Update methods in the CreditCardValidation model to use hashes
What does this MR do and why?
- Follows up from !129350 (merged)
- Resolves sub-task 2 of https://gitlab.com/gitlab-org/gitlab/-/issues/413525
- In the last MR, we introduced columns to store credit card data as hashes. With the background migration now complete, in this MR we will update the
similar_methods in theCreditCardValidationmodel to use the hashed columns.
Screenshots
| Page | Before | After |
|---|---|---|
| User profile |  |
 |
| Card matches |  |
 |
| Abuse Report |  |
 |
How to set up and validate locally
- Turn on SaaS mode
export GITLAB_SIMULATE_SAAS = 1
gdk restart- Create two credit card records in the rails console:
> user1 = User.first.id
> c1 = Users::CreditCardValidation.create(user_id: User.first.id, last_digits: 1111, credit_card_validated_at: Date.today, expiration_date: 1.year.from_now.to_date, holder_name: 'John Doe', network: 'Visa')
> user2 = User.last.id
> c2 = Users::CreditCardValidation.create(user_id: User.last.id, last_digits: 1111, credit_card_validated_at: Date.today, expiration_date: 1.year.from_now.to_date, holder_name: 'John Doe', network: 'Visa')
- Now to check that we are correctly getting credit card matches, run:
> c1.similar_records
=> 2
> c1.similar_holder_names_count
=> 2- We can also ban
user2to make sure that we can check if a credit card is being used by a banned user:
> user2.ban!
> c1.used_by_banned_user?
=> trueUser profile page
4. You can also, log-in as admin and navigate to user1's profile - http://127.0.0.1:3000/admin/users/:user1_username. You should see a Credit card section, but with only Validated at field.
Card matches page
5. Click on View card matches and you should see the credit cards we created in step 2. Previously, when displaying credit card matches we would show the holder name, last digits and expiration date of the credit card which we have removed in this MR, and replaced that with the name of the user with the matching credit card.
Abuse report page
6. Lastly, we can also create an abuse report for user1 to make sure that holder name has been removed from the abuse report as well. In the rails console:
AbuseReport.create(user_id: user1, reporter_id: 1, category: 'spam', message: 'test')- Navigate to the abuse report,
http://127.0.0.1:3000/admin/abuse_reports/:abuse_report_id. Next to theCredit cardsection you should not see the card's holder name.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #413525