Merge pull request #28 from academe/protocol3

greydnls · greydnls · commit 899507095428 · 2015-04-02T13:46:20.000-04:00
Support SagePay Protocol v3.00
diff --git a/README.md b/README.md
@@ -33,6 +33,8 @@ The following gateways are provided by this package:
 
 * SagePay_Direct
 * SagePay_Server
+* SagePay_Direct3
+* SagePay_Server3
 
 For general usage instructions, please see the main [Omnipay](https://github.com/thephpleague/omnipay)
 repository.
diff --git a/src/DirectGateway.php b/src/DirectGateway.php
@@ -9,6 +9,8 @@
  */
 class DirectGateway extends AbstractGateway
 {
+    // Gateway identification.
+
     public function getName()
     {
         return 'Sage Pay Direct';
@@ -19,11 +21,12 @@ public function getDefaultParameters()
         return array(
             'vendor' => '',
             'testMode' => false,
-            'simulatorMode' => false,
             'referrerId' => '',
         );
     }
 
+    // Vendor identification.
+
     public function getVendor()
     {
         return $this->getParameter('vendor');
@@ -34,16 +37,16 @@ public function setVendor($value)
         return $this->setParameter('vendor', $value);
     }
 
-    public function getSimulatorMode()
-    {
-        return $this->getParameter('simulatorMode');
-    }
+    // Access to the HTTP client for debugging.
+    // NOTE: this is likely to be removed or replaced with something
+    // more appropriate.
 
-    public function setSimulatorMode($value)
+    public function getHttpClient()
     {
-        return $this->setParameter('simulatorMode', $value);
+        return $this->httpClient;
     }
 
+    // Available services.
     public function getReferrerId()
     {
         return $this->getParameter('referrerId');
diff --git a/src/Message/AbstractRequest.php b/src/Message/AbstractRequest.php
@@ -2,14 +2,15 @@
 
 namespace Omnipay\SagePay\Message;
 
+use Omnipay\Common\Exception\InvalidRequestException;
+
 /**
  * Sage Pay Abstract Request
  */
 abstract class AbstractRequest extends \Omnipay\Common\Message\AbstractRequest
 {
     protected $liveEndpoint = 'https://live.sagepay.com/gateway/service';
     protected $testEndpoint = 'https://test.sagepay.com/gateway/service';
-    protected $simulatorEndpoint = 'https://test.sagepay.com/Simulator';
 
     public function getVendor()
     {
@@ -21,16 +22,6 @@ public function setVendor($value)
         return $this->setParameter('vendor', $value);
     }
 
-    public function getSimulatorMode()
-    {
-        return $this->getParameter('simulatorMode');
-    }
-
-    public function setSimulatorMode($value)
-    {
-        return $this->setParameter('simulatorMode', $value);
-    }
-
     public function getService()
     {
         return $this->action;
@@ -115,7 +106,7 @@ public function setApply3DSecure($value)
     protected function getBaseData()
     {
         $data = array();
-        $data['VPSProtocol'] = '2.23';
+        $data['VPSProtocol'] = '3.00';
         $data['TxType'] = $this->action;
         $data['Vendor'] = $this->getVendor();
         $data['AccountType'] = $this->getAccountType() ?: 'E';
@@ -134,19 +125,6 @@ public function getEndpoint()
     {
         $service = strtolower($this->getService());
 
-        if ($this->getSimulatorMode()) {
-            // hooray for consistency
-            if ($service == 'vspdirect-register') {
-                return $this->simulatorEndpoint.'/VSPDirectGateway.asp';
-            } elseif ($service == 'vspserver-register') {
-                return $this->simulatorEndpoint.'/VSPServerGateway.asp?Service=VendorRegisterTx';
-            } elseif ($service == 'direct3dcallback') {
-                return $this->simulatorEndpoint.'/VSPDirectCallback.asp';
-            }
-
-            return $this->simulatorEndpoint.'/VSPServerGateway.asp?Service=Vendor'.ucfirst($service).'Tx';
-        }
-
         if ($this->getTestMode()) {
             return $this->testEndpoint."/$service.vsp";
         }
diff --git a/src/Message/ServerCompleteAuthorizeRequest.php b/src/Message/ServerCompleteAuthorizeRequest.php
@@ -9,14 +9,25 @@
  */
 class ServerCompleteAuthorizeRequest extends AbstractRequest
 {
-    public function getData()
+    /**
+     * Get the signature calculated from the three pieces of saved local
+     * information:
+     * * VendorTxCode - merchant site ID (aka transactionId).
+     * * VPSTxId - SagePay ID (aka transactionReference)
+     * * SecurityKey - SagePay one-use token.
+     * and the POSTed transaction results.
+     * Note that the three items above are passed in as a single JSON structure
+     * as the transactionReference. Would be nice if that were just the fallback,
+     * if not passed in as three separate items to the relevant fields.
+     */
+    public function getSignature()
     {
         $this->validate('transactionId', 'transactionReference');
 
