Update credit card number validation

VERIFIED FIXED in Firefox 64

Status

()

enhancement
P1
normal
VERIFIED FIXED
10 months ago
7 months ago

People

(Reporter: sfoster, Assigned: sfoster)

Tracking

unspecified
mozilla64
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox64 verified)

Details

(Whiteboard: [webpayments])

Attachments

(1 attachment)

Assignee

Description

10 months ago
The valid range of credit card number (PAN) digit lengths varies from card network to network. For simplicity's sake, we should accept anything from 12-19 While most numbers are still 16 digits, Mastercard and others are now issuing 19 digit PANs, Maestro numbers can be anywhere from 12 to 19 digits long.
Priority: -- → P3
Whiteboard: [webpayments-reserve] [triage]

Updated

10 months ago
Priority: P3 → --
Whiteboard: [webpayments-reserve] [triage] → [webpayments] [triage]

Updated

10 months ago
Flags: qe-verify+
Priority: -- → P3
QA Contact: hani.yacoub
Whiteboard: [webpayments] [triage] → [webpayments-reserve]
Assignee

Updated

9 months ago
Duplicate of this bug: 1492129
Priority: P3 → P2
Whiteboard: [webpayments-reserve] → [webpayments]
Assignee

Comment 2

9 months ago
I pushed a change to try to flush out any non-obvious (test) ramifications to the proposed change: https://treeherder.mozilla.org/#/jobs?repo=try&revision=df47bd264f8c5e4fa4285d621a593672f5334a23

tldr; unless I missed an important test suite, the xpcshell tests for CreditCard.jsm seem to be the only place we have test coverage for what digit lengths are considered valid.
Assignee: nobody → sfoster
Status: NEW → ASSIGNED
Priority: P2 → P1
Assignee

Comment 4

9 months ago
(In reply to Sam Foster [:sfoster] from comment #2)
> I pushed a change to try to flush out any non-obvious (test) ramifications
> to the proposed change:
> https://treeherder.mozilla.org/#/
> jobs?repo=try&revision=df47bd264f8c5e4fa4285d621a593672f5334a23
> 
> tldr; unless I missed an important test suite, the xpcshell tests for
> CreditCard.jsm seem to be the only place we have test coverage for what
> digit lengths are considered valid.

New patch, new push: https://treeherder.mozilla.org/#/jobs?repo=try&revision=daa80405bd827c8bde86a7cc1ebb39295ca102b7&selectedJob=204605883

Comment 5

9 months ago
Pushed by sfoster@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/e702628b7c51
Allow 12-19 digit length card numbers. r=MattN

Comment 7

9 months ago
Pushed by sfoster@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/31313cac4517
Allow 12-19 digit length card numbers. r=MattN

Comment 8

9 months ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/31313cac4517
Status: ASSIGNED → RESOLVED
Closed: 9 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla64
Assignee

Comment 9

9 months ago
Clearing need-info. Thanks for the backout :andrei_ciure_, this has since been fixed and re-landed.
Flags: needinfo?(sfoster)
Backed out for causing Bug 1498071.

Recent failure log of Bug 1498071 : https://treeherder.mozilla.org/logviewer.html#?job_id=205348891&repo=mozilla-inbound&lineNumber=2718
Status: RESOLVED → REOPENED
Flags: needinfo?(sfoster)
Resolution: FIXED → ---
Target Milestone: mozilla64 → ---

Comment 11

8 months ago
Backout by nbeleuzu@mozilla.com:
https://hg.mozilla.org/mozilla-central/rev/b6abd17c078b
Backed out changeset 31313cac4517 for causing Bug1498071. a=backout
Status: REOPENED → ASSIGNED
Assignee

Comment 12

8 months ago
Sigh. Another case of Date.now() being intepretted as a potentially-valid credit card number in an input field. Thanks for spotting and backing out. I have an updated patch with this and another similar issue fixed. 

Try push: 
https://treeherder.mozilla.org/#/jobs?repo=try&revision=d7704a8a1afa472b4d144be39a28f933f8cef9bd
Flags: needinfo?(sfoster)
Assignee

Comment 13

8 months ago
I've gone through searchfox results for Date.now() looking for cases where it is used as input into a text field - and where that value is expected to be saved for later autofill or session restore. In these cases Date.now() is just being used as a way of getting arbitrary and random-ish characters, so .toString(16) works to accomplish the same goal and not produce a value that looks like a credit card number. 

That try push looks good in the sense that I didn't break any tests. Its hard to know I've got all the new intermittents without a lot more data though.

Comment 14

8 months ago
Pushed by sfoster@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/583d689d630e
Allow 12-19 digit length card numbers. r=MattN

Comment 15

8 months ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/583d689d630e
Status: ASSIGNED → RESOLVED
Closed: 9 months ago8 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla64

Comment 16

8 months ago
Verified - Fixed on latest Nightly 65.0a1 (2018-10-24) on Windows 7/10, Ubuntu 16.04. and Mac OS 10.13.
Number validation accepts credit card numbers with the length of 12-19 digits.
Status: RESOLVED → VERIFIED
Flags: qe-verify+
You need to log in before you can comment on or make changes to this bug.