Author: jleroux Date: Thu Mar 17 10:09:53 2016 New Revision: 1735385 URL: http://svn.apache.org/viewvc?rev=1735385&view=rev Log: Fixes "Credit card details cannot be updated" - https://issues.apache.org/jira/browse/OFBIZ-6920
It seems after OFBIZ-3956, credit card details can no longer be updated, for example, if one wishes to update the expiry date of a credit card results in following "The Following Errors Occurred: Card Number is erroneous". This issue can be replicated here - https://demo-trunk-ofbiz.apache.org/partymgr/control/editcreditcard?paymentMethodId=9015&partyId=DemoCustomer jleroux: The problem was because we are calling createCreditCard map proc from updateCreditCard service after calling updateCreditCard map proc. And when we update the data we don't see the real card number but something like "************1111" I simply copied the needed check from createCreditCard map proc into updateCreditCard map proc but not the isAnyCard call of course. Then it will work, but if the user changes also the card number. If she does it will need to be right, because it will not be checked! I can't see any other ways because we can't use a hidden field with the real card number in, it would be insecure. We could introduce a specific encryption/decryption but it seems a bit too much. Notably because the only reason of changing a card number while this card is still valid would be because the number have been wrongly entered. Then better to delete and create a new one, those data are a bit sensible... Modified: ofbiz/trunk/applications/accounting/script/org/ofbiz/accounting/payment/PaymentMapProcs.xml ofbiz/trunk/applications/accounting/script/org/ofbiz/accounting/payment/PaymentMethodEvents.xml Modified: ofbiz/trunk/applications/accounting/script/org/ofbiz/accounting/payment/PaymentMapProcs.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/accounting/script/org/ofbiz/accounting/payment/PaymentMapProcs.xml?rev=1735385&r1=1735384&r2=1735385&view=diff ============================================================================== --- ofbiz/trunk/applications/accounting/script/org/ofbiz/accounting/payment/PaymentMapProcs.xml (original) +++ ofbiz/trunk/applications/accounting/script/org/ofbiz/accounting/payment/PaymentMapProcs.xml Thu Mar 17 10:09:53 2016 @@ -54,12 +54,45 @@ under the License. <process field="expYear"><not-empty><fail-property resource="AccountingUiLabels" property="AccountingExpirationYearMissing"/></not-empty></process> <process field="expireDate"> <copy/> - <validate-method method="isDateAfterToday"><fail-property resource="AccountingUiLabels" property="AccountingExpirationDateIsBeforeToday"/></validate-method></process> + <validate-method method="isDateAfterToday"><fail-property resource="AccountingUiLabels" property="AccountingExpirationDateIsBeforeToday"/></validate-method> + </process> </simple-map-processor> + <simple-map-processor name="updateCreditCard"> + <make-in-string field="expireDate"> + <in-field field="expMonth"/> + <constant>/</constant> + <in-field field="expYear"/> + </make-in-string> <process field="paymentMethodId"><copy/><not-empty><fail-property resource="AccountingUiLabels" property="AccountingCreditCardPaymentMethodIdMissing"/></not-empty></process> + <process field="partyId"><copy/></process> + <process field="companyNameOnCard"><copy/></process> + <process field="titleOnCard"><copy/></process> + <process field="firstNameOnCard"><copy/><not-empty><fail-property resource="AccountingUiLabels" property="AccountingFirstNameOnCardMissing"/></not-empty></process> + <process field="middleNameOnCard"><copy/></process> + <process field="lastNameOnCard"><copy/><not-empty><fail-property resource="AccountingUiLabels" property="AccountingLastNameOnCardMissing"/></not-empty></process> + <process field="suffixOnCard"><copy/></process> + <process field="cardType"><copy/><not-empty><fail-property resource="AccountingUiLabels" property="AccountingCardTypeMissing"/></not-empty></process> + <process field="cardNumber"> + <copy/> + <not-empty> + <fail-property resource="AccountingUiLabels" property="AccountingCardNumberMissing"/> + </not-empty> + <!-- FIXME Commented out because of OFBIZ-6920, a better solution would be do encrypt the card number when showing screen and decrypt when validating data + Anyway the only reason of changing a card number while this card is still valid + is because the number have been wrongly entered. Then better to delete and create a new one --> + <!-- <validate-method method="isAnyCard" class="org.ofbiz.base.util.UtilValidate"> + <fail-property resource="AccountingUiLabels" property="AccountingCardNumberIncorrect"/> + </validate-method> --> + </process> + <process field="contactMechId"><copy/></process> <process field="description"><copy/></process> - <!-- also call createCreditCard after calling updateCreditCard --> + <process field="expMonth"><not-empty><fail-property resource="AccountingUiLabels" property="AccountingExpirationMonthMissing"/></not-empty></process> + <process field="expYear"><not-empty><fail-property resource="AccountingUiLabels" property="AccountingExpirationYearMissing"/></not-empty></process> + <process field="expireDate"> + <copy/> + <validate-method method="isDateAfterToday"><fail-property resource="AccountingUiLabels" property="AccountingExpirationDateIsBeforeToday"/></validate-method> + </process> </simple-map-processor> <!-- EftAccount map procs --> Modified: ofbiz/trunk/applications/accounting/script/org/ofbiz/accounting/payment/PaymentMethodEvents.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/accounting/script/org/ofbiz/accounting/payment/PaymentMethodEvents.xml?rev=1735385&r1=1735384&r2=1735385&view=diff ============================================================================== --- ofbiz/trunk/applications/accounting/script/org/ofbiz/accounting/payment/PaymentMethodEvents.xml (original) +++ ofbiz/trunk/applications/accounting/script/org/ofbiz/accounting/payment/PaymentMethodEvents.xml Thu Mar 17 10:09:53 2016 @@ -52,9 +52,10 @@ under the License. <call-map-processor xml-resource="component://accounting/script/org/ofbiz/accounting/payment/PaymentMapProcs.xml" processor-name="updateCreditCard" in-map-name="parameters" out-map-name="context"/> <!-- before check-errors also call createCreditCard, which completes the checking, etc for updateCreditCard --> - <call-map-processor xml-resource="component://accounting/script/org/ofbiz/accounting/payment/PaymentMapProcs.xml" + <!-- FIXME Commented out because of OFBIZ-6920, a better solution would be do encrypt the card number when showing screen and decrypt when validating data --> + <!-- <call-map-processor xml-resource="component://accounting/script/org/ofbiz/accounting/payment/PaymentMapProcs.xml" processor-name="createCreditCard" in-map-name="parameters" out-map-name="context"/> - <check-errors/> + <check-errors/> --> <call-service service-name="updateCreditCard" in-map-name="context"> <default-message resource="AccountingUiLabels" property="AccountingCreditCardUpdatedSuccessfully"/> <result-to-request result-name="paymentMethodId" request-name="paymentMethodId"/>
