lib/active_merchant/billing/gateways/stripe.rb
require 'active_support/core_ext/hash/slice'
module ActiveMerchant #:nodoc:
module Billing #:nodoc:
# This gateway uses an older version of the Stripe API.
# To utilize the updated {Payment Intents API}[https://stripe.com/docs/api/payment_intents], integrate with the StripePaymentIntents gateway
class StripeGateway < Gateway
self.live_url = 'https://api.stripe.com/v1/'
# Docs on AVS codes: https://en.wikipedia.org/w/index.php?title=Address_verification_service&_ga=2.97570079.1027215965.1655989706-2008268124.1655989706#AVS_response_codes
# possible response values: https://stripe.com/docs/api/payment_methods/object#payment_method_object-card-checks
AVS_CODE_TRANSLATOR = {
'line1: pass, zip: fail' => 'A',
'line1: pass, zip: unchecked' => 'B',
'line1: unchecked, zip: unchecked' => 'I',
'line1: fail, zip: fail' => 'N',
'line1: unchecked, zip: pass' => 'P',
'line1: pass, zip: pass' => 'Y',
'line1: fail, zip: pass' => 'Z'
}
CVC_CODE_TRANSLATOR = {
'pass' => 'M',
'fail' => 'N',
'unchecked' => 'P'
}
DEFAULT_API_VERSION = '2020-08-27'
self.supported_countries = %w(AE AT AU BE BG BR CA CH CY CZ DE DK EE ES FI FR GB GR HK HU IE IN IT JP LT LU LV MT MX MY NL NO NZ PL PT RO SE SG SI SK US)
self.default_currency = 'USD'
self.money_format = :cents
self.supported_cardtypes = %i[visa master american_express discover jcb diners_club maestro unionpay]
self.currencies_without_fractions = %w(BIF CLP DJF GNF JPY KMF KRW MGA PYG RWF VND VUV XAF XOF XPF UGX)
self.homepage_url = 'https://stripe.com/'
self.display_name = 'Stripe'
STANDARD_ERROR_CODE_MAPPING = {
'incorrect_number' => STANDARD_ERROR_CODE[:incorrect_number],
'invalid_number' => STANDARD_ERROR_CODE[:invalid_number],
'invalid_expiry_month' => STANDARD_ERROR_CODE[:invalid_expiry_date],
'invalid_expiry_year' => STANDARD_ERROR_CODE[:invalid_expiry_date],
'invalid_cvc' => STANDARD_ERROR_CODE[:invalid_cvc],
'expired_card' => STANDARD_ERROR_CODE[:expired_card],
'incorrect_cvc' => STANDARD_ERROR_CODE[:incorrect_cvc],
'incorrect_zip' => STANDARD_ERROR_CODE[:incorrect_zip],
'card_declined' => STANDARD_ERROR_CODE[:card_declined],
'call_issuer' => STANDARD_ERROR_CODE[:call_issuer],
'processing_error' => STANDARD_ERROR_CODE[:processing_error],
'incorrect_pin' => STANDARD_ERROR_CODE[:incorrect_pin],
'test_mode_live_card' => STANDARD_ERROR_CODE[:test_mode_live_card],
'pickup_card' => STANDARD_ERROR_CODE[:pickup_card],
'amount_too_small' => STANDARD_ERROR_CODE[:invalid_amount]
}
BANK_ACCOUNT_HOLDER_TYPE_MAPPING = {
'personal' => 'individual',
'business' => 'company'
}
MINIMUM_AUTHORIZE_AMOUNTS = {
'USD' => 100,
'CAD' => 100,
'GBP' => 60,
'EUR' => 100,
'DKK' => 500,
'NOK' => 600,
'SEK' => 600,
'CHF' => 100,
'AUD' => 100,
'JPY' => 100,
'MXN' => 2000,
'SGD' => 100,
'HKD' => 800
}
def initialize(options = {})
requires!(options, :login)
@api_key = options[:login]
@fee_refund_api_key = options[:fee_refund_login]
super
end
def authorize(money, payment, options = {})
if ach?(payment)
direct_bank_error = 'Direct bank account transactions are not supported for authorize.'
return Response.new(false, direct_bank_error)
end
MultiResponse.run do |r|
if payment.is_a?(ApplePayPaymentToken)
r.process { tokenize_apple_pay_token(payment) }
payment = StripePaymentToken.new(r.params['token']) if r.success?
