/// <summary>
/// Actual code for processing credit card payments.
/// </summary>
/// <param name="Payment">The payment to process.</param>
/// <returns>CCResponse instance with result data.</returns>
protected CCResponse DoRequest(Payment Payment)
{
try
{
string RequestID = string.Empty;
CheckAppAllowed(Payment.Application);
if (IsMissing(Payment.Reference))
{
throw new Exception(EXP_MISSING_MERCHANT);
}
CyberResponse Response = null;
if (Payment.Operation == ServiceOperation.Bill || Payment.Operation == ServiceOperation.Reverse)
{
Response = Data.GetTransactionDetails(Payment);
RequestID = Response.RequestID;
}
else
{
Payment.Card.ValidateFields(CreditCards);
}
Payment.BillTo.ValidateFields();
CheckEmail(Payment.Application, Payment.BillTo);
if (!IsMissing(RequestID))
{
Payment.RequestID = RequestID;
}
ServiceRequest s = new ServiceRequest(Payment);
Payment.Function = s.Function;
if (Response != null)
{
s.CheckAuthErrors(Response);
}
Response = Data.Begin_Transaction(Payment);
string ReceiptNumber = Response.ReceiptNumber;
if (Response.Flag != "New")
{
throw s.Ex("Attempted duplicate transaction.");
}
//Response = s.Send(Response.ID);
CCResponse Result = new CCResponse(Response);
Data.Complete_Transaction(Payment, Result);
Result.ReceiptNumber = ReceiptNumber;
return(Result);
}
catch (Exception e) { return(new CCResponse(e)); }
}
public async Task <CCResponse> ChargeCard(CCRequest request)
{
var response = new CCResponse();
try
{
PayStackApi _payApi = new PayStackApi(_configuration[Constants.PayStackKey]);
decimal price = Convert.ToDecimal(request.Amount);
decimal newAmount = (Convert.ToInt32(price) + 100) * 100;
var req = new CardChargeRequest
{
Amount = newAmount.ToString(),
Card = new Card
{
Number = request.CardNumber,
Cvv = request.cardCvv,
ExpiryMonth = request.cardExpiryMonth,
ExpiryYear = request.cardExpiryYear
},
Email = request.Email,
Reference = DateTime.Now.Ticks.ToString().Substring(0, 10),
Pin = request.pin
};
var payAesponse = _payApi.Charge.ChargeCard(req);
if (!payAesponse.Status)
{
throw new Exception(payAesponse?.Data?.Message);
}
var JsonObj = JsonConvert.SerializeObject(payAesponse);
var resObj = JsonConvert.DeserializeObject <CCResponse>(JsonObj);// Variable to test if Serialized Object Holds Contents
resObj.data.RealAmount = newAmount;
response = resObj;
}
catch (Exception ec)
{
throw ec;
}
return(await Task.FromResult(response));
}
/// <summary>
/// Completes the transaction started by Begin_Insurance_Transaction
/// </summary>
public void Complete_Transaction(Payment Payment, CCResponse Response)
{
try
{
SqlCommand Cmd = GetCommand("PAY_Update_Card_Request");
Response.CopyTo(Cmd);
Cmd.Parameters["@App_Timestamp"].Value = ApplicationInfoStamp;
Cmd.Parameters["@PaymentId"].Value = Payment.PaymentId;
Cmd.ExecuteNonQuery();
if (Payment.Operation == ServiceOperation.Auth || Payment.Operation == ServiceOperation.ReAuth)
{
if (Response.IsReauthCandidate)
{
CardFile.Add(Payment);
}
else if (Response.IsRequestSuccessful)
{
CardFile.Remove(Payment);
}
}
}
catch (Exception e)
{
// Don't throw exceptions from this method. The payment transaction has been
// completed successfully, and we don't want to pass any local problems to the
// application when the payment probably was OK. Just log the exeception.
if (e.GetType().Name == "SqlException" && ((SqlException)e).Number == 50000)
{
// This error indicates that the Application information in the database has
// changed; the local copy must be updated and then the function re-tried.
