[SagePay]Implemented authorize function for sagepay

[Anwar0902]

In this we generated merchant_session_key and card_identifier to
complete the authorization with all details provided in 'opts' option

[oyeb]

CamelCase module, also their brand is written in that case too: SagePay.

[oyeb]

This was an instruction, read once then remove. We cannot merge it in this state can we?

[oyeb]

This function does a lot more than just build card details. Would be better to split it into at least card_details and other_details.

[oyeb]

The currency is not passed via opts! amount is of type Money.t (a struct, defined in the Money library), and it contains the currency.
Read #62 for more info.

[oyeb]

This should have been fetched from an Address struct, not a simple map.

[oyeb]

1. This function does not return a Response struct, though @spec of authorize suggests that it would return a Response tuple.
2. Please use one of the respond clauses from below.

[oyeb]

This binding serves no purpose.

[oyeb]

IMO genereate_merchant_key is a better name here.

[oyeb]

Good work on the docs! ❤️

[oyeb]

What is "rendered" in the authorize request if I wish to make a payment for $3.14, "314" or "3.14"?

[oyeb]

Supported currencies

Could you also add a link to the docs from where you found this info?

[oyeb]

❤️ 💛 💜 Thanks for making a .iex.exs! There are many ways of sharing it with others, and I highly recommend making a gist instead of a file in a repo.

[oyeb]

1. Who will expire? the session key or the transaction ID?
2. It'll be great if you add a link to SagePay docs for this!

[oyeb]

You perhaps want to use Money.to_integer/1. It'll be easier to figure this out if you look at activemerchant implementation of SagePay.

[oyeb]

Please move this very important comment into the @doc.

[RajeetKaushal]

monei??

[oyeb]

1. Please remove implementation of capture/3
2. Make lot of use of backticks in docs, especially for argument names, keys of a keyword list, atoms.

[oyeb]

The backticks were rightly placed. Why did you remove them?

[oyeb]

1. What's a deferred transaction?

2. You can release...
   what's a release?

[oyeb]

100 pounds or 100 £, units are important (this is not 100 pennies, for example).

[oyeb]

Typo: vendor_name

[oyeb]

Since there is only 1 call site for this function, we can move the logic there.

[Anwar0902]

Since the logic of commit_for_key is totally different from the commit. So, I think we can't move.

[oyeb]

My bad! I didn't realise that commit_for_key is called from 2 functions. However, format_response can be moved inside commit_for_key.

[oyeb]

1. Please follow the elixir style for these atoms (snake_case).
2. Why are these surrounded by []?
3. If there's only going to be billingAddress (and no other addresses), then let's call it address instead.

[oyeb]

You were forced to do this just because you didn't use a different var name on L426 😝

[oyeb]

Please go through your docs and add backticks wherever applicable:

1. argument name
2. atom, especially when it is a key in opts

[oyeb]

Use bacticks pls, you've missed them in some more places

[oyeb]

Move the logic in format_response here, as it is called only from here.

[oyeb]

Though you've updated the moduledoc with snake_case atoms, you haven't updated the code, this should have been opts[:vendor_tx_code]

[oyeb]

This block is not required, the application config is fetched by Gringotts which is not used here.

[oyeb]

Your docs should say that a billing_address, if provided, should be an Address struct.

[oyeb]

Please make sure your branch is up-to-date with dev:
Use git rebase:

1. git checkout dev
2. git pull
3. git checkout sagepay
4. git rebase -i dev
   If git rebase turns up a lot of conflicts, we will allow a shortcut just this one time, instead of last step (above) do:
   git merge dev

After doing this, please remove all compile time warnings in both dev and test env by:

1. dev environment:

• mix clean gringotts
• mix compile, and look for warnings from sagepay

2. test environment:

• MIX_ENV=test mix clean gringotts
• MIX_ENV=test mix compile

Also run credo and fix all sagepay related warnings:
mix credo --strict OR mix credo --strict --format=oneline | grep sagepay

[oyeb]

address = %Address{street1: ...}

[oyeb]

use_cassette "sagepay/*" do

[codecov-io]

Codecov Report

Merging #131 into dev will decrease coverage by 6.6%.
The diff coverage is 2.77%.

@@            Coverage Diff             @@
##              dev     #131      +/-   ##
==========================================
- Coverage   77.33%   70.73%   -6.61%     
==========================================
  Files          14       15       +1     
  Lines         375      410      +35     
==========================================
  Hits          290      290              
- Misses         85      120      +35

Impacted Files	Coverage Δ
lib/gringotts/response.ex	100% <ø> (ø)	⬆️
lib/gringotts/gateways/paymill.ex	100% <ø> (ø)	⬆️
lib/gringotts/gateways/sagepay.ex	0% <0%> (ø)
lib/gringotts/gateways/monei.ex	97.95% <100%> (ø)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7e7a5d3...253847a. Read the comment docs.

[oyeb]

Please take a look at #150 and make the necessary correction.

[oyeb]

Please remove the :config key from the example, this will be automatically added by Gringotts.get_and_validate_config/1

[oyeb]

Please remove the colons.

[oyeb]

typo: card_identifier

[oyeb]

This error message is never propagated to the Response. If the session key/card identifier cannot be generated, a call to authorize should fail "fast" (we should not attempt to do any further computation).

[oyeb]

The caller should be able to pass in a merchant key in opts, and in such a case we should simply use it.

