/// <summary> /// Actual code for processing credit card payments. /// </summary> /// <param name="Payment">The payment to process.</param> /// <returns>CCResponse instance with result data.</returns> protected CCResponse DoRequest(Payment Payment) { try { string RequestID = string.Empty; CheckAppAllowed(Payment.Application); if (IsMissing(Payment.Reference)) { throw new Exception(EXP_MISSING_MERCHANT); } CyberResponse Response = null; if (Payment.Operation == ServiceOperation.Bill || Payment.Operation == ServiceOperation.Reverse) { Response = Data.GetTransactionDetails(Payment); RequestID = Response.RequestID; } else { Payment.Card.ValidateFields(CreditCards); } Payment.BillTo.ValidateFields(); CheckEmail(Payment.Application, Payment.BillTo); if (!IsMissing(RequestID)) { Payment.RequestID = RequestID; } ServiceRequest s = new ServiceRequest(Payment); Payment.Function = s.Function; if (Response != null) { s.CheckAuthErrors(Response); } Response = Data.Begin_Transaction(Payment); string ReceiptNumber = Response.ReceiptNumber; if (Response.Flag != "New") { throw s.Ex("Attempted duplicate transaction."); } //Response = s.Send(Response.ID); CCResponse Result = new CCResponse(Response); Data.Complete_Transaction(Payment, Result); Result.ReceiptNumber = ReceiptNumber; return(Result); } catch (Exception e) { return(new CCResponse(e)); } }
public async Task <CCResponse> ChargeCard(CCRequest request) { var response = new CCResponse(); try { PayStackApi _payApi = new PayStackApi(_configuration[Constants.PayStackKey]); decimal price = Convert.ToDecimal(request.Amount); decimal newAmount = (Convert.ToInt32(price) + 100) * 100; var req = new CardChargeRequest { Amount = newAmount.ToString(), Card = new Card { Number = request.CardNumber, Cvv = request.cardCvv, ExpiryMonth = request.cardExpiryMonth, ExpiryYear = request.cardExpiryYear }, Email = request.Email, Reference = DateTime.Now.Ticks.ToString().Substring(0, 10), Pin = request.pin }; var payAesponse = _payApi.Charge.ChargeCard(req); if (!payAesponse.Status) { throw new Exception(payAesponse?.Data?.Message); } var JsonObj = JsonConvert.SerializeObject(payAesponse); var resObj = JsonConvert.DeserializeObject <CCResponse>(JsonObj);// Variable to test if Serialized Object Holds Contents resObj.data.RealAmount = newAmount; response = resObj; } catch (Exception ec) { throw ec; } return(await Task.FromResult(response)); }
/// <summary> /// Completes the transaction started by Begin_Insurance_Transaction /// </summary> public void Complete_Transaction(Payment Payment, CCResponse Response) { try { SqlCommand Cmd = GetCommand("PAY_Update_Card_Request"); Response.CopyTo(Cmd); Cmd.Parameters["@App_Timestamp"].Value = ApplicationInfoStamp; Cmd.Parameters["@PaymentId"].Value = Payment.PaymentId; Cmd.ExecuteNonQuery(); if (Payment.Operation == ServiceOperation.Auth || Payment.Operation == ServiceOperation.ReAuth) { if (Response.IsReauthCandidate) { CardFile.Add(Payment); } else if (Response.IsRequestSuccessful) { CardFile.Remove(Payment); } } } catch (Exception e) { // Don't throw exceptions from this method. The payment transaction has been // completed successfully, and we don't want to pass any local problems to the // application when the payment probably was OK. Just log the exeception. if (e.GetType().Name == "SqlException" && ((SqlException)e).Number == 50000) { // This error indicates that the Application information in the database has // changed; the local copy must be updated and then the function re-tried. GetApplications(CardInfo.Applications); } else { Logger.Log(e); Logger.Log("The Response that preceeded the previous exception was:\r\n" + Response.ToString() + "\r\nNote that this exception resulted in an incomplete datalog for the transaction, but wasn't passed to the caller."); } } }
