Correctly handle Cartes Bancaires test cards in retrievePossibleBrands

[amk-stripe]

Summary

Return correct possible brands for Cartes Bancaires test cards in retrievePossibleBrands API

Motivation

Our API used to incorrectly return only Visa or only Mastercard for the two Cartes Bancaires multi-brand test cards, seen in our docs here

Testing

• Added tests
• Modified tests
• Manually verified

Changelog

• [FIXED]8259 Fixed an issue with retrievePossibleBrands returning incorrect brands for Cartes Bancaires test cards.

[github-actions]

Diffuse output:

OLD: paymentsheet-example-release-master.apk (signature: V1, V2)
NEW: paymentsheet-example-release-pr.apk (signature: V1, V2)

          │           compressed           │          uncompressed          
          ├───────────┬───────────┬────────┼───────────┬───────────┬────────
 APK      │ old       │ new       │ diff   │ old       │ new       │ diff   
──────────┼───────────┼───────────┼────────┼───────────┼───────────┼────────
      dex │   3.9 MiB │   3.9 MiB │ -231 B │   8.5 MiB │   8.5 MiB │ +148 B 
     arsc │   2.2 MiB │   2.2 MiB │    0 B │   2.2 MiB │   2.2 MiB │    0 B 
 manifest │     5 KiB │     5 KiB │    0 B │  24.9 KiB │  24.9 KiB │    0 B 
      res │ 911.1 KiB │ 911.1 KiB │    0 B │   1.4 MiB │   1.4 MiB │    0 B 
   native │   2.6 MiB │   2.6 MiB │    0 B │     6 MiB │     6 MiB │    0 B 
    asset │     3 MiB │     3 MiB │    0 B │     3 MiB │     3 MiB │    0 B 
    other │   204 KiB │   204 KiB │   +9 B │ 444.8 KiB │ 444.8 KiB │    0 B 
──────────┼───────────┼───────────┼────────┼───────────┼───────────┼────────
    total │  12.8 MiB │  12.8 MiB │ -222 B │  21.7 MiB │  21.7 MiB │ +148 B 

 DEX     │ old   │ new   │ diff       
─────────┼───────┼───────┼────────────
   files │     1 │     1 │  0         
 strings │ 42605 │ 42605 │  0 (+1 -1) 
   types │ 14495 │ 14495 │  0 (+0 -0) 
 classes │ 12223 │ 12223 │  0 (+0 -0) 
 methods │ 60396 │ 60396 │  0 (+0 -0) 
  fields │ 40086 │ 40087 │ +1 (+1 -0) 

 ARSC    │ old  │ new  │ diff 
─────────┼──────┼──────┼──────
 configs │  242 │  242 │  0   
 entries │ 6030 │ 6030 │  0

APK

    compressed     │    uncompressed    │                        
──────────┬────────┼───────────┬────────┤                        
 size     │ diff   │ size      │ diff   │ path                   
──────────┼────────┼───────────┼────────┼────────────────────────
  3.9 MiB │ -231 B │   8.5 MiB │ +148 B │ ∆ classes.dex          
   62 KiB │   +9 B │ 139.7 KiB │    0 B │ ∆ META-INF/CERT.SF     
  1.2 KiB │   -2 B │   1.2 KiB │    0 B │ ∆ META-INF/CERT.RSA    
 53.1 KiB │   +2 B │ 139.6 KiB │    0 B │ ∆ META-INF/MANIFEST.MF 
──────────┼────────┼───────────┼────────┼────────────────────────
    4 MiB │ -222 B │   8.8 MiB │ +148 B │ (total)

DEX

STRINGS:

   old   │ new   │ diff      
  ───────┼───────┼───────────
   42605 │ 42605 │ 0 (+1 -1) 
  
  + ~~R8{backend:dex,compilation-mode:release,has-checksums:false,min-api:21,pg-map-id:a0cfda6,r8-mode:full,version:8.3.37}
  
  - ~~R8{backend:dex,compilation-mode:release,has-checksums:false,min-api:21,pg-map-id:3c16195,r8-mode:full,version:8.3.37}
  

FIELDS:

   old   │ new   │ diff       
  ───────┼───────┼────────────
   40086 │ 40087 │ +1 (+1 -0) 
  
  + I4.v j: ArrayList

[sfriedman-stripe]

:sonic: 👏🏻

[porter-stripe]

How do these bin ranges impact other cards besides the test cards? Is there any reason why we can't hardcode the test numbers rather than these ranges? In production the card metadata service determines what card brands to vend to the client, rather than have the client determine this. I'm concerned these bin ranges could have unintended consequences.

https://github.com/stripe/stripe-ios/blob/ac4a8468/StripePayments/StripePayments/Source/Helpers/STPCardValidator.swift#L444

https://github.com/stripe/stripe-android/blob/5e021d15/payments-core/src/main/java/com/stripe/android/cards/CbcTestCardDelegate.kt#L10

[porter-stripe]

I do see failing tests relating to CBC and BIN in the bitrise run, I think we should hardcode these card numbers rather than have the test cards influence client side bin ranges.

[porter-stripe]

Looks like StripeJS also hardcodes: https://git.corp.stripe.com/stripe-internal/stripe-js-v3/blob/4900dd4d/src/elements/inner/card/Bins.ts#L78

[amk-stripe]

Sure, I can hardcode the test numbers. That seems good so that we can de-risk getting this fixed and to ensure we don't introduce any unintended behavior.

The BIN ranges that I added here match the regex that we use for CBC. This API and CBC don't actually use the same code path for determining possible brands. Created a jira to unify the two code paths because it seems less than ideal that this API would have different behavior than our implementation of CBC.

[amk-stripe]

Updated PR to just add the test numbers and no other ranges

[amk-stripe]

This was used to ensure that the test cards were handled properly in this service. Now the test cards are part of the static card ranges (queried below), so we don't need this special handling.

[amk-stripe]

this test depends on there being only one card that matches the input. Now that the Cartes Bancaires test card also matches a "4" prefix, I needed to change the digit and card brand being used for this test