Closed Bug 1485105 Opened 7 years ago Closed 7 years ago

Update credit card number validation

Categories

(Toolkit :: Form Autofill, enhancement, P1)

enhancement

Tracking

()

VERIFIED FIXED
mozilla64
Tracking Status
firefox64 --- verified

People

(Reporter: sfoster, Assigned: sfoster)

References

Details

(Whiteboard: [webpayments])

Attachments

(1 file)

The valid range of credit card number (PAN) digit lengths varies from card network to network. For simplicity's sake, we should accept anything from 12-19 While most numbers are still 16 digits, Mastercard and others are now issuing 19 digit PANs, Maestro numbers can be anywhere from 12 to 19 digits long.
Priority: -- → P3
Whiteboard: [webpayments-reserve] [triage]
Priority: P3 → --
Whiteboard: [webpayments-reserve] [triage] → [webpayments] [triage]
Flags: qe-verify+
Priority: -- → P3
QA Contact: hani.yacoub
Whiteboard: [webpayments] [triage] → [webpayments-reserve]
Priority: P3 → P2
Whiteboard: [webpayments-reserve] → [webpayments]
I pushed a change to try to flush out any non-obvious (test) ramifications to the proposed change: https://treeherder.mozilla.org/#/jobs?repo=try&revision=df47bd264f8c5e4fa4285d621a593672f5334a23 tldr; unless I missed an important test suite, the xpcshell tests for CreditCard.jsm seem to be the only place we have test coverage for what digit lengths are considered valid.
Assignee: nobody → sfoster
Status: NEW → ASSIGNED
Priority: P2 → P1
(In reply to Sam Foster [:sfoster] from comment #2) > I pushed a change to try to flush out any non-obvious (test) ramifications > to the proposed change: > https://treeherder.mozilla.org/#/ > jobs?repo=try&revision=df47bd264f8c5e4fa4285d621a593672f5334a23 > > tldr; unless I missed an important test suite, the xpcshell tests for > CreditCard.jsm seem to be the only place we have test coverage for what > digit lengths are considered valid. New patch, new push: https://treeherder.mozilla.org/#/jobs?repo=try&revision=daa80405bd827c8bde86a7cc1ebb39295ca102b7&selectedJob=204605883
Pushed by sfoster@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/e702628b7c51 Allow 12-19 digit length card numbers. r=MattN
Pushed by sfoster@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/31313cac4517 Allow 12-19 digit length card numbers. r=MattN
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla64
Clearing need-info. Thanks for the backout :andrei_ciure_, this has since been fixed and re-landed.
Flags: needinfo?(sfoster)
Status: RESOLVED → REOPENED
Flags: needinfo?(sfoster)
Resolution: FIXED → ---
Target Milestone: mozilla64 → ---
Backout by nbeleuzu@mozilla.com: https://hg.mozilla.org/mozilla-central/rev/b6abd17c078b Backed out changeset 31313cac4517 for causing Bug1498071. a=backout
Status: REOPENED → ASSIGNED
Sigh. Another case of Date.now() being intepretted as a potentially-valid credit card number in an input field. Thanks for spotting and backing out. I have an updated patch with this and another similar issue fixed. Try push: https://treeherder.mozilla.org/#/jobs?repo=try&revision=d7704a8a1afa472b4d144be39a28f933f8cef9bd
Flags: needinfo?(sfoster)
I've gone through searchfox results for Date.now() looking for cases where it is used as input into a text field - and where that value is expected to be saved for later autofill or session restore. In these cases Date.now() is just being used as a way of getting arbitrary and random-ish characters, so .toString(16) works to accomplish the same goal and not produce a value that looks like a credit card number. That try push looks good in the sense that I didn't break any tests. Its hard to know I've got all the new intermittents without a lot more data though.
Pushed by sfoster@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/583d689d630e Allow 12-19 digit length card numbers. r=MattN
Status: ASSIGNED → RESOLVED
Closed: 7 years ago7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla64
Verified - Fixed on latest Nightly 65.0a1 (2018-10-24) on Windows 7/10, Ubuntu 16.04. and Mac OS 10.13. Number validation accepts credit card numbers with the length of 12-19 digits.
Status: RESOLVED → VERIFIED
Flags: qe-verify+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: