From 110080cd4a2c199b02b5bcab4cb7a1029cb8dee7 Mon Sep 17 00:00:00 2001
From: Jason Judge <jason.judge@consil.co.uk>
Date: Sun, 14 Oct 2018 11:39:01 +0100
Subject: [PATCH 1/3] Issue #112 Additional docs on how Sage Pay Form works.

---
 README.md                             | 8 +++++++-
 src/Message/Form/AuthorizeRequest.php | 9 +--------
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 6591458..f850e44 100644
--- a/README.md
+++ b/README.md
@@ -594,6 +594,12 @@ since the result will be safely saved in the database.
 
 Sage Pay Form requires neither a server-to-server back-channel nor
 IP-based security.
+It does not require pre-registration of a transaction, so is ideal for
+a speculative "pay now" button on a page for instant purchases of a
+product or service.
+Unlike `Direct` and `Server`, it does not support saved card references
+or tokens.
+
 The payment details are encrypted on the server before being sent to
 the gateway from the user's browser.
 The result is returned to the merchant site also through a client-side
@@ -622,7 +628,7 @@ $gateway = OmniPay::create('SagePay\Form')->initialize([
 
 The `encryptionKey` is generated in "My Sage Pay" when logged in as the administrator.
 
-Note that this gateway will assume all inout data (names, addresses etc.)
+Note that this gateway will assume all input data (names, addresses etc.)
 are UTF-8 encoded.
 It will then recode the data to ISO8859-1 before encrypting it for the gateway,
 as the gateway strictly accepts ISO8859-1 only, regardless of what encoding is
diff --git a/src/Message/Form/AuthorizeRequest.php b/src/Message/Form/AuthorizeRequest.php
index d1f599b..127fd53 100644
--- a/src/Message/Form/AuthorizeRequest.php
+++ b/src/Message/Form/AuthorizeRequest.php
@@ -93,13 +93,6 @@ public function getCryptData()
     {
         $data = $this->getBaseAuthorizeData();
 
-        // CHECKME: are tokens supported?
-
-        if ($this->getToken() || $this->getCardReference()) {
-            // If using a token, then set that data.
-            $data = $this->getTokenData($data);
-        }
-
         // Some [optional] parameters specific to Sage Pay Form..
 
         if ($this->getCustomerName() !== null) {
@@ -144,7 +137,7 @@ public function getCryptData()
         $data = array_intersect_key($data, $this->validFields);
 
         // Throw exception if any mandatory fields are missing.
-        // We need to catch it here before sending the user to an
+        // We need to catch it here before sending the user to a
         // generic (and useless) error on the gateway site.
 
         foreach ($this->validFields as $fieldName => $mandatoryFlag) {

From 957f9f79ab1e3d32df082e626a45fd45db9364e7 Mon Sep 17 00:00:00 2001
From: Jason Judge <jason.judge@consil.co.uk>
Date: Mon, 15 Oct 2018 10:15:27 +0100
Subject: [PATCH 2/3] Minor README formatting.

---
 README.md | 46 +++++++++++++++++++++++-----------------------
 1 file changed, 23 insertions(+), 23 deletions(-)

diff --git a/README.md b/README.md
index f850e44..c338bca 100644
--- a/README.md
+++ b/README.md
@@ -88,9 +88,9 @@ if using this API.
 
 The Direct gateway methods for handling cards are:
 
-* authorize() - with completeAuthorize for 3D Secure and PayPal redirect
-* purchase() - with completePurchase for 3D Secure and PayPal redirect
-* createCard() - explicit "standalone" creation of a cardReference or token
+* `authorize()` - with completeAuthorize for 3D Secure and PayPal redirect
+* `purchase()` - with completePurchase for 3D Secure and PayPal redirect
+* `createCard()` - explicit "standalone" creation of a cardReference or token
 
 *Note: PayPal is not yet implemented in this driver.*
 
@@ -129,7 +129,7 @@ $requestMessage = $gateway->purchase([
     'currency' => 'GBP',
     'card' => $card,
     'transactionId' => $transactionId,
-    'description' => 'Pizzas for everyone',
+    'description' => 'Pizzas for everyone at PHPNE',
 
