Feature - Opayo card tokens (#1602)

actions-user · actions-user · commit bfa576e6a733 · 2024-03-05T09:59:17.000Z
diff --git a/README.md b/README.md
@@ -1,3 +1,169 @@
-# Lunar Opayo Payments
+<p align="center"><img src="https://github.com/lunarphp/lunar/assets/1488016/a21f1cfb-9259-4d21-9bb0-eca876957729" width="300" ></p>
 
-WIP
+
+
+<p align="center">This addon enables Opayo payments on your Lunar storefront.</p>
+
+## Alpha Release
+
+This addon is currently in Alpha, whilst every step is taken to ensure this is working as intended, it will not be considered out of Alpha until more tests have been added and proved.
+
+## Minimum Requirements
+
+- Lunar  `1.x`
+- An [Elavon](https://www.elavon.com/) merchant account
+
+## Installation
+
+### Require the composer package
+
+```sh
+composer require lunarphp/opayo
+```
+
+### Configure the service
+
+Add the opayo config to the `config/services.php` file.
+
+```php
+// ...
+'opayo' => [
+    'vendor' => env('OPAYO_VENDOR'),
+    'env' => env('OPAYO_ENV', 'test'),
+    'key' => env('OPAYO_KEY'),
+    'password' => env('OPAYO_PASSWORD'),
+    'host' => env('OPAYO_HOST'),
+],
+```
+
+
+### Enable the driver
+
+Set the driver in `config/lunar/payments.php`
+
+```php
+<?php
+
+return [
+    // ...
+    'types' => [
+        'card' => [
+            // ...
+            'driver' => 'opayo',
+        ],
+    ],
+];
+```
+
+
+
+## Configuration
+
+Below is a list of the available configuration options this package uses in `config/lunar/opayo.php`
+
+| Key | Default | Description |
+| --- | --- | --- |
+| `policy` | `automatic` | Determines the policy for taking payments and whether you wish to capture the payment manually later or take payment straight away. Available options `deferred` or `automatic` |
+
+---
+
+## Backend Usage
+
+### Get a merchant key
+
+```php
+Lunar\Opayo\Facades\Opayo::getMerchantKey();
+```
+
+### Authorize a charge
+
+```php
+$response = \Lunar\Facades\Payments::driver('opayo')->cart(
+    $cart = CartSession::current()->calculate()
+)->withData([
+    'merchant_key' => $request->get('merchantSessionKey'),
+    'card_identifier' => $request->get('cardToken'),
+    'browserLanguage' => $request->get('browserLanguage'),
+    'challengeWindowSize' => $request->get('challengeWindowSize'),
+    'browserIP' => $request->ip(),
+    'browserAcceptHeader' => $request->header('accept'),
+    'browserUserAgent' => $request->get('browserUserAgent'),
+    'browserJavaEnabled' => $request->get('browserJavaEnabled', false),
+    'browserColorDepth' => $request->get('browserColorDepth'),
+    'browserScreenHeight' => $request->get('browserScreenHeight'),
+    'browserScreenWidth' => $request->get('browserScreenWidth'),
+    'browserTZ' => $request->get('browserTZ'),
+    'status' => 'payment-received',
+])->authorize();
+```
+
+When authorizing a charge, you may be required to submit extra authentication in the form of 3DSV2, you can handle this in your payment endpoint.
+
+```php
+if (is_a($response, \Lunar\Opayo\Responses\ThreeDSecureResponse::class)) {
+  return response()->json([
+      'requires_auth' => true,
+      'data' => $response,
+  ]);
+}
+```
+
+`$response` will contain all the 3DSV2 information from Opayo.
+
+You can find more information about this using the following links:
+
+- [3-D Secure explained](https://www.elavon.co.uk/resource-center/help-with-your-solutions/opayo/fraud-prevention/3D-Secure.html)
+- [3D Secure Transactions](https://developer.elavon.com/products/opayo-direct/v1/3d-secure-transactions)
+- Stack overflow [SagePay 3D Secure V2 Flow](https://stackoverflow.com/questions/65329436/sagepay-3d-secure-v2-flow)
+
+Once you have handled the 3DSV2 response on your storefront, you can then authorize again.
+
+```php
+$response = Payments::driver('opayo')->cart(
+    $cart = CartSession::current()->calculate()
+)->withData([
+    'cres' => $request->get('cres'),
+    'pares' => $request->get('pares'),
+    'transaction_id' => $request->get('transaction_id'),
+])->threedsecure();
+
+if (! $response->success) {
+    abort(401);
+}
+
+```
+
+### Opayo card tokens
+
+When authenticated users make an order on your store, it can be good to offer the ability to save their card information for future use. Whilst we don't store the actual card details, we can use card tokens which represent the card the user has used before.
+
+> You must have saved payments enabled on your Opayo account because you can use these.
+
+To save a card, pass in the `saveCard` data key when authorizing a payment.
+
+```php
+$response = \Lunar\Facades\Payments::driver('opayo')->cart(
+    $cart = CartSession::current()->calculate()
+)->withData([
+    // ...
+    'saveCard' => true
+])->authorize();
+```
+
+Assuming everything went well, there will be a new entry in the `opayo_tokens` table, associated to the authenticated user. You can then display these card representations at checkout for the user to select. The `token` is what replaces the `card_identifier` data key.
+
+```php
+$response = \Lunar\Facades\Payments::driver('opayo')->cart(
+    $cart = CartSession::current()->calculate()
+)->withData([
+    // ...
+    'card_identifier' => $request->get('cardToken'),
+    'reusable' => true
+])->authorize();
+```
+
+Responses are then handled the same as any other transaction.
+
+## Contributing
+
+Contributions are welcome, if you are thinking of adding a feature, please submit an issue first so we can determine whether it should be included.
diff --git a/database/migrations/2024_02_22_100000_create_opayo_tokens_table.php b/database/migrations/2024_02_22_100000_create_opayo_tokens_table.php
@@ -0,0 +1,26 @@
+-<?php
+
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+use Lunar\Base\Migration;
+
+class CreateOpayoTokensTable extends Migration
+{
+    public function up()
+    {
+        Schema::create($this->prefix.'opayo_tokens', function (Blueprint $table) {
+            $table->userForeignKey();
+            $table->string('card_type')->index();
+            $table->string('last_four');
+            $table->string('token');
+            $table->string('auth_code')->nullable();
+            $table->timestamp('expires_at');
+            $table->timestamps();
+        });
+    }
+
+    public function down()
+    {
+        Schema::dropIfExists($this->prefix.'opayo_tokens');
+    }
+}
diff --git a/src/Components/PaymentForm.php b/src/Components/PaymentForm.php
@@ -140,7 +140,7 @@ public function process()
         ], $this->browser))->authorize();
 