end
r.process do
post = create_post_for_auth_or_purchase(money, payment, options)
add_application_fee(post, options) if emv_payment?(payment)
post[:capture] = 'false'
commit(:post, 'charges', post, options)
end
end.responses.last
end
# To create a charge on a card or a token, call
#
# purchase(money, card_hash_or_token, { ... })
#
# To create a charge on a customer, call
#
# purchase(money, nil, { :customer => id, ... })
def purchase(money, payment, options = {})
if ach?(payment)
direct_bank_error = 'Direct bank account transactions are not supported. Bank accounts must be stored and verified before use.'
return Response.new(false, direct_bank_error)
end
MultiResponse.run do |r|
if payment.is_a?(ApplePayPaymentToken)
r.process { tokenize_apple_pay_token(payment) }
payment = StripePaymentToken.new(r.params['token']) if r.success?
end
r.process do
post = create_post_for_auth_or_purchase(money, payment, options)
post[:card][:processing_method] = 'quick_chip' if quickchip_payment?(payment)
commit(:post, 'charges', post, options)
end
end.responses.last
end
def capture(money, authorization, options = {})
post = {}
if emv_tc_response = options.delete(:icc_data)
# update the charge with emv data if card present
update = {}
update[:card] = { emv_approval_data: emv_tc_response }
commit(:post, "charges/#{CGI.escape(authorization)}", update, options)
else
add_application_fee(post, options)
add_amount(post, money, options)
add_exchange_rate(post, options)
end
commit(:post, "charges/#{CGI.escape(authorization)}/capture", post, options)
end
def void(identification, options = {})
post = {}
post[:reverse_transfer] = options[:reverse_transfer] if options[:reverse_transfer]
post[:metadata] = options[:metadata] if options[:metadata]
post[:reason] = options[:reason] if options[:reason]
post[:expand] = [:charge]
commit(:post, "charges/#{CGI.escape(identification)}/refunds", post, options)
end
def refund(money, identification, options = {})
post = {}
add_amount(post, money, options)
post[:refund_application_fee] = true if options[:refund_application_fee]
post[:reverse_transfer] = options[:reverse_transfer] if options[:reverse_transfer]
post[:metadata] = options[:metadata] if options[:metadata]
post[:reason] = options[:reason] if options[:reason]
post[:expand] = [:charge]
response = commit(:post, "charges/#{CGI.escape(identification)}/refunds", post, options)
if response.success? && options[:refund_fee_amount] && options[:refund_fee_amount].to_s != '0'
charge = api_request(:get, "charges/#{CGI.escape(identification)}", nil, options)
if application_fee = charge['application_fee']
fee_refund_options = {
currency: options[:currency], # currency isn't used by Stripe here, but we need it for #add_amount
key: @fee_refund_api_key
}
refund_application_fee(options[:refund_fee_amount].to_i, application_fee, fee_refund_options)
end
end
response
end
def verify(payment, options = {})
MultiResponse.run(:use_first_response) do |r|
r.process { authorize(auth_minimum_amount(options), payment, options) }
options[:idempotency_key] = nil
r.process(:ignore_result) { void(r.authorization, options) }
end
end
def refund_application_fee(money, identification, options = {})
post = {}
add_amount(post, money, options)
commit(:post, "application_fees/#{CGI.escape(identification)}/refunds", post, options)
end
# Note: creating a new credit card will not change the customer's existing default credit card (use :set_default => true)
def store(payment, options = {})
params = {}
post = {}
if payment.is_a?(ApplePayPaymentToken)
token_exchange_response = tokenize_apple_pay_token(payment)
params = { card: token_exchange_response.params['token']['id'] } if token_exchange_response.success?
elsif payment.is_a?(StripePaymentToken)
add_payment_token(params, payment, options)
elsif payment.is_a?(Check)
bank_token_response = tokenize_bank_account(payment)
return bank_token_response unless bank_token_response.success?
params = { source: bank_token_response.params['token']['id'] }
else
add_creditcard(params, payment, options)
end
post[:validate] = options[:validate] unless options[:validate].nil?
