Extnded low-profile (iframe) formatting to card token creation.

README.md

@@ -64,7 +64,6 @@ repository.
 * authorize() - with completeAuthorize for 3D Secure and PayPal redirect
 * purchase() - with completeAuthorize for 3D Secure and PayPal redirect
 * createCard() - explicit "standalone" creation of a cardReference or token
-* deleteCard() - remove a card cardReference from the accout
 
 ### Direct createCard()
 
@@ -122,7 +121,6 @@ if ($response->isSuccessful()) {
 * purchase()
 * acceptNotification() - Notification Handler for authorize, purchase and explicit cardReference registration
 * createCard() - explicit "standalone" creation of a cardReference or token
-* deleteCard() - remove a card cardReference from the accout
 
 ### Server createCard()
 
@@ -147,6 +145,7 @@ $request = $gateway->createCard([
     'currency' => 'GBP',
     'notifyUrl' => {notify callback URL},
     'transactionId' => $transactionId,
+    'iframe' => true, // TRUE if the offsite form is to go into an iframe
 ]);
 
 $response = $request->send();
@@ -174,6 +173,10 @@ The notification handler needs to store the `cardReference` or `token` reference
 the `transactionId` then acknowledge the acceptance and provide a final URL the user
 is taken to.
 
+If using an iframe for the hosted credit card form, then on return to the final
+redirect URL (provided by the notification handler) it is your site's responsibility
+to break out of the iframe.
+
 ## Sage Pay Shared Methods (for both Direct and Server):
 
 * capture()
@@ -182,6 +185,37 @@ is taken to.
 * repeatAuthorize() - new authorization based on past transaction
 * repeatPurchase() - new purchase based on past transaction
 * void() - void a purchase
+* deleteCard() - remove a cardReference or token from the accout
+
+### Direct/Server deleteCard()
+
+This is one of the simpler messages:
+
+```php
+use Omnipay\Omnipay;
+use Omnipay\CreditCard;
+
+$gateway = OmniPay::create('SagePay\Direct');
+// or
+$gateway = OmniPay::create('SagePay\Server');
+
+$gateway->setVendor('your-vendor-code');
+$gateway->setTestMode(true); // For test account
+
+// Send the request.
+$request = $gateway->deleteCard([
+    'cardReference' => $cardReference,
+]);
+
+$response = $request->send();
+
+// There will be no need for any redirect (e.g. 3D Secure), since no
+// authorisation is being done.
+if ($response->isSuccessful()) {
+    $message = $response->getMessage();
+    // "2017 : Token removed successfully."
+}
+```
 
 # Token Billing
 

src/Message/AbstractRequest.php

@@ -9,17 +9,31 @@
  */
 abstract class AbstractRequest extends \Omnipay\Common\Message\AbstractRequest
 {
-    const APPLY_3DSECURE_APPLY = 0;
-    const APPLY_3DSECURE_FORCE = 1;
-    const APPLY_3DSECURE_NONE = 2;
-    const APPLY_3DSECURE_AUTH = 3;
+    const APPLY_3DSECURE_APPLY  = 0;
+    const APPLY_3DSECURE_FORCE  = 1;
+    const APPLY_3DSECURE_NONE   = 2;
+    const APPLY_3DSECURE_AUTH   = 3;
 
+    /**
+     * Flag whether to store a cardReference or token for multiple use.
+     */
     const STORE_TOKEN_YES   = 1;
     const STORE_TOKEN_NO    = 0;
 
+    /**
+     * Profile for Sage Pay Server hosted forms.
+     * - NORMAL for full page forms.
+     * - LOW for use in iframes.
+     */
+    const PROFILE_NORMAL    = 'NORMAL';
+    const PROFILE_LOW       = 'LOW';
+
     protected $liveEndpoint = 'https://live.sagepay.com/gateway/service';
     protected $testEndpoint = 'https://test.sagepay.com/gateway/service';
 
+    /**
+     * The vendor name identified the account.
+     */
     public function getVendor()
     {
         return $this->getParameter('vendor');
@@ -30,6 +44,38 @@ public function setVendor($value)
         return $this->setParameter('vendor', $value);
     }
 
+    /**
+     * Indicates whether a NORMAL or LOW profile page is to be used
+     * for hosted forms.
+     * @return string|null
+     */
+    public function getProfile()
+    {
+        return $this->getParameter('profile');
+    }
+
+    /**
+     * @param string $value Values: PROFILE_NORMAL or PROFILE_LOW
+     * @return $this
+     */
+    public function setProfile($value)
+    {
+        return $this->setParameter('profile', $value);
+    }
+
+    /**
+     * Convenience method to switch iframe mode on or off.
+     *
+     * @param bool $value True to use an iframe profile for hosted forms.
+     * @return $this
+     */
+    public function setIframe($value)
+    {
+        $profile = ((bool)$value ? static::PROFILE_LOW : static::PROFILE_NORMAL);
+
+        return $this->setParameter('profile', $profile);
+    }
+
     public function getVendorData()
     {
         return $this->getParameter('vendorData');

src/Message/ServerAuthorizeRequest.php

@@ -7,28 +7,25 @@
  */
 class ServerAuthorizeRequest extends DirectAuthorizeRequest
 {
-    public function getProfile()
-    {
-        return $this->getParameter('profile');
-    }
-
-    public function setProfile($value)
-    {
-        return $this->setParameter('profile', $value);
-    }
-
     /**
      * The returnUrl is supported for legacy applications.
      */
     public function getData()
     {
-        if (!$this->getReturnUrl()) {
+        if (! $this->getReturnUrl()) {
             $this->validate('notifyUrl');
         }
 
         $data = $this->getBaseAuthorizeData();
+
+        // ReturnUrl is for legacy usage.
         $data['NotificationURL'] = $this->getNotifyUrl() ?: $this->getReturnUrl();
-        $data['Profile'] = $this->getProfile();
+
+        $profile = strtoupper($this->getProfile());
+
+        if ($profile === static::PROFILE_NORMAL || $profile === static::PROFILE_LOW) {
+            $data['Profile'] = $this->getProfile();
+        }
 
         return $data;
     }

src/Message/ServerTokenRegistrationRequest.php

@@ -17,6 +17,12 @@ public function getData()
         $data['NotificationURL'] = $this->getNotifyUrl() ?: $this->getReturnUrl();
         $data['VendorTxCode'] = $this->getTransactionId();
 
+        $profile = $this->getProfile();
+
+        if ($profile === static::PROFILE_NORMAL || $profile === static::PROFILE_LOW) {
+            $data['Profile'] = $this->getProfile();
+        }
+
         unset($data['AccountType']);
 
         return $data;