X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=lib%2FBusiness%2FOnlinePayment%2FBambora.pm;h=f0c7916aefbd27d739e6f521a5d342b2b99d1e64;hb=24c86c6b9136ad878a118d57fc9b876eee3672f8;hp=c72183874d69bd511382eda05cbae656ec065d3a;hpb=4eac3eefba3e494cc771d43df1cd3fa3aaece916;p=Business-OnlinePayment-Bambora.git diff --git a/lib/Business/OnlinePayment/Bambora.pm b/lib/Business/OnlinePayment/Bambora.pm index c721838..f0c7916 100755 --- a/lib/Business/OnlinePayment/Bambora.pm +++ b/lib/Business/OnlinePayment/Bambora.pm @@ -6,13 +6,17 @@ use feature 'unicode_strings'; use Carp qw( croak ); use Cpanel::JSON::XS; -use Data::Dumper; $Data::Dumper::Sortkeys = 1; +use Data::Dumper; + $Data::Dumper::Sortkeys = 1; + $Data::Dumper::Indent = 1; +use LWP::UserAgent; use MIME::Base64; +use Time::HiRes; use Unicode::Truncate qw( truncate_egc ); use URI::Escape; use vars qw/ $VERSION $DEBUG /; -$VERSION = '0.01'; +$VERSION = '0.1'; $DEBUG = 1; if ( $DEBUG ) { @@ -35,6 +39,7 @@ sub set_defaults { # Create accessors for $self->build_subs(qw/ + card_token expiry_month expiry_year invoice_number @@ -59,7 +64,7 @@ my %action_dispatch_table = ( 'authorization only' => 'submit_authorization_only', 'post authorization' => 'submit_post_authorization', 'reverse authorization' => 'submit_reverse_authorization', - 'void' => 'submit_viod', + 'void' => 'submit_void', 'credit' => 'submit_credit', 'tokenize' => 'submit_tokenize', 'recurring authorization' => 'submit_recurring_authorization', @@ -83,7 +88,7 @@ sub submit { =head2 submit_normal_authorization -Compliete a payment transaction by with an API POST to B +Complete a payment transaction by with an API POST to B See L @@ -118,40 +123,51 @@ sub submit_normal_authorization { if ( $content->{card_number} ) { $post{payment_method} = 'card'; - # Parse the expiration date into expiry_month and expiry_year - $self->set_expiration; + # Add card payment details to %post + $post{card} = $self->jhref_card; + return if $self->error_message; + + # Designate recurring payment label + $post{card}->{recurring_payment} = $content->{recurring_payment} ? 1 : 0; - $post{card} = { - number => $self->truncate( $content->{card_number}, 20 ), - name => $self->truncate( $content->{owner}, 64 ), - expiry_month => sprintf( '%02d', $content->{expiry_month} ), - expiry_year => sprintf( '%02d', $content->{expiry_year} ), - cvd => $content->{cvv2}, - recurring_payment => $content->{recurring_payment} ? 1 : 0, - complete => 1, - }; + # Direct API to issue a complete auth, instead of pre-auth + $post{card}->{complete} = 1; + + # $post{card} = { + # number => $self->truncate( $content->{card_number}, 20 ), + # name => $self->truncate( $content->{owner}, 64 ), + # expiry_month => sprintf( '%02d', $content->{expiry_month} ), + # expiry_year => sprintf( '%02d', $content->{expiry_year} ), + # cvd => $content->{cvv2}, + # recurring_payment => $content->{recurring_payment} ? 1 : 0, + # complete => 1, + # }; } else { - die 'unknown/unsupported payment method!'; + croak 'unknown/unsupported payment method!'; } my $action = lc $content->{action}; + if ( $action eq 'normal authorization' ) { + # Perform complete authorization $self->path('/v1/payments'); + } elsif ( $action eq 'authorization only' ) { + # Perform pre-authorization $self->path('/v1/payments'); - if ( ref $post{card} ) { - $post{card}->{complete} = 0; - } + $post{card}->{complete} = 0; + } elsif ( $action eq 'post authorization' ) { + # Complete a pre-authorization croak 'post authorization cannot be completed - '. - 'bambora transaction_id must be set as order_number '. + 'bambora transaction_id must be set as content order_number '. 'before using submit()' unless $content->{order_number}; $self->path( - sprintf 'v1/payments/%s/completions', + sprintf '/v1/payments/%s/completions', $content->{order_number} ); @@ -167,17 +183,15 @@ sub submit_normal_authorization { if ( $DEBUG ) { warn Dumper({ + path => $self->path, post_body => $post_body, post_href => \%post, }); } - - $self->path('/v1/payments'); - my $response = $self->submit_api_request( $post_body ); - # Error messages already populated upon failure + # Any error messages will have been populated by submit_api_request return unless $self->is_success; # Populate transaction result values @@ -208,7 +222,7 @@ sub submit_authorization_only { $self->is_success && ( ref $response - && $response->{type} != 'PA' + && $response->{type} ne 'PA' ) ) { # Bambora API uses nearly identical API calls for normal @@ -241,7 +255,7 @@ sub submit_reverse_authorization { =head2 submit_void -Void a transaction +Process a return against a transaction for the given amount =cut @@ -249,7 +263,7 @@ sub submit_void { my $self = shift; my $content = $self->{_content}; - for my $f (qw/ order_number invoice_number amount/) { + for my $f (qw/ order_number amount/) { unless ( $content->{$f} ) { $self->error_message("Cannot process void - missing required content $f"); warn $self->error_message if $DEBUG; @@ -258,8 +272,9 @@ sub submit_void { } } + # The posted JSON string needs only contain the amount. + # The bambora order_number being voided is passed in the URL my %post = ( - order_number => $self->truncate( $content->{invoice_number}, 30 ), amount => $content->{amount}, ); my $post_body = encode_json( \%post ); @@ -270,13 +285,95 @@ sub submit_void { post_body => $post_body, }); } - $self->path( sprintf '/v1/payments/%s/void', $content->{order_number} ); + $self->path( sprintf '/v1/payments/%s/returns', $content->{order_number} ); my $response = $self->submit_api_request( $post_body ); +} + +=head2 submit_tokenize + +Bambora tokenization is based on the Payment Profile feature of their API. + +The token created by this method represnets the Bambora customer_code for the +Payment Profile. The token resembles a credit card number. It is 16 digits +long, beginning with 99. No valid card number can begin with the digits 99. +This method creates the payment profile, then replaces the customer_code +generated by Bambora with the card number resembling token. + +=cut + +sub submit_tokenize { + my $self = shift; + my $content = $self->{_content}; + + # Check if given card number is already a bambora customer_code + # under this module's token rules + croak "card_number is already tokenized" + if $content->{card_number} =~ /^99\d{14}$/; + + my %post = ( + customer_code => $self->generate_token, + card => $self->jhref_card, + billing => $self->jhref_billing_address, + validate => 0, + ); + + # jhref_card may have generated an exception + return if $self->error_message; + + $self->path('/v1/profiles'); + + my $post_body = encode_json( \%post ); + + if ( $DEBUG ) { + warn Dumper({ + path => $self->path, + post_body => $post_body, + post_href => \%post, + }); + } + + my $response = $self->submit_api_request( $post_body ); + if ( $DEBUG ) { + warn Dumper({ + response => $response, + is_success => $self->is_success, + error_message => $self->error_message, + }); + } + return unless $self->is_success; + + my $customer_code = $response->{customer_code}; + if ( !$customer_code ) { + # Should not happen... + # API reported success codes, but + # customer_code value is missing + $self->error_message( + "Fatal error: API reported success, but did not return customer_code" + ); + return $self->is_success(0); + } + + if ( $customer_code ne $post{customer_code} ) { + # Should not happen... + # API reported success codes, but + # customer_code attached to created profiles does not match + # the token value we attempted to assign to the customer profile + $self->error_message( + "Fatal error: API failed to set payment profile customer_code value" + ); + return $self->is_success(0); + } + + $self->card_token( $customer_code ); + + return $response; } -=head2 submit_api_request json_string + + +=head2 submit_api_request json_string [ POST | PUT ] Make the appropriate API request with the given JSON string @@ -284,10 +381,14 @@ Make the appropriate API request with the given JSON string sub submit_api_request { my $self = shift; + my $post_body = shift or die 'submit_api_request() requires a json_string parameter'; - my ( $response_body, $response_code, %response_headers ) = $self->https_post( + # Default to using https_post, unless PUT has been specified + my $http_method = ( $_[0] && lc $_[0] eq 'put' ) ? 'https_put' : 'https_post'; + + my ($response_body, $response_code, %response_headers) = $self->$http_method( { headers => { $self->authorization_header }, 'Content-Type' => 'application/json', @@ -310,7 +411,7 @@ sub submit_api_request { }); } - # API should always return a JSON response, likely network problem + # API should always return a JSON response if ( $@ || !