X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=FS%2FFS%2Fcust_payby.pm;h=ab3c41ce002be83f6a30eb6274a3d66335de9ac3;hp=ad3d80a20607aa6c981cf393cdf5c6bec7f81fa2;hb=4fe1fd639d387e1a3d271618b35830142583c714;hpb=446fb74f2f31d48dd303c9a52105d40f11079e10 diff --git a/FS/FS/cust_payby.pm b/FS/FS/cust_payby.pm index ad3d80a20..ab3c41ce0 100644 --- a/FS/FS/cust_payby.pm +++ b/FS/FS/cust_payby.pm @@ -1,26 +1,27 @@ package FS::cust_payby; +use base qw( FS::payinfo_Mixin FS::cust_main_Mixin FS::Record ); use strict; -use base qw( FS::payinfo_Mixin FS::Record ); -use FS::UID; -use FS::Record qw( qsearchs ); #qsearch; -use FS::payby; -use FS::cust_main; +use Scalar::Util qw( blessed ); +use Digest::SHA qw( sha512_base64 ); use Business::CreditCard qw( validate cardtype ); +use FS::UID qw( dbh ); use FS::Msgcat qw( gettext ); +use FS::Misc qw( card_types ); +use FS::Record; #qw( qsearch qsearchs ); +use FS::payby; +use FS::cust_main; +use FS::banned_pay; -use vars qw( $conf @encrypted_fields - $ignore_expired_card $ignore_banned_card - $ignore_invalid_card - ); - -@encrypted_fields = ('payinfo', 'paycvv'); +our @encrypted_fields = ('payinfo', 'paycvv'); sub nohistory_fields { ('payinfo', 'paycvv'); } -$ignore_expired_card = 0; -$ignore_banned_card = 0; -$ignore_invalid_card = 0; +our $ignore_expired_card = 0; +our $ignore_banned_card = 0; +our $ignore_invalid_card = 0; +our $ignore_cardtype = 0; +our $conf; install_callback FS::UID sub { $conf = new FS::Conf; #yes, need it for stuff below (prolly should be cached) @@ -114,6 +115,9 @@ paytype payip +=item paycardtype + +The credit card type (deduced from the card number). =back @@ -141,15 +145,45 @@ otherwise returns false. =cut -# the insert method can be inherited from FS::Record +sub insert { + my $self = shift; + + local $SIG{HUP} = 'IGNORE'; + local $SIG{INT} = 'IGNORE'; + local $SIG{QUIT} = 'IGNORE'; + local $SIG{TERM} = 'IGNORE'; + local $SIG{TSTP} = 'IGNORE'; + local $SIG{PIPE} = 'IGNORE'; + + my $oldAutoCommit = $FS::UID::AutoCommit; + local $FS::UID::AutoCommit = 0; + my $dbh = dbh; + + my $error = $self->check_payinfo_cardtype + || $self->SUPER::insert; + if ( $error ) { + $dbh->rollback if $oldAutoCommit; + return $error; + } -=item delete + if ( $self->payby =~ /^(CARD|CHEK)$/ ) { + # new auto card/check info, want to retry realtime_ invoice events + # (new customer? that's okay, they won't have any) + my $error = $self->cust_main->retry_realtime; + if ( $error ) { + $dbh->rollback if $oldAutoCommit; + return $error; + } + } -Delete this record from the database. + $dbh->commit or die $dbh->errstr if $oldAutoCommit; + ''; -=cut +} + +=item delete -# the delete method can be inherited from FS::Record +Delete this record from the database. =item replace OLD_RECORD @@ -158,7 +192,109 @@ returns the error, otherwise returns false. =cut -# the replace method can be inherited from FS::Record +sub replace { + my $self = shift; + + my $old = ( blessed($_[0]) && $_[0]->isa('FS::Record') ) + ? shift + : $self->replace_old; + + if ( $self->payby =~ /^(CARD|DCRD)$/ + && ( $self->payinfo =~ /xx/ + || $self->payinfo =~ /^\s*N\/A\s+\(tokenized\)\s*$/ + ) + ) + { + + $self->payinfo($old->payinfo); + + } elsif ( $self->payby =~ /^(CHEK|DCHK)$/ && $self->payinfo =~ /xx/ ) { + #fix for #3085 "edit of customer's routing code only surprisingly causes + #nothing to happen... + # this probably won't do the right thing when we don't have the + # public key (can't actually get the real $old->payinfo) + my($new_account, $new_aba) = split('@', $self->payinfo); + my($old_account, $old_aba) = split('@', $old->payinfo); + $new_account = $old_account if $new_account =~ /xx/; + $new_aba = $old_aba if $new_aba =~ /xx/; + $self->payinfo($new_account.'