19 digit visa and discover cards

[freeside.git] / FS / FS / cust_payby.pm

diff --git a/FS/FS/cust_payby.pm b/FS/FS/cust_payby.pm
index 83b951e..ab3c41c 100644 (file)
--- a/FS/FS/cust_payby.pm
+++ b/FS/FS/cust_payby.pm
@@ -7,6 +7,7 @@ use Digest::SHA qw( sha512_base64 );
 use Business::CreditCard qw( validate cardtype );
 use FS::UID qw( dbh );
 use FS::Msgcat qw( gettext );
+use FS::Misc qw( card_types );
 use FS::Record; #qw( qsearch qsearchs );
 use FS::payby;
 use FS::cust_main;
@@ -18,6 +19,7 @@ sub nohistory_fields { ('payinfo', 'paycvv'); }
 our $ignore_expired_card = 0;
 our $ignore_banned_card = 0;
 our $ignore_invalid_card = 0;
+our $ignore_cardtype = 0;
 
 our $conf;
 install_callback FS::UID sub { 
@@ -113,6 +115,9 @@ paytype
 
 payip
 
+=item paycardtype
+
+The credit card type (deduced from the card number).
 
 =back
 
@@ -154,7 +159,8 @@ sub insert {
   local $FS::UID::AutoCommit = 0;
   my $dbh = dbh;
 
-  my $error = $self->SUPER::insert;
+  my $error =  $self->check_payinfo_cardtype
+            || $self->SUPER::insert;
   if ( $error ) {
     $dbh->rollback if $oldAutoCommit;
     return $error;
@@ -193,10 +199,6 @@ sub replace {
               ? shift
               : $self->replace_old;
 
-  if ( length($old->paycvv) && $self->paycvv =~ /^\s*[\*x]*\s*$/ ) {
-    $self->paycvv($old->paycvv);
-  }
-
   if ( $self->payby =~ /^(CARD|DCRD)$/
        && (    $self->payinfo =~ /xx/
             || $self->payinfo =~ /^\s*N\/A\s+\(tokenized\)\s*$/
@@ -218,6 +220,17 @@ sub replace {
     $self->payinfo($new_account.'@'.$new_aba);
   }
 
+  # only unmask paycvv if payinfo stayed the same
+  if ( $self->payby =~ /^(CARD|DCRD)$/ and $self->paycvv =~ /^\s*[\*x]+\s*$/ ) {
+    if ( $old->payinfo eq $self->payinfo
+         && $old->paymask eq $self->paymask
+    ) {
+      $self->paycvv($old->paycvv);
+    } else {
+      $self->paycvv('');
+    }
+  }
+
   local($ignore_expired_card) = 1
     if $old->payby  =~ /^(CARD|DCRD)$/
     && $self->payby =~ /^(CARD|DCRD)$/
@@ -228,6 +241,22 @@ sub replace {
          || $old->payby  =~ /^(CHEK|DCHK)$/ && $self->payby =~ /^(CHEK|DCHK)$/ )
     && ( $old->payinfo eq $self->payinfo || $old->paymask eq $self->paymask );
 
+  if (    $self->payby =~ /^(CARD|DCRD)$/
+       && $old->payinfo ne $self->payinfo
+       && $old->paymask ne $self->paymask )
+  {
+    my $error = $self->check_payinfo_cardtype;
+    return $error if $error;
+
+    if ( $conf->exists('business-onlinepayment-verification') ) {
+      $error = $self->verify;
+    } else {
+      $error = $self->tokenize;
+    }
+    return $error if $error;
+
+  }
+
   local $SIG{HUP} = 'IGNORE';
   local $SIG{INT} = 'IGNORE';
   local $SIG{QUIT} = 'IGNORE';
@@ -247,7 +276,7 @@ sub replace {
 
   if ( $self->payby =~ /^(CARD|CHEK)$/
        && ( ( $self->get('payinfo') ne $old->get('payinfo')
-              && $self->get('payinfo') !~ /^99\d{14}$/ 
+              && !$self->tokenized 
             )
             || grep { $self->get($_) ne $old->get($_) } qw(paydate payname)
           )
@@ -308,21 +337,43 @@ sub check {
   # Need some kind of global flag to accept invalid cards, for testing
   # on scrubbed data.
   #XXX if ( !$import && $check_payinfo && $self->payby =~ /^(CARD|DCRD)$/ ) {
+
+  # In this block: detect card type; reject credit card / account numbers that
+  # are impossible or banned; reject other payment features (date, CVV length)
+  # that are inappropriate for the card type.
+  # However, if the payinfo is encrypted then just detect card type and assume
+  # the other checks were already done.
+
   if ( !$ignore_invalid_card && 
     $check_payinfo && $self->payby =~ /^(CARD|DCRD)$/ ) {
 
     my $payinfo = $self->payinfo;
     $payinfo =~ s/\D//g;
-    $payinfo =~ /^(\d{13,16}|\d{8,9})$/
+    $payinfo =~ /^(\d{13,19}|\d{8,9})$/
       or return gettext('invalid_card'); #. ": ". $self->payinfo;
     $payinfo = $1;
     $self->payinfo($payinfo);
     validate($payinfo)
       or return gettext('invalid_card'); # . ": ". $self->payinfo;
 
