Closed blimpich closed 1 month ago
Triggered auto assignment to @isabelastisser (Bug
), see https://stackoverflow.com/c/expensify/questions/14418 for more details. Please add this bug to a GH project, as outlined in the SO.
Job added to Upwork: https://www.upwork.com/jobs/~01a9042029c460e7a0
Triggered auto assignment to Contributor-plus team member for initial proposal review - @sobitneupane (External
)
Upwork job price has been updated to $125
Lowering price because this is pretty straightforward string manipulation.
Anyone who tests this should be able to simulate adding a test card by populating the fundList
onyx key based off the types we define in the frontend, or you can add a real credit card, though know that we currently don't have a way of deleting credit cards added to the app.
[Payment card / Subscription] Make payment card only display last four digits
Value is not sliced. https://github.com/Expensify/App/blob/c53bd5cd52a5236cbd5c83ed4f68dd43cdf4ff6c/src/pages/settings/Subscription/CardSection/CardSection.tsx#L116
Slice the value to obtain last four digits. defaultCard?.accountData?.cardNumber.slice(-4)
fundlist
can be populated for testing by using object below.
{
Card: {accountData: {addressName: 'Max', cardYear: 2029, cardMonth: 9, currency: 'USD', cardNumber: '1234567887654321', additionalData: {isBillingCard: true}}},
}
Feature Request: Mask Payment Card Numbers on Expensify
Summary:
To enhance security and compliance, we propose masking payment card numbers on Expensify, displaying only the last four digits. This feature will provide an additional layer of protection for sensitive payment information.
Current State:
Currently, Expensify displays the full payment card number, which may pose a security risk if unauthorized access is gained.
Proposed Solution:
Implement a feature to mask payment card numbers, displaying only the last four digits. For example:
Original card number: 424242XXXXXX4242 Masked card number: ****4242 Benefits:
Enhanced Security: Masking payment card numbers reduces the risk of unauthorized access to sensitive information. Compliance: This feature aligns with industry standards for payment card security, such as PCI-DSS. User Trust: By protecting payment information, Expensify demonstrates a commitment to user security and trust. Implementation:
To implement this feature, we recommend the following:
Update the payment card number display to show only the last four digits. Store the full payment card number securely, using industry-standard encryption and access controls. Ensure that the masked card number is displayed consistently throughout the Expensify platform. Estimated Development Time:
We estimate 20 hours to implement this feature and mask payment card numbers on Expensify.
Priority:
We consider this feature a high priority, as it directly impacts the security and trust of Expensify users.
Please let us know if you would like to discuss this feature further or proceed with implementation
CardSection
, we display the card number with its fully 16 digits in two components like the image below: https://github.com/Expensify/App/blob/7255ab50bb25e74a4cc17a539af089dc7abce5a3/src/pages/settings/Subscription/CardSection/CardSection.tsx#L84-L192
with the subtitle
is from:
https://github.com/Expensify/App/blob/7255ab50bb25e74a4cc17a539af089dc7abce5a3/src/pages/settings/Subscription/CardSection/utils.ts#L74
https://github.com/Expensify/App/blob/7255ab50bb25e74a4cc17a539af089dc7abce5a3/src/pages/settings/Subscription/CardSection/utils.ts#L82
with cardEnding
is from:
https://github.com/Expensify/App/blob/7255ab50bb25e74a4cc17a539af089dc7abce5a3/src/pages/settings/Subscription/CardSection/utils.ts#L27
const cardEnding = (accountData?.cardNumber ?? '')?.slice(-4);
<Text style={styles.textStrong}>{getPaymentMethodDescription(defaultCard?.accountType, defaultCard?.accountData)}</Text>
Current assignee @blimpich is eligible for the choreEngineerContributorManagement assigner, not assigning anyone new.
@blimpich Based on comment, to test this issue, I just need to:
simulate adding a test card by populating the fundList onyx key based off the types we define in the frontend
without:
add a real credit card
right?
Yes that should be fine 👍
PR https://github.com/Expensify/App/pull/45598 is ready
Hi @sobitneupane, PR is ready for review. Thanks!
Triggered auto assignment to @CortneyOfstad (Bug
), see https://stackoverflow.com/c/expensify/questions/14418 for more details. Please add this bug to a GH project, as outlined in the SO.
I will be OOO tomorrow and next week, so I am reassigning this until I return on July 29. Thanks, @CortneyOfstad!
Status: Waiting for PR review.
Reviewing
label has been removed, please complete the "BugZero Checklist".
The solution for this issue has been :rocket: deployed to production :rocket: in version 9.0.11-5 and is now subject to a 7-day regression period :calendar:. Here is the list of pull requests that resolve this issue:
If no regressions arise, payment will be issued on 2024-08-01. :confetti_ball:
For reference, here are some details about the assignees on this issue:
BugZero Checklist: The PR fixing this issue has been merged! The following checklist (instructions) will need to be completed before the issue can be closed:
I'm back and taking this back. Thanks, @CortneyOfstad !
Not overdue.
Hey @sobitneupane, please complete the BZ list above. Thanks!
BugZero Checklist: The PR fixing this issue has been merged! The following checklist (instructions) will need to be completed before the issue can be closed:
- [ ] [@sobitneupane] The PR that introduced the bug has been identified. Link to the PR:
https://github.com/Expensify/App/pull/44072
- [ ] [@sobitneupane] The offending PR has been commented on, pointing out the bug it caused and why, so the author and reviewers can learn from the mistake. Link to comment:
https://github.com/Expensify/App/pull/44072#issuecomment-2268631759
- [ ] [@sobitneupane] A discussion in #expensify-bugs has been started about whether any other steps should be taken (e.g. updating the PR review checklist) in order to catch this type of bug sooner. Link to discussion:
Not required.
- [ ] [@sobitneupane] Determine if we should create a regression test for this bug.
Yes.
- [ ] [@sobitneupane] If we decide to create a regression test for the bug, please propose the regression test steps to ensure the same bug will not reach production again.
https://github.com/Expensify/App/issues/45309#issuecomment-2268639094
Regression Test Proposal:
Do we agree 👍 or 👎
@blimpich, can you please review the regression test above? Thanks!
Payment summary:
C+ review @sobitneupane owed $250 via NewDot Contributor @tienifr owed $250 via NewDot
All set.
$250 approved for @sobitneupane based on this summary.
$250 approved for @tienifr
Problem
Right now when you add a payment card to the new subscription page, it shows the 16 characters instead of just four:
It should show just the last four:
Solution
Lets fix this by only showing the last four digits in the subscription page.
Upwork Automation - Do Not Edit
Issue Owner
Current Issue Owner: @CortneyOfstad / @isabelastisser