/// <summary> /// Attempts to re-authorize the payment by the most appropriate method. /// </summary> /// <param name="Payment">The payment to re-authorize</param> protected CCResponse DoAuth(Payment Payment) { // Modified by cognizant 2/7/2005 to validate amount in star transaction. foreach (LineItem I in Payment.LineItems) { if (I.Amount < 0) { return(new CCResponse(new BusinessRuleException("Amount should be positive"))); } } if (Payment.Amount < 0) { return(new CCResponse(new BusinessRuleException("Total Amount should be positive"))); } Payment.BillTo.ValidateFields(); CheckEmail(Payment.Application, Payment.BillTo); /* * CSR#3937.Ch1 - START : Modified as part of CSR#3937 * To fix the error, which occurs when we try to process a failed Credit Card transaction again * Moved the try statement from the line * if (Card.CCType!=string.Empty && Cards_Reversible.Contains......... to the line * if (!Data.CheckReAuth(Payment)).......... */ try { //Check if payment is a candidate for reauth, if not just do auth. if (!Data.CheckReAuth(Payment)) { return(DoRequest(Payment)); } CardInfo Card = Payment.Card; Payment.Card = null; //Make use of Reverse_Auth where permitted. if (Card.CCType != string.Empty && Cards_Reversible.Contains(Card.CCType) && ServiceRequest.Permits(ServiceOperation.Reverse, Payment.Application)) { Payment.Operation = ServiceOperation.Reverse; CCResponse Response = DoRequest(Payment); if (Response.IsRequestSuccessful) { Payment.Card = Card; Payment.Operation = ServiceOperation.Auth; return(DoRequest(Payment)); } else { return(Response); } } else { Payment.Card = Card; Payment.Operation = ServiceOperation.ReAuth; Payment.LineItems = Reauth_Items; return(DoRequest(Payment)); } } //CSR#3937.Ch1 - END : Handling the failed credit card transactions(resubmission) catch (Exception e) { return(new CCResponse(e)); } }
//Security Defect -START - Added the below code to validate the fields in the lineitem public CCResponse ValidateFields() { //Security Defect - Added the below code to trim all the fields ProductCode = ProductCode.Trim(); ProductName = ProductName.Trim(); ClubCode = ClubCode.Trim(); SubProduct = SubProduct.Trim(); AccountNumber = AccountNumber.Trim(); LastName = LastName.Trim(); FirstName = FirstName.Trim(); SKU = SKU.Trim(); RevenueCode = RevenueCode.Trim(); RevenueType = RevenueType.Trim(); //Security Defect - Added the below code to trim all the fields CCResponse c = new CCResponse(); if ((ProductCode.Length > 10) || junkValidation(ProductCode)) { c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "ProductCode"; c.ActualMessage = c.Message; c.Flag = Config.Setting("ERRCDE_PRODUCTCODE"); Logger.Log(c.Message + c.Flag); return(c); } if ((ProductName.Length > 50) || junkValidation(ProductName)) { c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "ProductName"; c.ActualMessage = c.Message; c.Flag = Config.Setting("ERRCDE_PRODUCTNAME"); Logger.Log(c.Message + c.Flag); return(c); } if ((ClubCode.Length > 50) || junkValidation(ClubCode)) { c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "ClubCode"; c.ActualMessage = c.Message; c.Flag = Config.Setting("ERRCDE_CLUBCODE"); Logger.Log(c.Message + c.Flag); return(c); } if ((SubProduct.Length > 25) || junkValidation(SubProduct)) { c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "SubProduct"; c.ActualMessage = c.Message; c.Flag = Config.Setting("ERRCDE_SUBPRODUCT"); Logger.Log(c.Message + c.Flag); return(c); } if (IsMissing(AccountNumber) || (AccountNumber.Length > 25) || junkValidation(AccountNumber)) { c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "AccountNumber"; c.ActualMessage = c.Message; c.Flag = Config.Setting("ERRCDE_ACCOUNTNUMBER"); Logger.Log(c.Message + c.Flag); return(c); } //if (IsMissing(LastName)) //{ // c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "LastName"; // c.ActualMessage = c.Message; // c.Flag = Config.Setting("ERRCDE_LASTNAME"); // Logger.Log(c.Message + c.Flag); // return c; //} //if (IsMissing(FirstName)) //{ // c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "FirstName"; // c.ActualMessage = c.Message; // c.Flag = Config.Setting("ERRCDE_FIRSTNAME"); // Logger.Log(c.Message + c.Flag); // return c; //} if ((SKU.Length > 3) || junkValidation(SKU)) { c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "SKU"; c.ActualMessage = c.Message; c.Flag = Config.Setting("ERRCDE_SKU"); Logger.Log(c.Message + c.Flag); return(c); } if ((RevenueCode.Length > 10) || junkValidation(RevenueCode)) { c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "RevenueCode"; c.ActualMessage = c.Message; c.Flag = Config.Setting("ERRCDE_REVENUECODE"); Logger.Log(c.Message + c.Flag); return(c); } if (IsMissing(RevenueType) || (RevenueType.Length > 20) || junkValidation(RevenueType)) { c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "RevenueType"; c.ActualMessage = c.Message; c.Flag = Config.Setting("ERRCDE_REVENUETYPE"); Logger.Log(c.Message + c.Flag); return(c); } if ((Amount < 0) || (Amount > 25000) || junkValidation(Amount.ToString())) { c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "Amount"; c.ActualMessage = c.Message; c.Flag = Config.Setting("ERRCDE_AMOUNT"); Logger.Log(c.Message + c.Flag); return(c); } if ((Tax_Amount < 0) || (Tax_Amount > 25000) || junkValidation(Tax_Amount.ToString())) { c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "Tax_Amount"; c.ActualMessage = c.Message; c.Flag = Config.Setting("ERRCDE_TAXAMOUNT"); Logger.Log(c.Message + c.Flag); return(c); } //if ((LineItemNo > 10) || !CSAAWeb.Validate.IsAllNumeric(LineItemNo.ToString())) //{ // c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "LineItemNo"; // c.ActualMessage = c.Message; // c.Flag = Config.Setting("ERRCDE_LINEITEMNO"); // Logger.Log(c.Message + c.Flag); // return c; //} if ((Quantity > 10) || !CSAAWeb.Validate.IsAllNumeric(Quantity.ToString())) { c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "Quantity"; c.ActualMessage = c.Message; c.Flag = Config.Setting("ERRCDE_QUANTITY"); Logger.Log(c.Message + c.Flag); return(c); } else { return(null); } //Security Defect -END - Added the below code to validate the fields in the lineitem }
// Public Methods /// <summary> /// Ensures that all required fields are present. /// </summary> public CCResponse ValidateFields() { //Security Defect - Added the below code to trim all the fields FirstName = FirstName.Trim(); LastName = LastName.Trim(); City = City.Trim(); Zip = Zip.Trim(); Email = Email.Trim(); State = State.Trim(); Address1 = Address1.Trim(); Address2 = Address2.Trim(); Country = Country.Trim(); //Security Defect - Added the below code to trim all the fields CCResponse c = new CCResponse(); //Security Defects - START - Added the below lines to validate the fields in the BillToInfo if (IsMissing(FirstName)) { c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "FirstName"; c.ActualMessage = c.Message; c.Flag = Config.Setting("ERRCDE_FIRSTNAME"); Logger.Log(c.Message + c.Flag); return(c); } //Security Defects- CH4 -Commented the required field check for lastname since Empty spaces are coming from EXG in this field. //else if (IsMissing(LastName)) //{ // c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "LastName"; // c.ActualMessage = c.Message; // c.Flag = Config.Setting("ERRCDE_LASTNAME"); // Logger.Log(c.Message + c.Flag); // return c; //} //Security Defects-CH4 - Commented the required field check for lastname since Empty spaces are coming from EXG in this field. else if (IsMissing(City) || (City.Length > 25) || junkValidation(City)) { c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "City"; c.ActualMessage = c.Message; c.Flag = Config.Setting("ERRCDE_CITY"); Logger.Log(c.Message + c.Flag); return(c); } else if (IsMissing(Zip) || (Zip.Length > 10) || junkValidation(Zip) || !CSAAWeb.Validate.IsValidZip(Zip)) { c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "Zip"; c.ActualMessage = c.Message; c.Flag = Config.Setting("ERRCDE_CITY"); Logger.Log(c.Message + c.Flag); return(c); } else if ((Email.Length > 90) || (Email != "" && !CSAAWeb.Validate.IsValidEmailAddress(Email))) { c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "Email"; c.ActualMessage = c.Message; c.Flag = Config.Setting("ERRCDE_EMAIL"); Logger.Log(c.Message + c.Flag); return(c); } else if (IsMissing(State) || (State.Length > 2) || junkValidation(State)) { c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "State"; c.ActualMessage = c.Message; c.Flag = Config.Setting("ERRCDE_STATE"); Logger.Log(c.Message + c.Flag); return(c); } //Security defects -Ch3-Removed junk validation in BillToInfo field else if (IsMissing(Address1) || (Address1.Length > 40)) { c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "Address1"; c.Flag = Config.Setting("ERRCDE_ADDRESS1"); c.ActualMessage = c.Message; Logger.Log(c.Message + c.Flag); return(c); } //Security defects -Ch3-Removed junk validation in BillToInfo field else if ((Address2.Length > 40)) { c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "Address2"; c.ActualMessage = c.Message; c.Flag = Config.Setting("ERRCDE_ADDRESS2"); return(c); } else if ((Country.Length > 2) || junkValidation(Country)) { c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "Country"; c.ActualMessage = c.Message; c.Flag = Config.Setting("ERRCDE_COUNTRY"); return(c); } //Security Defects -CH1 - END- Added the below lines to validate the fields in the BillToInfo /*Security Defects - CH2 - sTART - Commented the below code * else if (IsMissing(FirstName) || IsMissing(LastName)) * { * Logger.Log("Field missing, FirstName=" + FirstName + ", LastName=" + LastName); * return null; * throw new BusinessRuleException(EXP_MISSING_CONTACT); * } * * // CSAA.COM CH1:START- Removed Address1 from required field check . * // if (IsMissing(Address1) || IsMissing(City) || IsMissing(State) || IsMissing(Zip)) * else if ( IsMissing(City) || IsMissing(State) || IsMissing(Zip)) * { * //Logger.Log("Field missing, Address1=" + Address1 + ", City=" + City + ", State=" + State + ", Zip=" + Zip); * Logger.Log("Field missing, City=" + City + ", State=" + State + ", Zip=" + Zip); * return null; * * throw new BusinessRuleException(EXP_MISSING_ADDRESS); * } * // CSAA.COM CH1:END-//Security Defects - CH2 - Commented the below code */ else if (IsMissing(Country)) { _Country = Default_Country; return(null); } else if (IsMissing(Currency)) { _Currency = Default_Currency; return(null); } else { return(null); } }