         $reference = json_decode($this->getTransactionReference(), true);
 
-        // validate VPSSignature
-        $signature = md5(
+        // Re-create the VPSSignature
+        $signature_string =
             $reference['VPSTxId'].
             $reference['VendorTxCode'].
             $this->httpRequest->request->get('Status').
@@ -33,8 +44,24 @@ public function getData()
             $this->httpRequest->request->get('AddressStatus').
             $this->httpRequest->request->get('PayerStatus').
             $this->httpRequest->request->get('CardType').
-            $this->httpRequest->request->get('Last4Digits')
-        );
+            $this->httpRequest->request->get('Last4Digits').
+            // New for protocol v3.00
+            // Described in the docs as "mandatory" but not supplied when PayPal is used,
+            // so provide the defaults.
+            $this->httpRequest->request->get('DeclineCode', '').
+            $this->httpRequest->request->get('ExpiryDate', '').
+            $this->httpRequest->request->get('FraudResponse', '').
+            $this->httpRequest->request->get('BankAuthCode', '');
+
+        return md5($signature_string);
+    }
+
+    /**
+     * Get the POSTed data, checking that the signature is valid.
+     */
+    public function getData()
+    {
+        $signature = $this->getSignature();
 
         if (strtolower($this->httpRequest->request->get('VPSSignature')) !== $signature) {
             throw new InvalidResponseException;
diff --git a/tests/Message/ServerAuthorizeResponseTest.php b/tests/Message/ServerAuthorizeResponseTest.php
@@ -42,6 +42,6 @@ public function testServerPurchaseFailure()
         $this->assertFalse($response->isSuccessful());
         $this->assertFalse($response->isRedirect());
         $this->assertSame('{"VendorTxCode":"123456"}', $response->getTransactionReference());
-        $this->assertSame('The Description field should be between 1 and 100 characters long.', $response->getMessage());
+        $this->assertSame('3082 : The Description value is too long.', $response->getMessage());
     }
 }
diff --git a/tests/Message/ServerCompleteAuthorizeResponseTest.php b/tests/Message/ServerCompleteAuthorizeResponseTest.php
@@ -25,6 +25,9 @@ public function testServerCompleteAuthorizeResponseSuccess()
                 'PayerStatus' => 'k',
                 'CardType' => 'l',
                 'Last4Digits' => 'm',
+                'DeclineCode' => '00',
+                'ExpiryDate' => '0722',
+                'BankAuthCode' => '999777',
             )
         );
 
diff --git a/tests/Mock/CaptureFailure.txt b/tests/Mock/CaptureFailure.txt
@@ -8,6 +8,6 @@ Content-Type: Text/Plain
 Set-Cookie: ASPSESSIONIDSEHSCTTR=NNBHGPBDLOMKKPGPNDDJFBAB; secure; path=/
 Cache-control: private
 
-VPSProtocol=2.23
+VPSProtocol=3.00
 Status=INVALID
 StatusDetail=You are trying to RELEASE a transaction that has already been RELEASEd or ABORTed.
diff --git a/tests/Mock/CaptureSuccess.txt b/tests/Mock/CaptureSuccess.txt
@@ -8,6 +8,6 @@ Content-Type: Text/Plain
 Set-Cookie: ASPSESSIONIDSEHSCTTR=FNBHGPBDMGDJCNLCDCDPGKCA; secure; path=/
 Cache-control: private
 
-VPSProtocol=2.23
+VPSProtocol=3.00
 Status=OK
 StatusDetail=The transaction was RELEASEed successfully.
diff --git a/tests/Mock/DirectPurchase3dSecure.txt b/tests/Mock/DirectPurchase3dSecure.txt
@@ -8,7 +8,7 @@ Content-Type: Text/Plain
 Set-Cookie: ASPSESSIONIDSEHSCTTR=FDNGGPBDBPAHLBIMINACENLN; secure; path=/
 Cache-control: private
 