-    return gettext('unknown_card_type')
-      if $self->payinfo !~ /^99\d{14}$/ #token
-      && cardtype($self->payinfo) eq "Unknown";
+    # see parallel checks in check_payinfo_cardtype & payinfo_Mixin::payinfo_check
+    my $cardtype = $self->paycardtype;
+    if ( $self->tokenized ) {
+      $self->('is_tokenized', 'Y'); #so we don't try to do it again
+      if ( $self->paymask =~ /^\d+x/ ) {
+        $cardtype = cardtype($self->paymask);
+      } else {
+        #return "paycardtype required ".
+        #       "(can't derive from a token and no paymask w/prefix provided)"
+        #  unless $cardtype;
+      }
+    } else {
+      $cardtype = cardtype($self->payinfo);
+    }
+    
+    return gettext('unknown_card_type') if $cardtype eq "Unknown";
+    
+    $self->set('paycardtype', $cardtype);
 
     unless ( $ignore_banned_card ) {
       my $ban = FS::banned_pay->ban_search( %{ $self->_banned_pay_hashref } );
@@ -344,7 +395,7 @@ sub check {
     }
 
     if (length($self->paycvv) && !$self->is_encrypted($self->paycvv)) {
-      if ( cardtype($self->payinfo) eq 'American Express card' ) {
+      if ( $cardtype eq 'American Express card' ) {
         $self->paycvv =~ /^(\d{4})$/
           or return "CVV2 (CID) for American Express cards is four digits.";
         $self->paycvv($1);
@@ -357,7 +408,6 @@ sub check {
       $self->paycvv('');
     }
 
-    my $cardtype = cardtype($payinfo);
     if ( $cardtype =~ /^(Switch|Solo)$/i ) {
 
       return "Start date or issue number is required for $cardtype cards"
@@ -415,6 +465,15 @@ sub check {
       }
     }
 
+  } elsif ( $self->payby =~ /^CARD|DCRD$/ and $self->paymask ) {
+    # either ignoring invalid cards, or we can't decrypt the payinfo, but
+    # try to detect the card type anyway. this never returns failure, so
+    # the contract of $ignore_invalid_cards is maintained.
+    $self->set('paycardtype', cardtype($self->paymask));
+  } else {
+    $self->set('paycardtype', '');
+  }
+
 #  } elsif ( $self->payby eq 'PREPAY' ) {
 #
 #    my $payinfo = $self->payinfo;
@@ -426,8 +485,6 @@ sub check {
 #      unless qsearchs('prepay_credit', { 'identifier' => $self->payinfo } );
 #    $self->paycvv('');
 
-  }
-
   if ( $self->payby =~ /^(CHEK|DCHK)$/ ) {
 
     $self->paydate('');
@@ -435,6 +492,7 @@ sub check {
   } elsif ( $self->payby =~ /^(CARD|DCRD)$/ ) {
 
     # shouldn't payinfo_check do this?
+    # (except we don't ever call payinfo_check from here)
     return "Expiration date required"
       if $self->paydate eq '' || $self->paydate eq '-';
 
@@ -478,11 +536,51 @@ sub check {
 
   }
 
-  ###
+  if ( ! $self->custpaybynum ) {
+    if ($conf->exists('business-onlinepayment-verification')) {
+      $error = $self->verify;
+    } else {
+      $error = $self->tokenize;
+    }
+    return $error if $error;
+  }
 
   $self->SUPER::check;
 }
 
+sub check_payinfo_cardtype {
+  my $self = shift;
+
+  return '' if $ignore_cardtype;
+
+  return '' unless $self->payby =~ /^(CARD|CHEK)$/;
+
+  my $payinfo = $self->payinfo;
+  $payinfo =~ s/\D//g;
+
+  # see parallel checks in cust_payby::check & payinfo_Mixin::payinfo_check
+  if ( $self->tokenized($payinfo) ) {
+    $self->set('is_tokenized', 'Y'); #so we don't try to do it again
+    if ( $self->paymask =~ /^\d+x/ ) {
+      $self->set('paycardtype', cardtype($self->paymask));
+    } else {
+      $self->set('paycardtype', '');
+      #return "paycardtype required ".
+      #       "(can't derive from a token and no paymask w/prefix provided)";
+    }
+    return '';
+  }
+
+  my %bop_card_types = map { $_=>1 } values %{ card_types() };
+  my $cardtype = cardtype($payinfo);
+  $self->set('paycardtype', $cardtype);
+
+  return "$cardtype not accepted" unless $bop_card_types{$cardtype};
+
+  '';
+
+}
+
 sub _banned_pay_hashref {
   my $self = shift;
 
