X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=FS%2FFS%2Fcust_main%2FBilling_Realtime.pm;h=7718f7aab571c0f5426a96d829fa6f74b121d5f8;hp=9fea1bb332f588e83e70ee30c0a543af60d06eb3;hb=f2b43a877c70aa367595fe2fc4fcffd82f62d001;hpb=95502dabd865c34d1483b20c583523b12fe9332d diff --git a/FS/FS/cust_main/Billing_Realtime.pm b/FS/FS/cust_main/Billing_Realtime.pm index 9fea1bb33..7718f7aab 100644 --- a/FS/FS/cust_main/Billing_Realtime.pm +++ b/FS/FS/cust_main/Billing_Realtime.pm @@ -5,8 +5,8 @@ use vars qw( $conf $DEBUG $me ); use vars qw( $realtime_bop_decline_quiet ); #ugh use Carp; use Data::Dumper; -use Business::CreditCard 0.28; -use FS::UID qw( dbh ); +use Business::CreditCard 0.35; +use FS::UID qw( dbh myconnect ); use FS::Record qw( qsearch qsearchs ); use FS::payby; use FS::cust_pay; @@ -111,6 +111,8 @@ I allows payment capture to unlock export jobs =cut +# Currently only used by ClientAPI +# NOT 4.x COMPATIBLE (see below) sub realtime_collect { my( $self, %options ) = @_; @@ -124,6 +126,7 @@ sub realtime_collect { $options{amount} = $self->balance unless exists( $options{amount} ); return '' unless $options{amount} > 0; + #### NOT 4.x COMPATIBLE $options{method} = FS::payby->payby2bop($self->payby) unless exists( $options{method} ); @@ -137,16 +140,14 @@ Runs a realtime credit card or ACH (electronic check) transaction via a Business::OnlinePayment realtime gateway. See L for supported gateways. -Required arguments in the hashref are I, and I +Required arguments in the hashref are I and either +I or I, I and (as applicable for method) +I, I, I, I, I, I and I. Available methods are: I, I, or I Available optional arguments are: I, I, I, I, I, I, I -The additional options I, I, I, I, I, -I, I and I are also available. Any of these options, -if set, will override the value from the customer record. - I is a free-text field passed to the gateway. It defaults to the value defined by the business-onlinepayment-description configuration option, or "Internet services" if that is unset. @@ -279,11 +280,6 @@ sub _bop_defaults { } } - unless ( exists( $options->{'payinfo'} ) ) { - $options->{'payinfo'} = $self->payinfo; - $options->{'paymask'} = $self->paymask; - } - # Default invoice number if the customer has exactly one open invoice. unless ( $options->{'invnum'} || $options->{'no_invnum'} ) { $options->{'invnum'} = ''; @@ -291,14 +287,50 @@ sub _bop_defaults { $options->{'invnum'} = $open[0]->invnum if scalar(@open) == 1; } - $options->{payname} = $self->payname unless exists( $options->{payname} ); +} + +sub _bop_cust_payby_options { + my ($self,$options) = @_; + my $cust_payby = $options->{'cust_payby'}; + if ($cust_payby) { + + $options->{'method'} = FS::payby->payby2bop( $cust_payby->payby ); + + if ($cust_payby->payby =~ /^(CARD|DCRD)$/) { + # false laziness with cust_payby->check + # which might not have been run yet + my( $m, $y ); + if ( $cust_payby->paydate =~ /^(\d{1,2})[\/\-](\d{2}(\d{2})?)$/ ) { + ( $m, $y ) = ( $1, length($2) == 4 ? $2 : "20$2" ); + } elsif ( $cust_payby->paydate =~ /^19(\d{2})[\/\-](\d{1,2})[\/\-]\d+$/ ) { + ( $m, $y ) = ( $2, "19$1" ); + } elsif ( $cust_payby->paydate =~ /^(20)?(\d{2})[\/\-](\d{1,2})[\/\-]\d+$/ ) { + ( $m, $y ) = ( $3, "20$2" ); + } else { + return "Illegal expiration date: ". $cust_payby->paydate; + } + $m = sprintf('%02d',$m); + $options->{paydate} = "$y-$m-01"; + } else { + $options->{paydate} = ''; + } + + $options->{$_} = $cust_payby->$_() + for qw( payinfo paycvv paymask paystart_month paystart_year + payissue payname paystate paytype payip ); + + if ( $cust_payby->locationnum ) { + my $cust_location = $cust_payby->cust_location; + $options->{$_} = $cust_location->$_() for qw( address1 address2 city state zip ); + } + } } sub _bop_content { my ($self, $options) = @_; my %content = (); - my $payip = exists($options->{'payip'}) ? $options->{'payip'} : $self->payip; + my $payip = $options->{'payip'}; $content{customer_ip} = $payip if length($payip); $content{invoice_number} = $options->{'invnum'} @@ -325,26 +357,14 @@ sub _bop_content { $content{name} = $payname; - $content{address} = exists($options->{'address1'}) - ? $options->{'address1'} - : $self->address1; - my $address2 = exists($options->{'address2'}) - ? $options->{'address2'} - : $self->address2; + $content{address} = $options->{'address1'}; + my $address2 = $options->{'address2'}; $content{address} .