Class: ActiveMerchant::Billing::StripeGateway

Inherits:

Gateway

• Object
• Gateway
• ActiveMerchant::Billing::StripeGateway

Defined in:

lib/active_merchant/billing/gateways/stripe.rb

Overview

This gateway uses an older version of the Stripe API. To utilize the updated Payment Intents API, integrate with the StripePaymentIntents gateway

Direct Known Subclasses

StripePaymentIntentsGateway, WebpayGateway

Defined Under Namespace

Classes: StripePaymentToken

Constant Summary

AVS_CODE_TRANSLATOR =

Docs on AVS codes: en.wikipedia.org/w/index.php?title=Address_verification_service&_ga=2.97570079.1027215965.1655989706-2008268124.1655989706#AVS_response_codes possible response values: stripe.com/docs/api/payment_methods/object#payment_method_object-card-checks

{
  'line1: pass, zip: fail' => 'A',
  'line1: pass, zip: unchecked' => 'B',
  'line1: unchecked, zip: unchecked' => 'I',
  'line1: fail, zip: fail' => 'N',
  'line1: unchecked, zip: pass' => 'P',
  'line1: pass, zip: pass' => 'Y',
  'line1: fail, zip: pass' => 'Z'
}

CVC_CODE_TRANSLATOR =

{
  'pass' => 'M',
  'fail' => 'N',
  'unchecked' => 'P'
}

DEFAULT_API_VERSION =

'2020-08-27'

STANDARD_ERROR_CODE_MAPPING =

{
  'incorrect_number' => STANDARD_ERROR_CODE[:incorrect_number],
  'invalid_number' => STANDARD_ERROR_CODE[:invalid_number],
  'invalid_expiry_month' => STANDARD_ERROR_CODE[:invalid_expiry_date],
  'invalid_expiry_year' => STANDARD_ERROR_CODE[:invalid_expiry_date],
  'invalid_cvc' => STANDARD_ERROR_CODE[:invalid_cvc],
  'expired_card' => STANDARD_ERROR_CODE[:expired_card],
  'incorrect_cvc' => STANDARD_ERROR_CODE[:incorrect_cvc],
  'incorrect_zip' => STANDARD_ERROR_CODE[:incorrect_zip],
  'card_declined' => STANDARD_ERROR_CODE[:card_declined],
  'call_issuer' => STANDARD_ERROR_CODE[:call_issuer],
  'processing_error' => STANDARD_ERROR_CODE[:processing_error],
  'incorrect_pin' => STANDARD_ERROR_CODE[:incorrect_pin],
  'test_mode_live_card' => STANDARD_ERROR_CODE[:test_mode_live_card],
  'pickup_card' => STANDARD_ERROR_CODE[:pickup_card],
  'amount_too_small' => STANDARD_ERROR_CODE[:invalid_amount]
}

BANK_ACCOUNT_HOLDER_TYPE_MAPPING =

{
  'personal' => 'individual',
  'business' => 'company'
}

MINIMUM_AUTHORIZE_AMOUNTS =

{
  'USD' => 100,
  'CAD' => 100,
  'GBP' => 60,
  'EUR' => 100,
  'DKK' => 500,
  'NOK' => 600,
  'SEK' => 600,
  'CHF' => 100,
  'AUD' => 100,
  'JPY' => 100,
  'MXN' => 2000,
  'SGD' => 100,
  'HKD' => 800
}

Constants inherited from Gateway

Gateway::CREDIT_DEPRECATION_MESSAGE, Gateway::RECURRING_DEPRECATION_MESSAGE, Gateway::STANDARD_ERROR_CODE

Instance Attribute Summary

Attributes inherited from Gateway

#options

Instance Method Summary

• #authorize(money, payment, options = {}) ⇒ Object
• #capture(money, authorization, options = {}) ⇒ Object
• #delete_latest_test_external_account(account) ⇒ Object

  Helper method to prevent hitting the external_account limit from remote test runs.

• #initialize(options = {}) ⇒ StripeGateway constructor

  A new instance of StripeGateway.

• #purchase(money, payment, options = {}) ⇒ Object

  To create a charge on a card or a token, call.

• #refund(money, identification, options = {}) ⇒ Object
• #refund_application_fee(money, identification, options = {}) ⇒ Object
• #scrub(transcript) ⇒ Object
• #store(payment, options = {}) ⇒ Object

  Note: creating a new credit card will not change the customer’s existing default credit card (use :set_default => true).

