Fix/Reference provider id from privilege record instead of Authorize.net

[landonshumway-ia]

It turns out that authorize.net will mask strings in their transaction descriptions if the pattern matches a credit card, and we have a provider id with 16 consecutive digits. Authorize.net masked their id, which caused the transaction reporter to fail since it was unable to look up the provider id. We can no longer trust the licensee ids stored in the transaction descriptions in authorize.net.

To fix this, we are able to pull up the provider id from the CompactConnect system directly by matching the privilege record to the transaction id, and stop referencing the licensee id stored in authorize.net altogether.

This is a hotfix that needs to be rolled out to production as soon as possible.

Closes #1150

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[jusdino]

Looks good!

[jusdino]

@jlkravitz , note that the Check-Python is failing because of the pip CVE, which we've already suppressed in development. The test are passing.

[landonshumway-ia]

@jlkravitz this is ready for your review. Note the python dependency audit is failing due to an unrelated warning that Justin fixed in another change on the development branch, but all the actual tests are passing. We want to get this in as a hotfix to production, after which I'll open another PR to merge this into development. Thanks

[jlkravitz]

@landonshumway-ia Looks good to me.

One thing I noticed is that the ZAP scan fails, seemingly due to missing environment variables. Since that's unrelated to this PR (and since the scan runs against the test environment anyways), I'm fine merging this as-is and trying to fix the scan for the next sprint PR.

I forgot how we decided to merge hotfix PRs into main – via squash or merge? I believe squash? @isabeleliassen This is ready to merge once we get confirmation either way from Landon on the merge strategy.

And I'll be on the lookout for a hotfix PR against development.