Initial SecureXML API integration

Author: Andrew Keynes

src/Message/AbstractRequest.php

@@ -0,0 +1,37 @@
+<?php
+
+namespace Omnipay\SecurePay\Message;
+
+/**
+ * SecurePay Direct Post Abstract Request.
+ */
+abstract class AbstractRequest extends \Omnipay\Common\Message\AbstractRequest
+{
+    public $testEndpoint;
+    public $liveEndpoint;
+
+    public function getMerchantId()
+    {
+        return $this->getParameter('merchantId');
+    }
+
+    public function setMerchantId($value)
+    {
+        return $this->setParameter('merchantId', $value);
+    }
+
+    public function getTransactionPassword()
+    {
+        return $this->getParameter('transactionPassword');
+    }
+
+    public function setTransactionPassword($value)
+    {
+        return $this->setParameter('transactionPassword', $value);
+    }
+
+    public function getEndpoint()
+    {
+        return $this->getTestMode() ? $this->testEndpoint : $this->liveEndpoint;
+    }
+}

src/Message/DirectPostAbstractRequest.php

@@ -2,38 +2,11 @@
 
 namespace Omnipay\SecurePay\Message;
 
-use Omnipay\Common\Message\AbstractRequest;
-
 /**
  * SecurePay Direct Post Abstract Request
  */
 abstract class DirectPostAbstractRequest extends AbstractRequest
 {
     public $testEndpoint = 'https://api.securepay.com.au/test/directpost/authorise';
     public $liveEndpoint = 'https://api.securepay.com.au/live/directpost/authorise';
-
-    public function getMerchantId()
-    {
-        return $this->getParameter('merchantId');
-    }
-
-    public function setMerchantId($value)
-    {
-        return $this->setParameter('merchantId', $value);
-    }
-
-    public function getTransactionPassword()
-    {
-        return $this->getParameter('transactionPassword');
-    }
-
-    public function setTransactionPassword($value)
-    {
-        return $this->setParameter('transactionPassword', $value);
-    }
-
-    public function getEndpoint()
-    {
-        return $this->getTestMode() ? $this->testEndpoint : $this->liveEndpoint;
-    }
 }

