components/autofill/core/browser/validation.cc

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "components/autofill/core/browser/validation.h"
   6
   7 #include "base/strings/string_number_conversions.h"
   8 #include "base/strings/string_piece.h"
   9 #include "base/strings/string_util.h"
  10 #include "base/strings/utf_string_conversions.h"
  11 #include "base/time/time.h"
  12 #include "components/autofill/core/browser/credit_card.h"
  13 #include "components/autofill/core/browser/state_names.h"
  14 #include "components/autofill/core/common/autofill_regexes.h"
  15
  16 namespace autofill {
  17
  18 bool IsValidCreditCardExpirationDate(const base::string16& year,
  19                                      const base::string16& month,
  20                                      const base::Time& now) {
  21   base::string16 year_cleaned, month_cleaned;
  22   base::TrimWhitespace(year, base::TRIM_ALL, &year_cleaned);
  23   base::TrimWhitespace(month, base::TRIM_ALL, &month_cleaned);
  24   if (year_cleaned.length() != 4)
  25     return false;
  26
  27   int cc_year;
  28   if (!base::StringToInt(year_cleaned, &cc_year))
  29     return false;
  30
  31   int cc_month;
  32   if (!base::StringToInt(month_cleaned, &cc_month))
  33     return false;
  34
  35   return IsValidCreditCardExpirationDate(cc_year, cc_month, now);
  36 }
  37
  38 bool IsValidCreditCardExpirationDate(int year,
  39                                      int month,
  40                                      const base::Time& now) {
  41   base::Time::Exploded now_exploded;
  42   now.LocalExplode(&now_exploded);
  43
  44   if (year < now_exploded.year)
  45     return false;
  46
  47   if (year == now_exploded.year && month < now_exploded.month)
  48     return false;
  49
  50   return true;
  51 }
  52
  53 bool IsValidCreditCardNumber(const base::string16& text) {
  54   base::string16 number = CreditCard::StripSeparators(text);
  55
  56   // Credit card numbers are at most 19 digits in length [1]. 12 digits seems to
  57   // be a fairly safe lower-bound [2].  Specific card issuers have more rigidly
  58   // defined sizes.
  59   // [1] http://www.merriampark.com/anatomycc.htm
  60   // [2] http://en.wikipedia.org/wiki/Bank_card_number
  61   const char* const type = CreditCard::GetCreditCardType(text);
  62   if (type == kAmericanExpressCard && number.size() != 15)
  63     return false;
  64   if (type == kDinersCard && number.size() != 14)
  65     return false;
  66   if (type == kDiscoverCard && number.size() != 16)
  67     return false;
  68   if (type == kJCBCard && number.size() != 16)
  69     return false;
  70   if (type == kMasterCard && number.size() != 16)
  71     return false;
  72   if (type == kUnionPay && (number.size() < 16 || number.size() > 19))
  73     return false;
  74   if (type == kVisaCard && number.size() != 13 && number.size() != 16)
  75     return false;
  76   if (type == kGenericCard && (number.size() < 12 || number.size() > 19))
  77     return false;
  78
  79   // Unlike all the other supported types, UnionPay cards lack Luhn checksum
  80   // validation.
  81   if (type == kUnionPay)
  82     return true;
  83
  84   // Use the Luhn formula [3] to validate the number.
