RT#42394: paycvv during cust_payby replace (v4+ only) [fixed paycvv removal]

diff --git a/FS/FS/cust_main.pm b/FS/FS/cust_main.pm
index bf5baa9..afecb83 100644 (file)
--- a/FS/FS/cust_main.pm
+++ b/FS/FS/cust_main.pm
@@ -2336,6 +2336,8 @@ Removes the I<paycvv> field from the database directly.
 
 If there is an error, returns the error, otherwise returns false.
 
 
 If there is an error, returns the error, otherwise returns false.
 

+DEPRECATED.  Use L</remove_cvv_from_cust_payby> instead.
+

 =cut
 
 sub remove_cvv {
 =cut
 
 sub remove_cvv {


@@ -4522,6 +4524,33 @@ PAYBYLOOP:
 
 }
 
 
 }
 

+=item remove_cvv_from_cust_payby PAYINFO
+
+Removes paycvv from associated cust_payby with matching PAYINFO.
+
+=cut
+
+sub remove_cvv_from_cust_payby {
+  my ($self,$payinfo) = @_;
+
+  my $oldAutoCommit = $FS::UID::AutoCommit;
+  local $FS::UID::AutoCommit = 0;
+  my $dbh = dbh;
+
+  foreach my $cust_payby ( qsearch('cust_payby',{ custnum => $self->custnum }) ) {
+    next unless $cust_payby->payinfo eq $payinfo; # can't qsearch on payinfo
+    $cust_payby->paycvv('');
+    my $error = $cust_payby->replace;
+    if ($error) {
+      $dbh->rollback if $oldAutoCommit;
+      return $error;
+    }
+  }
+
+  $dbh->commit or die $dbh->errstr if $oldAutoCommit;
+  '';
+}
+

 =back
 
 =head1 CLASS METHODS
 =back
 
 =head1 CLASS METHODS

diff --git a/FS/FS/cust_main/Billing_Realtime.pm b/FS/FS/cust_main/Billing_Realtime.pm
index c676607..9fea1bb 100644 (file)
--- a/FS/FS/cust_main/Billing_Realtime.pm
+++ b/FS/FS/cust_main/Billing_Realtime.pm
@@ -510,11 +510,8 @@ sub realtime_bop {
       $paydate =~ /^\d{2}(\d{2})[\/\-](\d+)[\/\-]\d+$/;
       $content{expiration} = "$2/$1";
 
       $paydate =~ /^\d{2}(\d{2})[\/\-](\d+)[\/\-]\d+$/;
       $content{expiration} = "$2/$1";
 

-      my $paycvv = exists($options{'paycvv'})
-                     ? $options{'paycvv'}
-                     : $self->paycvv;
-      $content{cvv2} = $paycvv
-        if length($paycvv);
+      $content{cvv2} = $options{'paycvv'}
+        if length($options{'paycvv'});

 
       my $paystart_month = exists($options{'paystart_month'})
                              ? $options{'paystart_month'}
 
       my $paystart_month = exists($options{'paystart_month'})
                              ? $options{'paystart_month'}


@@ -764,10 +761,10 @@ sub realtime_bop {
   ###
 
   # compare to FS::cust_main::save_cust_payby - check both to make sure working correctly
   ###
 
   # compare to FS::cust_main::save_cust_payby - check both to make sure working correctly

-  if ( length($self->paycvv)
+  if ( length($options{'paycvv'})

        && ! grep { $_ eq cardtype($options{payinfo}) } $conf->config('cvv-save')
   ) {
        && ! grep { $_ eq cardtype($options{payinfo}) } $conf->config('cvv-save')
   ) {

-    my $error = $self->remove_cvv;
+    my $error = $self->remove_cvv_from_cust_payby($options{payinfo});

     if ( $error ) {
       warn "WARNING: error removing cvv: $error\n";
     }
     if ( $error ) {
       warn "WARNING: error removing cvv: $error\n";
     }


@@ -1790,11 +1787,8 @@ sub realtime_verify_bop {
       $paydate =~ /^\d{2}(\d{2})[\/\-](\d+)[\/\-]\d+$/;
       $content{expiration} = "$2/$1";
 
       $paydate =~ /^\d{2}(\d{2})[\/\-](\d+)[\/\-]\d+$/;
       $content{expiration} = "$2/$1";
 

