self->response_page( $res->decoded_content );
+
+ ( $self->response_page, $self->response_code, @response_headers );
+}
1;