From 3274d5b5ec78afbe0c11d82be02ccf0b8b8ff3f2 Mon Sep 17 00:00:00 2001
From: Alma Malambo <amalambo@spreedly.com>
Date: Mon, 24 Jun 2024 15:51:46 -0500
Subject: [PATCH] Orbital: Update to accept UCAF Indicator GSF

If alternate_ucaf_flow is true and the eci value is 4, 6, or 7 then
send the ucaf passed in by customer. If alternate_ucaf_flow is not
passed then only send ucaf if provided by customer if not pass default
of 4.

Remote:
134 tests, 543 assertions, 0 failures, 0 errors, 0 pendings, 0 omissions, 0 notifications
100% passed

Unit:
152 tests, 892 assertions, 0 failures, 0 errors, 0 pendings, 0 omissions, 0 notifications
100% passed
---
 CHANGELOG                                     |  1 +
 .../billing/gateways/orbital.rb               | 12 +++-
 test/remote/gateways/remote_orbital_test.rb   | 50 +++++++-------
 test/unit/gateways/orbital_test.rb            | 65 +++++++++++++++++++
 4 files changed, 97 insertions(+), 31 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 329ae68e72c..2115b4a0fff 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -17,6 +17,7 @@
 * CommerceHub: Add billing address name override [yunnydang] #5157
 * StripePI: Add optional ability for 3DS exemption on verify calls [yunnydang] #5160
 * CyberSource: Update stored credentials [sinourain] #5136
+* Orbital: Update to accept UCAF Indicator GSF [almalee24] #5150
 
 == Version 1.136.0 (June 3, 2024)
 * Shift4V2: Add new gateway based on SecurionPay adapter [heavyblade] #4860
diff --git a/lib/active_merchant/billing/gateways/orbital.rb b/lib/active_merchant/billing/gateways/orbital.rb
index 872fda576c7..f22303daa40 100644
--- a/lib/active_merchant/billing/gateways/orbital.rb
+++ b/lib/active_merchant/billing/gateways/orbital.rb
@@ -724,7 +724,7 @@ def add_mastercard_fields(xml, credit_card, parameters, three_d_secure)
         add_mc_sca_recurring(xml, credit_card, parameters, three_d_secure)
         add_mc_program_protocol(xml, credit_card, three_d_secure)
         add_mc_directory_trans_id(xml, credit_card, three_d_secure)
-        add_mc_ucafind(xml, credit_card, three_d_secure)
+        add_mc_ucafind(xml, credit_card, three_d_secure, parameters)
       end
 
       def add_mc_sca_merchant_initiated(xml, credit_card, parameters, three_d_secure)
@@ -753,10 +753,16 @@ def add_mc_directory_trans_id(xml, credit_card, three_d_secure)
         xml.tag!(:MCDirectoryTransID, three_d_secure[:ds_transaction_id]) if three_d_secure[:ds_transaction_id]
       end
 
-      def add_mc_ucafind(xml, credit_card, three_d_secure)
+      def add_mc_ucafind(xml, credit_card, three_d_secure, options)
         return unless three_d_secure
 
-        xml.tag! :UCAFInd, '4'
+        if options[:alternate_ucaf_flow]
+          return unless %w(4 6 7).include?(three_d_secure[:eci])
+
+          xml.tag! :UCAFInd, options[:ucaf_collection_indicator] if options[:ucaf_collection_indicator]
+        else
+          xml.tag! :UCAFInd, options[:ucaf_collection_indicator] || '4'
+        end
       end
 
       #=====SCA (STORED CREDENTIAL) FIELDS=====
diff --git a/test/remote/gateways/remote_orbital_test.rb b/test/remote/gateways/remote_orbital_test.rb
index b923774c987..27cf8139e66 100644
--- a/test/remote/gateways/remote_orbital_test.rb
+++ b/test/remote/gateways/remote_orbital_test.rb
@@ -672,13 +672,13 @@ def test_authorize_sends_with_payment_delivery
 
   def test_default_payment_delivery_with_no_payment_delivery_sent
     transcript = capture_transcript(@echeck_gateway) do
-      @echeck_gateway.authorize(@amount, @echeck, @options.merge(order_id: '4'))
+      response = @echeck_gateway.authorize(@amount, @echeck, @options.merge(order_id: '4'))
+      assert_equal '1', response.params['approval_status']
+      assert_equal '00', response.params['resp_code']
     end
 