GetApplications(CardInfo.Applications);
}
else
{
Logger.Log(e);
Logger.Log("The Response that preceeded the previous exception was:\r\n" + Response.ToString() +
"\r\nNote that this exception resulted in an incomplete datalog for the transaction, but wasn't passed to the caller.");
}
}
}
/// <summary>
/// Attempts to re-authorize the payment by the most appropriate method.
/// </summary>
/// <param name="Payment">The payment to re-authorize</param>
protected CCResponse DoAuth(Payment Payment)
{
// Modified by cognizant 2/7/2005 to validate amount in star transaction.
foreach (LineItem I in Payment.LineItems)
{
if (I.Amount < 0)
{
return(new CCResponse(new BusinessRuleException("Amount should be positive")));
}
}
if (Payment.Amount < 0)
{
return(new CCResponse(new BusinessRuleException("Total Amount should be positive")));
}
Payment.BillTo.ValidateFields();
CheckEmail(Payment.Application, Payment.BillTo);
/*
* CSR#3937.Ch1 - START : Modified as part of CSR#3937
* To fix the error, which occurs when we try to process a failed Credit Card transaction again
* Moved the try statement from the line
* if (Card.CCType!=string.Empty && Cards_Reversible.Contains......... to the line
* if (!Data.CheckReAuth(Payment))..........
*/
try
{
//Check if payment is a candidate for reauth, if not just do auth.
if (!Data.CheckReAuth(Payment))
{
return(DoRequest(Payment));
}
CardInfo Card = Payment.Card;
Payment.Card = null;
//Make use of Reverse_Auth where permitted.
if (Card.CCType != string.Empty && Cards_Reversible.Contains(Card.CCType) && ServiceRequest.Permits(ServiceOperation.Reverse, Payment.Application))
{
Payment.Operation = ServiceOperation.Reverse;
CCResponse Response = DoRequest(Payment);
if (Response.IsRequestSuccessful)
{
Payment.Card = Card;
Payment.Operation = ServiceOperation.Auth;
return(DoRequest(Payment));
}
else
{
return(Response);
}
}
else
{
Payment.Card = Card;
Payment.Operation = ServiceOperation.ReAuth;
Payment.LineItems = Reauth_Items;
return(DoRequest(Payment));
}
}
//CSR#3937.Ch1 - END : Handling the failed credit card transactions(resubmission)
catch (Exception e) { return(new CCResponse(e)); }
}
//Security Defect -START - Added the below code to validate the fields in the lineitem
public CCResponse ValidateFields()
{
//Security Defect - Added the below code to trim all the fields
ProductCode = ProductCode.Trim();
ProductName = ProductName.Trim();
ClubCode = ClubCode.Trim();
SubProduct = SubProduct.Trim();
AccountNumber = AccountNumber.Trim();
LastName = LastName.Trim();
FirstName = FirstName.Trim();
SKU = SKU.Trim();
RevenueCode = RevenueCode.Trim();
RevenueType = RevenueType.Trim();
//Security Defect - Added the below code to trim all the fields
CCResponse c = new CCResponse();
if ((ProductCode.Length > 10) || junkValidation(ProductCode))
{
c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "ProductCode";
c.ActualMessage = c.Message;
c.Flag = Config.Setting("ERRCDE_PRODUCTCODE");
Logger.Log(c.Message + c.Flag);
return(c);
}
if ((ProductName.Length > 50) || junkValidation(ProductName))
{
c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "ProductName";
c.ActualMessage = c.Message;
c.Flag = Config.Setting("ERRCDE_PRODUCTNAME");
Logger.Log(c.Message + c.Flag);
return(c);
}
if ((ClubCode.Length > 50) || junkValidation(ClubCode))
{
c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "ClubCode";
c.ActualMessage = c.Message;
c.Flag = Config.Setting("ERRCDE_CLUBCODE");
Logger.Log(c.Message + c.Flag);
return(c);
}
if ((SubProduct.Length > 25) || junkValidation(SubProduct))
{
c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "SubProduct";
c.ActualMessage = c.Message;
c.Flag = Config.Setting("ERRCDE_SUBPRODUCT");