src/Message/SecureXMLAbstractRequest.php

@@ -0,0 +1,119 @@
+<?php
+
+namespace Omnipay\SecurePay\Message;
+
+/**
+ * SecurePay SecureXML Abstract Request.
+ */
+abstract class SecureXMLAbstractRequest extends AbstractRequest
+{
+    public $testEndpoint = 'https://test.securepay.com.au/xmlapi/payment';
+    public $liveEndpoint = 'https://api.securepay.com.au/xmlapi/payment';
+
+    /**
+     * Set the messageID on the request.
+     *
+     * This is returned intact on any response so you could add a local
+     * database ID here to ease in matching data later.
+     */
+    public function setMessageId($value)
+    {
+        return $this->setParameter('messageId', $value);
+    }
+
+    /**
+     * Get the messageID for the request.
+     *
+     * @return string User-supplied messageID or generated one based on
+     *                timestamp.
+     */
+    public function getMessageId()
+    {
+        return empty($this->getParameter('messageId'))
+            ? substr(md5(microtime()), 0, 30)
+            : $this->getParameter('messageId');
+    }
+
+    public function sendData($data)
+    {
+        $httpResponse = $this->httpClient->post($this->getEndpoint(), null, $data->asXML())->send();
+
+        return $this->response = new SecureXMLResponse($this, $httpResponse->xml());
+    }
+
+    /**
+     * XML Template of a SecurePayMessage.
+     *
+     * As per section 5.1 of the documentation, these elements are common to
+     * all requests.
+     *
+     * @return \SimpleXMLElement SecurePayMessage template.
+     */
+    protected function getBaseXML()
+    {
+        foreach ($this->requiredFields as $field) {
+            $this->validate($field);
+        }
+
+        $xml = new \SimpleXMLElement('<SecurePayMessage/>');
+
+        $messageInfo = $xml->addChild('MessageInfo');
+        $messageInfo->addChild('messageID', $this->getMessageId());
+        $messageInfo->addChild('messageTimestamp', $this->generateTimestamp());
+        $messageInfo->addChild('timeoutValue', 60);
+        $messageInfo->addChild('apiVersion', 'xml-4.2');
+
+        $merchantInfo = $xml->addChild('MerchantInfo');
+        $merchantInfo->addChild('merchantID', $this->getMerchantId());
+        $merchantInfo->addChild('password', $this->getTransactionPassword());
+
+        $xml->addChild('RequestType', 'Payment'); // Not related to the transaction type
+
+        $payment = $xml->addChild('Payment');
+        $txnList = $payment->addChild('TxnList');
+        $txnList->addAttribute('count', 1); // One transaction per request supported by current API.
+
+        $transaction = $txnList->addChild('Txn');
+        $transaction->addAttribute('ID', 1); // One transaction per request supported by current API.
+        $transaction->addChild('txnType', $this->txnType);
+        $transaction->addChild('txnSource', 23); // Must always be 23 for SecureXML.
+        $transaction->addChild('amount', $this->getAmountInteger());
+        $transaction->addChild('currency', $this->getCurrency());
+        $transaction->addChild('purchaseOrderNo', $this->getTransactionId());
+
+        return $xml;
+    }
+
+    /**
+     * @return \SimpleXMLElement SecurePayMessage with card details.
+     */
+    protected function getBaseXMLWithCard()
+    {
+        $this->getCard()->validate();
+
+        $xml = $this->getBaseXML();
+
+        $card = $xml->Payment->TxnList->Txn->addChild('CreditCardInfo');
+        $card->addChild('cardNumber', $this->getCard()->getNumber());
+        $card->addChild('cvv', $this->getCard()->getCvv());
+        $card->addChild('expiryDate', $this->getCard()->getExpiryDate('m/y'));
+
+        return $xml;
+    }
+
+    /**
+     * Generates a SecureXML timestamp.
+     *
+     * SecureXML requires a specific timestamp format as per appendix E of the
+     * documentation.
+     *
+     * @return string SecureXML formatted timestamp.
+     */
+    protected function generateTimestamp()
+    {
+        $date = new \DateTime();
+
+        // API requires the timezone offset in minutes
+        return $date->format(sprintf('YmdHis000%+04d', $date->format('Z') / 60));
+    }
+}

src/Message/SecureXMLAuthorizeRequest.php

@@ -0,0 +1,22 @@
+<?php
+
+namespace Omnipay\SecurePay\Message;
+
+/**
+ * SecurePay SecureXML Authorize Request.
+ *
+ * Verify that the amount is available and hold for capture.
+ *
+ * Returns a 'preauthID' value that must be supplied in any subsequent capture
+ * request.
+ */
+class SecureXMLAuthorizeRequest extends SecureXMLAbstractRequest
+{
+    protected $txnType = 10; // Preauthorise, as per Appendix A of documentation.
+    protected $requiredFields = array('amount', 'card', 'transactionId');
+
+    public function getData()
+    {
+        return $this->getBaseXMLWithCard();
+    }
+}

src/Message/SecureXMLCaptureRequest.php

@@ -0,0 +1,45 @@
+<?php
+
+namespace Omnipay\SecurePay\Message;
+
+/**
+ * SecurePay SecureXML Capture Request.
+ *
+ * Capture a partial or full amount that has been held by a prior authorize
+ * request.
+ *
+ * The transactionId (purchaseOrderNo) and preauthID must match the prior
+ * authorize transaction for the capture to succeed.
+ */
+class SecureXMLCaptureRequest extends SecureXMLAbstractRequest
+{
+    protected $txnType = 11; // Preauthorise Complete, as per Appendix A of documentation.
+    protected $requiredFields = array('amount', 'transactionId', 'preauthId');
+
+    public function getData()
+    {
+        $xml = $this->getBaseXML();
+
+        $xml->Payment->TxnList->Txn->addChild('preauthID', $this->getPreauthId());
+
+        return $xml;
+    }
+
+    /**
+     * Set the preauthId that was returned as part of the original authorize
+     * request.
+     */
+    public function setPreauthId($value)
+    {
+        return $this->setParameter('preauthId', $value);
+    }
+
+    /**
+     * @return string The preauthId from the authorize request that this
+     *                capture matches.
+     */
+    public function getPreauthId()
+    {
+        return $this->getParameter('preauthId');
+    }
+}