     assert_match(/<BankPmtDelv>B/, transcript)
     assert_match(/<MessageType>A/, transcript)
-    assert_match(/<ApprovalStatus>1/, transcript)
-    assert_match(/<RespCode>00/, transcript)
   end
 
   def test_sending_echeck_adds_ecp_details_for_refund
@@ -692,12 +692,12 @@ def test_sending_echeck_adds_ecp_details_for_refund
     transcript = capture_transcript(@echeck_gateway) do
       refund = @echeck_gateway.refund(@amount, capture.authorization, @options.merge(payment_method: @echeck, action_code: 'W6', auth_method: 'I'))
       assert_success refund
+      assert_equal '1', refund.params['approval_status']
     end
 
     assert_match(/<ECPActionCode>W6/, transcript)
     assert_match(/<ECPAuthMethod>I/, transcript)
     assert_match(/<MessageType>R/, transcript)
-    assert_match(/<ApprovalStatus>1/, transcript)
   end
 
   def test_sending_credit_card_performs_correct_refund
@@ -714,43 +714,40 @@ def test_sending_credit_card_performs_correct_refund
 
   def test_echeck_purchase_with_address_responds_with_name
     transcript = capture_transcript(@echeck_gateway) do
-      @echeck_gateway.authorize(@amount, @echeck, @options.merge(order_id: '2'))
+      response = @echeck_gateway.authorize(@amount, @echeck, @options.merge(order_id: '2'))
+      assert_equal '00', response.params['resp_code']
+      assert_equal 'Approved', response.params['status_msg']
     end
 
     assert_match(/<AVSname>Jim Smith/, transcript)
-    assert_match(/<RespCode>00/, transcript)
-    assert_match(/atusMsg>Approved</, transcript)
   end
 
   def test_echeck_purchase_with_no_address_responds_with_name
     test_check_no_address = check(name: 'Test McTest')
 
     transcript = capture_transcript(@echeck_gateway) do
-      @echeck_gateway.authorize(@amount, test_check_no_address, @options.merge(order_id: '2', address: nil, billing_address: nil))
+      response = @echeck_gateway.authorize(@amount, test_check_no_address, @options.merge(order_id: '2', address: nil, billing_address: nil))
+      assert_equal '00', response.params['resp_code']
+      assert_equal 'Approved', response.params['status_msg']
     end
 
     assert_match(/<AVSname>Test McTest/, transcript)
-    assert_match(/<RespCode>00/, transcript)
-    assert_match(/atusMsg>Approved</, transcript)
   end
 
   def test_credit_purchase_with_address_responds_with_name
     transcript = capture_transcript(@gateway) do
-      @gateway.authorize(@amount, @credit_card, @options.merge(order_id: '2'))
+      response = @gateway.authorize(@amount, @credit_card, @options.merge(order_id: '2'))
+      assert_equal '00', response.params['resp_code']
+      assert_equal 'Approved', response.params['status_msg']
     end
 
     assert_match(/<AVSname>Longbob Longsen/, transcript)
-    assert_match(/<RespCode>00/, transcript)
-    assert_match(/<StatusMsg>Approved/, transcript)
   end
 
   def test_credit_purchase_with_no_address_responds_with_no_name
-    transcript = capture_transcript(@gateway) do
-      @gateway.authorize(@amount, @credit_card, @options.merge(order_id: '2', address: nil, billing_address: nil))
-    end
-
-    assert_match(/<RespCode>00/, transcript)
-    assert_match(/<StatusMsg>Approved/, transcript)
+    response = @gateway.authorize(@amount, @credit_card, @options.merge(order_id: '2', address: nil, billing_address: nil))
+    assert_equal '00', response.params['resp_code']
+    assert_equal 'Approved', response.params['status_msg']
   end
 
   # == Certification Tests
@@ -1586,21 +1583,18 @@ def test_failed_capture
 
   def test_credit_purchase_with_address_responds_with_name
     transcript = capture_transcript(@tandem_gateway) do
-      @tandem_gateway.authorize(@amount, @credit_card, @options.merge(order_id: '2'))
+      response = @tandem_gateway.authorize(@amount, @credit_card, @options.merge(order_id: '2'))
+      assert_equal '00', response.params['resp_code']
+      assert_equal 'Approved', response.params['status_msg']
     end
 
     assert_match(/<AVSname>Longbob Longsen/, transcript)
-    assert_match(/<RespCode>00/, transcript)
-    assert_match(/<StatusMsg>Approved/, transcript)
   end
 