Logger.Log(c.Message + c.Flag);
return(c);
}
if (IsMissing(AccountNumber) || (AccountNumber.Length > 25) || junkValidation(AccountNumber))
{
c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "AccountNumber";
c.ActualMessage = c.Message;
c.Flag = Config.Setting("ERRCDE_ACCOUNTNUMBER");
Logger.Log(c.Message + c.Flag);
return(c);
}
//if (IsMissing(LastName))
//{
// c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "LastName";
// c.ActualMessage = c.Message;
// c.Flag = Config.Setting("ERRCDE_LASTNAME");
// Logger.Log(c.Message + c.Flag);
// return c;
//}
//if (IsMissing(FirstName))
//{
// c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "FirstName";
// c.ActualMessage = c.Message;
// c.Flag = Config.Setting("ERRCDE_FIRSTNAME");
// Logger.Log(c.Message + c.Flag);
// return c;
//}
if ((SKU.Length > 3) || junkValidation(SKU))
{
c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "SKU";
c.ActualMessage = c.Message;
c.Flag = Config.Setting("ERRCDE_SKU");
Logger.Log(c.Message + c.Flag);
return(c);
}
if ((RevenueCode.Length > 10) || junkValidation(RevenueCode))
{
c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "RevenueCode";
c.ActualMessage = c.Message;
c.Flag = Config.Setting("ERRCDE_REVENUECODE");
Logger.Log(c.Message + c.Flag);
return(c);
}
if (IsMissing(RevenueType) || (RevenueType.Length > 20) || junkValidation(RevenueType))
{
c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "RevenueType";
c.ActualMessage = c.Message;
c.Flag = Config.Setting("ERRCDE_REVENUETYPE");
Logger.Log(c.Message + c.Flag);
return(c);
}
if ((Amount < 0) || (Amount > 25000) || junkValidation(Amount.ToString()))
{
c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "Amount";
c.ActualMessage = c.Message;
c.Flag = Config.Setting("ERRCDE_AMOUNT");
Logger.Log(c.Message + c.Flag);
return(c);
}
if ((Tax_Amount < 0) || (Tax_Amount > 25000) || junkValidation(Tax_Amount.ToString()))
{
c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "Tax_Amount";
c.ActualMessage = c.Message;
c.Flag = Config.Setting("ERRCDE_TAXAMOUNT");
Logger.Log(c.Message + c.Flag);
return(c);
}
//if ((LineItemNo > 10) || !CSAAWeb.Validate.IsAllNumeric(LineItemNo.ToString()))
//{
// c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "LineItemNo";
// c.ActualMessage = c.Message;
// c.Flag = Config.Setting("ERRCDE_LINEITEMNO");
// Logger.Log(c.Message + c.Flag);
// return c;
//}
if ((Quantity > 10) || !CSAAWeb.Validate.IsAllNumeric(Quantity.ToString()))
{
c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "Quantity";
c.ActualMessage = c.Message;
c.Flag = Config.Setting("ERRCDE_QUANTITY");
Logger.Log(c.Message + c.Flag);
return(c);
}
else
{
return(null);
}
//Security Defect -END - Added the below code to validate the fields in the lineitem
}
// Public Methods
/// <summary>
/// Ensures that all required fields are present.
/// </summary>
public CCResponse ValidateFields()
{
//Security Defect - Added the below code to trim all the fields
FirstName = FirstName.Trim();
LastName = LastName.Trim();
City = City.Trim();
Zip = Zip.Trim();
Email = Email.Trim();
State = State.Trim();
Address1 = Address1.Trim();
Address2 = Address2.Trim();
Country = Country.Trim();
//Security Defect - Added the below code to trim all the fields
CCResponse c = new CCResponse();
//Security Defects - START - Added the below lines to validate the fields in the BillToInfo
if (IsMissing(FirstName))
{
c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "FirstName";
c.ActualMessage = c.Message;
c.Flag = Config.Setting("ERRCDE_FIRSTNAME");
Logger.Log(c.Message + c.Flag);
return(c);
}
//Security Defects- CH4 -Commented the required field check for lastname since Empty spaces are coming from EXG in this field.
