CRM-21311 fix handling of credit cards where Amex has been given a different label #12615
Conversation
…ion and thank you pages. The Confirm and Thank you pages were not showing the correct label - they were showing the name which we don't expect people to customise
|
(Standard links)
|
| @@ -610,6 +610,13 @@ public function assignToTemplate() { | |||
| CRM_Utils_System::mungeCreditCard(CRM_Utils_Array::value('credit_card_number', $this->_params)) | |||
| ); | |||
| } | |||
| elseif ($paymentField === 'credit_card_type') { | |||
There was a problem hiding this comment.
This relates to the confirm & thank you page tpl fix
| @@ -279,27 +279,6 @@ public static function validatePaymentInstrument($payment_processor_id, $values, | |||
| $payment->validatePaymentInstrument($values, $errors); | |||
| } | |||
|
|
|||
| /** | |||
There was a problem hiding this comment.
begone foul function
There was a problem hiding this comment.
Fixed colemanw/webform_civicrm#178 in webform civi which uses this function. There might be more of such extension/modules? Should we be worried?
| } | ||
| $creditCardTypes = []; | ||
| foreach ($creditCards as $name => $label) { | ||
| $creditCardTypes[$name] = [ |
There was a problem hiding this comment.
This is the magic - assign the right variables in the first place...
| @@ -247,8 +247,8 @@ | |||
| {/if} | |||
| {else} | |||
| <div class="crm-section no-label credit_card_details-section"> | |||
| <div class="content">{$credit_card_type}</div> | |||
| <div class="content">{$credit_card_number}</div> | |||
| <div class="content">{$credit_card_type|escape}</div> | |||
There was a problem hiding this comment.
just good practice - no reason to think this is insecure
templates/CRM/Core/BillingBlock.js
Outdated
| @@ -10,13 +10,13 @@ | |||
| function civicrm_billingblock_creditcard_helper() { | |||
| $(function() { | |||
| $.each(CRM.config.creditCardTypes, function(key, val) { | |||
| var html = '<a href="#" title="' + val + '" class="crm-credit_card_type-icon-' + key + '"><span>' + val + '</span></a>'; | |||
| var html = '<a href="#" data-card_type=" + key + " title="' + val + '" class="crm-credit_card_type-icon-' + val['css_key'] + '"><span>' + val['label'] + '</span></a>'; | |||
There was a problem hiding this comment.
actually we don't need the data attribute in the end but TBH it would be better next round to use it more & the calculated css class less
| @@ -62,38 +62,4 @@ public function testGetCreditCards() { | |||
| $this->assertEquals($cards, $expectedCards, 'Verify correct credit card types are returned'); | |||
| } | |||
|
|
|||
| public function testCreditCardCSSName() { | |||
There was a problem hiding this comment.
function no longer exists to test - it needed to be protected with a test before because it was so obvious a target :-)
There was a problem hiding this comment.
@eileenmcnaughton i think we should still replace it with some kind of a test because part of this test wasn't just testing the CSS Names but verifying that when a payment processor only accepted specific card types that only those were sent to the form
There was a problem hiding this comment.