= ", ". $address2 if length($address2); - $content{city} = exists($options->{city}) - ? $options->{city} - : $self->city; - $content{state} = exists($options->{state}) - ? $options->{state} - : $self->state; - $content{zip} = exists($options->{zip}) - ? $options->{'zip'} - : $self->zip; - $content{country} = exists($options->{country}) - ? $options->{country} - : $self->country; + $content{city} = $options->{'city'}; + $content{state} = $options->{'state'}; + $content{zip} = $options->{'zip'}; + $content{country} = $options->{'country'}; $content{phone} = $self->daytime || $self->night; @@ -355,6 +375,47 @@ sub _bop_content { \%content; } +sub _tokenize_card { + my ($self,$transaction,$options,$log,%opt) = @_; + # options is for entire process, so we can update payinfo + # opt is just for this call, only key is replace + + my $cust_payby = $options->{'cust_payby'}; + if ( $cust_payby + and $transaction->can('card_token') + and $transaction->card_token + and !$cust_payby->tokenized #not already tokenized + ) { + + $options->{'payinfo'} = $transaction->card_token; + $cust_payby->payinfo($transaction->card_token); + + my $error; + $error = $cust_payby->replace if $opt{'replace'}; + if ( $error ) { + $log->error('Error storing token for cust '.$self->custnum.', cust_payby '.$cust_payby->custpaybynum.': '.$error); + return $error; + } else { + $log->debug('Tokenized card for cust '.$self->custnum.', cust_payby '.$cust_payby->custpaybynum); + return ''; + } + + } + +} + +# only store payinfo in cust_pay/cust_pay_pending +# if it's a tokenized card or if processor requires card for void +sub _cust_pay_opts { + my ($self,$payby,$payinfo,$transaction) = @_; + ( (($payby eq 'CARD') && $self->tokenized($payinfo)) + || (($payby eq 'CARD') && $transaction->info('CC_void_requires_card')) + || (($payby eq 'CHEK') && $transaction->info('ECHECK_void_requires_account')) + ) + ? ('payinfo' => $payinfo) + : (); +} + my %bop_method2payby = ( 'CC' => 'CARD', 'ECHECK' => 'CHEK', @@ -369,6 +430,8 @@ sub realtime_bop { unless $FS::UID::AutoCommit; local($DEBUG) = $FS::cust_main::DEBUG if $FS::cust_main::DEBUG > $DEBUG; + + my $log = FS::Log->new('FS::cust_main::Billing_Realtime::realtime_bop'); my %options = (); if (ref($_[0]) eq 'HASH') { @@ -380,6 +443,8 @@ sub realtime_bop { $options{amount} = $amount; } + # set fields from passed cust_payby + $self->_bop_cust_payby_options(\%options); ### # optional credit card surcharge @@ -387,8 +452,8 @@ sub realtime_bop { my $cc_surcharge = 0; my $cc_surcharge_pct = 0; - $cc_surcharge_pct = $conf->config('credit-card-surcharge-percentage') - if $conf->config('credit-card-surcharge-percentage') + $cc_surcharge_pct = $conf->config('credit-card-surcharge-percentage', $self->agentnum) + if $conf->config('credit-card-surcharge-percentage', $self->agentnum) && $options{method} eq 'CC'; # always add cc surcharge if called from event @@ -419,6 +484,9 @@ sub realtime_bop { $self->_bop_defaults(\%options); + return "Missing payinfo" + unless $options{'payinfo'}; + ### # set trans_is_recur based on invnum if there is one ### @@ -504,29 +572,19 @@ sub realtime_bop { if ( $options{method} eq 'CC' ) { $content{card_number} = $options{payinfo}; - $paydate = exists($options{'paydate'}) - ? $options{'paydate'} - : $self->paydate; + $paydate = $options{'paydate'}; $paydate =~ /^\d{2}(\d{2})[\/\-](\d+)[\/\-]\d+$/; $content{expiration} = "$2/$1"; $content{cvv2} = $options{'paycvv'} if length($options{'paycvv'}); - my $paystart_month = exists($options{'paystart_month'}) - ? $options{'paystart_month'} - : $self->paystart_month; - - my $paystart_year = exists($options{'paystart_year'}) - ? $options{'paystart_year'} - : $self->paystart_year; - + my $paystart_month = $options{'paystart_month'}; + my $paystart_year = $options{'paystart_year'}; $content{card_start} = "$paystart_month/$paystart_year" if $paystart_month && $paystart_year; - my $payissue = exists($options{'payissue'}) - ? $options{'payissue'} - : $self->payissue; + my $payissue = $options{'payissue'}; $content{issue_number} = $payissue if $payissue; if ( $self->_bop_recurring_billing( @@ -545,13 +603,8 @@ sub realtime_bop { ( $content{account_number}, $content{routing_code} ) = split('@', $options{payinfo}); $content{bank_name} = $options{payname}; - $content{bank_state} = exists($options{'paystate'}) - ? $options{'paystate'} - : $self->getfield('paystate'); - $content{account_type}= - (exists($options{'paytype'}) && $options{'paytype'}) - ? uc($options{'paytype'}) - : uc($self->getfield('paytype')) || 'PERSONAL CHECKING'; + $content{bank_state} = $options{'paystate'}; + $content{account_type}= uc($options{'paytype'}) || 'PERSONAL CHECKING'; $content{company} = $self->company if $self->company; @@ -628,12 +681,15 @@ sub realtime_bop { #okay, good to go, if we're a duplicate, cust_pay_pending will kick us out + my $transaction = new $namespace( $payment_gateway->gateway_module, + $self->_bop_options(\%options), + ); + my $cust_pay_pending = new FS::cust_pay_pending { 'custnum' => $self->custnum, 'paid' => $options{amount}, '_date' => '', 'payby' => $bop_method2payby{$options{method}}, - 'payinfo' => $options{payinfo}, 'paymask' => $options{paymask}, 'paydate' => $paydate, 'recurring_billing' => $content{recurring_billing}, @@ -642,6 +698,7 @@ sub realtime_bop { 'gatewaynum' => $payment_gateway->gatewaynum || '', 'session_id' => $options{session_id} || '', 'jobnum' => $options{depend_jobnum} || '', + $self->_cust_pay_opts($options{payinfo},$transaction), }; $cust_pay_pending->payunique( $options{payunique} ) if defined($options{payunique}) && length($options{payunique}); @@ -658,10 +715,6 @@ sub realtime_bop { my( $action1, $action2 ) = split( /\s*\,\s*/, $payment_gateway->gateway_action ); - my $transaction = new $namespace( $payment_gateway->gateway_module, - $self->_bop_options(\%options), - ); - $transaction->content( 'type' => $options{method}, $self->_bop_auth(\%options), @@ -774,18 +827,8 @@ sub realtime_bop { # Tokenize ### - - if ( $transaction->can('card_token') && $transaction->card_token ) { - - if ( $options{'payinfo'} eq $self->payinfo ) { - $self->payinfo($transaction->card_token); - my $error = $self->replace; - if ( $error ) { - warn "WARNING: error storing token: $error, but proceeding anyway\n"; - } - } - - } + my $error = $self->_tokenize_card($transaction,\%options,$log,'replace' => 1); + return $error if $error; ### # result handling @@ -822,9 +865,7 @@ sub fake_bop { 'paid' => $options{amount}, '_date' => '', 'payby' => $bop_method2payby{$options{method}}, - #'payinfo' => $payinfo, 'payinfo' => '4111111111111111', - #'paydate' => $paydate, 'paydate' => '2012-05-01', 'processor' => 'FakeProcessor', 'auth' => '54', @@ -898,7 +939,6 @@ sub _realtime_bop_result { 'paid' => $cust_pay_pending->paid, '_date' => '', 'payby' => $cust_pay_pending->payby, - 'payinfo' => $options{'payinfo'}, 'paymask' => $options{'paymask'} || $cust_pay_pending->paymask, 'paydate' => $cust_pay_pending->paydate, 'pkgnum' => $cust_pay_pending->pkgnum, @@ -908,6 +948,7 @@ sub _realtime_bop_result { 'auth' => $transaction->authorization, 'order_number' => $order_number || '', 'no_auto_apply' => $options{'no_auto_apply'} ? 'Y' : '', + $self->_cust_pay_opts($options{payinfo},$transaction), } ); #doesn't hurt to know, even though the dup check is in cust_pay_pending now $cust_pay->payunique( $options{payunique} ) @@ -1701,27 +1742,21 @@ successful, immediatly reverses the authorization). Returns the empty string if the authorization was sucessful, or an error message otherwise. -I - -I - -I specifies the expiration date for a credit card overriding the -value from the customer record or the payment record. Specified as yyyy-mm-dd +Option I should be passed, even if it's not yet been inserted. +Object will be tokenized if possible, but that change will not be +updated in database (must be inserted/replaced afterwards.) -#The additional options I, I, I, I, -#I are also available. Any of these options, -#if set, will override the value from the customer record. +Currently only succeeds for Business::OnlinePayment CC transactions. =cut -#Available methods are: I or I - #some false laziness w/realtime_bop and realtime_refund_bop, not enough to make #it worth merging but some useful small subs should be pulled out sub