//else if (IsMissing(LastName))
//{
// c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "LastName";
// c.ActualMessage = c.Message;
// c.Flag = Config.Setting("ERRCDE_LASTNAME");
// Logger.Log(c.Message + c.Flag);
// return c;
//}
//Security Defects-CH4 - Commented the required field check for lastname since Empty spaces are coming from EXG in this field.
else if (IsMissing(City) || (City.Length > 25) || junkValidation(City))
{
c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "City";
c.ActualMessage = c.Message;
c.Flag = Config.Setting("ERRCDE_CITY");
Logger.Log(c.Message + c.Flag);
return(c);
}
else if (IsMissing(Zip) || (Zip.Length > 10) || junkValidation(Zip) || !CSAAWeb.Validate.IsValidZip(Zip))
{
c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "Zip";
c.ActualMessage = c.Message;
c.Flag = Config.Setting("ERRCDE_CITY");
Logger.Log(c.Message + c.Flag);
return(c);
}
else if ((Email.Length > 90) || (Email != "" && !CSAAWeb.Validate.IsValidEmailAddress(Email)))
{
c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "Email";
c.ActualMessage = c.Message;
c.Flag = Config.Setting("ERRCDE_EMAIL");
Logger.Log(c.Message + c.Flag);
return(c);
}
else if (IsMissing(State) || (State.Length > 2) || junkValidation(State))
{
c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "State";
c.ActualMessage = c.Message;
c.Flag = Config.Setting("ERRCDE_STATE");
Logger.Log(c.Message + c.Flag);
return(c);
}
//Security defects -Ch3-Removed junk validation in BillToInfo field
else if (IsMissing(Address1) || (Address1.Length > 40))
{
c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "Address1";
c.Flag = Config.Setting("ERRCDE_ADDRESS1");
c.ActualMessage = c.Message;
Logger.Log(c.Message + c.Flag);
return(c);
}
//Security defects -Ch3-Removed junk validation in BillToInfo field
else if ((Address2.Length > 40))
{
c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "Address2";
c.ActualMessage = c.Message;
c.Flag = Config.Setting("ERRCDE_ADDRESS2");
return(c);
}
else if ((Country.Length > 2) || junkValidation(Country))
{
c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "Country";
c.ActualMessage = c.Message;
c.Flag = Config.Setting("ERRCDE_COUNTRY");
return(c);
}
//Security Defects -CH1 - END- Added the below lines to validate the fields in the BillToInfo
/*Security Defects - CH2 - sTART - Commented the below code
* else if (IsMissing(FirstName) || IsMissing(LastName))
* {
* Logger.Log("Field missing, FirstName=" + FirstName + ", LastName=" + LastName);
* return null;
* throw new BusinessRuleException(EXP_MISSING_CONTACT);
* }
*
* // CSAA.COM CH1:START- Removed Address1 from required field check .
* // if (IsMissing(Address1) || IsMissing(City) || IsMissing(State) || IsMissing(Zip))
* else if ( IsMissing(City) || IsMissing(State) || IsMissing(Zip))
* {
* //Logger.Log("Field missing, Address1=" + Address1 + ", City=" + City + ", State=" + State + ", Zip=" + Zip);
* Logger.Log("Field missing, City=" + City + ", State=" + State + ", Zip=" + Zip);
* return null;
*
* throw new BusinessRuleException(EXP_MISSING_ADDRESS);
* }
* // CSAA.COM CH1:END-//Security Defects - CH2 - Commented the below code */
else if (IsMissing(Country))
{
_Country = Default_Country;
return(null);
}
else if (IsMissing(Currency))
{
_Currency = Default_Currency;
return(null);
}
else
{
return(null);
}
}
// Public Methods
/// <summary>
/// Ensures that all required fields are present.
/// </summary>
public CCResponse ValidateFields()
{
//Security Defect - Added the below code to trim all the fields
CCNumber = CCNumber.Trim();
CCExpMonth = CCExpMonth.Trim();
CCExpYear = CCExpYear.Trim();
CCType = CCType.Trim();
CCCVNumber = CCCVNumber.Trim();
//Security Defect - Added the below code to trim all the fields
CCResponse c = new CCResponse();
//Security Defects- START - Added the below code to perform valdiations on card field.
if (IsMissing(CCNumber) || (CCNumber.Length != 16) || !CSAAWeb.Validate.IsAllNumeric(CCNumber))
{
c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "CCNumber";
c.ActualMessage = c.Message;
c.Flag = Config.Setting("ERRCDE_CCNUMBER");
Logger.Log(c.Message + c.Flag);
return(c);
}
if (IsMissing(CCExpMonth) || (CCExpMonth.Length > 2) || !CSAAWeb.Validate.IsAllNumeric(CCExpMonth) || (System.Convert.ToInt16(CCExpMonth) > 12) || (System.Convert.ToInt16(CCExpMonth) < 1) || ((System.Convert.ToInt16(CCExpYear) == System.DateTime.Now.Year) && (System.Convert.ToInt16(CCExpMonth) < System.DateTime.Now.Month)))
{
c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "CCExpMonth";
c.ActualMessage = c.Message;
c.Flag = Config.Setting("ERRCDE_CCEXPMONTH");
Logger.Log(c.Message + c.Flag);
return(c);
}
if (IsMissing(CCExpYear) || (CCExpYear.Length != 4) || !CSAAWeb.Validate.IsAllNumeric(CCExpYear) || System.Convert.ToInt16(CCExpYear) < System.DateTime.Now.Year)
{
c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "CCExpYear";
c.ActualMessage = c.Message;
c.Flag = Config.Setting("ERRCDE_CCEXPYEAR");
Logger.Log(c.Message + c.Flag);
return(c);
}
if (IsMissing(CCType) || (CCType.Length != 1) || !CSAAWeb.Validate.IsAllNumeric(CCType))
{
c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "CCType";
c.ActualMessage = c.Message;
c.Flag = Config.Setting("ERRCDE_CCTYPE");
Logger.Log(c.Message + c.Flag);
return(c);
}
if (!IsMissing(CCCVNumber))
{
if ((CCCVNumber.Length > 4) || !CSAAWeb.Validate.IsAllNumeric(CCCVNumber))
{
c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "CCVNumber";
c.ActualMessage = c.Message;
c.Flag = Config.Setting("ERRCDE_CCVNUMBER");
Logger.Log(c.Message + c.Flag);
return(c);
}
}
//Security Defects- END - Added the below code to perform valdiations on card field.
/*Security Defect - CH2 -START - Commented the below code lines
* if ((IsMissing(CCNumber)) || (IsMissing(CCExpMonth)) || (IsMissing(CCExpYear)))
* {
* //STAR Retrofit II.Ch2: START - Modified the code below so that Credit card number will not be logged into the log.
* //Logger.Log("CC fields missing, CCNumber=" + CCNumber + ", CCExpMonth=" + CCExpMonth + ", CCExpYear=" + CCExpYear);
* string strCCNumber = IsMissing(CCNumber)?"" : "****";
* Logger.Log("CC fields missing, CCNumber=" + strCCNumber + ", CCExpMonth=" + CCExpMonth + ", CCExpYear=" + CCExpYear);
* //STAR Retrofit II.Ch2: END
* if (IsMissing(CCNumber))
* Logger.Log(Applications.ToString());
* //Security Defect - CH1 - Commented the below line
* //throw new BusinessRuleException(EXP_MISSING_CC);
* }
* else if (!IgnoreCCCV && IsMissing(CCCVNumber))
* {
* Logger.Log("CC_CV missing");
* //Security Defect - CH2- Commented the below line
* //throw new BusinessRuleException(EXP_MISSING_CC);
* }
* else
* {
* // additional validation for credit card done Modified by Cognizant
* if ((System.Convert.ToInt16(CCExpMonth) > 12) || (System.Convert.ToInt16(CCExpMonth) < 1))
* {
* Logger.Log("bad CC info, CCExpMonth=" + CCExpMonth );
* //Security Defect - CH3 - Commented the below line
* //throw new BusinessRuleException("Invalid month: " + CCExpMonth);
* }
* // if ((System.Convert.ToInt16(CCExpYear) > 3000) || (System.Convert.ToInt16(CCExpYear) < 2000))
* // {
* // Logger.Log("bad CC info, CCExpYear=" + CCExpYear);
* // throw new BusinessRuleException("Invalid year: " + CCExpYear);
* // }
*
* if ((System.Convert.ToInt16(CCExpYear) < System.DateTime.Now.Year) || (System.Convert.ToInt16(CCExpYear) > 3000))
* {
* Logger.Log("bad CC info, CCExpYear=" + CCExpYear);
* //Security Defect -CH4- Commented the below line
* //throw new BusinessRuleException("Invalid year: " + CCExpYear);
* }
* if ((System.Convert.ToInt16(CCExpYear) == System.DateTime.Now.Year))
* {
* if ((System.Convert.ToInt16(CCExpMonth) < System.DateTime.Now.Month))
* {
* DateTime dt = new DateTime(1990,Convert.ToInt16(CCExpMonth),01);
* Logger.Log("bad CC info, CCExpMonth=" + CCExpMonth);
* //Security Defect -CH5- Commented the below line
* //throw new BusinessRuleException("Invalid Month: " + dt.ToString("MMMM"));
* }
* }
*
* }
* //STAR Retrofit II.Ch1: START - Added code to invoke the check digit algorithm in Cryptor.cs for validating credit card number.