-VPSProtocol=2.23
+VPSProtocol=3.00
 Status=3DAUTH
 3DSecureStatus=OK
 MD=065379457749061954
diff --git a/tests/Mock/DirectPurchaseFailure.txt b/tests/Mock/DirectPurchaseFailure.txt
@@ -8,6 +8,6 @@ Content-Type: Text/Plain
 Set-Cookie: ASPSESSIONIDSEHSCTTR=PIMGGPBDEAHAGKNHFGMICIAM; secure; path=/
 Cache-control: private
 
-VPSProtocol=2.23
+VPSProtocol=3.00
 Status=INVALID
 StatusDetail=The VendorTxCode '984297' has been used before.  Each transaction you send should have a unique VendorTxCode.
diff --git a/tests/Mock/DirectPurchaseSuccess.txt b/tests/Mock/DirectPurchaseSuccess.txt
@@ -8,7 +8,7 @@ Content-Type: Text/Plain
 Set-Cookie: ASPSESSIONIDSEHSCTTR=CIMGGPBDFDIKICAGIIHCNFHJ; secure; path=/
 Cache-control: private
 
-VPSProtocol=2.23
+VPSProtocol=3.00
 Status=OK
 StatusDetail=Direct transaction from Simulator.
 VPSTxId={5A1BC414-5409-48DD-9B8B-DCDF096CE0BE}
diff --git a/tests/Mock/ServerPurchaseFailure.txt b/tests/Mock/ServerPurchaseFailure.txt
@@ -1,13 +1,11 @@
 HTTP/1.1 200 OK
-Date: Sat, 16 Feb 2013 08:59:41 GMT
-Server: Microsoft-IIS/6.0
 P3P: CP="CUR"
-X-Powered-By: ASP.NET
-Content-Length: 113
-Content-Type: Text/Plain
-Set-Cookie: ASPSESSIONIDSEHSCTTR=EODHGPBDGNKCCIGEMFBBCBPD; secure; path=/
-Cache-control: private
+Content-Language: en-GB
+Content-Length: 88
+Date: Tue, 20 Jan 2015 16:45:41 GMT
+Server: undisclosed
+Set-Cookie: NSC_WRE-uftu.tbhfqbz.dpn-Kbwb7=f76fde52445f8236609ebb88e4554f525455a4a4d5e0;path=/;secure;httponly
 
-VPSProtocol=2.23
+VPSProtocol=3.00
 Status=INVALID
-StatusDetail=The Description field should be between 1 and 100 characters long.
+StatusDetail=3082 : The Description value is too long.
diff --git a/tests/Mock/ServerPurchaseSuccess.txt b/tests/Mock/ServerPurchaseSuccess.txt
@@ -8,7 +8,7 @@ Content-Type: Text/Plain
 Set-Cookie: ASPSESSIONIDSEHSCTTR=JAEHGPBDBOBICGBGJEHFJHPE; secure; path=/
 Cache-control: private
 
-VPSProtocol=2.23
+VPSProtocol=3.00
 Status=OK
 StatusDetail=Server transaction registered successfully.
 VPSTxId={1E7D9C70-DBE2-4726-88EA-D369810D801D}
diff --git a/tests/ServerGatewayTest.php b/tests/ServerGatewayTest.php
@@ -6,6 +6,8 @@
 
 class ServerGatewayTest extends GatewayTestCase
 {
+    protected $error_3082_text = '3082 : The Description value is too long.';
+
     public function setUp()
     {
         parent::setUp();
@@ -54,7 +56,7 @@ public function testAuthorizeFailure()
         $this->assertFalse($response->isSuccessful());
         $this->assertFalse($response->isRedirect());
         $this->assertSame('{"VendorTxCode":"123"}', $response->getTransactionReference());
-        $this->assertSame('The Description field should be between 1 and 100 characters long.', $response->getMessage());
+        $this->assertSame($this->error_3082_text, $response->getMessage());
     }
 
     public function testCompleteAuthorizeSuccess()
@@ -74,14 +76,24 @@ public function testCompleteAuthorizeSuccess()
                 'PayerStatus' => 'k',
                 'CardType' => 'l',
                 'Last4Digits' => 'm',
-                'VPSSignature' => md5('{F955C22E-F67B-4DA3-8EA3-6DAC68FA59D2}438791OKbexamplecJEUPDN1N7Edefghijklm'),
+                // New fields for protocol v3.00
+                'DeclineCode' => '00',
+                'ExpiryDate' => '0722',
+                'BankAuthCode' => '999777',
+                'VPSSignature' => md5(
+                    '{F955C22E-F67B-4DA3-8EA3-6DAC68FA59D2}'
+                    . '438791' . 'OK' . 'bexamplecJEUPDN1N7Edefghijklm' . '00' . '0722' . '999777'
+                ),
             )
         );
 