src/Message/SecureXMLPurchaseRequest.php

@@ -0,0 +1,17 @@
+<?php
+
+namespace Omnipay\SecurePay\Message;
+
+/**
+ * SecurePay SecureXML Purchase Request.
+ */
+class SecureXMLPurchaseRequest extends SecureXMLAbstractRequest
+{
+    protected $txnType = 0; // Standard Payment, as per Appendix A of documentation.
+    protected $requiredFields = array('amount', 'card', 'transactionId');
+
+    public function getData()
+    {
+        return $this->getBaseXMLWithCard();
+    }
+}

src/Message/SecureXMLRefundRequest.php

@@ -0,0 +1,25 @@
+<?php
+
+namespace Omnipay\SecurePay\Message;
+
+/**
+ * SecurePay SecureXML Refund Request.
+ *
+ * Refund a partial or full amount from a prior purchase.
+ *
+ * The transactionReference (txnID) and transactionId (purchaseOrderNo) must
+ * match the original transaction for a refund to be successful.
+ */
+class SecureXMLRefundRequest extends SecureXMLAbstractRequest
+{
+    protected $txnType = 4; // Refund, as per Appendix A of documentation.
+    protected $requiredFields = array('amount', 'transactionId', 'transactionReference');
+
+    public function getData()
+    {
+        $xml = $this->getBaseXML();
+        $xml->Payment->TxnList->Txn->addChild('txnID', $this->getTransactionReference());
+
+        return $xml;
+    }
+}

src/Message/SecureXMLResponse.php

@@ -0,0 +1,74 @@
+<?php
+
+namespace Omnipay\SecurePay\Message;
+
+use Omnipay\Common\Message\AbstractResponse;
+
+class SecureXMLResponse extends AbstractResponse
+{
+    /**
+     * Determine if the transaction is successful or not.
+     *
+     * @note Rather than using HTTP status codes, the SecureXML API returns a
+     * status code as part of the response if there is an internal API issue.
+     *
+     * @return bool
+     */
+    public function isSuccessful()
+    {
+        // As per appendix F, 000 means the message was processed correctly
+        if ((string) $this->data->Status->statusCode !== '000'
+            || ($this->hasTransaction()
+                && (string) $this->data->Payment->TxnList->Txn->approved !== 'Yes')) {
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * Determine if we have had payment information returned.
+     *
+     * @note For certain errors a Payment element is returned but has an empty
+     * TxnList so this will tell us if we actually have a transaction to check.
+     *
+     * @return bool True if we have a transaction.
+     */
+    protected function hasTransaction()
+    {
+        return isset($this->data->Payment->TxnList->Txn);
+    }
+
+    /**
+     * @link https://www.securepay.com.au/_uploads/files/SecurePay_Response_Codes.pdf
+     *
+     * @return string Gateway failure code or transaction code if available.
+     */
+    public function getCode()
+    {
+        return $this->hasTransaction()
+            ? (string) $this->data->Payment->TxnList->Txn->responseCode
+            : (string) $this->data->Status->statusCode;
+    }
+
+    /**
+     * @return string Gateway failure message or transaction message if
+     *                available.
+     */
+    public function getMessage()
+    {
+        return $this->hasTransaction()
+            ? (string) $this->data->Payment->TxnList->Txn->responseText
+            : (string) $this->data->Status->statusDescription;
+    }
+
+    /**
+     * @return string Unique SecurePay bank transaction reference.
+     */
+    public function getTransactionReference()
+    {
+        return $this->hasTransaction()
+            ? (string) $this->data->Payment->TxnList->Txn->txnID
+            : null;
+    }
+}