realtime_verify_bop { my $self = shift; local($DEBUG) = $FS::cust_main::DEBUG if $FS::cust_main::DEBUG > $DEBUG; + my $log = FS::Log->new('FS::cust_main::Billing_Realtime::realtime_verify_bop'); my %options = (); if (ref($_[0]) eq 'HASH') { @@ -1735,6 +1770,10 @@ sub realtime_verify_bop { warn " $_ => $options{$_}\n" foreach keys %options; } + # set fields from passed cust_payby + return "No cust_payby" unless $options{'cust_payby'}; + $self->_bop_cust_payby_options(\%options); + ### # select a gateway ### @@ -1781,328 +1820,468 @@ sub realtime_verify_bop { if ( $options{method} eq 'CC' ) { $content{card_number} = $options{payinfo}; - $paydate = exists($options{'paydate'}) - ? $options{'paydate'} - : $self->paydate; + $paydate = $options{'paydate'}; $paydate =~ /^\d{2}(\d{2})[\/\-](\d+)[\/\-]\d+$/; $content{expiration} = "$2/$1"; $content{cvv2} = $options{'paycvv'} if length($options{'paycvv'}); - my $paystart_month = exists($options{'paystart_month'}) - ? $options{'paystart_month'} - : $self->paystart_month; - - my $paystart_year = exists($options{'paystart_year'}) - ? $options{'paystart_year'} - : $self->paystart_year; + my $paystart_month = $options{'paystart_month'}; + my $paystart_year = $options{'paystart_year'}; $content{card_start} = "$paystart_month/$paystart_year" if $paystart_month && $paystart_year; - my $payissue = exists($options{'payissue'}) - ? $options{'payissue'} - : $self->payissue; + my $payissue = $options{'payissue'}; $content{issue_number} = $payissue if $payissue; } elsif ( $options{method} eq 'ECHECK' ){ - - #nop for checks (though it shouldn't be called...) - + #cannot verify, move along (though it shouldn't be called...) + return ''; } else { - die "unknown method ". $options{method}; + return "unknown method ". $options{method}; } - } elsif ( $namespace eq 'Business::OnlineThirdPartyPayment' ) { - #move along + #cannot verify, move along + return ''; } else { - die "unknown namespace $namespace"; + return "unknown namespace $namespace"; } ### # run transaction(s) ### - warn "claiming mutex on customer ". $self->custnum. "\n" if $DEBUG > 1; - $self->select_for_update; #mutex ... just until we get our pending record in - warn "obtained mutex on customer ". $self->custnum. "\n" if $DEBUG > 1; - - #the checks here are intended to catch concurrent payments - #double-form-submission prevention is taken care of in cust_pay_pending::check - - #also check and make sure there aren't *other* pending payments for this cust - - my @pending = qsearch('cust_pay_pending', { - 'custnum' => $self->custnum, - 'status' => { op=>'!=', value=>'done' } - }); - - return "A payment is already being processed for this customer (". - join(', ', map 'paypendingnum '. $_->paypendingnum, @pending ). - "); verification transaction aborted." - if scalar(@pending); + my $error; + my $transaction = new $namespace( $payment_gateway->gateway_module, + $self->_bop_options(\%options), + ); #need this back so we can do _tokenize_card - #okay, good to go, if we're a duplicate, cust_pay_pending will kick us out + # don't mutex the customer here, because they might be uncommitted. and + # this is only verification. it doesn't matter if they have other + # unfinished verifications. my $cust_pay_pending = new FS::cust_pay_pending { - 'custnum' => $self->custnum, + 'custnum_pending' => 1, 'paid' => '1.00', '_date' => '', 'payby' => $bop_method2payby{'CC'}, - 'payinfo' => $options{payinfo}, 'paymask' => $options{paymask}, 'paydate' => $paydate, - #'recurring_billing' => $content{recurring_billing}, 'pkgnum' => $options{'pkgnum'}, 'status' => 'new', 'gatewaynum' => $payment_gateway->gatewaynum || '', 'session_id' => $options{session_id} || '', - #'jobnum' => $options{depend_jobnum} || '', + $self->_cust_pay_opts($options{payinfo},$transaction), }; $cust_pay_pending->payunique( $options{payunique} ) if defined($options{payunique}) && length($options{payunique}); - warn "inserting cust_pay_pending record for customer ". $self->custnum. "\n" - if $DEBUG > 1; - my $cpp_new_err = $cust_pay_pending->insert; #mutex lost when this is inserted - return $cpp_new_err if $cpp_new_err; + IMMEDIATE: { + # open a separate handle for creating/updating the cust_pay_pending + # record + local $FS::UID::dbh = myconnect(); + local $FS::UID::AutoCommit = 1; + + # if this is an existing customer (and we can tell now because + # this is a fresh transaction), it's safe to assign their custnum + # to the cust_pay_pending record, and then the verification attempt + # will remain linked to them even if it fails. + if ( FS::cust_main->by_key($self->custnum) ) { + $cust_pay_pending->set('custnum', $self->custnum); + } - warn "inserted cust_pay_pending record for customer ". $self->custnum. "\n" - if $DEBUG > 1; - warn Dumper($cust_pay_pending) if $DEBUG > 2; + warn "inserting cust_pay_pending record for customer ". $self->custnum. "\n" + if $DEBUG > 1; - my $transaction = new $namespace( $payment_gateway->gateway_module, - $self->_bop_options(\%options), - ); + # if this fails, just return; everything else will still allow the + # cust_pay_pending to have its custnum set later + my $cpp_new_err = $cust_pay_pending->insert; + return $cpp_new_err if $cpp_new_err; - $transaction->content( - 'type' => 'CC', - $self->_bop_auth(\%options), - 'action' => 'Authorization Only', - 'description' => $options{'description'}, - 'amount' => '1.00', - #'invoice_number' => $options{'invnum'}, - 'customer_id' => $self->custnum, - %$bop_content, - 'reference' => $cust_pay_pending->paypendingnum, #for now - 'callback_url' => $payment_gateway->gateway_callback_url, - 'cancel_url' => $payment_gateway->gateway_cancel_url, - 'email' => $email, - %content, #after - ); + warn "inserted cust_pay_pending record for customer ". $self->custnum. "\n" + if $DEBUG > 1; + warn Dumper($cust_pay_pending) if $DEBUG > 2; - $cust_pay_pending->status('pending'); - my $cpp_pending_err = $cust_pay_pending->replace; - return $cpp_pending_err if $cpp_pending_err; + $transaction->content( + 'type' => 'CC', + $self->_bop_auth(\%options), + 'action' => 'Authorization Only', + 'description' => $options{'description'}, + 'amount' => '1.00', + 'customer_id' => $self->custnum, + %$bop_content, + 'reference' => $cust_pay_pending->paypendingnum, #for now + 'email' => $email, + %content, #after + ); - warn Dumper($transaction) if $DEBUG > 2; + $cust_pay_pending->status('pending'); + my $cpp_pending_err = $cust_pay_pending->replace; + return $cpp_pending_err if $cpp_pending_err; - unless ( $BOP_TESTING ) { - $transaction->test_transaction(1) - if $conf->exists('business-onlinepayment-test_transaction'); - $transaction->submit(); - } else { - if ( $BOP_TESTING_SUCCESS ) { - $transaction->is_success(1); - $transaction->authorization('fake auth'); + warn Dumper($transaction) if $DEBUG > 2; + + unless ( $BOP_TESTING ) { + $transaction->test_transaction(1) + if $conf->exists('business-onlinepayment-test_transaction'); + $transaction->submit(); } else { - $transaction->is_success(0); - $transaction->error_message('fake failure'); + if ( $BOP_TESTING_SUCCESS ) { + $transaction->is_success(1); + $transaction->authorization('fake auth'); + } else { + $transaction->is_success(0); + $transaction->error_message('fake failure'); + } } - } - my $log = FS::Log->new('FS::cust_main::Billing_Realtime::realtime_verify_bop'); + if ( $transaction->is_success() ) { - if ( $transaction->is_success() ) { + $cust_pay_pending->status('authorized'); + my $cpp_authorized_err = $cust_pay_pending->replace; + return $cpp_authorized_err if $cpp_authorized_err; - $cust_pay_pending->status('authorized'); - my $cpp_authorized_err = $cust_pay_pending->replace; - return $cpp_authorized_err if $cpp_authorized_err; + my $auth = $transaction->authorization; + my $ordernum = $transaction->can('order_number') + ? $transaction->order_number + : ''; - my $auth = $transaction->authorization; - my $ordernum = $transaction->can('order_number') - ? $transaction->order_number - : ''; + my $reverse = new $namespace( $payment_gateway->gateway_module, + $self->_bop_options(\%options), + ); - my $reverse = new $namespace( $payment_gateway->gateway_module, - $self->_bop_options(\%options), - ); + $reverse->content( 'action' => 'Reverse Authorization', + $self->_bop_auth(\%options), - $reverse->content( 'action' => 'Reverse Authorization', - $self->_bop_auth(\%options), + # B:OP + 'amount' => '1.00', + 'authorization' => $transaction->authorization, + 