         $response = $this->gateway->completeAuthorize($this->completePurchaseOptions)->send();
 
         $this->assertTrue($response->isSuccessful());
-        $this->assertSame('{"SecurityKey":"JEUPDN1N7E","TxAuthNo":"b","VPSTxId":"{F955C22E-F67B-4DA3-8EA3-6DAC68FA59D2}","VendorTxCode":"123"}', $response->getTransactionReference());
+        $this->assertSame(
+            '{"SecurityKey":"JEUPDN1N7E","TxAuthNo":"b","VPSTxId":"{F955C22E-F67B-4DA3-8EA3-6DAC68FA59D2}","VendorTxCode":"123"}',
+            $response->getTransactionReference()
+        );
         $this->assertNull($response->getMessage());
     }
 
@@ -115,7 +127,7 @@ public function testPurchaseFailure()
         $this->assertFalse($response->isSuccessful());
         $this->assertFalse($response->isRedirect());
         $this->assertSame('{"VendorTxCode":"123"}', $response->getTransactionReference());
-        $this->assertSame('The Description field should be between 1 and 100 characters long.', $response->getMessage());
+        $this->assertSame($this->error_3082_text, $response->getMessage());
     }
 
     public function testCompletePurchaseSuccess()

Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,8 @@`
`9`	`9`	`*/`
`10`	`10`	`class DirectGateway extends AbstractGateway`
`11`	`11`	`{`
	`12`	`+ // Gateway identification.`
	`13`	`+`
`12`	`14`	`public function getName()`
`13`	`15`	`{`
`14`	`16`	`return 'Sage Pay Direct';`
`@@ -19,11 +21,12 @@ public function getDefaultParameters()`
`19`	`21`	`return array(`
`20`	`22`	`'vendor' => '',`
`21`	`23`	`'testMode' => false,`
`22`		`- 'simulatorMode' => false,`
`23`	`24`	`'referrerId' => '',`
`24`	`25`	`);`
`25`	`26`	`}`
`26`	`27`
	`28`	`+ // Vendor identification.`
	`29`	`+`
`27`	`30`	`public function getVendor()`
`28`	`31`	`{`
`29`	`32`	`return $this->getParameter('vendor');`
`@@ -34,16 +37,16 @@ public function setVendor($value)`
`34`	`37`	`return $this->setParameter('vendor', $value);`
`35`	`38`	`}`
`36`	`39`
`37`		`- public function getSimulatorMode()`
`38`		`- {`
`39`		`- return $this->getParameter('simulatorMode');`
`40`		`- }`
	`40`	`+ // Access to the HTTP client for debugging.`
	`41`	`+ // NOTE: this is likely to be removed or replaced with something`
	`42`	`+ // more appropriate.`
`41`	`43`
`42`		`- public function setSimulatorMode($value)`
	`44`	`+ public function getHttpClient()`
`43`	`45`	`{`
`44`		`- return $this->setParameter('simulatorMode', $value);`
	`46`	`+ return $this->httpClient;`
`45`	`47`	`}`
`46`	`48`
	`49`	`+ // Available services.`
`47`	`50`	`public function getReferrerId()`
`48`	`51`	`{`
`49`	`52`	`return $this->getParameter('referrerId');`
Original file line number	Diff line number	Diff line change
`@@ -42,6 +42,6 @@ public function testServerPurchaseFailure()`
`42`	`42`	`$this->assertFalse($response->isSuccessful());`
`43`	`43`	`$this->assertFalse($response->isRedirect());`
`44`	`44`	`$this->assertSame('{"VendorTxCode":"123456"}', $response->getTransactionReference());`
`45`		`- $this->assertSame('The Description field should be between 1 and 100 characters long.', $response->getMessage());`
	`45`	`+ $this->assertSame('3082 : The Description value is too long.', $response->getMessage());`
`46`	`46`	`}`
`47`	`47`	`}`
Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,9 @@ public function testServerCompleteAuthorizeResponseSuccess()`
`25`	`25`	`'PayerStatus' => 'k',`
`26`	`26`	`'CardType' => 'l',`
`27`	`27`	`'Last4Digits' => 'm',`
	`28`	`+ 'DeclineCode' => '00',`
	`29`	`+ 'ExpiryDate' => '0722',`
	`30`	`+ 'BankAuthCode' => '999777',`
`28`	`31`	`)`
`29`	`32`	`);`
`30`	`33`