CRM-20166: Making CVV always required for front-end contribution pages.

diff --git a/CRM/Core/Payment.php b/CRM/Core/Payment.php
index f817967cca7712c3c1d5acc20c7b9623c29a6f75..4858b801da57bcb56bbd3413e62ec4f582bb11a6 100644 (file)
--- a/CRM/Core/Payment.php
+++ b/CRM/Core/Payment.php
@@ -662,6 +662,10 @@ abstract class CRM_Core_Payment {
   public function getPaymentFormFieldsMetadata() {
     //@todo convert credit card type into an option value
     $creditCardType = array('' => ts('- select -')) + CRM_Contribute_PseudoConstant::creditCard();
+    $isCVVRequired = Civi::settings()->get('cvv_backoffice_required');
+    if (!$this->isBackOffice()) {
+      $isCVVRequired = TRUE;
+    }
     return array(
       'credit_card_number' => array(
         'htmlType' => 'text',
@@ -686,7 +690,7 @@ abstract class CRM_Core_Payment {
           'maxlength' => 10,
           'autocomplete' => 'off',
         ),
-        'is_required' => Civi::settings()->get('cvv_backoffice_required'),
+        'is_required' => $isCVVRequired,
         'rules' => array(
           array(
             'rule_message' => ts('Please enter a valid value for your card security code. This is usually the last 3-4 digits on the card\'s signature panel.'),

diff --git a/tests/phpunit/CRM/Core/PaymentTest.php b/tests/phpunit/CRM/Core/PaymentTest.php
index 5c057a31607b9687eeec7197686826da37b6e893..7b2676068108dd4a0e18dd1a5abe226df18ed065 100644 (file)
--- a/tests/phpunit/CRM/Core/PaymentTest.php
+++ b/tests/phpunit/CRM/Core/PaymentTest.php
@@ -46,6 +46,32 @@ class CRM_Core_PaymentTest extends CiviUnitTestCase {
     $this->assertEquals('payment_notification processor_name=Paypal', $log['values'][$log['id']]['message']);
   }
 
+  /**
+   * Test that CVV is always required for front facing pages.
+   */
+  public function testCVVSettingForContributionPages() {
+    Civi::settings()->set('cvv_backoffice_required', 0);
+    $processor = NULL;
+    $dummyPayment = new CRM_Core_Payment_Dummy("test", $processor);
+    $dummyPayment->setBackOffice(TRUE);
+    $paymentMetaData = $dummyPayment->getPaymentFormFieldsMetadata();
+    $this->assertEquals(0, $paymentMetaData["cvv2"]["is_required"], "CVV should be non required for back office.");
+
+    $dummyPayment->setBackOffice(FALSE);
+    $paymentMetaData = $dummyPayment->getPaymentFormFieldsMetadata();
+    $this->assertEquals(1, $paymentMetaData["cvv2"]["is_required"], "CVV should always be required for front office.");
+
+    Civi::settings()->set('cvv_backoffice_required', 1);
+
+    $dummyPayment->setBackOffice(TRUE);
+    $paymentMetaData = $dummyPayment->getPaymentFormFieldsMetadata();
+    $this->assertEquals(1, $paymentMetaData["cvv2"]["is_required"], "CVV should be required for back office.");
+
+    $dummyPayment->setBackOffice(FALSE);
+    $paymentMetaData = $dummyPayment->getPaymentFormFieldsMetadata();
+    $this->assertEquals(1, $paymentMetaData["cvv2"]["is_required"], "CVV should always be required for front office.");
+  }
+
   public function testSettingUrl() {
     /** @var CRM_Core_Payment_Dummy $processor */
     $processor = \Civi\Payment\System::singleton()->getById($this->processorCreate());