'order_number' => $ordernum, - # B:OP - 'amount' => '1.00', - 'authorization' => $transaction->authorization, - 'order_number' => $ordernum, + # vsecure + 'result_code' => $transaction->result_code, + 'txn_date' => $transaction->txn_date, - # vsecure - 'result_code' => $transaction->result_code, - 'txn_date' => $transaction->txn_date, + %content, + ); + $reverse->test_transaction(1) + if $conf->exists('business-onlinepayment-test_transaction'); + $reverse->submit(); - %content, - ); - $reverse->test_transaction(1) - if $conf->exists('business-onlinepayment-test_transaction'); - $reverse->submit(); + if ( $reverse->is_success ) { - if ( $reverse->is_success ) { + $cust_pay_pending->status('done'); + $cust_pay_pending->statustext('reversed'); + my $cpp_reversed_err = $cust_pay_pending->replace; + return $cpp_reversed_err if $cpp_reversed_err; - $cust_pay_pending->status('done'); - my $cpp_authorized_err = $cust_pay_pending->replace; - return $cpp_authorized_err if $cpp_authorized_err; + } else { - } else { + my $e = "Authorization successful but reversal failed, custnum #". + $self->custnum. ': '. $reverse->result_code. + ": ". $reverse->error_message; + $log->warning($e); + warn $e; + return $e; - my $e = "Authorization successful but reversal failed, custnum #". - $self->custnum. ': '. $reverse->result_code. - ": ". $reverse->error_message; - $log->warning($e); - warn $e; - return $e; + } - } + ### Address Verification ### + # + # Single-letter codes vary by cardtype. + # + # Erring on the side of accepting cards if avs is not available, + # only rejecting if avs occurred and there's been an explicit mismatch + # + # Charts below taken from vSecure documentation, + # shows codes for Amex/Dscv/MC/Visa + # + # ACCEPTABLE AVS RESPONSES: + # Both Address and 5-digit postal code match Y A Y Y + # Both address and 9-digit postal code match Y A X Y + # United Kingdom – Address and postal code match _ _ _ F + # International transaction – Address and postal code match _ _ _ D/M + # + # ACCEPTABLE, BUT ISSUE A WARNING: + # Ineligible transaction; or message contains a content error _ _ _ E + # System unavailable; retry R U R R + # Information unavailable U W U U + # Issuer does not support AVS S U S S + # AVS is not applicable _ _ _ S + # Incompatible formats – Not verified _ _ _ C + # Incompatible formats – Address not verified; postal code matches _ _ _ P + # International transaction – address not verified _ G _ G/I + # + # UNACCEPTABLE AVS RESPONSES: + # Only Address matches A Y A A + # Only 5-digit postal code matches Z Z Z Z + # Only 9-digit postal code matches Z Z W W + # Neither address nor postal code matches N N N N + + if (my $avscode = uc($transaction->avs_code)) { + + # map codes to accept/warn/reject + my $avs = { + 'American Express card' => { + 'A' => 'r', + 'N' => 'r', + 'R' => 'w', + 'S' => 'w', + 'U' => 'w', + 'Y' => 'a', + 'Z' => 'r', + }, + 'Discover card' => { + 'A' => 'a', + 'G' => 'w', + 'N' => 'r', + 'U' => 'w', + 'W' => 'w', + 'Y' => 'r', + 'Z' => 'r', + }, + 'MasterCard' => { + 'A' => 'r', + 'N' => 'r', + 'R' => 'w', + 'S' => 'w', + 'U' => 'w', + 'W' => 'r', + 'X' => 'a', + 'Y' => 'a', + 'Z' => 'r', + }, + 'VISA card' => { + 'A' => 'r', + 'C' => 'w', + 'D' => 'a', + 'E' => 'w', + 'F' => 'a', + 'G' => 'w', + 'I' => 'w', + 'M' => 'a', + 'N' => 'r', + 'P' => 'w', + 'R' => 'w', + 'S' => 'w', + 'U' => 'w', + 'W' => 'r', + 'Y' => 'a', + 'Z' => 'r', + }, + }; + my $cardtype = cardtype($content{card_number}); + if ($avs->{$cardtype}) { + my $avsact = $avs->{$cardtype}->{$avscode}; + my $warning = ''; + if ($avsact eq 'r') { + return "AVS code verification failed, cardtype $cardtype, code $avscode"; + } elsif ($avsact eq 'w') { + $warning = "AVS did not occur, cardtype $cardtype, code $avscode"; + } elsif (!$avsact) { + $warning = "AVS code unknown, cardtype $cardtype, code $avscode"; + } # else $avsact eq 'a' + if ($warning) { + $log->warning($warning); + warn $warning; + } + } # else $cardtype avs handling not implemented + } # else !