From 95502dabd865c34d1483b20c583523b12fe9332d Mon Sep 17 00:00:00 2001
From: Jonathan Prykop <jonathan@freeside.biz>
Date: Thu, 2 Jun 2016 02:34:14 -0500
Subject: [PATCH] RT#42394: paycvv during cust_payby replace (v4+ only) [fixed
 paycvv removal]

---
 FS/FS/cust_main.pm                  | 29 +++++++++++++++++++++++++++++
 FS/FS/cust_main/Billing_Realtime.pm | 18 ++++++------------
 FS/FS/cust_payby.pm                 | 14 +++++++-------
 httemplate/elements/cust_payby.html |  2 +-
 httemplate/misc/process/payment.cgi |  2 +-
 5 files changed, 44 insertions(+), 21 deletions(-)

diff --git a/FS/FS/cust_main.pm b/FS/FS/cust_main.pm
index bf5baa986..afecb83f5 100644
--- a/FS/FS/cust_main.pm
+++ b/FS/FS/cust_main.pm
@@ -2336,6 +2336,8 @@ Removes the I<paycvv> field from the database directly.
 
 If there is an error, returns the error, otherwise returns false.
 
+DEPRECATED.  Use L</remove_cvv_from_cust_payby> instead.
+
 =cut
 
 sub remove_cvv {
@@ -4522,6 +4524,33 @@ PAYBYLOOP:
 
 }
 
+=item remove_cvv_from_cust_payby PAYINFO
+
+Removes paycvv from associated cust_payby with matching PAYINFO.
+
+=cut
+
+sub remove_cvv_from_cust_payby {
+  my ($self,$payinfo) = @_;
+
+  my $oldAutoCommit = $FS::UID::AutoCommit;
+  local $FS::UID::AutoCommit = 0;
+  my $dbh = dbh;
+
+  foreach my $cust_payby ( qsearch('cust_payby',{ custnum => $self->custnum }) ) {
+    next unless $cust_payby->payinfo eq $payinfo; # can't qsearch on payinfo
+    $cust_payby->paycvv('');
+    my $error = $cust_payby->replace;
+    if ($error) {
+      $dbh->rollback if $oldAutoCommit;
+      return $error;
+    }
+  }
+
+  $dbh->commit or die $dbh->errstr if $oldAutoCommit;
+  '';
+}
+
 =back
 
 =head1 CLASS METHODS
diff --git a/FS/FS/cust_main/Billing_Realtime.pm b/FS/FS/cust_main/Billing_Realtime.pm
index c676607da..9fea1bb33 100644
--- a/FS/FS/cust_main/Billing_Realtime.pm
+++ b/FS/FS/cust_main/Billing_Realtime.pm
@@ -510,11 +510,8 @@ sub realtime_bop {
       $paydate =~ /^\d{2}(\d{2})[\/\-](\d+)[\/\-]\d+$/;
       $content{expiration} = "$2/$1";
 
-      my $paycvv = exists($options{'paycvv'})
-                     ? $options{'paycvv'}
-                     : $self->paycvv;
-      $content{cvv2} = $paycvv
-        if length($paycvv);
+      $content{cvv2} = $options{'paycvv'}
+        if length($options{'paycvv'});
 
       my $paystart_month = exists($options{'paystart_month'})
                              ? $options{'paystart_month'}
@@ -764,10 +761,10 @@ sub realtime_bop {
   ###
 
   # compare to FS::cust_main::save_cust_payby - check both to make sure working correctly
-  if ( length($self->paycvv)
+  if ( length($options{'paycvv'})
        && ! grep { $_ eq cardtype($options{payinfo}) } $conf->config('cvv-save')
   ) {
-    my $error = $self->remove_cvv;
+    my $error = $self->remove_cvv_from_cust_payby($options{payinfo});
     if ( $error ) {
       warn "WARNING: error removing cvv: $error\n";
     }
@@ -1790,11 +1787,8 @@ sub realtime_verify_bop {
       $paydate =~ /^\d{2}(\d{2})[\/\-](\d+)[\/\-]\d+$/;
       $content{expiration} = "$2/$1";
 
-      my $paycvv = exists($options{'paycvv'})
-                     ? $options{'paycvv'}
-                     : $self->paycvv;
-      $content{cvv2} = $paycvv
-        if length($paycvv);
+      $content{cvv2} = $options{'paycvv'}
+        if length($options{'paycvv'});
 
       my $paystart_month = exists($options{'paystart_month'})
                              ? $options{'paystart_month'}
diff --git a/FS/FS/cust_payby.pm b/FS/FS/cust_payby.pm
index fd75567e6..623a44efc 100644
--- a/FS/FS/cust_payby.pm
+++ b/FS/FS/cust_payby.pm
@@ -217,14 +217,14 @@ sub replace {
     $self->payinfo($new_account.'@'.$new_aba);
   }
 
-  # don't preserve paycvv if it was passed blank and payinfo changed
-  unless ( $self->payby =~ /^(CARD|DCRD)$/
-       && $old->payinfo ne $self->payinfo
-       && $old->paymask ne $self->paymask
-       && $self->paycvv =~ /^\s*$/ )
-  {
-    if ( length($old->paycvv) && $self->paycvv =~ /^\s*[\*x]*\s*$/ ) {
+  # only unmask paycvv if payinfo stayed the same
+  if ( $self->payby =~ /^(CARD|DCRD)$/ and $self->paycvv =~ /^\s*[\*x]+\s*$/ ) {
+    if ( $old->payinfo eq $self->payinfo
+         && $old->paymask eq $self->paymask
+    ) {
       $self->paycvv($old->paycvv);
+    } else {
+      $self->paycvv('');
     }
   }
 
diff --git a/httemplate/elements/cust_payby.html b/httemplate/elements/cust_payby.html
index c7d4549df..60e6eb8b1 100644
--- a/httemplate/elements/cust_payby.html
+++ b/httemplate/elements/cust_payby.html
@@ -68,7 +68,7 @@
                ID        = "<%$id%>_paycvv"
                SIZE      = 2
                MAXLENGTH = 4
-               VALUE     = "<% scalar($cgi->param($name.'_paycvv')) %>"
+               VALUE     = "<% scalar($cgi->param($name.'_paycvv')) || ('*' x length($cust_payby->paycvv)) %>"
                onChange  = "<% $onchange %>"
         >
         <BR><FONT SIZE="-1"><% mt('CVV2') |h %>&nbsp;(<A HREF="javascript:void(0);" onClick="overlib( OLiframeContent('<%$p%>docs/cvv2.html', 480, 275, 'cvv2_popup' ), CAPTION, 'CVV2 Help', STICKY, AUTOSTATUSCAP, CLOSECLICK, DRAGGABLE ); return false;"><% mt('help') |h %></A>)</FONT>
diff --git a/httemplate/misc/process/payment.cgi b/httemplate/misc/process/payment.cgi
index d232fe729..7768f921f 100644
--- a/httemplate/misc/process/payment.cgi
+++ b/httemplate/misc/process/payment.cgi
@@ -86,7 +86,7 @@ if ( (my $custpaybynum = scalar($cgi->param('custpaybynum'))) > 0 ) {
 
   $payinfo = $cust_payby->payinfo;
   $paymask = $cust_payby->paymask;
-  $paycvv = '';
+  $paycvv = $cust_payby->paycvv; # pass it if we got it, running a transaction will clear it
   ( $month, $year ) = $cust_payby->paydate_mon_year;
   $payname = $cust_payby->payname;
 
-- 
2.11.0