         if ($result->success) {
-            if ($result->status == Opayo::THREE_D_AUTH) {
+            if ($result->status == Opayo::THREED_AUTH) {
                 $this->threeDSecure['acsUrl'] = $result->acsUrl;
                 $this->threeDSecure['acsTransId'] = $result->acsTransId;
                 $this->threeDSecure['dsTransId'] = $result->dsTransId;
diff --git a/src/Concerns/HasOpayoTokens.php b/src/Concerns/HasOpayoTokens.php
@@ -0,0 +1,14 @@
+<?php
+
+namespace Lunar\Opayo\Concerns;
+
+use Illuminate\Database\Eloquent\Relations\HasMany;
+use Lunar\Opayo\Models\OpayoToken;
+
+trait HasOpayoTokens
+{
+    public function opayoTokens(): HasMany
+    {
+        return $this->hasMany(OpayoToken::class);
+    }
+}
diff --git a/src/DataTransferObjects/AuthPayloadParameters.php b/src/DataTransferObjects/AuthPayloadParameters.php
@@ -0,0 +1,38 @@
+<?php
+
+namespace Lunar\Opayo\DataTransferObjects;
+
+class AuthPayloadParameters
+{
+    public function __construct(
+        public string $transactionType,
+        public string $merchantSessionKey,
+        public string $cardIdentifier,
+        public string $vendorTxCode,
+        public int $amount,
+        public string $currency,
+        public string $customerFirstName,
+        public string $customerLastName,
+        public string $billingAddressLineOne,
+        public string $billingAddressCity,
+        public string $billingAddressPostcode,
+        public string $billingAddressCountryIso,
+        public ?string $customerMobilePhone,
+        public string $notificationURL,
+        public ?string $browserLanguage,
+        public ?string $challengeWindowSize,
+        public ?string $browserIP,
+        public ?string $browserAcceptHeader,
+        public bool $browserJavascriptEnabled,
+        public ?string $browserUserAgent,
+        public bool $browserJavaEnabled,
+        public ?string $browserColorDepth,
+        public ?string $browserScreenHeight,
+        public ?string $browserScreenWidth,
+        public ?string $browserTZ,
+        public bool $saveCard = false,
+        public bool $reusable = false,
+        public ?string $authCode = null
+    ) {
+    }
+}
diff --git a/src/Facades/Opayo.php b/src/Facades/Opayo.php
@@ -3,8 +3,12 @@
 namespace Lunar\Opayo\Facades;
 
 use Illuminate\Support\Facades\Facade;
+use Lunar\Opayo\DataTransferObjects\AuthPayloadParameters;
 use Lunar\Opayo\OpayoInterface;
 
+/**
+ * @method static getAuthPayload(AuthPayloadParameters $parameters): array
+ */
 class Opayo extends Facade
 {
     /**
@@ -20,7 +24,7 @@ class Opayo extends Facade
     /**
      * Status when the payment requires Three D Secure authentication.
      */
-    const THREE_D_AUTH = 20;
+    const THREED_AUTH = 20;
 
     /**
      * Status for when Three D Secure fails.
diff --git a/src/Models/OpayoToken.php b/src/Models/OpayoToken.php
@@ -0,0 +1,31 @@
+<?php
+
+namespace Lunar\Opayo\Models;
+
+use Lunar\Base\BaseModel;
+
+/**
+ * @property int $id
+ * @property int $user_id;
+ * @property string $card_type
+ * @property string $last_four
+ * @property string $token
+ * @property ?string $auth_code
+ * @property \Illuminate\Support\Carbon $expires_at
+ * @property ?\Illuminate\Support\Carbon $created_at
+ * @property ?\Illuminate\Support\Carbon $updated_at
+ */
+class OpayoToken extends BaseModel
+{
+    /**
+     * Define which attributes should be
+     * protected from mass assignment.
+     *
+     * @var array
+     */
+    protected $guarded = [];
+
+    protected $casts = [
+        'expires_at' => 'datetime',
+    ];
+}
diff --git a/src/Opayo.php b/src/Opayo.php
@@ -3,6 +3,7 @@
 namespace Lunar\Opayo;
 
 use Illuminate\Support\Facades\Http;
+use Lunar\Opayo\DataTransferObjects\AuthPayloadParameters;
 
 class Opayo implements OpayoInterface
 {
@@ -75,6 +76,73 @@ public function getTransaction($id, $attempt = 1)
         return $response->object();
     }
 
+    public function getAuthPayload(AuthPayloadParameters $parameters): array
+    {
+        $payload = [
+            'transactionType' => $parameters->transactionType,
+            'paymentMethod' => [
+                'card' => [
+                    'merchantSessionKey' => $parameters->merchantSessionKey,
+                    'cardIdentifier' => $parameters->cardIdentifier,
+                ],
+            ],
+            'vendorTxCode' => $parameters->vendorTxCode,
+            'amount' => $parameters->amount,
+            'currency' => $parameters->currency,
+            'description' => 'Webstore Transaction',
+            'apply3DSecure' => 'UseMSPSetting',
+            'customerFirstName' => $parameters->customerFirstName,
+            'customerLastName' => $parameters->customerLastName,
+            'billingAddress' => [
+                'address1' => $parameters->billingAddressLineOne,
+                'city' => $parameters->billingAddressCity,
+                'postalCode' => $parameters->billingAddressPostcode,
+                'country' => $parameters->billingAddressCountryIso,
+            ],
+            'strongCustomerAuthentication' => [
+                'customerMobilePhone' => $parameters->customerMobilePhone,
+                'transType' => 'GoodsAndServicePurchase',
+                'browserLanguage' => $parameters->browserLanguage,
+                'challengeWindowSize' => $parameters->challengeWindowSize,
+                'browserIP' => $parameters->browserIP,
+                'notificationURL' => $parameters->notificationURL,
+                'browserAcceptHeader' => $parameters->browserAcceptHeader,
+                'browserJavascriptEnabled' => true,
+                'browserUserAgent' => $parameters->browserUserAgent,
+                'browserJavaEnabled' => $parameters->browserJavaEnabled,
+                'browserColorDepth' => $parameters->browserColorDepth,
+                'browserScreenHeight' => $parameters->browserScreenHeight,
+                'browserScreenWidth' => $parameters->browserScreenWidth,
+                'browserTZ' => $parameters->browserTZ,
+            ],
+            'entryMethod' => 'Ecommerce',
+        ];
+
+        if ($parameters->saveCard) {
+            $payload['credentialType'] = [
+                'cofUsage' => 'First',
+                'initiatedType' => 'CIT',
+                'mitType' => 'Unscheduled',
+            ];
+            $payload['paymentMethod']['card']['save'] = true;
+        }
+
+        if ($parameters->reusable) {
+            $payload['credentialType'] = [
+                'cofUsage' => 'Subsequent',
+                'initiatedType' => 'CIT',
+                'mitType' => 'Unscheduled',
+            ];
+            $payload['paymentMethod']['card']['reusable'] = true;
+        }
+
+        if ($parameters->authCode) {
+            $payload['strongCustomerAuthentication']['threeDSRequestorPriorAuthenticationInfo']['threeDSReqPriorRef'] = $parameters->authCode;
+        }
+
+        return $payload;
+    }
+
     /**
      * Get the service credentials.
      *
diff --git a/src/OpayoPaymentType.php b/src/OpayoPaymentType.php
diff --git a/src/OpayoServiceProvider.php b/src/OpayoServiceProvider.php