$response ) { $self->error_message( $response_body || 'connection error' ); $self->is_success( 0 ); @@ -335,7 +436,6 @@ sub submit_api_request { # Return the decoded json of the response back to handler $self->is_success( 1 ); return $response; - } =head2 submit_action_unsupported @@ -345,12 +445,12 @@ Croak with the error message Action $action unsupported =cut sub submit_action_unsupported { - croak sprintf 'Action %s unsupported', shift->action + croak sprintf 'Action %s unsupported', shift->{_content}{action} } =head2 authorization_header -Bambora POST requests authenticate via a HTTP header of the format: +Bambora REST requests authenticate via a HTTP header of the format: Authorization: Passcode Base64Encoded(merchant_id:passcode) Returns a hash representing the authorization header derived from @@ -391,7 +491,7 @@ sub jhref_billing_address { my $content = $self->{_content}; - return { + return +{ name => $self->truncate( $content->{name}, 64 ), address_line1 => $self->truncate( $content->{address}, 64 ), city => $self->truncate( $content->{city}, 64 ), @@ -403,6 +503,76 @@ sub jhref_billing_address { }; } +=head2 jhref_card + +Return a hashref for inclusin into a json object +representing Card for the API + +If necessary values are missing from %content, will set +error_message and is_success + +=cut + +sub jhref_card { + my $self = shift; + my $content = $self->{_content}; + + $self->set_expiration; + + # Check required input + for my $f (qw/ + card_number + owner + expiry_month + expiry_year + cvv2 + /) { + next if $content->{$f}; + + $self->error_message( + "Cannot parse card payment - missing required content $f" + ); + + warn $self->error_message if $DEBUG; + $self->is_success( 0 ); + + return {}; + } + + return +{ + number => $self->truncate( $content->{card_number}, 20 ), + name => $self->truncate( $content->{owner}, 64 ), + expiry_month => sprintf( '%02d', $content->{expiry_month} ), + expiry_year => sprintf( '%02d', $content->{expiry_year} ), + cvd => $content->{cvv2}, + } +} + +=head2 generate_token + +Generate a 16-digit numeric token, beginning with the digits 99, +based on the current epoch time + +Implementation note: + +If this module is somehow used to tokenize multiple cardholders within +the same microsecond, these cardholders will be assigned the same +customer_code. In the unlikely event this does happen, the Bambora system +will decline to process cards for either of the profiles with a duplicate +customer_code. + +=cut + +sub generate_token { + my $self = shift; + my $time = Time::HiRes::time(); + + $time =~ s/\D//g; + $time = substr($time, 0, 14 ); # Eventually time() will contain 15 digits + + "99$time"; +} + =head2 set_country Country is expected to be set as an ISO-3166-1 2-letter country code @@ -411,8 +581,8 @@ Sets string to upper case. Dies unless country is a two-letter string. -In the future, could be extended to convert country names to their respective -country codes +Could be extended to convert country names to their respective +country codes, or validate country codes See: L @@ -433,7 +603,7 @@ sub set_country { =head2 set_expiration_month_year -Split standard expiration field, which may be in the format +Split B::OP expiration field, which may be in the format MM/YY or MMYY, into separate expiry_month and expiry_year fields Will die if values are not numeric @@ -445,6 +615,12 @@ sub set_expiration { my $content = $self->{_content}; my $expiration = $content->{expiration}; + unless ( $expiration ) { + $content->{expiry_month} = undef; + $content->{expiry_year} = undef; + return; + } + my ( $mm, $yy ) = ( $expiration =~ /\// ? split( /\//, $expiration ) @@ -483,6 +659,11 @@ sub set_payment_method { =head2 set_phone_number +Set value for field phone_number, from value in field phone + +Bambora API expects only digits in a phone number. Strips all non-digit +characters + =cut sub set_phone_number { @@ -498,8 +679,11 @@ sub set_phone_number { =head2 set_province +Set value for field province, from value in field state + Outside the US/Canada, API expect province set to the string "--", -otherwise to be a 2 character string +otherwise expects a 2 character string. Value for province is +formatted to upper case, and truncated to 2 characters. =cut @@ -530,5 +714,40 @@ sub truncate { truncate_egc( "$string", $bytes, '' ); } +=head2 https_put { headers => \%headers }, post_body + +Implement a limited interface of https_get from Net::HTTPS::Any +for PUT instead of POST -- only implementing current use case of +submitting a JSON request body + +Todo: Properly implement https_put in Net::HTTPS::Any + +=cut + +sub https_put { + my ( $self, $args, $post_body ) = @_; + + my $ua = LWP::UserAgent->new; + + my %headers = %{ $args->{headers} } if ref $args->{headers}; + for my $k ( keys %headers ) { + $ua->default_header( $k => $headers{$k} ); + } + + my $url = $self->server().$self->path(); + my $res = $ua->put( $url, Content => $post_body ); + + $self->build_subs(qw/ response_page response_code response_headers/); + + my @response_headers = + map { $_ => $res->header( $_ ) } + $res->header_field_names; + + $self->response_headers( {@response_headers} ); + $self->response_code( $res->code ); + $self->response_page( $res->decoded_content ); + + ( $self->response_page, $self->response_code, @response_headers ); +} 1;