[Anwar0902]

This is not possible because its mandatory to create merchant key every time.

[oyeb]

Typically, a capture follows immediately after a successful authorization - hence the capture can use the same key (as the key is invalidated only after 400 seconds).
We can get to this when we implement capture.

[oyeb]

This can be shortened to first_name and last_name resp.

[oyeb]

The moduledoc was updated to simply address (L38), but not in code.

[oyeb]

typo: postalCode is not defined in Address.t

[oyeb]

Please move this to a GitHub gist.

[oyeb]

This is the response I received:

iex(14)> Poison.decode! auth_result.raw
%{
  "3DSecure" => %{"status" => "CardNotEnrolled"},
  "amount" => %{"saleAmount" => 42, "surchargeAmount" => 0, "totalAmount" => 42},
  "avsCvcCheck" => %{
    "address" => "NotProvided",
    "postalCode" => "NotProvided",
    "securityCode" => "NotProvided",
    "status" => "NotChecked"
  },
  "bankAuthorisationCode" => "999777",
  "bankResponseCode" => "00",
  "currency" => "GBP",
  "paymentMethod" => %{
    "card" => %{
      "cardIdentifier" => "3248A1A6-5A44-470B-BC92-83536C486971",
      "cardType" => "Visa",
      "expiryDate" => "0320",
      "lastFourDigits" => "5559",
      "reusable" => false
    }
  },
  "retrievalReference" => 17717235,
  "status" => "Ok",
  "statusCode" => "0000",
  "statusDetail" => "The Authorisation was Successful.",
  "transactionId" => "EF99769B-EFE0-68EA-17B8-F38F6476B511",
  "transactionType" => "Deferred"
}

1. The example supplies the (billing) address to SagePay but the avsCvcCheck indicates otherwise. Please get this to work. Even if SagePay does not do the AVS check, you should format this into Response.fraud_review field.
2. The paymentMethod indicates that this card is NOT reusable. Surely there must be some way to generate a reusable card_identifier?
3. Please make use of Response.token field to return the card_identifier to the caller.

[Anwar0902]

For point 3:-for the transaction a unique merchant key pair with a unique card identifier.We can't use the card identifier for future transaction.So there is no need to store it.

[KillerBeer]

curl https://pi-test.sagepay.com/api/v1/transactions \
-H "Authorization: Basic aEpZeHN3N0hMYmo0MGNCOHVkRVM4Q0RSRkxodUo4RzU0TzZyRHBVWHZFNmhZRHJyaWE6bzJpSFNyRnliWU1acG1XT1FNdWhzWFA1MlY0ZkJ0cHVTRHNocktEU1dzQlkxT2lONmh3ZDlLYjEyejRqNVVzNXU="  \
-H "Content-type: application/json" \
-X POST \
-d '{
    "transactionType": "Payment",
    "paymentMethod": {
        "card": {
            "merchantSessionKey": "<merchant-session-key>",
            "cardIdentifier": "<card-identifier>",
            "save": false
        }
    },
    "vendorTxCode": "demotransaction-<unique-suffix>",
    "amount": 10000,
    "currency": "GBP",
    "description": "Demo Payment",
    "apply3DSecure": "UseMSPSetting",
    "customerFirstName": "Sam",
    "customerLastName": "Jones",
    "billingAddress": {
        "address1": "407 St. John Street",
        "city": "London",
        "postalCode": "EC1V 4AB",
        "country": "GB"
    },
    "entryMethod": "Ecommerce"
}'

When we used this on postman after creating merchant key and card identifier the response was

{
    "statusCode": "2007",
    "statusDetail": "Please redirect your customer to the ACSURL to complete the 3DS Transaction",
    "transactionId": "D6146D7B-033E-9E2A-C52C-87A7D3E107EA",
    "acsUrl": "https://test.sagepay.com/mpitools/accesscontroler?action=pareq",
    "paReq": "eJxVUsluwjAQvfcrIj4gXrJA0WAE5dAIaKOCVKk3y7FKVLJgJ03o19fOUoovnvc8ejPzxrBss7PzLZVOi3wxIS6eLNkDHE9Kys1BilpJBnupNf+UTposJhSTgPrBo4+9aUiIF4Q+mTCIV2/ywmAQYkbHJYBGaBSUOPG8YsDFZR29MN8PvTAANEDIpIo2jBLcn/4G1NOQ80yyg2kh5teNzIqVEEWdV4C6B+iAurIZDQGNAGp1Zk3TuLb1kl9dUbj1FyBLA7o1FNc20kamTRN2rFpSbn8+NEqa3fakd++4vkTJ61o3C0A2AxJeSWZsmGGf+g55nFM896aAOh54Zusz0vc/IChtkdXd038KjM9K5mIcYUQg27LIpcmggP5iSKQWnR2O8cPZx5EpbilAt2Genq3XojL2EWtzF1m91HhDMfY6QQsA2Vw0bBANyzbR3Sf4BaPUtJU=",
    "status": "3DAuth"
}

so this asked to go to 3D secure site and to avs-check than asked not to do 3D secure procedure so we left that part .

in transaction body we have not used "apply3DSecure": "UseMSPSetting" we have done that for without 3D secure

[oyeb]

Work is done. This is slated for v1.3.x
Thanks @Anwar0902 and @KillerBeer 🎉