@@ -531,23 +629,83 @@ sub paydate_mon_year {
 
 }
 
+=item label
+
+Returns a one line text label for this payment type.
+
+=cut
+
+my %weight = (
+  1 => 'Primary',
+  2 => 'Secondary',
+  3 => 'Tertiary',
+  4 => 'Fourth',
+  5 => 'Fifth',
+  6 => 'Sixth',
+  7 => 'Seventh',
+);
+
+sub label {
+  my $self = shift;
+
+  my $name = $self->payby =~ /^(CARD|DCRD)$/
+              && $self->paycardtype || FS::payby->shortname($self->payby);
+
+  ( $self->payby =~ /^(CARD|CHEK)$/  ? $weight{$self->weight}. ' automatic '
+                                     : 'Manual '
+  ).
+  "$name: ". $self->paymask.
+  ( $self->payby =~ /^(CARD|DCRD)$/
+      ? ' Exp '. join('/', $self->paydate_mon_year)
+      : ''
+  );
+
+}
+
 =item realtime_bop
 
+Runs a L<realtime_bop|FS::cust_main::Billing_Realtime::realtime_bop> transaction on this card
+
 =cut
 
 sub realtime_bop {
   my( $self, %opt ) = @_;
 
-  $opt{$_} = $self->$_() for qw( payinfo payname paydate );
-
-  if ( $self->locationnum ) {
-    my $cust_location = $self->cust_location;
-    $opt{$_} = $cust_location->$_() for qw( address1 address2 city state zip );
-  }
-
   $self->cust_main->realtime_bop({
-    'method' => FS::payby->payby2bop( $self->payby ),
     %opt,
+    'cust_payby' => $self,
+  });
+
+}
+
+=item tokenize
+
+Runs a L<realtime_tokenize|FS::cust_main::Billing_Realtime::realtime_tokenize> transaction on this card
+
+=cut
+
+sub tokenize {
+  my $self = shift;
+  return '' unless $self->payby =~ /^(CARD|DCRD)$/;
+
+  $self->cust_main->realtime_tokenize({
+    'cust_payby' => $self,
+  });
+
+}
+
+=item verify 
+
+Runs a L<realtime_verify_bop|FS::cust_main::Billing_Realtime/realtime_verify_bop> transaction on this card
+
+=cut
+
+sub verify {
+  my $self = shift;
+  return '' unless $self->payby =~ /^(CARD|DCRD)$/;
+
+  $self->cust_main->realtime_verify_bop({
+    'cust_payby' => $self,
   });
 
 }
@@ -596,6 +754,9 @@ sub cgi_hash_callback {
     'CARD' => 'DCRD',
     'CHEK' => 'DCHK',
   );
+  # the payby selector gives the choice of CARD or CHEK (or others, but
+  # those are the ones with auto and on-demand versions). if the user didn't
+  # choose a weight, then they mean DCRD/DCHK.
   $hashref->{payby} = $noauto{$hashref->{payby}}
     if ! $hashref->{weight} && exists $noauto{$hashref->{payby}};
 
@@ -719,6 +880,9 @@ sub search_sql {
       ' LEFT JOIN cust_location AS '.$pre.'location '.
       'ON (cust_main.'.$pre.'locationnum = '.$pre.'location.locationnum) ';
   }
+  # always make referral available in results
+  #   (maybe we should be using FS::UI::Web::join_cust_main instead?)
+  $addl_from .= ' LEFT JOIN (select refnum, referral from part_referral) AS part_referral_x ON (cust_main.refnum = part_referral_x.refnum) ';
 
   my $count_query = "SELECT COUNT(*) FROM cust_payby $addl_from $extra_sql";
 
@@ -747,6 +911,18 @@ sub search_sql {
 
 =back
 
+=cut
+
+sub _upgrade_data {
+
+  my $class = shift;
+  local $ignore_banned_card = 1;
+  local $ignore_expired_card = 1;
+  local $ignore_invalid_card = 1;
+  $class->upgrade_set_cardtype;
+
+}
+
 =head1 BUGS
 
 =head1 SEE ALSO