post[:description] = options[:description] if options[:description]
post[:email] = options[:email] if options[:email]
if options[:account]
add_external_account(post, params, payment)
commit(:post, "accounts/#{CGI.escape(options[:account])}/external_accounts", post, options)
elsif options[:customer]
MultiResponse.run(:first) do |r|
# The /cards endpoint does not update other customer parameters.
r.process { commit(:post, "customers/#{CGI.escape(options[:customer])}/cards", params, options) }
post[:default_card] = r.params['id'] if options[:set_default] && r.success? && !r.params['id'].blank?
r.process { update_customer(options[:customer], post.merge(expand: [:sources])) } if post.count > 0
end
else
post[:expand] = [:sources]
commit(:post, 'customers', post.merge(params), options)
end
end
def update(customer_id, card_id, options = {})
commit(:post, "customers/#{CGI.escape(customer_id)}/cards/#{CGI.escape(card_id)}", options, options)
end
def update_customer(customer_id, options = {})
commit(:post, "customers/#{CGI.escape(customer_id)}", options, options)
end
def unstore(identification, options = {}, deprecated_options = {})
customer_id, card_id = identification.split('|')
if options.kind_of?(String)
ActiveMerchant.deprecated 'Passing the card_id as the 2nd parameter is deprecated. The response authorization includes both the customer_id and the card_id.'
card_id ||= options
options = deprecated_options
end
commit(:delete, "customers/#{CGI.escape(customer_id)}/cards/#{CGI.escape(card_id)}", nil, options)
end
def tokenize_apple_pay_token(apple_pay_payment_token, options = {})
token_response = api_request(:post, "tokens?pk_token=#{CGI.escape(apple_pay_payment_token.payment_data.to_json)}")
success = !token_response.key?('error')
if success && token_response.key?('id')
Response.new(success, nil, token: token_response)
else
Response.new(success, token_response['error']['message'])
end
end
def verify_credentials
begin
ssl_get(live_url + 'charges/nonexistent', headers)
rescue ResponseError => e
return false if e.response.code.to_i == 401
end
true
end
def supports_scrubbing?
true
end
def scrub(transcript)
transcript.
gsub(%r((Authorization: Basic )\w+), '\1[FILTERED]').
gsub(%r((Authorization: Bearer )\w+), '\1[FILTERED]').
gsub(%r((&?three_d_secure\[cryptogram\]=)[\w=]*(&?)), '\1[FILTERED]\2').
gsub(%r(((\[card\]|card)\[cryptogram\]=)[^&]+(&?)), '\1[FILTERED]\3').
gsub(%r(((\[card\]|card)\[cvc\]=)\d+), '\1[FILTERED]').
gsub(%r(((\[card\]|card)\[emv_approval_data\]=)[^&]+(&?)), '\1[FILTERED]\3').
gsub(%r(((\[card\]|card)\[emv_auth_data\]=)[^&]+(&?)), '\1[FILTERED]\3').
gsub(%r(((\[card\]|card)\[encrypted_pin\]=)[^&]+(&?)), '\1[FILTERED]\3').
gsub(%r(((\[card\]|card)\[encrypted_pin_key_id\]=)[\w=]+(&?)), '\1[FILTERED]\3').
gsub(%r(((\[card\]|card)\[number\]=)\d+), '\1[FILTERED]').
gsub(%r(((\[card\]|card)\[swipe_data\]=)[^&]+(&?)), '\1[FILTERED]\3').
gsub(%r(((\[bank_account\]|bank_account)\[account_number\]=)\d+), '\1[FILTERED]').
gsub(%r(((\[payment_method_data\]|payment_method_data)\[card\]\[token\]=)[^&]+(&?)), '\1[FILTERED]\3')
end
def supports_network_tokenization?
true
end
# Helper method to prevent hitting the external_account limit from remote test runs
def delete_latest_test_external_account(account)
return unless test?
