From a0ea0995e52b524b8485cf6ab0958478cc9f1223 Mon Sep 17 00:00:00 2001
From: Frank Schubert <fronk@fronk.at>
Date: Tue, 9 Jan 2024 20:49:33 +0100
Subject: [PATCH] Added online bankdata validation

---
 Layout/default/Order/Form.php             | 76 +++++++++++++++++++++--
 application/Address/AddressController.php | 54 ++++++++++++++++
 2 files changed, 126 insertions(+), 4 deletions(-)

diff --git a/Layout/default/Order/Form.php b/Layout/default/Order/Form.php
index 88fcedd59..15d3d6a6b 100644
--- a/Layout/default/Order/Form.php
+++ b/Layout/default/Order/Form.php
@@ -496,6 +496,12 @@
                         <input type="text" class="form-control" name="bank_account_bic" id="bank_account_bic" value="<?=$order->bank_account_bic?>" />
                       </div>
                     </div>
+                    
+                    <div class="form-group row">
+                      <label class="col-lg-2 col-form-label" for="bank_account_bic"></label>
+                      <div class="col-lg-10 alert alert-danger hidden" id="bank-error"></div>
+                    </div>
+                    
                   </div>
                 </div>
               </div>
@@ -1231,9 +1237,11 @@
   /*********************
   * Form validation
   */
-
+ 
+  var bankdata_valid = false;
+ 
   // iban validation
-  function validateIban(iban) {
+  function validateIbanFormat(iban) {
     if(!iban) {
       return false;
     }
@@ -1270,6 +1278,59 @@
     }
   }
   
+  function validateIbanBic(iban, bic) {
+    if(!iban) return false;
+    iban = iban.toUpperCase().replace(/\s+/, '');
+    
+    $.post("<?=self::getUrl("Address", "api")?>", {
+        do: "validateIbanBic",
+        iban: iban,
+        bic: bic
+      },
+      function(success) {
+        if(success.status == "OK") {
+          var data = success.result;
+          $("#bank-error").hide();
+          $("#bank-error").text("");
+          
+          if(data.iban_correct && !data.iban_sus && data.bic_correct) {
+            bankdata_valid = true;
+            $('#orderForm').submit();
+            return;
+          }
+          
+          var bank_error = [];
+          
+          if(!data.iban_correct) {
+            $("#bank_account_iban").addClass("invalid");
+            bank_error.push("Ungültige IBAN!");
+          }
+          if(data.iban_sus) {
+            $("#bank_account_iban").addClass("invalid");
+            bank_error.push("IBAN verdächtig (" + data.iban_sus + ")!");
+          }
+          if(!data.bic_correct) {
+            $("#bank_account_bic").addClass("invalid");
+            bank_error.push("Ungültige BIC!");
+            if(Array.isArray(data.bic)) {
+              bank_error.push(" Mögliche korrekte BIC: " + data.bic.join(", "));
+            }
+          }
+          
+          $("#bank-error").html(bank_error.join("<br />\n"));
+          $("#bank-error").show();
+          
+          
+        } else {
+          $("#bank-error").text("Beim Validieren der Bankdaten ist ein Fehler aufgetreten.");
+        }
+      },
+      "json"
+    );
+    
+    
+    return false;
+  }
   
   
   function validateOrderForm() {
@@ -1349,16 +1410,23 @@
     }*/
 
     // check bankdaten
-    if($('#billing_type').val() == "sepa") {
+    if($('#billing_type').val() == "sepa" && !bankdata_valid) {
       checkEmpty.push("bank_account_bank");
       checkEmpty.push("bank_account_owner");
       checkEmpty.push("bank_account_bic");
 
-      if(!validateIban($("#bank_account_iban").val())) {
+      $("#bank_account_iban").removeClass("invalid");
+      $("#bank_account_bic").removeClass("invalid");
+
+      if(!validateIbanFormat($("#bank_account_iban").val())) {
         $("#bank_account_iban").addClass("invalid");
         $("#iban_error").show();
         error = true;
       }
+      
+      if(!validateIbanBic($("#bank_account_iban").val(), $("#bank_account_bic").val())) {
+        error = true;
+      }
     }
     
     // owner_id & billingaddress_id
diff --git a/application/Address/AddressController.php b/application/Address/AddressController.php
index 0ed8e5339..10d036bfc 100644
--- a/application/Address/AddressController.php
+++ b/application/Address/AddressController.php
@@ -573,6 +573,9 @@ class AddressController extends mfBaseController {
       case "findAddress":
         $return = $this->findAddressApi();
         break;
+      case "validateIbanBic":
+        $return = $this->validateIbanBicApi();
+        break;
       default:
         $return = false;
     }
@@ -675,5 +678,56 @@ class AddressController extends mfBaseController {
     $this->returnJson($results);
   }
   
+  private function validateIbanBicApi() {
+    $iban = trim($this->request->iban);
+    $bic = trim($this->request->bic);
+    
+    if(!$iban) {
+      return false;
+    }
+    
+    $creds = TT_IBAN_VALIDATOR_USER.":".TT_IBAN_VALIDATOR_PASS;
+    $b64creds = base64_encode($creds);
+    
+    $ctx = stream_context_create([
+      "http" => [
+        "header" => "Authorization: Basic $b64creds"
+      ]
+    ]);
+    
+    $url = TT_IBAN_VALIDATOR_BASEURL.$iban;
+    $resp = file_get_contents($url, false, $ctx);
+    
+    if($resp) {
+      $data = json_decode($resp);
+    }
+    
+    $iban_correct = false;
+    $iban_sus = false;
+    $bic_correct = false;
+    $potential_bics = [];
+    
+    if($data->result == "passed") {
+      $iban_correct = true;
+    }
+    
+    if(is_array($data->all_bic_candidates) && count($data->all_bic_candidates)) {
+      foreach($data->all_bic_candidates as $bic_candidate) {
+        if(!$bic_candidate->bic) continue;
+        $potential_bics[] = $bic_candidate->bic;
+        
+        if($bic_candidate->bic == $bic) {
+          $bic_correct = true;
+        }
+      }
+    }
+    
+    if($data->iban_listed) {
+      $iban_sus = $data->iban_listed;
+    }
+    
+    return ["iban" => $data->iban, "bic" => $potential_bics, "iban_correct" => $iban_correct, "iban_sus" => $iban_sus, "bic_correct" => $bic_correct];
+  }
+  
 
 }