Better date validation, do not redirect if form has errors

Now, in addition to checking that the date has the correct format (YYYY-MM) we also check to make sure the date is in the future and the month is in the range 01 to 12. This fixes the problem where users were seeing a 500 server error after entering invalid values for the month when entering their credit card info. This change also fixes a problem where the form was redirecting even if there were validation errors, leading the user to believe their authorization was successful when it wasn't.
virajshah · Jun 12, 2012 · 1a423aa · 1a423aa
1 parent cf8b552
commit 1a423aa
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 5 deletions.
diff --git a/r2/r2/controllers/promotecontroller.py b/r2/r2/controllers/promotecontroller.py
@@ -416,20 +416,21 @@ def POST_rm_traffic_viewer(self, form, jquery, iuser, thing):
     def POST_update_pay(self, form, jquery, link, indx, customer_id, pay_id,
                         edit, address, creditcard):
         address_modified = not pay_id or edit
+        form_has_errors = False
         if address_modified:
             if (form.has_errors(["firstName", "lastName", "company", "address",
                                  "city", "state", "zip",
                                  "country", "phoneNumber"],
                                 errors.BAD_ADDRESS) or
                 form.has_errors(["cardNumber", "expirationDate", "cardCode"],
                                 errors.BAD_CARD)):
-                pass
+                form_has_errors = True
             elif g.authorizenetapi:
                 pay_id = edit_profile(c.user, address, creditcard, pay_id)
             else:
                 pay_id = 1
         # if link is in use or finished, don't make a change
-        if pay_id:
+        if pay_id and not form_has_errors:
             # valid bid and created or existing bid id.
             # check if already a transaction
             if g.authorizenetapi:

diff --git a/r2/r2/controllers/validator/validator.py b/r2/r2/controllers/validator/validator.py
@@ -1638,15 +1638,34 @@ def set_error(self, msg, field):
                             dict(message=msg), field = field)
 
     def run(self, cardNumber, expirationDate, cardCode):
+        has_errors = False
+
         if not self.valid_ccn.match(cardNumber or ""):
             self.set_error(_("credit card numbers should be 13 to 16 digits"),
                            "cardNumber")
-        elif not self.valid_date.match(expirationDate or ""):
+            has_errors = True
+
+        if not self.valid_date.match(expirationDate or ""):
             self.set_error(_("dates should be YYYY-MM"), "expirationDate")
-        elif not self.valid_ccv.match(cardCode or ""):
+            has_errors = True
+        else:
+            now = datetime.now()
+            yyyy, mm = expirationDate.split("-")
+            year = int(yyyy)
+            month = int(mm)
+            if month < 1 or month > 12:
+                self.set_error(_("month must be in the range 01..12"), "expirationDate")
+                has_errors = True
+            elif datetime(year, month, now.day) < now:
+                self.set_error(_("expiration date must be in the future"), "expirationDate")
+                has_errors = True
+
+        if not self.valid_ccv.match(cardCode or ""):
             self.set_error(_("card verification codes should be 3 or 4 digits"),
                            "cardCode")
-        else:
+            has_errors = True
+
+        if not has_errors:
             return CreditCard(cardNumber = cardNumber,
                               expirationDate = expirationDate,
                               cardCode = cardCode)