From 9535031db1027099d7d6881805cfd2ae03cf4ae8 Mon Sep 17 00:00:00 2001
From: Natalie Carey <natalie.carey@digital.cabinet-office.gov.uk>
Date: Fri, 16 Feb 2024 14:36:13 +0000
Subject: [PATCH] PP-12240: Card length validation matches CARD_RANGE_LENGTH

---
 .../card/model/CardInformationRequest.java    |  3 +-
 .../it/resources/CardIdResourceITest.java     | 39 +++++++++++++++++++
 2 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/src/main/java/uk/gov/pay/card/model/CardInformationRequest.java b/src/main/java/uk/gov/pay/card/model/CardInformationRequest.java
index 30b18da0..61245a55 100644
--- a/src/main/java/uk/gov/pay/card/model/CardInformationRequest.java
+++ b/src/main/java/uk/gov/pay/card/model/CardInformationRequest.java
@@ -6,6 +6,7 @@
 import javax.validation.constraints.Size;
 
 import static java.lang.String.format;
+import static uk.gov.pay.card.db.CardInformationStore.CARD_RANGE_LENGTH;
 
 public class CardInformationRequest {
 
@@ -13,7 +14,7 @@ public class CardInformationRequest {
      * PANs can be between 10 and 19 characters
      * @see <a href="https://www.ansi.org/news_publications/news_story?articleid=da7bcb04-0654-4e03-af54-0e55d50b93a8">ANSI IIN</a>
      */
-    @JsonProperty("cardNumber") @NotEmpty @Size(min = 10, max = 19)
+    @JsonProperty("cardNumber") @NotEmpty @Size(min = CARD_RANGE_LENGTH, max = 19)
     private String cardNumber;
 
     public String getCardNumber() {
diff --git a/src/test/java/uk/gov/pay/card/it/resources/CardIdResourceITest.java b/src/test/java/uk/gov/pay/card/it/resources/CardIdResourceITest.java
index 6fbe4015..f66fefd0 100644
--- a/src/test/java/uk/gov/pay/card/it/resources/CardIdResourceITest.java
+++ b/src/test/java/uk/gov/pay/card/it/resources/CardIdResourceITest.java
@@ -3,6 +3,7 @@
 import io.dropwizard.testing.junit5.DropwizardAppExtension;
 import io.dropwizard.testing.junit5.DropwizardExtensionsSupport;
 import io.restassured.response.ValidatableResponse;
+import org.jetbrains.annotations.NotNull;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import uk.gov.pay.card.app.CardApi;
@@ -13,6 +14,7 @@
 import static io.restassured.RestAssured.given;
 import static io.restassured.http.ContentType.JSON;
 import static org.hamcrest.core.Is.is;
+import static uk.gov.pay.card.db.CardInformationStore.CARD_RANGE_LENGTH;
 
 /**
  * @deprecated The usefulness of many of these tests is unclear - move them to pay-cardid-data?
@@ -68,6 +70,34 @@ public void shouldFindTestCardInformation() {
                 .body("corporate", is(false));
     }
 
+    @Test
+    public void shouldErrorWhenShortCardNumberProvided() {
+        getCardInformation(buildCardNumberFromPrefixAndLength("2221", CARD_RANGE_LENGTH - 2))
+                .statusCode(422)
+                .contentType(JSON)
+                .body("errors[0]", is(String.format("cardNumber size must be between %s and 19", CARD_RANGE_LENGTH)));
+    }
+
+    @Test
+    public void shouldErrorWhenOneCharTooShortCardNumberProvided() {
+        getCardInformation(buildCardNumberFromPrefixAndLength("2221", CARD_RANGE_LENGTH - 1))
+                .statusCode(422)
+                .contentType(JSON)
+                .body("errors[0]", is(String.format("cardNumber size must be between %s and 19", CARD_RANGE_LENGTH)));
+    }
+
+    @Test
+    public void shouldFindTestCardInformationWithShortestAllowableCardNumber() {
+        getCardInformation(buildCardNumberFromPrefixAndLength("2221", CARD_RANGE_LENGTH))
+                .statusCode(200)
+                .contentType(JSON)
+                .body("brand", is("master-card"))
+                .body("label", is("MC"))
+                .body("type", is("C"))
+                .body("prepaid", is("NOT_PREPAID"))
+                .body("corporate", is(false));
+    }
+
     @Test
     public void shouldFindWorldpayCardInformation() {
         getCardInformation("2225670000000000")
@@ -154,6 +184,15 @@ public void shouldReturn422WhenJSONIsMissing() {
                 .then().statusCode(422);
     }
 
+    @NotNull
+    private static String buildCardNumberFromPrefixAndLength(String cardStart, int cardLength) {
+        StringBuilder cardNumberBuilder = new StringBuilder(cardStart);
+        while (cardNumberBuilder.length() < cardLength) {
+            cardNumberBuilder.append('0');
+        }
+        return cardNumberBuilder.toString();
+    }
+
     private ValidatableResponse getCardInformation(String cardNumber) {
         return given().port(app.getLocalPort())
                 .contentType(JSON)