$transaction->avs_code + + } else { # is not success + + # status is 'done' not 'declined', as in _realtime_bop_result + $cust_pay_pending->status('done'); + $error = $transaction->error_message || 'Unknown error'; + $cust_pay_pending->statustext($error); + # could also record failure_status here, + # but it's not supported by B::OP::vSecureProcessing... + # need a B::OP module with (reverse) auth only to test it with + my $cpp_declined_err = $cust_pay_pending->replace; + return $cpp_declined_err if $cpp_declined_err; - ### Address Verification ### - # - # Single-letter codes vary by cardtype. - # - # Erring on the side of accepting cards if avs is not available, - # only rejecting if avs occurred and there's been an explicit mismatch - # - # Charts below taken from vSecure documentation, - # shows codes for Amex/Dscv/MC/Visa - # - # ACCEPTABLE AVS RESPONSES: - # Both Address and 5-digit postal code match Y A Y Y - # Both address and 9-digit postal code match Y A X Y - # United Kingdom – Address and postal code match _ _ _ F - # International transaction – Address and postal code match _ _ _ D/M - # - # ACCEPTABLE, BUT ISSUE A WARNING: - # Ineligible transaction; or message contains a content error _ _ _ E - # System unavailable; retry R U R R - # Information unavailable U W U U - # Issuer does not support AVS S U S S - # AVS is not applicable _ _ _ S - # Incompatible formats – Not verified _ _ _ C - # Incompatible formats – Address not verified; postal code matches _ _ _ P - # International transaction – address not verified _ G _ G/I - # - # UNACCEPTABLE AVS RESPONSES: - # Only Address matches A Y A A - # Only 5-digit postal code matches Z Z Z Z - # Only 9-digit postal code matches Z Z W W - # Neither address nor postal code matches N N N N - - if (my $avscode = uc($transaction->avs_code)) { - - # map codes to accept/warn/reject - my $avs = { - 'American Express card' => { - 'A' => 'r', - 'N' => 'r', - 'R' => 'w', - 'S' => 'w', - 'U' => 'w', - 'Y' => 'a', - 'Z' => 'r', - }, - 'Discover card' => { - 'A' => 'a', - 'G' => 'w', - 'N' => 'r', - 'U' => 'w', - 'W' => 'w', - 'Y' => 'r', - 'Z' => 'r', - }, - 'MasterCard' => { - 'A' => 'r', - 'N' => 'r', - 'R' => 'w', - 'S' => 'w', - 'U' => 'w', - 'W' => 'r', - 'X' => 'a', - 'Y' => 'a', - 'Z' => 'r', - }, - 'VISA card' => { - 'A' => 'r', - 'C' => 'w', - 'D' => 'a', - 'E' => 'w', - 'F' => 'a', - 'G' => 'w', - 'I' => 'w', - 'M' => 'a', - 'N' => 'r', - 'P' => 'w', - 'R' => 'w', - 'S' => 'w', - 'U' => 'w', - 'W' => 'r', - 'Y' => 'a', - 'Z' => 'r', - }, - }; - my $cardtype = cardtype($content{card_number}); - if ($avs->{$cardtype}) { - my $avsact = $avs->{$cardtype}->{$avscode}; - my $warning = ''; - if ($avsact eq 'r') { - return "AVS code verification failed, cardtype $cardtype, code $avscode"; - } elsif ($avsact eq 'w') { - $warning = "AVS did not occur, cardtype $cardtype, code $avscode"; - } elsif (!$avsact) { - $warning = "AVS code unknown, cardtype $cardtype, code $avscode"; - } # else $avsact eq 'a' - if ($warning) { - $log->warning($warning); - warn $warning; - } - } # else $cardtype avs handling not implemented - } # else !$transaction->avs_code + } - } else { # is not success + } # end of IMMEDIATE; we now have our $error and $transaction - # status is 'done' not 'declined', as in _realtime_bop_result - $cust_pay_pending->status('done'); - $cust_pay_pending->statustext( $transaction->error_message || 'Unknown error' ); - # could also record failure_status here, - # but it's not supported by B::OP::vSecureProcessing... - # need a B::OP module with (reverse) auth only to test it with - my $cpp_declined_err = $cust_pay_pending->replace; - return $cpp_declined_err if $cpp_declined_err; + ### + # Save the custnum (as part of the main transaction, so it can reference + # the cust_main) + ### + if (!$cust_pay_pending->custnum) { + $cust_pay_pending->set('custnum', $self->custnum); + my $set_custnum_err = $cust_pay_pending->replace; + if ($set_custnum_err) { + $log->error($set_custnum_err); + $error ||= $set_custnum_err; + # but if there was a real verification error also, return that one + } } ### # Tokenize ### - if ( $transaction->can('card_token') && $transaction->card_token ) { + #important that we not pass replace option here, + #because cust_payby->replace uses realtime_verify_bop! + $self->_tokenize_card($transaction,\%options,$log); - if ( $options{'payinfo'} eq $self->payinfo ) { - $self->payinfo($transaction->card_token); - my $error = $self->replace; - if ( $error ) { - my $warning = "WARNING: error storing token: $error, but proceeding anyway\n"; - $log->warning($warning); - warn $warning; - } - } + ### + # result handling + ### + + # $error contains the transaction error_message, if is_success was false. + + return $error; + +} + +=item realtime_tokenize [ OPTION => VALUE ... ] + +If possible, runs a tokenize transaction. +In order to be possible, a credit card cust_payby record +must be passed and a Business::OnlinePayment gateway capable +of Tokenize transactions must be configured for this user. + +Returns the empty string if the authorization was sucessful +or was not possible (thus allowing this to be safely called with +non-tokenizable records/gateways, without having to perform separate tests), +or an error message otherwise. +Option I should be passed, even if it's not yet been inserted. +Object will be tokenized if possible, but that change will not be +updated in database (must be inserted/replaced afterwards.) + +=cut + +sub realtime_tokenize { + my $self = shift; + + local($DEBUG) = $FS::cust_main::DEBUG if $FS::cust_main::DEBUG > $DEBUG; + my $log = FS::Log->new('FS::cust_main::Billing_Realtime::realtime_tokenize'); + + my %options = (); + if (ref($_[0]) eq 'HASH') { + %options = %{$_[0]}; + } else { + %options = @_; } + # set fields from passed cust_payby + return "No cust_payby" unless $options{'cust_payby'}; + $self->_bop_cust_payby_options(\%options); + return '' unless $options{method} eq 'CC'; + return '' if $self->tokenized($options{payinfo}); #already tokenized + ### - # result handling + # select a gateway + ### + + $options{'nofatal'} = 1; + my $payment_gateway = $self->_payment_gateway( \%options ); + return '' unless $payment_gateway; + my $namespace = $payment_gateway->gateway_namespace; + return '' unless $namespace eq 'Business::OnlinePayment'; + + eval "use $namespace"; + return $@ if $@; + + ### + # check for tokenize ability + ### + + # just create transaction now, so it loads gateway_module + my $transaction = new $namespace( $payment_gateway->gateway_module, + $self->_bop_options(\%options), + ); + + my %supported_actions = $transaction->info('supported_actions'); + return '' unless $supported_actions{'CC'} + && grep /^Tokenize$/, @{$supported_actions{'CC'}}; + + ### + # check for banned credit card/ACH + ### + + my $ban = FS::banned_pay->ban_search( + 'payby' => $bop_method2payby{'CC'}, + 'payinfo' => $options{payinfo}, + ); + return "Banned credit card" if $ban && $ban->bantype ne 'warn'; + + ### + # massage data + ### + + my $bop_content = $self->_bop_content(\%options); + return $bop_content unless ref($bop_content); + + my $paydate = ''; + my %content = (); + + $content{card_number} = $options{payinfo}; + $paydate = $options{'paydate'}; + $paydate =~ /^\d{2}(\d{2})[\/\-](\d+)[\/\-]\d+$/; + $content{expiration} = "$2/$1"; + + $content{cvv2} = $options{'paycvv'} + if length($options{'paycvv'}); + + my $paystart_month = $options{'paystart_month'}; + my $paystart_year = $options{'paystart_year'}; + + $content{card_start} = "$paystart_month/$paystart_year" + if $paystart_month && $paystart_year; + + my $payissue = $options{'payissue'}; + $content{issue_number} = $payissue if $payissue; + + ### + # run transaction ### - $transaction->is_success() ? '' : $transaction->error_message(); + my $error; + + # no cust_pay_pending---this is not a financial transaction + + $transaction->content( + 'type' => 'CC', + $self->_bop_auth(\%options), + 'action' => 'Tokenize', + 'description' => $options{'description'}, + 'customer_id' => $self->custnum, + %$bop_content, + %content, #after + ); + + # no $BOP_TESTING handling for this + $transaction->test_transaction(1) + if $conf->exists('business-onlinepayment-test_transaction'); + $transaction->submit(); + + if ( $transaction->card_token() ) { # no is_success flag + + #important that we not pass replace option here, + #because cust_payby->replace uses realtime_tokenize! + $self->_tokenize_card($transaction,\%options,$log); + + } else { + + $error = $transaction->error_message || 'Unknown error'; + + } + + return $error; + +} +sub tokenized { + my $this = shift; + my $payinfo = shift; + $payinfo =~ /^99\d{14}$/; } =back