     // If 3D Secure is enabled, then provide a return URL for
     // when the user comes back from 3D Secure authentication.
@@ -158,12 +158,12 @@ if ($responseMessage->isRedirect()) {
 }
 ```
 
-That redirect method is intended just for testing.
-Create your own instead, within the rules of your framework, using:
+That `redirect()` method is intended just for demonstration or testing.
+Create your own instead, within your framework, using these helpers:
 
-* $responseMessage->getRedirectUrl()
-* $responseMessage->getRedirectMethod()
-* $responseMessage->getRedirectData()
+* `$responseMessage->getRedirectUrl()`
+* `$responseMessage->getRedirectMethod()`
+* `$responseMessage->getRedirectData()`
 
 #### Redirect Return
 
@@ -248,10 +248,11 @@ Sage Pay Server uses your IP address to authenticate backend access to the
 gateway, and it also needs to a public URL that it can send back-channel
 notifications to. This makes development on a localhost server difficult.
 
-* authorize()
-* purchase()
-* createCard() - explicit "standalone" creation of a cardReference or token
-* acceptNotification() - Notification Handler for authorize, purchase and explicit cardReference registration
+* `authorize()`
+* `purchase()`
+* `createCard()` - explicit "standalone" creation of a cardReference or token
+* `acceptNotification()` - Notification Handler for authorize, purchase and
+   explicit cardReference registration
 
 ### Server Gateway
 
@@ -610,8 +611,8 @@ in the "My Sage Pay" administration panel.
 
 Supported functions are:
 
-* authorize()
-* purchase()
+* `authorize()`
+* `purchase()`
 
 ### Form Authorize
 
@@ -686,13 +687,13 @@ Note: these functions do not work for the `Form` API.
 These actions for `Sage Pay Form` must be performed manually through the "My Sage Pay"
 admin panel.
 
-* capture()
-* refund()
-* void() - void a purchase
-* abort() - abort an authorization before it is captured
-* repeatAuthorize() - new authorization based on past transaction
-* repeatPurchase() - new purchase based on past transaction
-* deleteCard() - remove a cardReference or token from the accout
+* `capture()`
+* `refund()`
+* `void()` - void a purchase
+* `abort()` - abort an authorization before it is captured
+* `repeatAuthorize()` - new authorization based on past transaction
+* `repeatPurchase()` - new purchase based on past transaction
+* `deleteCard()` - remove a cardReference or token from the accout
 
 ### Repeat Authorize/Purchase
 
@@ -892,7 +893,6 @@ but is also the only format currently supported by some of the Sage accounting p
 For applications that require this type of integration, an optional parameter `useOldBasketFormat`
 with a value of `true` can be passed in the driver's `initialize()` method.
 
-
 ## Sage 50 Accounts Software Integration
 
 The Basket format can be used for Sage 50 Accounts Software Integration:

From 0aa8bf9aa1c95b06c8fa212fb798eb5f1d9a5cbc Mon Sep 17 00:00:00 2001
From: Jason Judge <jason.judge@consil.co.uk>
Date: Sat, 20 Oct 2018 14:40:07 +0100
Subject: [PATCH 3/3] Additions to README (re Form).

---
 README.md | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index c338bca..4e28bb7 100644
--- a/README.md
+++ b/README.md
@@ -650,12 +650,12 @@ $response = $gateway->authorize([
 ]);
 ```
 
-The `$response` will be a `POST` redirect, which will take use to the gateway.
+The `$response` will be a `POST` redirect, which will take the user to the gateway.
 At the gateway, the user will authenticate or authorise their credit card,
 perform any 3D Secure actions that may be requested, then will return to the
 merchant site.
 
-To get the result details, the transaction is "completed":
+To get the result details, the transaction is "completed" on return:
 
 ```php
 // The result will be read and decrypted from the return URL (or failure URL)
@@ -668,13 +668,18 @@ $result->getTransactionReference();
 // etc.
 ```
 
-If you already have the encrypted response string, then it can be optionally
-passed in:
+If you already have the encrypted response string, then it can be passed in.
+However, you would normally leave it for the driver to read it for you from
+the current server request:
 
+    $crypt = $_GET['crypt']; // or supplied by your framework
     $result = $gateway->completeAuthorize(['crypt' => $crypt])->send();
 
-This should normally not be necessary, but is handy for testing or if the
-current page query parameters are not available in a particular architecture.
+This is handy for testing or if the current page query parameters are not
+available in a particular architecture.
+
+Like `Server` and `Direct`, you can use either the `DEFERRED` or the `AUTHENTICATE`
+method to reserve the amount.
 
 ### Form Purchase