* //Security Defect -CH6- Commented the below line
* //if(!CSAAWeb.Validate.IsValidCreditCard(CCNumber))
* // throw new BusinessRuleException("Invalid Card Number");
*/
//MAIG - CH1 - BEGIN - Modified the Credit Card validation method that works for all Credit Card types 11/17/2014
string ChkDigit = Cryptor.CreditCardCheckDigit(CCNumber);
//MAIG - CH1 - END - Modified the Credit Card validation method that works for all Credit Card types 11/17/2014
bool vldCCNumber = ((ChkDigit == "0")?true:false);
if (!vldCCNumber)
{
//STAR Retrofit II.Ch2: START - Modified the code below so that Credit card number will not be logged into the log.
//Logger.Log("Invalid Card Number: " + CCNumber);
Logger.Log("Invalid Card Number: ****");
//STAR Retrofit II.Ch2: END
//Security Defect -CH1 - Modified the below message
//throw new BusinessRuleException(CSAAWeb.Constants.ERR_AUTHVALIDATION + "CCNumber" + CSAAWeb.Constants.ERR_CODE + Config.Setting("ERRCDE_CCNUMBER"));
c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "CCNumber";
c.ActualMessage = c.Message;
c.Flag = Config.Setting("ERRCDE_CCNUMBER");
return(c);
}
else
{
return(null);
}
//STAR Retrofit II.Ch1: END
}
//echeck ends
/// <summary>
/// Ensures that all required fields are present.
/// </summary>
public CCResponse ValidateFields()
{
BankId = BankId.Trim();
BankAcntNo = BankAcntNo.Trim();
BankAcntType = BankAcntType.Trim();
Application = Application.Trim();
CustomerName = CustomerName.Trim();
//Security Defect - START - Added the below code to validate the Echeck field.
CCResponse c = new CCResponse();
if (IsMissing(BankId) || (BankId.Length != 9) || !CSAAWeb.Validate.IsAllNumeric(BankId.Trim()) || (BankId.Substring(8, 1) != RoutingNumberCheckDigit(BankId.Substring(0, 8))))
{
c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "BankId";
c.ActualMessage = c.Message;
c.Flag = Config.Setting("ERRCDE_BANKID");
Logger.Log(c.Message + c.Flag);
return(c);
}
if (IsMissing(BankAcntNo) || (BankAcntNo.Length > 17) || (BankAcntNo.Length < 4) || !CSAAWeb.Validate.IsAllNumeric(BankAcntNo.Trim()))
{
c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "BankAcntNo";
c.ActualMessage = c.Message;
c.Flag = Config.Setting("ERRCDE_BANKACNTNO");
Logger.Log(c.Message + c.Flag);
return(c);
}
if (IsMissing(BankAcntType) || (BankAcntType.Length != 1) || !CSAAWeb.Validate.IsAllChars(BankAcntType.Trim()))
{
c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "BankAcntType";
c.ActualMessage = c.Message;
c.Flag = Config.Setting("ERRCDE_BANKACNTYPE");
Logger.Log(c.Message + c.Flag);
return(c);
}
if (IsMissing(Application) || (Application.Length > 25) || !CSAAWeb.Validate.IsAllChars(Application.Trim()))
{
c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "Application";
c.ActualMessage = c.Message;
c.Flag = Config.Setting("ERRCDE_APPLICATION");
Logger.Log(c.Message + c.Flag);
return(c);
}
//Security defect - Removed the length validation and junk character validation in Customer name
if (IsMissing(CustomerName))
{
//throw new BusinessRuleException(CSAAWeb.Constants.ERR_AUTHVALIDATION + "CustomerName" + CSAAWeb.Constants.ERR_CODE + Config.Setting("ERRCDE_CUSTOMERNAME"));
c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "CustomerName";
c.ActualMessage = c.Message;
c.Flag = Config.Setting("ERRCDE_CUSTOMERNAME");
Logger.Log(c.Message + c.Flag);
return(c);
}
else
{
return(null);
}
//Security Defect - END - Added the below code to validate the Echeck field.