-      my $paycvv = exists($options{'paycvv'})
-                     ? $options{'paycvv'}
-                     : $self->paycvv;
-      $content{cvv2} = $paycvv
-        if length($paycvv);
+      $content{cvv2} = $options{'paycvv'}
+        if length($options{'paycvv'});

 
       my $paystart_month = exists($options{'paystart_month'})
                              ? $options{'paystart_month'}
 
       my $paystart_month = exists($options{'paystart_month'})
                              ? $options{'paystart_month'}

diff --git a/FS/FS/cust_payby.pm b/FS/FS/cust_payby.pm
index fd75567..623a44e 100644 (file)
--- a/FS/FS/cust_payby.pm
+++ b/FS/FS/cust_payby.pm
@@ -217,14 +217,14 @@ sub replace {
     $self->payinfo($new_account.'@'.$new_aba);
   }
 
     $self->payinfo($new_account.'@'.$new_aba);
   }
 

-  # don't preserve paycvv if it was passed blank and payinfo changed
-  unless ( $self->payby =~ /^(CARD|DCRD)$/
-       && $old->payinfo ne $self->payinfo
-       && $old->paymask ne $self->paymask
-       && $self->paycvv =~ /^\s*$/ )
-  {
-    if ( length($old->paycvv) && $self->paycvv =~ /^\s*[\*x]*\s*$/ ) {
+  # only unmask paycvv if payinfo stayed the same
+  if ( $self->payby =~ /^(CARD|DCRD)$/ and $self->paycvv =~ /^\s*[\*x]+\s*$/ ) {
+    if ( $old->payinfo eq $self->payinfo
+         && $old->paymask eq $self->paymask
+    ) {

       $self->paycvv($old->paycvv);
       $self->paycvv($old->paycvv);

+    } else {
+      $self->paycvv('');

     }
   }
 
     }
   }
 

diff --git a/httemplate/elements/cust_payby.html b/httemplate/elements/cust_payby.html
index c7d4549..60e6eb8 100644 (file)
--- a/httemplate/elements/cust_payby.html
+++ b/httemplate/elements/cust_payby.html
@@ -68,7 +68,7 @@
                ID        = "<%$id%>_paycvv"
                SIZE      = 2
                MAXLENGTH = 4
                ID        = "<%$id%>_paycvv"
                SIZE      = 2
                MAXLENGTH = 4

-               VALUE     = "<% scalar($cgi->param($name.'_paycvv')) %>"
+               VALUE     = "<% scalar($cgi->param($name.'_paycvv')) || ('*' x length($cust_payby->paycvv)) %>"

                onChange  = "<% $onchange %>"
         >
         <BR><FONT SIZE="-1"><% mt('CVV2') |h %>&nbsp;(<A HREF="javascript:void(0);" onClick="overlib( OLiframeContent('<%$p%>docs/cvv2.html', 480, 275, 'cvv2_popup' ), CAPTION, 'CVV2 Help', STICKY, AUTOSTATUSCAP, CLOSECLICK, DRAGGABLE ); return false;"><% mt('help') |h %></A>)</FONT>
                onChange  = "<% $onchange %>"
         >
         <BR><FONT SIZE="-1"><% mt('CVV2') |h %>&nbsp;(<A HREF="javascript:void(0);" onClick="overlib( OLiframeContent('<%$p%>docs/cvv2.html', 480, 275, 'cvv2_popup' ), CAPTION, 'CVV2 Help', STICKY, AUTOSTATUSCAP, CLOSECLICK, DRAGGABLE ); return false;"><% mt('help') |h %></A>)</FONT>

diff --git a/httemplate/misc/process/payment.cgi b/httemplate/misc/process/payment.cgi
index d232fe7..7768f92 100644 (file)
--- a/httemplate/misc/process/payment.cgi
+++ b/httemplate/misc/process/payment.cgi
@@ -86,7 +86,7 @@ if ( (my $custpaybynum = scalar($cgi->param('custpaybynum'))) > 0 ) {
 
   $payinfo = $cust_payby->payinfo;
   $paymask = $cust_payby->paymask;
 
   $payinfo = $cust_payby->payinfo;
   $paymask = $cust_payby->paymask;

-  $paycvv = '';
+  $paycvv = $cust_payby->paycvv; # pass it if we got it, running a transaction will clear it

   ( $month, $year ) = $cust_payby->paydate_mon_year;
   $payname = $cust_payby->payname;
 
   ( $month, $year ) = $cust_payby->paydate_mon_year;
   $payname = $cust_payby->payname;