auth_header = { 'Authorization' => 'Basic ' + Base64.strict_encode64(options[:login].to_s + ':').strip }
url = "#{live_url}accounts/#{CGI.escape(account)}/external_accounts"
accounts_response = JSON.parse(ssl_get("#{url}?limit=100", auth_header))
to_delete = accounts_response['data'].reject { |ac| ac['default_for_currency'] }
ssl_request(:delete, "#{url}/#{to_delete.first['id']}", nil, auth_header)
end
private
class StripePaymentToken < PaymentToken
def type
'stripe'
end
end
def create_source(money, payment, type, options = {})
post = {}
add_amount(post, money, options, true)
post[:type] = type
if type == 'card'
add_creditcard(post, payment, options, true)
add_source_owner(post, payment, options)
elsif type == 'three_d_secure'
post[:three_d_secure] = { card: payment }
post[:redirect] = { return_url: options[:redirect_url] }
end
commit(:post, 'sources', post, options)
end
def show_source(source_id, options)
commit(:get, "sources/#{source_id}", nil, options)
end
def create_webhook_endpoint(options, events)
post = {}
post[:url] = options[:callback_url]
post[:enabled_events] = events
post[:connect] = true if options[:stripe_account]
options.delete(:stripe_account)
commit(:post, 'webhook_endpoints', post, options)
end
def delete_webhook_endpoint(options)
commit(:delete, "webhook_endpoints/#{options[:webhook_id]}", {}, options)
end
def show_webhook_endpoint(options)
options.delete(:stripe_account)
commit(:get, "webhook_endpoints/#{options[:webhook_id]}", nil, options)
end
def list_webhook_endpoints(options)
params = {}
params[:limit] = options[:limit] if options[:limit]
options.delete(:stripe_account)
commit(:get, "webhook_endpoints?#{post_data(params)}", nil, options)
end
def create_post_for_auth_or_purchase(money, payment, options)
post = {}
if payment.is_a?(StripePaymentToken)
add_payment_token(post, payment, options)
else
add_creditcard(post, payment, options)
end
add_charge_details(post, money, payment, options)
post
end
# Used internally by Spreedly to populate the charge object for 3DS 1.0 transactions
def add_charge_details(post, money, payment, options)
if emv_payment?(payment)
add_statement_address(post, options)
add_emv_metadata(post, payment)
else
add_amount(post, money, options, true)
add_customer_data(post, options)
post[:description] = options[:description]
post[:statement_descriptor] = options[:statement_description]
post[:statement_descriptor_suffix] = options[:statement_descriptor_suffix] if options[:statement_descriptor_suffix]
post[:receipt_email] = options[:receipt_email] if options[:receipt_email]
add_customer(post, payment, options)
add_flags(post, options)
end
add_metadata(post, options)
add_shipping_address(post, payment, options)
add_application_fee(post, options)
add_exchange_rate(post, options)
add_destination(post, options)
add_level_three(post, options)
add_connected_account(post, options)
add_radar_data(post, options)
post
end
def add_amount(post, money, options, include_currency = false)
currency = options[:currency] || currency(money)
post[:amount] = localized_amount(money, currency)
post[:currency] = currency.downcase if include_currency
end
def add_application_fee(post, options)
post[:application_fee] = options[:application_fee] if options[:application_fee]
end
def add_exchange_rate(post, options)
post[:exchange_rate] = options[:exchange_rate] if options[:exchange_rate]
end
def add_destination(post, options)
if options[:destination]
post[:destination] = {}
post[:destination][:account] = options[:destination]
post[:destination][:amount] = options[:destination_amount] if options[:destination_amount]
end
end
def add_level_three(post, options)
level_three = {}
copy_when_present(level_three, [:merchant_reference], options)
copy_when_present(level_three, [:customer_reference], options)
copy_when_present(level_three, [:shipping_address_zip], options)
copy_when_present(level_three, [:shipping_from_zip], options)
copy_when_present(level_three, [:shipping_amount], options)
copy_when_present(level_three, [:line_items], options)
post[:level3] = level_three unless level_three.empty?
end
def add_expand_parameters(post, options)
post[:expand] ||= []
post[:expand].concat(Array.wrap(options[:expand]).map(&:to_sym)).uniq!
end
def add_external_account(post, card_params, payment)
external_account = {}
external_account[:object] = 'card'
external_account[:currency] = (options[:currency] || currency(payment)).downcase
post[:external_account] = external_account.merge(card_params[:card])
end
def add_customer_data(post, options)
metadata_options = %i[description ip user_agent referrer]
post.update(options.slice(*metadata_options))
post[:external_id] = options[:order_id]
post[:payment_user_agent] = "Stripe/v1 ActiveMerchantBindings/#{ActiveMerchant::VERSION}"
end
def add_address(post, options)
return unless post[:card]&.kind_of?(Hash)
if address = options[:billing_address] || options[:address]
post[:card][:address_line1] = address[:address1] if address[:address1]
post[:card][:address_line2] = address[:address2] if address[:address2]
post[:card][:address_country] = address[:country] if address[:country]
post[:card][:address_zip] = address[:zip] if address[:zip]
post[:card][:address_state] = address[:state] if address[:state]
post[:card][:address_city] = address[:city] if address[:city]
end
end
def add_statement_address(post, options)
return unless statement_address = options[:statement_address]
return unless %i[address1 city zip state].all? { |key| statement_address[key].present? }
post[:statement_address] = {}
post[:statement_address][:line1] = statement_address[:address1]
post[:statement_address][:line2] = statement_address[:address2] if statement_address[:address2].present?