@'.$new_aba); + } + + # only unmask paycvv if payinfo stayed the same + if ( $self->payby =~ /^(CARD|DCRD)$/ and $self->paycvv =~ /^\s*[\*x]+\s*$/ ) { + if ( $old->payinfo eq $self->payinfo + && $old->paymask eq $self->paymask + ) { + $self->paycvv($old->paycvv); + } else { + $self->paycvv(''); + } + } + + local($ignore_expired_card) = 1 + if $old->payby =~ /^(CARD|DCRD)$/ + && $self->payby =~ /^(CARD|DCRD)$/ + && ( $old->payinfo eq $self->payinfo || $old->paymask eq $self->paymask ); + + local($ignore_banned_card) = 1 + if ( $old->payby =~ /^(CARD|DCRD)$/ && $self->payby =~ /^(CARD|DCRD)$/ + || $old->payby =~ /^(CHEK|DCHK)$/ && $self->payby =~ /^(CHEK|DCHK)$/ ) + && ( $old->payinfo eq $self->payinfo || $old->paymask eq $self->paymask ); + + if ( $self->payby =~ /^(CARD|DCRD)$/ + && $old->payinfo ne $self->payinfo + && $old->paymask ne $self->paymask ) + { + my $error = $self->check_payinfo_cardtype; + return $error if $error; + + if ( $conf->exists('business-onlinepayment-verification') ) { + $error = $self->verify; + } else { + $error = $self->tokenize; + } + return $error if $error; + + } + + local $SIG{HUP} = 'IGNORE'; + local $SIG{INT} = 'IGNORE'; + local $SIG{QUIT} = 'IGNORE'; + local $SIG{TERM} = 'IGNORE'; + local $SIG{TSTP} = 'IGNORE'; + local $SIG{PIPE} = 'IGNORE'; + + my $oldAutoCommit = $FS::UID::AutoCommit; + local $FS::UID::AutoCommit = 0; + my $dbh = dbh; + + my $error = $self->SUPER::replace($old); + if ( $error ) { + $dbh->rollback if $oldAutoCommit; + return $error; + } + + if ( $self->payby =~ /^(CARD|CHEK)$/ + && ( ( $self->get('payinfo') ne $old->get('payinfo') + && !$self->tokenized + ) + || grep { $self->get($_) ne $old->get($_) } qw(paydate payname) + ) + ) + { + + # card/check/lec info has changed, want to retry realtime_ invoice events + my $error = $self->cust_main->retry_realtime; + if ( $error ) { + $dbh->rollback if $oldAutoCommit; + return $error; + } + } + + $dbh->commit or die $dbh->errstr if $oldAutoCommit; + ''; + +} =item check @@ -174,7 +310,7 @@ sub check { my $error = $self->ut_numbern('custpaybynum') || $self->ut_foreign_key('custnum', 'cust_main', 'custnum') - || $self->ut_number('weight') + || $self->ut_numbern('weight') #encrypted #|| $self->ut_textn('payinfo') #encrypted #|| $self->ut_textn('paycvv') # || $self->ut_textn('paymask') #XXX something @@ -201,21 +337,43 @@ sub check { # Need some kind of global flag to accept invalid cards, for testing # on scrubbed data. #XXX if ( !$import && $check_payinfo && $self->payby =~ /^(CARD|DCRD)$/ ) { + + # In this block: detect card type; reject credit card / account numbers that + # are impossible or banned; reject other payment features (date, CVV length) + # that are inappropriate for the card type. + # However, if the payinfo is encrypted then just detect card type and assume + # the other checks were already done. + if ( !$ignore_invalid_card && $check_payinfo && $self->payby =~ /^(CARD|DCRD)$/ ) { my $payinfo = $self->payinfo; $payinfo =~ s/\D//g; - $payinfo =~ /^(\d{13,16}|\d{8,9})$/ - or return gettext('invalid_card'); # . ": ". $self->payinfo; + $payinfo =~ /^(\d{13,19}|\d{8,9})$/ + or return gettext('invalid_card'); #. ": ". $self->payinfo; $payinfo = $1; $self->payinfo($payinfo); validate($payinfo) or return gettext('invalid_card'); # . ": ". $self->payinfo; - return gettext('unknown_card_type') - if $self->payinfo !~ /^99\d{14}$/ #token - && cardtype($self->payinfo) eq "Unknown"; + # see parallel checks in check_payinfo_cardtype & payinfo_Mixin::payinfo_check + my $cardtype = $self->paycardtype; + if ( $self->tokenized ) { + $self->('is_tokenized', 'Y'); #so we don't try to do it again + if ( $self->paymask =~ /^\d+x/ ) { + $cardtype = cardtype($self->paymask); + } else { + #return "paycardtype required ". + # "(can't derive from a token and no paymask w/prefix provided)" + # unless $cardtype; + } + } else { + $cardtype = cardtype($self->payinfo); + } + + return gettext('unknown_card_type') if $cardtype eq "Unknown"; + + $self->set('paycardtype', $cardtype); unless ( $ignore_banned_card ) { my $ban = FS::banned_pay->ban_search( %{ $self->_banned_pay_hashref } ); @@ -237,7 +395,7 @@ sub check { } if (length($self->paycvv) && !$self->is_encrypted($self->paycvv)) { - if ( cardtype($self->payinfo) eq 'American Express card' ) { + if ( $cardtype eq 'American Express card' ) { $self->paycvv =~ /^(\d{4})$/ or return "CVV2 (CID) for American Express cards is four digits."; $self->paycvv($1); @@ -250,7 +408,6 @@ sub check { $self->paycvv(''); } - my $cardtype = cardtype($payinfo); if ( $cardtype =~ /^(Switch|Solo)$/i ) { return "Start date or issue number is required for $cardtype cards" @@ -308,54 +465,37 @@ sub check { } } - } elsif ( $self->payby eq 'LECB' ) { - - my $payinfo = $self->payinfo; - $payinfo =~ s/\D//g; - $payinfo =~ /^1?(\d{10})$/ or return 'invalid btn billing telephone number'; - $payinfo = $1; - $self->payinfo($payinfo); - $self->paycvv(''); - - } elsif ( $self->payby eq 'BILL' ) { - - $error = $self->ut_textn('payinfo'); - return "Illegal P.O. number: ". $self->payinfo if $error; - $self->paycvv(''); - - } elsif ( $self->payby eq 'COMP' ) { - - my $curuser = $FS::CurrentUser::CurrentUser; - if ( ! $self->custnum - && ! $curuser->access_right('Complimentary customer') - ) - { - return "You are not permitted to create complimentary accounts." - } + } elsif ( $self->payby =~ /^CARD|DCRD$/ and $self->paymask ) { + # either ignoring invalid cards, or we can't decrypt the payinfo, but + # try to detect the card type anyway. this never returns failure, so + # the contract of $ignore_invalid_cards is maintained. + $self->set('paycardtype', cardtype($self->paymask)); + } else { + $self->set('paycardtype', ''); + } - $error = $self->ut_textn('payinfo'); - return "Illegal comp account issuer: ". $self->payinfo if $error; - $self->paycvv(''); +# } elsif ( $self->payby eq 'PREPAY' ) { +# +# my $payinfo = $self->payinfo; +# $payinfo =~ s/\W//g; #anything else would just confuse things +# $self->payinfo($payinfo); +# $error = $self->ut_alpha('payinfo'); +# return "Illegal prepayment