   def test_credit_purchase_with_no_address_responds_with_no_name
-    transcript = capture_transcript(@tandem_gateway) do
-      @tandem_gateway.authorize(@amount, @credit_card, @options.merge(order_id: '2', address: nil, billing_address: nil))
-    end
-
-    assert_match(/<RespCode>00/, transcript)
-    assert_match(/<StatusMsg>Approved/, transcript)
+    response = @tandem_gateway.authorize(@amount, @credit_card, @options.merge(order_id: '2', address: nil, billing_address: nil))
+    assert_equal '00', response.params['resp_code']
+    assert_equal 'Approved', response.params['status_msg']
   end
 
   def test_void_transactions
diff --git a/test/unit/gateways/orbital_test.rb b/test/unit/gateways/orbital_test.rb
index 150cc874ac1..e46959124ab 100644
--- a/test/unit/gateways/orbital_test.rb
+++ b/test/unit/gateways/orbital_test.rb
@@ -115,6 +115,16 @@ def setup
       }
     }
 
+    @three_d_secure_options_eci_6 = {
+      three_d_secure: {
+        eci: '6',
+        xid: 'TESTXID',
+        cavv: 'TESTCAVV',
+        version: '2.2.0',
+        ds_transaction_id: '97267598FAE648F28083C23433990FBC'
+      }
+    }
+
     @google_pay_card = network_tokenization_credit_card(
       '4777777777777778',
       payment_cryptogram: 'BwAQCFVQdwEAABNZI1B3EGLyGC8=',
@@ -1316,6 +1326,61 @@ def test_successful_refund_with_echeck
     assert_equal '1', response.params['approval_status']
   end
 
+  def test_three_d_secure_data_on_master_purchase_with_custom_ucaf_and_flag_on_if_eci_is_valid
+    options = @options.merge(@three_d_secure_options)
+    options.merge!({ ucaf_collection_indicator: '5', alternate_ucaf_flow: true })
+    assert_equal '6', @three_d_secure_options_eci_6.dig(:three_d_secure, :eci)
+
+    stub_comms do
+      @gateway.purchase(50, credit_card(nil, brand: 'master'), options)
+    end.check_request do |_endpoint, data, _headers|
+      assert_no_match(/\<UCAFInd/, data)
+    end.respond_with(successful_purchase_response)
+  end
+
+  def test_three_d_secure_data_on_master_purchase_with_custom_ucaf_and_flag_on
+    options = @options.merge(@three_d_secure_options_eci_6)
+    options.merge!({ ucaf_collection_indicator: '5', alternate_ucaf_flow: true })
+    assert_equal '6', @three_d_secure_options_eci_6.dig(:three_d_secure, :eci)
+
+    stub_comms do
+      @gateway.purchase(50, credit_card(nil, brand: 'master'), options)
+    end.check_request do |_endpoint, data, _headers|
+      assert_match %{<UCAFInd>5</UCAFInd>}, data
+    end.respond_with(successful_purchase_response)
+  end
+
+  def test_three_d_secure_data_on_master_purchase_with_flag_on_but_no_custom_ucaf
+    options = @options.merge(@three_d_secure_options_eci_6)
+    options.merge!(alternate_ucaf_flow: true)
+    assert_equal '6', @three_d_secure_options_eci_6.dig(:three_d_secure, :eci)
+
+    stub_comms do
+      @gateway.purchase(50, credit_card(nil, brand: 'master'), options)
+    end.check_request do |_endpoint, data, _headers|
+      assert_no_match(/\<UCAFInd/, data)
+    end.respond_with(successful_purchase_response)
+  end
+
+  def test_three_d_secure_data_on_master_purchase_with_flag_off
+    options = @options.merge(@three_d_secure_options)
+    stub_comms do
+      @gateway.purchase(50, credit_card(nil, brand: 'master'), options)
+    end.check_request do |_endpoint, data, _headers|
+      assert_match %{<UCAFInd>4</UCAFInd>}, data
+    end.respond_with(successful_purchase_response)
+  end
+
+  def test_three_d_secure_data_on_master_purchase_with_flag_off_and_custom_ucaf
+    options = @options.merge(@three_d_secure_options)
+    options.merge!(ucaf_collection_indicator: '5')
+    stub_comms do
+      @gateway.purchase(50, credit_card(nil, brand: 'master'), options)
+    end.check_request do |_endpoint, data, _headers|
+      assert_match %{<UCAFInd>5</UCAFInd>}, data
+    end.respond_with(successful_purchase_response)
+  end
+
   def test_failed_refund_with_echeck
     @gateway.expects(:ssl_post).returns(failed_refund_with_echeck_response)