post[:statement_address][:city] = statement_address[:city]
post[:statement_address][:postal_code] = statement_address[:zip]
post[:statement_address][:state] = statement_address[:state]
end
def add_creditcard(post, creditcard, options, use_sources = false)
card = {}
if emv_payment?(creditcard)
add_emv_creditcard(post, creditcard.icc_data)
post[:card][:read_method] = 'contactless' if creditcard.read_method == 'contactless'
post[:card][:read_method] = 'contactless_magstripe_mode' if creditcard.read_method == 'contactless_magstripe'
if creditcard.encrypted_pin_cryptogram.present? && creditcard.encrypted_pin_ksn.present?
post[:card][:encrypted_pin] = creditcard.encrypted_pin_cryptogram
post[:card][:encrypted_pin_key_id] = creditcard.encrypted_pin_ksn
end
elsif creditcard.respond_to?(:number)
if creditcard.respond_to?(:track_data) && creditcard.track_data.present?
card[:swipe_data] = creditcard.track_data
if creditcard.respond_to?(:read_method)
card[:fallback_reason] = 'no_chip' if creditcard.read_method == 'fallback_no_chip'
card[:fallback_reason] = 'chip_error' if creditcard.read_method == 'fallback_chip_error'
card[:read_method] = 'contactless_magstripe_mode' if creditcard.read_method == 'contactless_magstripe'
end
else
card[:number] = creditcard.number
card[:exp_month] = creditcard.month
card[:exp_year] = creditcard.year
card[:cvc] = creditcard.verification_value if creditcard.verification_value?
card[:name] = creditcard.name if creditcard.name && !use_sources
end
if creditcard.is_a?(NetworkTokenizationCreditCard)
card[:cryptogram] = creditcard.payment_cryptogram
card[:eci] = creditcard.eci.rjust(2, '0') if creditcard.eci =~ /^[0-9]+$/
card[:tokenization_method] = creditcard.source.to_s
end
post[:card] = card
add_address(post, options) unless use_sources
elsif creditcard.kind_of?(String)
if options[:track_data]
card[:swipe_data] = options[:track_data]
elsif creditcard.include?('|')
customer_id, card_id = creditcard.split('|')
card = card_id
post[:customer] = customer_id
else
card = creditcard
end
post[:card] = card
end
end
def add_emv_creditcard(post, icc_data, options = {})
post[:card] = { emv_auth_data: icc_data }
end
def add_payment_token(post, token, options = {})
post[:card] = token.payment_data['id']
end
def add_customer(post, payment, options)
post[:customer] = options[:customer] if options[:customer] && !payment.respond_to?(:number)
end
def add_flags(post, options)
post[:uncaptured] = true if options[:uncaptured]
post[:recurring] = true if options[:eci] == 'recurring' || options[:recurring]
end
def add_metadata(post, options = {})
post[:metadata] ||= {}
post[:metadata].merge!(options[:metadata]) if options[:metadata]
post[:metadata][:email] = options[:email] if options[:email]
post[:metadata][:order_id] = options[:order_id] if options[:order_id]
end
def add_emv_metadata(post, creditcard)
post[:metadata] ||= {}
post[:metadata][:card_read_method] = creditcard.read_method if creditcard.respond_to?(:read_method)
end
def add_shipping_address(post, payment, options = {})
return unless shipping = options[:shipping_address]
return unless shipping_name = shipping[:name]
post[:shipping] = {}
post[:shipping][:name] = shipping_name
post[:shipping][:address] = {}
post[:shipping][:address][:line1] = shipping[:address1]
post[:shipping][:address][:line2] = shipping[:address2] if shipping[:address2]
post[:shipping][:address][:city] = shipping[:city] if shipping[:city]
post[:shipping][:address][:country] = shipping[:country] if shipping[:country]
post[:shipping][:address][:state] = shipping[:state] if shipping[:state]
post[:shipping][:address][:postal_code] = shipping[:zip] if shipping[:zip]
post[:shipping][:phone] = shipping[:phone_number] if shipping[:phone_number]
end
def add_source_owner(post, creditcard, options)
post[:owner] = {}
post[:owner][:name] = creditcard.name if creditcard.respond_to?(:name) && creditcard.name
post[:owner][:email] = options[:email] if options[:email]
if address = options[:billing_address] || options[:address]
owner_address = {}
owner_address[:line1] = address[:address1] if address[:address1]
owner_address[:line2] = address[:address2] if address[:address2]
owner_address[:country] = address[:country] if address[:country]