identifier: ". $self->payinfo if $error; +# return "Unknown prepayment identifier" +# unless qsearchs('prepay_credit', { 'identifier' => $self->payinfo } ); +# $self->paycvv(''); - } elsif ( $self->payby eq 'PREPAY' ) { + if ( $self->payby =~ /^(CHEK|DCHK)$/ ) { - my $payinfo = $self->payinfo; - $payinfo =~ s/\W//g; #anything else would just confuse things - $self->payinfo($payinfo); - $error = $self->ut_alpha('payinfo'); - return "Illegal prepayment identifier: ". $self->payinfo if $error; - return "Unknown prepayment identifier" - unless qsearchs('prepay_credit', { 'identifier' => $self->payinfo } ); - $self->paycvv(''); + $self->paydate(''); - } + } elsif ( $self->payby =~ /^(CARD|DCRD)$/ ) { - if ( $self->paydate eq '' || $self->paydate eq '-' ) { + # shouldn't payinfo_check do this? + # (except we don't ever call payinfo_check from here) return "Expiration date required" - # shouldn't payinfo_check do this? - unless $self->payby =~ /^(BILL|PREPAY|CHEK|DCHK|LECB|CASH|WEST|MCRD|MCHK|PPAL)$/; - $self->paydate(''); - } else { + if $self->paydate eq '' || $self->paydate eq '-'; + my( $m, $y ); if ( $self->paydate =~ /^(\d{1,2})[\/\-](\d{2}(\d{2})?)$/ ) { ( $m, $y ) = ( $1, length($2) == 4 ? $2 : "20$2" ); @@ -374,6 +514,7 @@ sub check { #&& !$ignore_expired_card && ( $y<$nowy || ( $y==$nowy && $1<$nowm ) ); + } if ( $self->payname eq '' && $self->payby !~ /^(CHEK|DCHK)$/ && @@ -395,13 +536,393 @@ sub check { } - ### + if ( ! $self->custpaybynum ) { + if ($conf->exists('business-onlinepayment-verification')) { + $error = $self->verify; + } else { + $error = $self->tokenize; + } + return $error if $error; + } $self->SUPER::check; } +sub check_payinfo_cardtype { + my $self = shift; + + return '' if $ignore_cardtype; + + return '' unless $self->payby =~ /^(CARD|CHEK)$/; + + my $payinfo = $self->payinfo; + $payinfo =~ s/\D//g; + + # see parallel checks in cust_payby::check & payinfo_Mixin::payinfo_check + if ( $self->tokenized($payinfo) ) { + $self->set('is_tokenized', 'Y'); #so we don't try to do it again + if ( $self->paymask =~ /^\d+x/ ) { + $self->set('paycardtype', cardtype($self->paymask)); + } else { + $self->set('paycardtype', ''); + #return "paycardtype required ". + # "(can't derive from a token and no paymask w/prefix provided)"; + } + return ''; + } + + my %bop_card_types = map { $_=>1 } values %{ card_types() }; + my $cardtype = cardtype($payinfo); + $self->set('paycardtype', $cardtype); + + return "$cardtype not accepted" unless $bop_card_types{$cardtype}; + + ''; + +} + +sub _banned_pay_hashref { + my $self = shift; + + my %payby2ban = ( + 'CARD' => 'CARD', + 'DCRD' => 'CARD', + 'CHEK' => 'CHEK', + 'DCHK' => 'CHEK' + ); + + { + 'payby' => $payby2ban{$self->payby}, + 'payinfo' => $self->payinfo, + #don't ever *search* on reason! #'reason' => + }; +} + +sub _new_banned_pay_hashref { + my $self = shift; + my $hr = $self->_banned_pay_hashref; + $hr->{payinfo_hash} = 'SHA512'; + $hr->{payinfo} = sha512_base64($hr->{payinfo}); + $hr; +} + +=item paydate_mon_year + +Returns a two element list consisting of the paydate month and year. + +=cut + +sub paydate_mon_year { + my $self = shift; + + my $date = $self->paydate; # || '12-2037'; + + #false laziness w/elements/select-month_year.html + if ( $date =~ /^(\d{4})-(\d{1,2})-\d{1,2}$/ ) { #PostgreSQL date format + ( $2, $1 ); + } elsif ( $date =~ /^(\d{1,2})-(\d{1,2}-)?