Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-6920

Credit card details cannot be updated

    Details

      Description

      It seems after OFBIZ-3956, credit card details can no longer be updated, for example, if one wishes to update the expiry date of a credit card
      results in following "The Following Errors Occurred: Card Number is erroneous".

      This issue can be replicated here - https://demo-trunk-ofbiz.apache.org/partymgr/control/editcreditcard?paymentMethodId=9015&partyId=DemoCustomer

        Issue Links

          Activity

          Hide
          jacques.le.roux Jacques Le Roux added a comment -

          Thanks Vyom,

          I will have a look...

          Show
          jacques.le.roux Jacques Le Roux added a comment - Thanks Vyom, I will have a look...
          Hide
          jacques.le.roux Jacques Le Roux added a comment -

          OK I had a look. The problem is we are calling createCreditCard map proc from updateCreditCard service after calling updateCreditCard map proc. And when we update the data we don't see the real card number but something like "************1111"

          Since we don't want to change createCreditCard map proc and I see no simple way to detect if we should or not use isAnyCard call in createCreditCard map proc depending on where it's called (creating or updating) I will simply copy the needed check from createCreditCard map proc into updateCreditCard map proc but not the isAnyCard call of course. Then it will work but if the user changes also the card number. If she does it will need to be right because it will not be checked! I can't see any other ways because we can't use a hidden field with the real card number in, it would be insecure. We could thouhg introduce a specific encryption/decryption but it seems a bit too much.

          If somebody has a better idea please tell, before I commit the change I propose...

          Show
          jacques.le.roux Jacques Le Roux added a comment - OK I had a look. The problem is we are calling createCreditCard map proc from updateCreditCard service after calling updateCreditCard map proc. And when we update the data we don't see the real card number but something like "************1111" Since we don't want to change createCreditCard map proc and I see no simple way to detect if we should or not use isAnyCard call in createCreditCard map proc depending on where it's called (creating or updating) I will simply copy the needed check from createCreditCard map proc into updateCreditCard map proc but not the isAnyCard call of course. Then it will work but if the user changes also the card number. If she does it will need to be right because it will not be checked! I can't see any other ways because we can't use a hidden field with the real card number in, it would be insecure. We could thouhg introduce a specific encryption/decryption but it seems a bit too much. If somebody has a better idea please tell, before I commit the change I propose...
          Hide
          jacques.le.roux Jacques Le Roux added a comment -

          Thanks for the report Vyom,

          I fixed in
          trunk r1735385
          R15.12 r1735387
          R14.12 r1735388
          R13.07 r1735389
          R12.04 r1735390

          To complete what I said above, the only reason of changing a card number while this card is still valid would be because the number have been wrongly entered. Then better to delete and create a new one, those data are a "bit" sensible...

          Show
          jacques.le.roux Jacques Le Roux added a comment - Thanks for the report Vyom, I fixed in trunk r1735385 R15.12 r1735387 R14.12 r1735388 R13.07 r1735389 R12.04 r1735390 To complete what I said above, the only reason of changing a card number while this card is still valid would be because the number have been wrongly entered. Then better to delete and create a new one, those data are a "bit" sensible...

            People

            • Assignee:
              jacques.le.roux Jacques Le Roux
              Reporter:
              vyom0213@gmail.com Vyom Jain
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development