feat(kyc): validate name and address against Swiss payment character set#589
Merged
TaprootFreak merged 1 commit intoMay 26, 2026
Conversation
Mirror the API-side @IsSwissPaymentText() validator in the four flows that submit user-typed name/address into user_data: KYC registration personal step, KYC registration address step, settings name edit, settings address edit. Users get immediate field-level feedback for characters outside the SIX SIG IG QR-Bill v2.3 permitted character set (printable ASCII plus the diacritics for the four Swiss national languages) instead of a generic 400 from the backend. Pair-PR with DFXswiss/api#3766.
TaprootFreak
merged commit bf2ab05
into
RealUnitCH:chore/post-580-followups
8 checks passed
TaprootFreak
added a commit
that referenced
this pull request
May 26, 2026
Add the missing test coverage for `lib/packages/utils/swiss_payment_text.dart` (introduced in #589) so the regex character set is locked in against regressions when the API-side `Config.formats.swissPaymentText` drifts. 33 cases across 8 groups: - empty / null → valid (matches the docstring contract: callers chain a non-empty check) - printable ASCII (0x20–0x7E): digits, punctuation, full 95-char band - uppercase + lowercase Latin diacritics for CH / DE / FR / IT - real Swiss names + addresses (Rüttimann, Münchwilen, Genève, Saint-Légier, D'Hauterive, François) - non-Latin scripts rejected (CJK, Cyrillic, Arabic, Hebrew, emoji) - mixed-script attacks (Latin word with a Cyrillic homoglyph е inside) - whitespace: newline accepted (multi-line memos), tab + CR rejected - uncommon Latin diacritics rejected (Polish ąć, Portuguese ã, Norwegian øå, French ligature œ, French Ÿ) — explicitly documents what is NOT in the Swiss payment set so the regex is hand-verifiable Run: `flutter test --no-pub test/packages/utils/swiss_payment_text_test.dart` → 33/33 pass.
This was referenced Jun 1, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Mirror the API-side
@IsSwissPaymentText()validator (DFXswiss/api#3766) in the four user flows that write intouser_data:firstName,lastName)street,houseNumber,postalCode,city)firstName,lastName)street,houseNumber,postalCode,city)Users now get immediate field-level feedback in the form if they enter a character outside the SIX SIG IG QR-Bill v2.3 permitted character set, instead of submitting and waiting for a generic 400 from the backend.
Why
DFX business decision: only characters valid in Swiss payment systems are supported end-to-end. Pairs with the umlaut-preservation fix in DFXswiss/api#3766 — now that diacritics survive storage and PDF rendering, we also lock the input surface so CJK / Cyrillic / Arabic / emoji never enter the system.
Character set
Covers German, French, Italian, Romansh. Regex is byte-for-byte aligned with the API regex (
Config.formats.swissPaymentText) so any input the client accepts the backend also accepts.Changes
lib/packages/utils/swiss_payment_text.dart: newisSwissPaymentText(String?)helper (empty/null = valid).validator:callbacks; missing validator on house-number in settings edit-address page added.assets/languages/strings_en.arb,strings_de.arb: newswissPaymentTextInvalidtranslation key, inserted in alphabetical order.lib/generated/i18n.dartis gitignored — built bydart run tool/generate_localization.dartafter pulling.Test plan
dart run tool/generate_localization.dartruns without errors after checkoutflutter analyze— passes (verified locally, no new issues)Rüttimann/Münchwilen/Genève/Saint-Légierin any of the four flows → no error, form accepts王小明/Иван/日本語/ an emoji → field shows the Swiss-payment-text error messageflutter test— pre-existing golden failures unchanged (verified locally — same 88 failures on clean develop)