//CSAA.com CH1 defect 76:Start Modified the if condition to check the E-check customer name mandatory field by cognizant on 10/24/2011.
/*
* if ((IsMissing(BankId)) || (IsMissing(BankAcntNo)) || (IsMissing(CustomerName)))
* {
* // Modified the code below so that echeck number will not be logged into the log.
* Logger.Log("eCheck details missing: Routing Number=" + BankId + ", Bank Account Number=" + signature);
* if (IsMissing(BankAcntNo))
* {
* //Logger.Log(Applications.ToString());
* Logger.Log("BankAcntNo is missing");
* //throw new BusinessRuleException(EXP_MISSING_ACNo);
* }
* else if (IsMissing(BankId))
* {
* Logger.Log("Bank ID missing");
* //throw new BusinessRuleException(EXP_MISSING_BankID);
* }
* else if (IsMissing(CustomerName))
* {
* Logger.Log("Customer name is missing");
* //throw new BusinessRuleException(EXP_MISSING_CUST_NAME);
*
* }
* }
* //CSAA.com CH1 defect 76:End Modified the if condition to check the E-check customer name mandatory field by cognizant on 10/24/2011.
* // START - HO6.Ch3
* // Added length validations for Bank Account Number
* if (BankAcntNo.Trim().Length < 4 || BankAcntNo.Trim().Length > 17)
* {
* Logger.Log(EXP_INVALID_LENGTH_ACNo);
* //throw new BusinessRuleException(EXP_INVALID_LENGTH_ACNo);
* }
*
* // Added validations to check if Bank Account Number is all numeric
* if (!CSAAWeb.Validate.IsAllNumeric(BankAcntNo.Trim()))
* {
* Logger.Log(EXP_NON_NUMERIC_ACNo);
* // throw new BusinessRuleException(EXP_NON_NUMERIC_ACNo);
* }
*
* // Added validations to check if Bank Routing Number is all numeric
* if (!CSAAWeb.Validate.IsAllNumeric(BankId.Trim()))
* {
* Logger.Log(EXP_NON_NUMERIC_BankID);
* //throw new BusinessRuleException(EXP_NON_NUMERIC_BankID);
* }
* // END - HO6.Ch3
*
* // Check digit validation for Routing Number
* if (BankId.Length == 9)
* {
* if (BankId.Substring(8, 1) != RoutingNumberCheckDigit(BankId.Substring(0, 8)))
* {
* Logger.Log("Check digit for Routing Number is invalid");
* //throw new BusinessRuleException(EXP_INVALID_CHECKDIGIT_BankID);
* }
* }
* else
* {
* // Validation message to log and respond if Routing number is not exactly 9 digits
* Logger.Log("eCheck details invalid: Routing Number is " + Convert.ToString(BankId.Length) + " in length.");
* //throw new BusinessRuleException(EXP_INVALID_LENGTH_BankID);
* }
* //HO6.Ch2:Modified by cognizant to check whether all zeros are present in routing number and through the error message on 06-30-2010.
* if (IsAllZeros(BankId))
* {
* Logger.Log("eCheck details invalid: Routing Number is " + Convert.ToString(BankId) + " in valid.");
* //throw new BusinessRuleException(EXP_INVALID_BankID);
* }* */
}