• #supports_network_tokenization? ⇒ Boolean
• #supports_scrubbing? ⇒ Boolean
• #tokenize_apple_pay_token(apple_pay_payment_token, options = {}) ⇒ Object
• #unstore(identification, options = {}, deprecated_options = {}) ⇒ Object
• #update(customer_id, card_id, options = {}) ⇒ Object
• #update_customer(customer_id, options = {}) ⇒ Object
• #verify(payment, options = {}) ⇒ Object
• #verify_credentials ⇒ Object
• #void(identification, options = {}) ⇒ Object

Methods inherited from Gateway

#add_field_to_post_if_present, #add_fields_to_post_if_present, card_brand, #card_brand, #generate_unique_id, inherited, supported_countries, #supported_countries, supported_countries=, supports?, #test?

Methods included from CreditCardFormatting

#expdate, #format, #strftime_yyyymm

Methods included from PostsData

included, #raw_ssl_request, #ssl_get, #ssl_post, #ssl_request

Constructor Details

#initialize(options = {}) ⇒ StripeGateway

Returns a new instance of StripeGateway.

# File 'lib/active_merchant/billing/gateways/stripe.rb', line 78

def initialize(options = {})
  requires!(options, :login)
  @api_key = options[:login]
  @fee_refund_api_key = options[:fee_refund_login]
  super
end

Instance Method Details

#authorize(money, payment, options = {}) ⇒ Object

# File 'lib/active_merchant/billing/gateways/stripe.rb', line 85

def authorize(money, payment, options = {})
  if ach?(payment)
    direct_bank_error = 'Direct bank account transactions are not supported for authorize.'
    return Response.new(false, direct_bank_error)
  end

  MultiResponse.run do |r|
    if payment.is_a?(ApplePayPaymentToken)
      r.process { tokenize_apple_pay_token(payment) }
      payment = StripePaymentToken.new(r.params['token']) if r.success?
    end
    r.process do
      post = create_post_for_auth_or_purchase(money, payment, options)
      add_application_fee(post, options) if emv_payment?(payment)
      post[:capture] = 'false'
      commit(:post, 'charges', post, options)
    end
  end.responses.last
end

#capture(money, authorization, options = {}) ⇒ Object

# File 'lib/active_merchant/billing/gateways/stripe.rb', line 131

def capture(money, authorization, options = {})
  post = {}

  if emv_tc_response = options.delete(:icc_data)
    # update the charge with emv data if card present
    update = {}
    update[:card] = { emv_approval_data: emv_tc_response }
    commit(:post, "charges/#{CGI.escape(authorization)}", update, options)
  else
    add_application_fee(post, options)
    add_amount(post, money, options)
    add_exchange_rate(post, options)
  end

  commit(:post, "charges/#{CGI.escape(authorization)}/capture", post, options)
end

#delete_latest_test_external_account(account) ⇒ Object

Helper method to prevent hitting the external_account limit from remote test runs

# File 'lib/active_merchant/billing/gateways/stripe.rb', line 307

def delete_latest_test_external_account(account)
  return unless test?

  auth_header = { 'Authorization' => 'Basic ' + Base64.strict_encode64(options[:login].to_s + ':').strip }
  url = "#{live_url}accounts/#{CGI.escape(account)}/external_accounts"
  accounts_response = JSON.parse(ssl_get("#{url}?limit=100", auth_header))
  to_delete = accounts_response['data'].reject { |ac| ac['default_for_currency'] }
  ssl_request(:delete, "#{url}/#{to_delete.first['id']}", nil, auth_header)
end

#purchase(money, payment, options = {}) ⇒ Object

To create a charge on a card or a token, call

purchase(money, card_hash_or_token, { ... })

To create a charge on a customer, call

purchase(money, nil, { :customer => id, ... })

# File 'lib/active_merchant/billing/gateways/stripe.rb', line 112

def purchase(money, payment, options = {})
  if ach?(payment)
    direct_bank_error = 'Direct bank account transactions are not supported. Bank accounts must be stored and verified before use.'
    return Response.new(false, direct_bank_error)
  end

  MultiResponse.run do |r|
    if payment.is_a?(ApplePayPaymentToken)
      r.process { tokenize_apple_pay_token(payment) }
      payment = StripePaymentToken.new(r.params['token']) if r.success?
    end
    r.process do
      post = create_post_for_auth_or_purchase(money, payment, options)
      post[:card][:processing_method] = 'quick_chip' if quickchip_payment?(payment)
      commit(:post, 'charges', post, options)
    end
  end.responses.last
end

#refund(money, identification, options = {}) ⇒ Object

# File 'lib/active_merchant/billing/gateways/stripe.rb', line 157

def refund(money, identification, options = {})
  post = {}
  add_amount(post, money, options)
  post[:refund_application_fee] = true if options[:refund_application_fee]
  post[:reverse_transfer] = options[:reverse_transfer] if options[:reverse_transfer]
  post[:metadata] = options[:metadata] if options[:metadata]
  post[:reason] = options[:reason] if options[:reason]
  post[:expand] = [:charge]

  response = commit(:post, "charges/#{CGI.escape(identification)}/refunds", post, options)

  if response.success? && options[:refund_fee_amount] && options[:refund_fee_amount].to_s != '0'
    charge = api_request(:get, "charges/#{CGI.escape(identification)}", nil, options)

    if application_fee = charge['application_fee']
      fee_refund_options = {
        currency: options[:currency], # currency isn't used by Stripe here, but we need it for #add_amount
        key: @fee_refund_api_key
      }
      refund_application_fee(options[:refund_fee_amount].to_i, application_fee, fee_refund_options)
    end
  end

  response
end

#refund_application_fee(money, identification, options = {}) ⇒ Object

# File 'lib/active_merchant/billing/gateways/stripe.rb', line 191

def refund_application_fee(money, identification, options = {})
  post = {}
  add_amount(post, money, options)
  commit(:post, "application_fees/#{CGI.escape(identification)}/refunds", post, options)
end

#scrub(transcript) ⇒ Object

# File 'lib/active_merchant/billing/gateways/stripe.rb', line 283

def scrub(transcript)
  transcript.
    gsub(%r((Authorization: Basic )\w+), '\1[FILTERED]').
    gsub(%r((Authorization: Bearer )\w+), '\1[FILTERED]').
    gsub(%r((&?three_d_secure\[cryptogram\]=)[\w=]*(&?)), '\1[FILTERED]\2').
    gsub(%r(((\[card\]|card)\[cryptogram\]=)[^&]+(&?)), '\1[FILTERED]\3').
    gsub(%r(((\[card\]|card)\[cvc\]=)\d+), '\1[FILTERED]').
    gsub(%r(((\[card\]|card)\[emv_approval_data\]=)[^&]+(&?)), '\1[FILTERED]\3').
    gsub(%r(((\[card\]|card)\[emv_auth_data\]=)[^&]+(&?)), '\1[FILTERED]\3').
    gsub(%r(((\[card\]|card)\[encrypted_pin\]=)[^&]+(&?)), '\1[FILTERED]\3').
    gsub(%r(((\[card\]|card)\[encrypted_pin_key_id\]=)[\w=]+(&?)), '\1[FILTERED]\3').
    gsub(%r(((\[card\]|card)\[number\]=)\d+), '\1[FILTERED]').
    gsub(%r(((\[card\]|card)\[swipe_data\]=)[^&]+(&?)), '\1[FILTERED]\3').
    gsub(%r(((\[bank_account\]|bank_account)\[account_number\]=)\d+), '\1[FILTERED]').
    gsub(%r(((\[payment_method_data\]|payment_method_data)\[card\]\[token\]=)[^&]+(&?)), '\1[FILTERED]\3').
    gsub(%r(((\[payment_method_data\]|payment_method_data)\[card\]\[network_token\]\[number\]=)\d+), '\1[FILTERED]').
    gsub(%r(((\[payment_method_options\]|payment_method_options)\[card\]\[network_token\]\[cryptogram\]=)[^&]+(&?)), '\1[FILTERED]')
end

#store(payment, options = {}) ⇒ Object

Note: creating a new credit card will not change the customer’s existing default credit card (use :set_default => true)

# File 'lib/active_merchant/billing/gateways/stripe.rb', line 198

def store(payment, options = {})
  params = {}
  post = {}

  if payment.is_a?(ApplePayPaymentToken)
    token_exchange_response = tokenize_apple_pay_token(payment)
    params = { card: token_exchange_response.params['token']['id'] } if token_exchange_response.success?
  elsif payment.is_a?(StripePaymentToken)
    add_payment_token(params, payment, options)
  elsif payment.is_a?(Check)
    bank_token_response = tokenize_bank_account(payment)
    return bank_token_response unless bank_token_response.success?