(\d{4}$)/ ) { + ( $1, $3 ); + } else { + warn "unrecognized expiration date format: $date"; + ( '', '' ); + } + +} + +=item label + +Returns a one line text label for this payment type. + +=cut + +my %weight = ( + 1 => 'Primary', + 2 => 'Secondary', + 3 => 'Tertiary', + 4 => 'Fourth', + 5 => 'Fifth', + 6 => 'Sixth', + 7 => 'Seventh', +); + +sub label { + my $self = shift; + + my $name = $self->payby =~ /^(CARD|DCRD)$/ + && $self->paycardtype || FS::payby->shortname($self->payby); + + ( $self->payby =~ /^(CARD|CHEK)$/ ? $weight{$self->weight}. ' automatic ' + : 'Manual ' + ). + "$name: ". $self->paymask. + ( $self->payby =~ /^(CARD|DCRD)$/ + ? ' Exp '. join('/', $self->paydate_mon_year) + : '' + ); + +} + +=item realtime_bop + +Runs a L transaction on this card + +=cut + +sub realtime_bop { + my( $self, %opt ) = @_; + + $self->cust_main->realtime_bop({ + %opt, + 'cust_payby' => $self, + }); + +} + +=item tokenize + +Runs a L transaction on this card + +=cut + +sub tokenize { + my $self = shift; + return '' unless $self->payby =~ /^(CARD|DCRD)$/; + + $self->cust_main->realtime_tokenize({ + 'cust_payby' => $self, + }); + +} + +=item verify + +Runs a L transaction on this card + +=cut + +sub verify { + my $self = shift; + return '' unless $self->payby =~ /^(CARD|DCRD)$/; + + $self->cust_main->realtime_verify_bop({ + 'cust_payby' => $self, + }); + +} + +=item paytypes + +Returns a list of valid values for the paytype field (bank account type for +electronic check payment). + +=cut + +sub paytypes { + #my $class = shift; + + ('', 'Personal checking', 'Personal savings', 'Business checking', 'Business savings'); +} + +=item cgi_cust_payby_fields + +Returns the field names used in the web interface (including some pseudo-fields). + +=cut + +sub cgi_cust_payby_fields { + #my $class = shift; + [qw( payby payinfo paydate_month paydate_year paycvv payname weight + payinfo1 payinfo2 payinfo3 paytype paystate payname_CHEK )]; +} + +=item cgi_hash_callback HASHREF OLD + +Subroutine (not a class or object method). Processes a hash reference +of web interface contet (transfers the data from pseudo-fields to real fields). + +If OLD object is passed, also preserves locationnum, paystart_month, paystart_year, +payissue and payip. If the new field is blank but the old is not, the old field +will be preserved. + +=cut + +sub cgi_hash_callback { + my $hashref = shift; + my $old = shift; + + my %noauto = ( + 'CARD' => 'DCRD', + 'CHEK' => 'DCHK', + ); + # the payby selector gives the choice of CARD or CHEK (or others, but + # those are the ones with auto and on-demand versions). if the user didn't + # choose a weight, then they mean DCRD/DCHK. + $hashref->{payby} = $noauto{$hashref->{payby}} + if ! $hashref->{weight} && exists $noauto{$hashref->{payby}}; + + if ( $hashref->{payby} =~ /^(CHEK|DCHK)$/ ) { + + unless ( grep $hashref->{$_}, qw(payinfo1 payinfo2 payinfo3 payname_CHEK)) { + %$hashref = (); + return; + } + + $hashref->{payinfo} = $hashref->{payinfo1}. '@'; + $hashref->{payinfo} .= $hashref->{payinfo3}.'.' + if $conf->config('echeck-country') eq 'CA'; + $hashref->{payinfo} .