owner_address[:postal_code] = address[:zip] if address[:zip]
owner_address[:state] = address[:state] if address[:state]
owner_address[:city] = address[:city] if address[:city]
post[:owner][:phone] = address[:phone] if address[:phone]
post[:owner][:address] = owner_address
end
end
def add_connected_account(post, options = {})
post[:on_behalf_of] = options[:on_behalf_of] if options[:on_behalf_of]
return unless options[:transfer_destination]
post[:transfer_data] = { destination: options[:transfer_destination] }
post[:transfer_data][:amount] = options[:transfer_amount] if options[:transfer_amount]
post[:transfer_group] = options[:transfer_group] if options[:transfer_group]
post[:application_fee_amount] = options[:application_fee_amount] if options[:application_fee_amount]
end
def add_radar_data(post, options = {})
radar_options = {}
radar_options[:session] = options[:radar_session_id] if options[:radar_session_id]
radar_options[:skip_rules] = ['all'] if options[:skip_radar_rules]
post[:radar_options] = radar_options unless radar_options.empty?
end
def parse(body)
JSON.parse(body)
end
def post_data(params)
return nil unless params
flatten_params([], params).join('&')
end
def flatten_params(flattened, params, prefix = nil)
params.each do |key, value|
next if value != false && value.blank?
flattened_key = prefix.nil? ? key : "#{prefix}[#{key}]"
if value.is_a?(Hash)
flatten_params(flattened, value, flattened_key)
elsif value.is_a?(Array)
flatten_array(flattened, value, flattened_key)
else
flattened << "#{flattened_key}=#{CGI.escape(value.to_s)}"
end
end
flattened
end
def flatten_array(flattened, array, prefix)
array.each_with_index do |item, idx|
key = "#{prefix}[#{idx}]"
if item.is_a?(Hash)
flatten_params(flattened, item, key)
elsif item.is_a?(Array)
flatten_array(flattened, item, key)
else
flattened << "#{key}=#{CGI.escape(item.to_s)}"
end
end
end
def key(options = {})
options[:key] || @api_key
end
def headers(options = {})
headers = {
'Authorization' => 'Basic ' + Base64.strict_encode64(key(options).to_s + ':').strip,
'User-Agent' => "Stripe/v1 ActiveMerchantBindings/#{ActiveMerchant::VERSION}",
'Stripe-Version' => api_version(options),
'X-Stripe-Client-User-Agent' => stripe_client_user_agent(options),
'X-Stripe-Client-User-Metadata' => { ip: options[:ip] }.to_json
}
headers['Idempotency-Key'] = options[:idempotency_key] if options[:idempotency_key]
headers['Stripe-Account'] = options[:stripe_account] if options[:stripe_account]
headers
end
def stripe_client_user_agent(options)
return user_agent unless options[:application]
JSON.dump(JSON.parse(user_agent).merge!({ application: options[:application] }))
end
def api_version(options)
options[:version] || @options[:version] || self.class::DEFAULT_API_VERSION
end
def api_request(method, endpoint, parameters = nil, options = {})
raw_response = response = nil
begin
raw_response = ssl_request(method, self.live_url + endpoint, post_data(parameters), headers(options))
response = parse(raw_response)
rescue ResponseError => e
raw_response = e.response.body
response = response_error(raw_response)
rescue JSON::ParserError
response = json_error(raw_response)
end
response
end
def commit(method, url, parameters = nil, options = {})
add_expand_parameters(parameters, options) if parameters
return Response.new(false, 'Invalid API Key provided') unless key_valid?(options)
response = api_request(method, url, parameters, options)
response['webhook_id'] = options[:webhook_id] if options[:webhook_id]
success = success_from(response, options)
card_checks = card_from_response(response)
avs_code = AVS_CODE_TRANSLATOR["line1: #{card_checks['address_line1_check']}, zip: #{card_checks['address_zip_check'] || card_checks['address_postal_code_check']}"]
cvc_code = CVC_CODE_TRANSLATOR[card_checks['cvc_check']]
Response.new(
success,
message_from(success, response),
response,
test: response_is_test?(response),
authorization: authorization_from(success, url, method, response),
avs_result: { code: avs_code },
cvv_result: cvc_code,
emv_authorization: emv_authorization_from_response(response),
error_code: success ? nil : error_code_from(response)
)
end
def key_valid?(options)
return true unless test?
