Fix #15: PCI-DSS compliance - remove persistent CVV storage from Flutter apps
This commit is contained in:
Hamza-Ayed
@@ -17,21 +17,6 @@ class CreditCardController extends GetxController {
|
||||
String? cardHolderName =
|
||||
await SecureStorage().readData(BoxName.cardHolderName);
|
||||
String? expiryDate = await SecureStorage().readData(BoxName.expiryDate);
|
||||
String? cvvCode = await SecureStorage().readData(BoxName.cvvCode);
|
||||
|
||||
if (cvvCode != null && cvvCode.isNotEmpty) {
|
||||
final maskedCardNumber = DigitObscuringFormatter()
|
||||
.formatEditUpdate(
|
||||
TextEditingValue.empty,
|
||||
TextEditingValue(text: cardNumber ?? ''),
|
||||
)
|
||||
.text;
|
||||
|
||||
cardNumberController.text = maskedCardNumber;
|
||||
cardHolderNameController.text = cardHolderName ?? '';
|
||||
expiryDateController.text = expiryDate ?? '';
|
||||
cvvCodeController.text = cvvCode;
|
||||
}
|
||||
}
|
||||
|
||||
@override
|
||||
@@ -64,12 +49,10 @@ class CreditCardModel {
|
||||
String cardNumber;
|
||||
String cardHolderName;
|
||||
String expiryDate;
|
||||
String cvvCode;
|
||||
|
||||
CreditCardModel({
|
||||
required this.cardNumber,
|
||||
required this.cardHolderName,
|
||||
required this.expiryDate,
|
||||
required this.cvvCode,
|
||||
});
|
||||
}
|
||||
|
||||
@@ -252,6 +252,9 @@ void main() {
|
||||
await initFirebaseIfNeeded();
|
||||
await WakelockPlus.enable();
|
||||
await GetStorage.init();
|
||||
// Purge any previously stored CVV (PCI-DSS compliance)
|
||||
await storage.delete(key: BoxName.cvvCode);
|
||||
await storage.delete(key: BoxName.cvvCodeDriver);
|
||||
await initializeDateFormatting();
|
||||
await SystemChrome.setPreferredOrientations(
|
||||
[DeviceOrientation.portraitUp, DeviceOrientation.portraitDown]);
|
||||
|
||||
@@ -20,6 +20,7 @@ import 'package:siro_rider/controller/home/map/ride_lifecycle_controller.dart';
|
||||
import 'package:siro_rider/controller/home/map/ui_interactions_controller.dart';
|
||||
import 'package:siro_rider/controller/home/menu_controller.dart';
|
||||
import 'package:siro_rider/controller/home/points_for_rider_controller.dart';
|
||||
import 'package:siro_rider/controller/functions/secure_storage.dart';
|
||||
|
||||
class LogOutController extends GetxController {
|
||||
TextEditingController checkTxtController = TextEditingController();
|
||||
@@ -116,6 +117,11 @@ class LogOutController extends GetxController {
|
||||
box.remove(BoxName.apiKeyRun);
|
||||
box.remove(BoxName.countryCode);
|
||||
|
||||
SecureStorage().deleteData(BoxName.cardNumber);
|
||||
SecureStorage().deleteData(BoxName.cvvCode);
|
||||
SecureStorage().deleteData(BoxName.cardHolderName);
|
||||
SecureStorage().deleteData(BoxName.expiryDate);
|
||||
|
||||
box.remove(BoxName.passengerWalletTotal);
|
||||
box.remove(BoxName.isVerified);
|
||||
Get.delete<MapSocketController>(force: true);
|
||||
|
||||
@@ -19,6 +19,10 @@ class SecureStorage {
|
||||
final String? value = await storage.read(key: boxName);
|
||||
return value.toString();
|
||||
}
|
||||
|
||||
Future<void> deleteData(String key) async {
|
||||
await storage.delete(key: key);
|
||||
}
|
||||
}
|
||||
|
||||
class AppInitializer {
|
||||
|
||||
@@ -17,21 +17,6 @@ class CreditCardController extends GetxController {
|
||||
String? cardHolderName =
|
||||
await SecureStorage().readData(BoxName.cardHolderName);
|
||||
String? expiryDate = await SecureStorage().readData(BoxName.expiryDate);
|
||||
String? cvvCode = await SecureStorage().readData(BoxName.cvvCode);
|
||||
|
||||
// if (cvvCode != null && cvvCode.isNotEmpty) {
|
||||
// final maskedCardNumber = DigitObscuringFormatter()
|
||||
// .formatEditUpdate(
|
||||
// TextEditingValue.empty,
|
||||
// TextEditingValue(text: cardNumber ?? ''),
|
||||
// )
|
||||
// .text;
|
||||
|
||||
// cardNumberController.text = maskedCardNumber;
|
||||
// cardHolderNameController.text = cardHolderName ?? '';
|
||||
// expiryDateController.text = expiryDate ?? '';
|
||||
// cvvCodeController.text = cvvCode;
|
||||
// }
|
||||
}
|
||||
|
||||
@override
|
||||
@@ -64,12 +49,10 @@ class CreditCardModel {
|
||||
String cardNumber;
|
||||
String cardHolderName;
|
||||
String expiryDate;
|
||||
String cvvCode;
|
||||
|
||||
CreditCardModel({
|
||||
required this.cardNumber,
|
||||
required this.cardHolderName,
|
||||
required this.expiryDate,
|
||||
required this.cvvCode,
|
||||
});
|
||||
}
|
||||
|
||||
@@ -15,6 +15,7 @@ import 'package:get_storage/get_storage.dart';
|
||||
import 'package:flutter/services.dart';
|
||||
import 'package:wakelock_plus/wakelock_plus.dart';
|
||||
import 'constant/info.dart';
|
||||
import 'constant/box_name.dart';
|
||||
import 'controller/home/ios_live_activity_service.dart';
|
||||
import 'controller/local/local_controller.dart';
|
||||
import 'controller/local/translations.dart';
|
||||
@@ -43,6 +44,8 @@ void main() {
|
||||
// These must complete before the UI can be built.
|
||||
WidgetsFlutterBinding.ensureInitialized();
|
||||
await GetStorage.init();
|
||||
// Purge any previously stored CVV (PCI-DSS compliance)
|
||||
await storage.delete(key: BoxName.cvvCode);
|
||||
WakelockPlus.enable();
|
||||
if (Platform.isAndroid || Platform.isIOS) {
|
||||
await Firebase.initializeApp(
|
||||
|
||||
@@ -94,9 +94,6 @@ class PaymentMethodPage extends StatelessWidget {
|
||||
BoxName.cardHolderName,
|
||||
controller
|
||||
.cardHolderNameController.text);
|
||||
SecureStorage().saveData(
|
||||
BoxName.cvvCode,
|
||||
controller.cvvCodeController.text);
|
||||
SecureStorage().saveData(
|
||||
BoxName.expiryDate,
|
||||
controller
|
||||
@@ -364,8 +361,6 @@ class MyCreditCardWidget extends StatelessWidget {
|
||||
controller.cardNumberController.text);
|
||||
SecureStorage().saveData(BoxName.cardHolderName,
|
||||
controller.cardHolderNameController.text);
|
||||
SecureStorage().saveData(BoxName.cvvCode,
|
||||
controller.cvvCodeController.text);
|
||||
SecureStorage().saveData(BoxName.expiryDate,
|
||||
controller.expiryDateController.text);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user