// Public Methods /// <summary> /// Ensures that all required fields are present. /// </summary> public CCResponse ValidateFields() { //Security Defect - Added the below code to trim all the fields CCNumber = CCNumber.Trim(); CCExpMonth = CCExpMonth.Trim(); CCExpYear = CCExpYear.Trim(); CCType = CCType.Trim(); CCCVNumber = CCCVNumber.Trim(); //Security Defect - Added the below code to trim all the fields CCResponse c = new CCResponse(); //Security Defects- START - Added the below code to perform valdiations on card field. if (IsMissing(CCNumber) || (CCNumber.Length != 16) || !CSAAWeb.Validate.IsAllNumeric(CCNumber)) { c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "CCNumber"; c.ActualMessage = c.Message; c.Flag = Config.Setting("ERRCDE_CCNUMBER"); Logger.Log(c.Message + c.Flag); return(c); } if (IsMissing(CCExpMonth) || (CCExpMonth.Length > 2) || !CSAAWeb.Validate.IsAllNumeric(CCExpMonth) || (System.Convert.ToInt16(CCExpMonth) > 12) || (System.Convert.ToInt16(CCExpMonth) < 1) || ((System.Convert.ToInt16(CCExpYear) == System.DateTime.Now.Year) && (System.Convert.ToInt16(CCExpMonth) < System.DateTime.Now.Month))) { c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "CCExpMonth"; c.ActualMessage = c.Message; c.Flag = Config.Setting("ERRCDE_CCEXPMONTH"); Logger.Log(c.Message + c.Flag); return(c); } if (IsMissing(CCExpYear) || (CCExpYear.Length != 4) || !CSAAWeb.Validate.IsAllNumeric(CCExpYear) || System.Convert.ToInt16(CCExpYear) < System.DateTime.Now.Year) { c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "CCExpYear"; c.ActualMessage = c.Message; c.Flag = Config.Setting("ERRCDE_CCEXPYEAR"); Logger.Log(c.Message + c.Flag); return(c); } if (IsMissing(CCType) || (CCType.Length != 1) || !CSAAWeb.Validate.IsAllNumeric(CCType)) { c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "CCType"; c.ActualMessage = c.Message; c.Flag = Config.Setting("ERRCDE_CCTYPE"); Logger.Log(c.Message + c.Flag); return(c); } if (!IsMissing(CCCVNumber)) { if ((CCCVNumber.Length > 4) || !CSAAWeb.Validate.IsAllNumeric(CCCVNumber)) { c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "CCVNumber"; c.ActualMessage = c.Message; c.Flag = Config.Setting("ERRCDE_CCVNUMBER"); Logger.Log(c.Message + c.Flag); return(c); } } //Security Defects- END - Added the below code to perform valdiations on card field. /*Security Defect - CH2 -START - Commented the below code lines * if ((IsMissing(CCNumber)) || (IsMissing(CCExpMonth)) || (IsMissing(CCExpYear))) * { * //STAR Retrofit II.Ch2: START - Modified the code below so that Credit card number will not be logged into the log. * //Logger.Log("CC fields missing, CCNumber=" + CCNumber + ", CCExpMonth=" + CCExpMonth + ", CCExpYear=" + CCExpYear); * string strCCNumber = IsMissing(CCNumber)?"" : "****"; * Logger.Log("CC fields missing, CCNumber=" + strCCNumber + ", CCExpMonth=" + CCExpMonth + ", CCExpYear=" + CCExpYear); * //STAR Retrofit II.Ch2: END * if (IsMissing(CCNumber)) * Logger.Log(Applications.ToString()); * //Security Defect - CH1 - Commented the below line * //throw new BusinessRuleException(EXP_MISSING_CC); * } * else if (!IgnoreCCCV && IsMissing(CCCVNumber)) * { * Logger.Log("CC_CV missing"); * //Security Defect - CH2- Commented the below line * //throw new BusinessRuleException(EXP_MISSING_CC); * } * else * { * // additional validation for credit card done Modified by Cognizant * if ((System.Convert.ToInt16(CCExpMonth) > 12) || (System.Convert.ToInt16(CCExpMonth) < 1)) * { * Logger.Log("bad CC info, CCExpMonth=" + CCExpMonth ); * //Security Defect - CH3 - Commented the below line * //throw new BusinessRuleException("Invalid month: " + CCExpMonth); * } * // if ((System.Convert.ToInt16(CCExpYear) > 3000) || (System.Convert.ToInt16(CCExpYear) < 2000)) * // { * // Logger.Log("bad CC info, CCExpYear=" + CCExpYear); * // throw new BusinessRuleException("Invalid year: " + CCExpYear); * // } * * if ((System.Convert.ToInt16(CCExpYear) < System.DateTime.Now.Year) || (System.Convert.ToInt16(CCExpYear) > 3000)) * { * Logger.Log("bad CC info, CCExpYear=" + CCExpYear); * //Security Defect -CH4- Commented the below line * //throw new BusinessRuleException("Invalid year: " + CCExpYear); * } * if ((System.Convert.ToInt16(CCExpYear) == System.DateTime.Now.Year)) * { * if ((System.Convert.ToInt16(CCExpMonth) < System.DateTime.Now.Month)) * { * DateTime dt = new DateTime(1990,Convert.ToInt16(CCExpMonth),01); * Logger.Log("bad CC info, CCExpMonth=" + CCExpMonth); * //Security Defect -CH5- Commented the below line * //throw new BusinessRuleException("Invalid Month: " + dt.ToString("MMMM")); * } * } * * } * //STAR Retrofit II.Ch1: START - Added code to invoke the check digit algorithm in Cryptor.cs for validating credit card number. * //Security Defect -CH6- Commented the below line * //if(!CSAAWeb.Validate.IsValidCreditCard(CCNumber)) * // throw new BusinessRuleException("Invalid Card Number"); */ //MAIG - CH1 - BEGIN - Modified the Credit Card validation method that works for all Credit Card types 11/17/2014 string ChkDigit = Cryptor.CreditCardCheckDigit(CCNumber); //MAIG - CH1 - END - Modified the Credit Card validation method that works for all Credit Card types 11/17/2014 bool vldCCNumber = ((ChkDigit == "0")?true:false); if (!vldCCNumber) { //STAR Retrofit II.Ch2: START - Modified the code below so that Credit card number will not be logged into the log. //Logger.Log("Invalid Card Number: " + CCNumber); Logger.Log("Invalid Card Number: ****"); //STAR Retrofit II.Ch2: END //Security Defect -CH1 - Modified the below message //throw new BusinessRuleException(CSAAWeb.Constants.ERR_AUTHVALIDATION + "CCNumber" + CSAAWeb.Constants.ERR_CODE + Config.Setting("ERRCDE_CCNUMBER")); c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "CCNumber"; c.ActualMessage = c.Message; c.Flag = Config.Setting("ERRCDE_CCNUMBER"); return(c); } else { return(null); } //STAR Retrofit II.Ch1: END }
//echeck ends /// <summary> /// Ensures that all required fields are present. /// </summary> public CCResponse ValidateFields() { BankId = BankId.Trim(); BankAcntNo = BankAcntNo.Trim(); BankAcntType = BankAcntType.Trim(); Application = Application.Trim(); CustomerName = CustomerName.Trim(); //Security Defect - START - Added the below code to validate the Echeck field. CCResponse c = new CCResponse(); if (IsMissing(BankId) || (BankId.Length != 9) || !CSAAWeb.Validate.IsAllNumeric(BankId.Trim()) || (BankId.Substring(8, 1) != RoutingNumberCheckDigit(BankId.Substring(0, 8)))) { c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "BankId"; c.ActualMessage = c.Message; c.Flag = Config.Setting("ERRCDE_BANKID"); Logger.Log(c.Message + c.Flag); return(c); } if (IsMissing(BankAcntNo) || (BankAcntNo.Length > 17) || (BankAcntNo.Length < 4) || !CSAAWeb.Validate.IsAllNumeric(BankAcntNo.Trim())) { c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "BankAcntNo"; c.ActualMessage = c.Message; c.Flag = Config.Setting("ERRCDE_BANKACNTNO"); Logger.Log(c.Message + c.Flag); return(c); } if (IsMissing(BankAcntType) || (BankAcntType.Length != 1) || !CSAAWeb.Validate.IsAllChars(BankAcntType.Trim())) { c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "BankAcntType"; c.ActualMessage = c.Message; c.Flag = Config.Setting("ERRCDE_BANKACNTYPE"); Logger.Log(c.Message + c.Flag); return(c); } if (IsMissing(Application) || (Application.Length > 25) || !CSAAWeb.Validate.IsAllChars(Application.Trim())) { c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "Application"; c.ActualMessage = c.Message; c.Flag = Config.Setting("ERRCDE_APPLICATION"); Logger.Log(c.Message + c.Flag); return(c); } //Security defect - Removed the length validation and junk character validation in Customer name if (IsMissing(CustomerName)) { //throw new BusinessRuleException(CSAAWeb.Constants.ERR_AUTHVALIDATION + "CustomerName" + CSAAWeb.Constants.ERR_CODE + Config.Setting("ERRCDE_CUSTOMERNAME")); c.Message = CSAAWeb.Constants.ERR_AUTHVALIDATION + "CustomerName"; c.ActualMessage = c.Message; c.Flag = Config.Setting("ERRCDE_CUSTOMERNAME"); Logger.Log(c.Message + c.Flag); return(c); } else { return(null); } //Security Defect - END - Added the below code to validate the Echeck field. //CSAA.com CH1 defect 76:Start Modified the if condition to check the E-check customer name mandatory field by cognizant on 10/24/2011. /* * if ((IsMissing(BankId)) || (IsMissing(BankAcntNo)) || (IsMissing(CustomerName))) * { * // Modified the code below so that echeck number will not be logged into the log. * Logger.Log("eCheck details missing: Routing Number=" + BankId + ", Bank Account Number=" + signature); * if (IsMissing(BankAcntNo)) * { * //Logger.Log(Applications.ToString()); * Logger.Log("BankAcntNo is missing"); * //throw new BusinessRuleException(EXP_MISSING_ACNo); * } * else if (IsMissing(BankId)) * { * Logger.Log("Bank ID missing"); * //throw new BusinessRuleException(EXP_MISSING_BankID); * } * else if (IsMissing(CustomerName)) * { * Logger.Log("Customer name is missing"); * //throw new BusinessRuleException(EXP_MISSING_CUST_NAME); * * } * } * //CSAA.com CH1 defect 76:End Modified the if condition to check the E-check customer name mandatory field by cognizant on 10/24/2011. * // START - HO6.Ch3 * // Added length validations for Bank Account Number * if (BankAcntNo.Trim().Length < 4 || BankAcntNo.Trim().Length > 17) * { * Logger.Log(EXP_INVALID_LENGTH_ACNo); * //throw new BusinessRuleException(EXP_INVALID_LENGTH_ACNo); * } * * // Added validations to check if Bank Account Number is all numeric * if (!CSAAWeb.Validate.IsAllNumeric(BankAcntNo.Trim())) * { * Logger.Log(EXP_NON_NUMERIC_ACNo); * // throw new BusinessRuleException(EXP_NON_NUMERIC_ACNo); * } * * // Added validations to check if Bank Routing Number is all numeric * if (!CSAAWeb.Validate.IsAllNumeric(BankId.Trim())) * { * Logger.Log(EXP_NON_NUMERIC_BankID); * //throw new BusinessRuleException(EXP_NON_NUMERIC_BankID); * } * // END - HO6.Ch3 * * // Check digit validation for Routing Number * if (BankId.Length == 9) * { * if (BankId.Substring(8, 1) != RoutingNumberCheckDigit(BankId.Substring(0, 8))) * { * Logger.Log("Check digit for Routing Number is invalid"); * //throw new BusinessRuleException(EXP_INVALID_CHECKDIGIT_BankID); * } * } * else * { * // Validation message to log and respond if Routing number is not exactly 9 digits * Logger.Log("eCheck details invalid: Routing Number is " + Convert.ToString(BankId.Length) + " in length."); * //throw new BusinessRuleException(EXP_INVALID_LENGTH_BankID); * } * //HO6.Ch2:Modified by cognizant to check whether all zeros are present in routing number and through the error message on 06-30-2010. * if (IsAllZeros(BankId)) * { * Logger.Log("eCheck details invalid: Routing Number is " + Convert.ToString(BankId) + " in valid."); * //throw new BusinessRuleException(EXP_INVALID_BankID); * }* */ }