Added last4 for v4 api physcial HCB card activations. #10085

scooterthedev · 2025-04-06T04:31:09Z

Summary of the problem

This method under the v4 api allowed anyone to activate a physical HCB card without the last 4 digits being submitted. #10075

Adds a check to mandate and verify the last 4 digits of the physical HCB card before activation. This can be called via a PATCH request to /api/v4/cards/:card_id with the Authorization token being your Bearer and the URL parameters being last4: last 4 digits and status: active. Status: frozen does not require last4.
Also removed the ability to freeze cancelled cards because the card is frozen FOREVER already ;)

This will affect the HCB mobile app as it will now require the last4 before it can authorize the activation CC: @thedev132

app/controllers/api/v4/stripe_cards_controller.rb

scooterthedev · 2025-04-16T17:06:33Z

@sampoder quick reminder ;)! I think I fixed your review, but if you could double check, that would also be awesome.

Added last4 verification for v4 api card activations.

4025cfe

scooterthedev requested review from a team as code owners April 6, 2025 04:31

scooterthedev added 3 commits April 6, 2025 04:38

Formatting fix

4870258

One last formatting fix

f402a49

Merge branch 'main' into last4_verif

aeee173

sampoder reviewed Apr 7, 2025

View reviewed changes

app/controllers/api/v4/stripe_cards_controller.rb Show resolved Hide resolved

scooterthedev added 2 commits April 7, 2025 13:56

Added last4 activation if already activated

2ecaccf

Merge branch 'main' into last4_verif

05ad631

scooterthedev requested a review from sampoder April 7, 2025 16:47

Merge branch 'main' into last4_verif

db1fa58