%w(sk rk).each do |k|
if key(options).start_with?(k)
return false unless key(options).start_with?("#{k}_test")
end
end
true
end
def authorization_from(success, url, method, response)
return response.dig('error', 'charge') || response.dig('error', 'setup_intent', 'id') || response['id'] unless success
if url == 'customers'
[response['id'], response.dig('sources', 'data').first&.dig('id')].join('|')
elsif method == :post && (url.match(/customers\/.*\/cards/) || url.match(/payment_methods\/.*\/attach/))
[response['customer'], response['id']].join('|')
else
response['id']
end
end
def message_from(success, response)
success ? 'Transaction approved' : response.fetch('error', { 'message' => 'No error details' })['message']
end
def success_from(response, options)
!response.key?('error') && response['status'] != 'failed'
end
def response_error(raw_response)
parse(raw_response)
rescue JSON::ParserError
json_error(raw_response)
end
def json_error(raw_response)
msg = 'Invalid response received from the Stripe API. Please contact support@stripe.com if you continue to receive this message.'
msg += " (The raw response returned by the API was #{raw_response.inspect})"
{
'error' => {
'message' => msg
}
}
end
def response_is_test?(response)
if response.has_key?('livemode')
!response['livemode']
elsif response['charge'].is_a?(Hash) && response['charge'].has_key?('livemode')
!response['charge']['livemode']
else
false
end
end
def emv_payment?(payment)
payment.respond_to?(:emv?) && payment.emv?
end
def quickchip_payment?(payment)
payment.respond_to?(:read_method) && payment.read_method == 'contact_quickchip'
end
def card_from_response(response)
# StripePI puts the AVS and CVC check significantly deeper into the response object
response['card'] || response['active_card'] || response['source'] ||
response.dig('charges', 'data', 0, 'payment_method_details', 'card', 'checks') ||
response.dig('latest_attempt', 'payment_method_details', 'card', 'checks') || {}
end
def emv_authorization_from_response(response)
return response['error']['emv_auth_data'] if response['error']
card_from_response(response)['emv_auth_data']
end
def error_code_from(response)
return STANDARD_ERROR_CODE_MAPPING['processing_error'] unless response['error']
code = response['error']['code']
decline_code = response['error']['decline_code'] if code == 'card_declined'
error_code = STANDARD_ERROR_CODE_MAPPING[decline_code]
error_code ||= STANDARD_ERROR_CODE_MAPPING[code]
error_code
end
def tokenize_bank_account(bank_account, options = {})
account_holder_type = BANK_ACCOUNT_HOLDER_TYPE_MAPPING[bank_account.account_holder_type]
post = {
bank_account: {
account_number: bank_account.account_number,
country: 'US',
currency: 'usd',
routing_number: bank_account.routing_number,
account_holder_name: bank_account.name,
account_holder_type: account_holder_type
}
}
token_response = api_request(:post, "tokens?#{post_data(post)}")
success = token_response['error'].nil?
if success && token_response['id']
Response.new(success, nil, token: token_response)
else
Response.new(success, token_response['error']['message'])
end
end
def ach?(payment_method)
case payment_method
when String, nil
false
else
card_brand(payment_method) == 'check'
end
end
def auth_minimum_amount(options)
return 100 unless options[:currency]
return MINIMUM_AUTHORIZE_AMOUNTS[options[:currency].upcase] || 100
end
def copy_when_present(dest, dest_path, source, source_path = nil)
source_path ||= dest_path
source_path.each do |key|
return nil unless source[key]
source = source[key]
end
if source
dest_path.first(dest_path.size - 1).each do |key|
dest[key] ||= {}
dest = dest[key]
end
dest[dest_path.last] = source
end
end
end
end
end