Update credit card number validation

VERIFIED FIXED in Firefox 64

Status

()

P1
normal
VERIFIED FIXED
6 months ago
3 months ago

People

(Reporter: sfoster, Assigned: sfoster)

Tracking

unspecified
mozilla64
Points:
---

Firefox Tracking Flags

(firefox64 verified)

Details

(Whiteboard: [webpayments])

Attachments

(1 attachment)

(Assignee)

Description

6 months ago
The valid range of credit card number (PAN) digit lengths varies from card network to network. For simplicity's sake, we should accept anything from 12-19 While most numbers are still 16 digits, Mastercard and others are now issuing 19 digit PANs, Maestro numbers can be anywhere from 12 to 19 digits long.
Priority: -- → P3
Whiteboard: [webpayments-reserve] [triage]
Priority: P3 → --
Whiteboard: [webpayments-reserve] [triage] → [webpayments] [triage]
Flags: qe-verify+
Priority: -- → P3
QA Contact: hani.yacoub
Whiteboard: [webpayments] [triage] → [webpayments-reserve]
(Assignee)

Updated

5 months ago
Duplicate of this bug: 1492129
Priority: P3 → P2
Whiteboard: [webpayments-reserve] → [webpayments]
(Assignee)

Comment 2

4 months ago
I pushed a change to try to flush out any non-obvious (test) ramifications to the proposed change: https://treeherder.mozilla.org/#/jobs?repo=try&revision=df47bd264f8c5e4fa4285d621a593672f5334a23

tldr; unless I missed an important test suite, the xpcshell tests for CreditCard.jsm seem to be the only place we have test coverage for what digit lengths are considered valid.
(Assignee)

Comment 3

4 months ago
Created attachment 9016010 [details]
Bug 1485105 - Allow 12-19 digit length card numbers. r?MattN
Assignee: nobody → sfoster
Status: NEW → ASSIGNED
Priority: P2 → P1
(Assignee)

Comment 4

4 months ago
(In reply to Sam Foster [:sfoster] from comment #2)
> I pushed a change to try to flush out any non-obvious (test) ramifications
> to the proposed change:
> https://treeherder.mozilla.org/#/
> jobs?repo=try&revision=df47bd264f8c5e4fa4285d621a593672f5334a23
> 
> tldr; unless I missed an important test suite, the xpcshell tests for
> CreditCard.jsm seem to be the only place we have test coverage for what
> digit lengths are considered valid.

New patch, new push: https://treeherder.mozilla.org/#/jobs?repo=try&revision=daa80405bd827c8bde86a7cc1ebb39295ca102b7&selectedJob=204605883

Comment 5

4 months ago
Pushed by sfoster@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/e702628b7c51
Allow 12-19 digit length card numbers. r=MattN

Comment 7

4 months ago
Pushed by sfoster@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/31313cac4517
Allow 12-19 digit length card numbers. r=MattN

Comment 8

4 months ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/31313cac4517
Status: ASSIGNED → RESOLVED
Last Resolved: 4 months ago
status-firefox64: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla64
(Assignee)

Comment 9

4 months ago
Clearing need-info. Thanks for the backout :andrei_ciure_, this has since been fixed and re-landed.
Flags: needinfo?(sfoster)
Backed out for causing Bug 1498071.

Recent failure log of Bug 1498071 : https://treeherder.mozilla.org/logviewer.html#?job_id=205348891&repo=mozilla-inbound&lineNumber=2718
Status: RESOLVED → REOPENED
status-firefox64: fixed → ---
Flags: needinfo?(sfoster)
Resolution: FIXED → ---
Target Milestone: mozilla64 → ---

Comment 11

4 months ago
Backout by nbeleuzu@mozilla.com:
https://hg.mozilla.org/mozilla-central/rev/b6abd17c078b
Backed out changeset 31313cac4517 for causing Bug1498071. a=backout
Status: REOPENED → ASSIGNED
(Assignee)

Comment 12

4 months ago
Sigh. Another case of Date.now() being intepretted as a potentially-valid credit card number in an input field. Thanks for spotting and backing out. I have an updated patch with this and another similar issue fixed. 

Try push: 
https://treeherder.mozilla.org/#/jobs?repo=try&revision=d7704a8a1afa472b4d144be39a28f933f8cef9bd
Flags: needinfo?(sfoster)
(Assignee)

Comment 13

4 months ago
I've gone through searchfox results for Date.now() looking for cases where it is used as input into a text field - and where that value is expected to be saved for later autofill or session restore. In these cases Date.now() is just being used as a way of getting arbitrary and random-ish characters, so .toString(16) works to accomplish the same goal and not produce a value that looks like a credit card number. 

That try push looks good in the sense that I didn't break any tests. Its hard to know I've got all the new intermittents without a lot more data though.

Comment 14

4 months ago
Pushed by sfoster@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/583d689d630e
Allow 12-19 digit length card numbers. r=MattN

Comment 15

4 months ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/583d689d630e
Status: ASSIGNED → RESOLVED
Last Resolved: 4 months ago4 months ago
status-firefox64: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla64

Comment 16

4 months ago
Verified - Fixed on latest Nightly 65.0a1 (2018-10-24) on Windows 7/10, Ubuntu 16.04. and Mac OS 10.13.
Number validation accepts credit card numbers with the length of 12-19 digits.
Status: RESOLVED → VERIFIED
status-firefox64: fixed → verified
Flags: qe-verify+
You need to log in before you can comment on or make changes to this bug.