  85   // [3] http://en.wikipedia.org/wiki/Luhn_algorithm
  86   int sum = 0;
  87   bool odd = false;
  88   for (base::string16::reverse_iterator iter = number.rbegin();
  89        iter != number.rend();
  90        ++iter) {
  91     if (!base::IsAsciiDigit(*iter))
  92       return false;
  93
  94     int digit = *iter - '0';
  95     if (odd) {
  96       digit *= 2;
  97       sum += digit / 10 + digit % 10;
  98     } else {
  99       sum += digit;
 100     }
 101     odd = !odd;
 102   }
 103
 104   return (sum % 10) == 0;
 105 }
 106
 107 bool IsValidCreditCardSecurityCode(const base::string16& text) {
 108   if (text.size() < 3U || text.size() > 4U)
 109     return false;
 110
 111   for (base::string16::const_iterator iter = text.begin();
 112        iter != text.end();
 113        ++iter) {
 114     if (!base::IsAsciiDigit(*iter))
 115       return false;
 116   }
 117   return true;
 118 }
 119
 120 bool IsValidCreditCardSecurityCode(const base::string16& code,
 121                                    const base::string16& number) {
 122   const char* const type = CreditCard::GetCreditCardType(number);
 123   size_t required_length = 3;
 124   if (type == kAmericanExpressCard)
 125     required_length = 4;
 126
 127   return code.length() == required_length;
 128 }
 129
 130 bool IsValidEmailAddress(const base::string16& text) {
 131   // E-Mail pattern as defined by the WhatWG. (4.10.7.1.5 E-Mail state)
 132   const base::string16 kEmailPattern = base::ASCIIToUTF16(
 133       "^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@"
 134       "[a-zA-Z0-9-]+(?:\\.[a-zA-Z0-9-]+)*$");
 135   return MatchesPattern(text, kEmailPattern);
 136 }
 137
 138 bool IsValidState(const base::string16& text) {
 139   return !state_names::GetAbbreviationForName(text).empty() ||
 140          !state_names::GetNameForAbbreviation(text).empty();
 141 }
 142
 143 bool IsValidZip(const base::string16& text) {
 144   const base::string16 kZipPattern = base::ASCIIToUTF16("^\\d{5}(-\\d{4})?$");
 145   return MatchesPattern(text, kZipPattern);
 146 }
 147
 148 bool IsSSN(const base::string16& text) {
 149   base::string16 number_string;
 150   base::RemoveChars(text, base::ASCIIToUTF16("- "), &number_string);
 151
 152   // A SSN is of the form AAA-GG-SSSS (A = area number, G = group number, S =
 153   // serial number). The validation we do here is simply checking if the area,
 154   // group, and serial numbers are valid.
 155   //
 156   // Historically, the area number was assigned per state, with the group number
 157   // ascending in an alternating even/odd sequence. With that scheme it was
 158   // possible to check for validity by referencing a table that had the highest
 159   // group number assigned for a given area number. (This was something that
 160   // Chromium never did though, because the "high group" values were constantly
 161   // changing.)
 162   //
 163   // However, starting on 25 June 2011 the SSA began issuing SSNs randomly from
 164   // all areas and groups. Group numbers and serial numbers of zero remain
 165   // invalid, and areas 000, 666, and 900-999 remain invalid.
 166   //
 167   // References for current practices:
 168   //   http://www.socialsecurity.gov/employer/randomization.html
 169   //   http://www.socialsecurity.gov/employer/randomizationfaqs.html
 170   //
 171   // References for historic practices:
 172   //   http://www.socialsecurity.gov/history/ssn/geocard.html
 173   //   http://www.socialsecurity.gov/employer/stateweb.htm
 174   //   http://www.socialsecurity.gov/employer/ssnvhighgroup.htm
 175
 176   if (number_string.length() != 9 || !base::IsStringASCII(number_string))
 177     return false;
 178
 179   int area;
 180   if (!base::StringToInt(base::StringPiece16(number_string.begin(),
 181                                              number_string.begin() + 3),
 182                          &area)) {
 183     return false;
 184   }
 185   if (area < 1 ||
 186       area == 666 ||
 187       area >= 900) {
 188     return false;
 189   }
 190
 191   int group;
 192   if (!base::StringToInt(base::StringPiece16(number_string.begin() + 3,
 193                                              number_string.begin() + 5),
 194                          &group)
 195       || group == 0) {
 196     return false;
 197   }
 198
 199   int serial;
 200   if (!base::StringToInt(base::StringPiece16(number_string.begin() + 5,
 201                                              number_string.begin() + 9),
 202                          &serial)
 203       || serial == 0) {
 204     return false;
 205   }
 206
 207   return true;
 208 }
 209
 210 }  // namespace autofill