Hmm I guess we could extract
so we have this test
/**
* Check method create()
*/
public function testGetCreditCards() {
$params = array(
'name' => 'API_Test_PP_Type',
'title' => 'API Test Payment Processor Type',
'class_name' => 'CRM_Core_Payment_APITest',
'billing_mode' => 'form',
'payment_processor_type_id' => 1,
'is_recur' => 0,
'domain_id' => 1,
'accepted_credit_cards' => json_encode(array(
'Visa' => 'Visa',
'Mastercard' => 'Mastercard',
'Amex' => 'Amex',
)),
);
$paymentProcessor = CRM_Financial_BAO_PaymentProcessor::create($params);
$expectedCards = array(
'Visa' => 'Visa',
'Mastercard' => 'Mastercard',
'Amex' => 'Amex',
);
$cards = CRM_Financial_BAO_PaymentProcessor::getCreditCards($paymentProcessor->id);
$this->assertEquals($cards, $expectedCards, 'Verify correct credit card types are returned');
}
…mised. We have been following a strange pattern where we take the label of a credit card field and munge it into a css compatible string and then expect that to be a match with an array based on lcasing the name field for the credit card. This means that if label !== name the house of cards falls. This is particularly a problem for Amex which needs to be set correctly for the 4 digit cvv not to trigger a validation fail. Notably Amex is probably also the most likely for people to want to rename it since Amex is an abbreviation. This PR backs out of all of that and assigns an array of data to js - including the pattern itself and then updates the js script to refer to the right variable name for each purpose and to stop munging
|
test this please |
|
I can't interpret the test result :-( |
|
test this please |
|
@eileenmcnaughton thanks for addressing this issue. Just curious, was it not possible to just update and change the existing PR #11137 ? |
|
@jusfreeman no -that is under @agilewarealok repo - also - since I changed approach it needs to be possible to re-open a PR from Alok's repo if he considers me to be wrong |
|
@eileenmcnaughton I think you mean the agileware repo, as the PR came from agileware:4.7-CRM-21311 |
|
@jusfreeman I stand corrected |
|
Hi @jusfreeman @eileenmcnaughton where are we going with this? |
|
@seamuslee001 I'm hoping someone will review it - I feel confident it is a good fix which is why I haven't closed it |
|
@Monish pls try to get to this later in the week. |
|
Thanks everyone. Silly question: |
|
@jusfreeman js validation is recommended practice because they get a quick response instead of waiting for the payment to be submitted & half-processed & then getting rejected |
|
CiviCRM also allows card types to be disabled, which could be used to avoid the higher fees of Amex vs Visa/MC. So Civi could purposefully prevent a valid Amex card from being submitted. |
Hi Joe, agree about AMEX and the merchant fees. It's interesting that AMEX is opt-in for EWAY, but enabled by default for PayPal and Stripe. |
|
@Edzelopez please aim to review this |
|
@Edzelopez were you going to take a look at this? |
|
Two comments:
@Edzelopez will try to test on Friday. |
|
Note that this patch is required to fix a regression caused when @seamuslee001 added the ability to support only some card types. I was happy to take on fixing the bug but I'm not wanting to re-work the unit test for the functionality mentioned - perhaps @seamuslee001 can revisit that once this is merged |
|
I tested this with different card types on front and back end contribution/membership/event forms. I wasn't able to notice any problems related to it. The main issue is fixed and the validation is done properly now. @eileenmcnaughton |
|
Thanks @jitendrapurohit - merging |
|
@jitendrapurohit I didn't find any other instances googling CRM_Core_Payment_Form::getCreditCardCSSNames - Tim does have a tool 'universe' https://docs.civicrm.org/dev/en/latest/tools/universe/ but "The universe is fairly big. (At time of writing, ~2 GB.) A fast network will help with downloading, and a fast storage will help with searching." Note that it's not actually supported for extensions to call this function per se - but it's also good to check if we can find any |
|
Hmm, I just did a quick grep on one of our dev servers having most of the important extension/modules and don't see this function being used except in civi or webform civicrm. |
Overview
Proposed replacement for #11137
Credit card type is unset on submission causing credit card payment to fail with CVV validation error message. Regression bug introduced in PR #10774
Before
In CiviCRM, change default credit card name for "Amex" to "American Express".
Submit a test credit card transaction using an American Express test credit card number, 378282246310005
Contribution will fail with CVV validation error message.
Existing code does not set the credit card type on submission, causing the CVV not to be validated correctly. American Express uses 4 digit CVV.
After
Credit card type is set correctly, CVV is validated and submission succeeds.
In addition correct label displayed on Confirm and Thank you screens
Technical Details
Don't forget when testing to make sure you don't have cached js!
Comments
@jusfreeman @agilewarealok all this time I haven't been able to bring myself to merge #11137 or to close it as abandoned so tonight I took another look to see if I could address what was really bothering me. The issue with #11137 as I see it is we are still munging strings - https://github.com/civicrm/civicrm-core/pull/11137/files#diff-31a6607a9f03e2336c412d8fad30d711R72 so I went back to look at the approach and concluded that by assigning an array of 'all the things we need' in the first place we could simplify the js & make the insanity stop