= $hashref->{'payinfo2'}; + + $hashref->{payname} = $hashref->{'payname_CHEK'}; + + } elsif ( $hashref->{payby} =~ /^(CARD|DCRD)$/ ) { + + unless ( grep $hashref->{$_}, qw( payinfo paycvv payname ) ) { + %$hashref = (); + return; + } + + } + + $hashref->{paydate}= $hashref->{paydate_month}. '-'. $hashref->{paydate_year}; + + if ($old) { + foreach my $field ( qw(locationnum paystart_month paystart_year payissue payip) ) { + next if $hashref->{$field}; + next unless $old->get($field); + $hashref->{$field} = $old->get($field); + } + } + +} + +=item search_sql + +Class method. + +Returns a qsearch hash expression to search for parameters specified in HASHREF. +Valid paramters are: + +=over 4 + +=item payby + +listref + +=item paydate_year + +=item paydate_month + + +=back + +=cut + +sub search_sql { + my ($class, $params) = @_; + + my @where = (); + my $orderby; + + # initialize these to prevent warnings + $params = { + 'paydate_year' => '', + %$params + }; + + ### + # payby + ### + + if ( $params->{'payby'} ) { + + my @payby = ref( $params->{'payby'} ) + ? @{ $params->{'payby'} } + : ( $params->{'payby'} ); + + @payby = grep /^([A-Z]{4})$/, @payby; + my $in_payby = 'IN(' . join(',', map {"'$_'"} @payby) . ')'; + push @where, "cust_payby.payby $in_payby" + if @payby; + } + + ### + # paydate_year / paydate_month + ### + + if ( $params->{'paydate_year'} =~ /^(\d{4})$/ ) { + my $year = $1; + $params->{'paydate_month'} =~ /^(\d\d?)$/ + or die "paydate_year without paydate_month?"; + my $month = $1; + + push @where, + 'cust_payby.paydate IS NOT NULL', + "cust_payby.paydate != ''", + "CAST(cust_payby.paydate AS timestamp) < CAST('$year-$month-01' AS timestamp )" +; + } + ## + # setup queries, subs, etc. for the search + ## + + $orderby ||= 'ORDER BY custnum'; + + # here is the agent virtualization + push @where, + $FS::CurrentUser::CurrentUser->agentnums_sql(table => 'cust_main'); + + my $extra_sql = scalar(@where) ? ' WHERE '. join(' AND ', @where) : ''; + + my $addl_from = ' LEFT JOIN cust_main USING ( custnum ) '; + # always make address fields available in results + for my $pre ('bill_', 'ship_') { + $addl_from .= + ' LEFT JOIN cust_location AS '.$pre.'location '. + 'ON (cust_main.'.$pre.'locationnum = '.$pre.'location.locationnum) '; + } + # always make referral available in results + # (maybe we should be using FS::UI::Web::join_cust_main instead?) + $addl_from .= ' LEFT JOIN (select refnum, referral from part_referral) AS part_referral_x ON (cust_main.refnum = part_referral_x.refnum) '; + + my $count_query = "SELECT COUNT(*) FROM cust_payby $addl_from $extra_sql"; + + my @select = ( 'cust_payby.*', + #'cust_main.custnum', + # there's a good chance that we'll need these + 'cust_main.bill_locationnum', + 'cust_main.ship_locationnum', + FS::UI::Web::cust_sql_fields($params->{'cust_fields'}), + ); + + my $select = join(', ', @select); + + my $sql_query = { + 'table' => 'cust_payby', + 'select' => $select, + 'addl_from' => $addl_from, + 'hashref' => {}, + 'extra_sql' => $extra_sql, + 'order_by' => $orderby, + 'count_query' => $count_query, + }; + $sql_query; + +} + =back +=cut + +sub _upgrade_data { + + my $class = shift; + local $ignore_banned_card = 1; + local $ignore_expired_card = 1; + local $ignore_invalid_card = 1; + $class->upgrade_set_cardtype; + +} + =head1 BUGS =head1 SEE ALSO