    params = { source: bank_token_response.params['token']['id'] }
  else
    add_creditcard(params, payment, options)
  end

  post[:validate] = options[:validate] unless options[:validate].nil?
  post[:description] = options[:description] if options[:description]
  post[:email] = options[:email] if options[:email]

  if options[:account]
    add_external_account(post, params, payment)
    commit(:post, "accounts/#{CGI.escape(options[:account])}/external_accounts", post, options)
  elsif options[:customer]
    MultiResponse.run(:first) do |r|
      # The /cards endpoint does not update other customer parameters.
      r.process { commit(:post, "customers/#{CGI.escape(options[:customer])}/cards", params, options) }

      post[:default_card] = r.params['id'] if options[:set_default] && r.success? && !r.params['id'].blank?

      r.process { update_customer(options[:customer], post.merge(expand: [:sources])) } if post.count > 0
    end
  else
    post[:expand] = [:sources]
    commit(:post, 'customers', post.merge(params), options)
  end
end

#supports_network_tokenization? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/active_merchant/billing/gateways/stripe.rb', line 302

def supports_network_tokenization?
  true
end

#supports_scrubbing? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/active_merchant/billing/gateways/stripe.rb', line 279

def supports_scrubbing?
  true
end

#tokenize_apple_pay_token(apple_pay_payment_token, options = {}) ⇒ Object

# File 'lib/active_merchant/billing/gateways/stripe.rb', line 258

def tokenize_apple_pay_token(apple_pay_payment_token, options = {})
  token_response = api_request(:post, "tokens?pk_token=#{CGI.escape(apple_pay_payment_token.payment_data.to_json)}")
  success = !token_response.key?('error')

  if success && token_response.key?('id')
    Response.new(success, nil, token: token_response)
  else
    Response.new(success, token_response['error']['message'])
  end
end

#unstore(identification, options = {}, deprecated_options = {}) ⇒ Object

# File 'lib/active_merchant/billing/gateways/stripe.rb', line 246

def unstore(identification, options = {}, deprecated_options = {})
  customer_id, card_id = identification.split('|')

  if options.kind_of?(String)
    ActiveMerchant.deprecated 'Passing the card_id as the 2nd parameter is deprecated. The response authorization includes both the customer_id and the card_id.'
    card_id ||= options
    options = deprecated_options
  end

  commit(:delete, "customers/#{CGI.escape(customer_id)}/cards/#{CGI.escape(card_id)}", nil, options)
end

#update(customer_id, card_id, options = {}) ⇒ Object

# File 'lib/active_merchant/billing/gateways/stripe.rb', line 238

def update(customer_id, card_id, options = {})
  commit(:post, "customers/#{CGI.escape(customer_id)}/cards/#{CGI.escape(card_id)}", options, options)
end

#update_customer(customer_id, options = {}) ⇒ Object

# File 'lib/active_merchant/billing/gateways/stripe.rb', line 242

def update_customer(customer_id, options = {})
  commit(:post, "customers/#{CGI.escape(customer_id)}", options, options)
end

#verify(payment, options = {}) ⇒ Object

# File 'lib/active_merchant/billing/gateways/stripe.rb', line 183

def verify(payment, options = {})
  MultiResponse.run(:use_first_response) do |r|
    r.process { authorize(auth_minimum_amount(options), payment, options) }
    options[:idempotency_key] = nil
    r.process(:ignore_result) { void(r.authorization, options) }
  end
end

#verify_credentials ⇒ Object

# File 'lib/active_merchant/billing/gateways/stripe.rb', line 269

def verify_credentials
  begin
    ssl_get(live_url + 'charges/nonexistent', headers)
  rescue ResponseError => e
    return false if e.response.code.to_i == 401
  end

  true
end

#void(identification, options = {}) ⇒ Object

# File 'lib/active_merchant/billing/gateways/stripe.rb', line 148

def void(identification, options = {})
  post = {}
  post[:reverse_transfer] = options[:reverse_transfer] if options[:reverse_transfer]
  post[:metadata] = options[:metadata] if options[:metadata]
  post[:reason] = options[:reason] if options[:reason]
  post[:expand] = [:charge]
  commit(:post, "charges/#{CGI.escape(identification)}/refunds", post, options)
end