[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [taler-bank] branch master updated: validate /add/incoming
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [taler-bank] branch master updated: validate /add/incoming body via validictory. |
|
Date: |
Wed, 08 Nov 2017 00:29:40 +0100 |
This is an automated email from the git hooks/post-receive script.
marcello pushed a commit to branch master
in repository bank.
The following commit(s) were added to refs/heads/master by this push:
new f4d73b4 validate /add/incoming body via validictory.
f4d73b4 is described below
commit f4d73b4c1b520b9afbe20867da0ee4f648c2a09a
Author: Marcello Stanisci <address@hidden>
AuthorDate: Tue Nov 7 22:40:31 2017 +0100
validate /add/incoming body via validictory.
---
talerbank/app/schemas.py | 4 +++-
talerbank/app/views.py | 44 ++++++++++++++++++++------------------------
2 files changed, 23 insertions(+), 25 deletions(-)
diff --git a/talerbank/app/schemas.py b/talerbank/app/schemas.py
index 15988a5..9effaa9 100644
--- a/talerbank/app/schemas.py
+++ b/talerbank/app/schemas.py
@@ -19,6 +19,7 @@
definitions of JSON schemas for validating data
"""
+from django.conf import settings
import validictory
import json
@@ -50,7 +51,8 @@ AMOUNT_SCHEMA = {
"properties": {
"value": {"type": "integer"},
"fraction": {"type": "integer"},
- "currency": {"type": "string"}
+ "currency": {"type": "string",
+ "pattern": "^"+settings.TALER_CURRENCY+"$"}
}
}
diff --git a/talerbank/app/views.py b/talerbank/app/views.py
index 4f0dc44..2093d2f 100644
--- a/talerbank/app/views.py
+++ b/talerbank/app/views.py
@@ -22,7 +22,6 @@ import logging
import time
import hashlib
import re
-import validictory
import requests
import django.contrib.auth
import django.contrib.auth.views
@@ -31,17 +30,18 @@ from django.db import transaction
from django import forms
from django.conf import settings
from django.contrib.auth.decorators import login_required
-from django.http import (JsonResponse,
- HttpResponse,
- HttpResponseBadRequest as HRBR,
- HttpResponseServerError)
-from django.shortcuts import render, redirect
from django.views.decorators.csrf import csrf_exempt
from django.views.decorators.http import require_POST, require_GET
from django.core.urlresolvers import reverse
from django.contrib.auth.models import User
from django.db.models import Q
from simplemathcaptcha.fields import MathCaptchaField, MathCaptchaWidget
+from django.http import (JsonResponse, HttpResponse,
+ HttpResponseBadRequest as HRBR,
+ HttpResponseServerError)
+from django.shortcuts import render, redirect
+from validictory.validator import (RequiredFieldValidationError as RFVE,
+ FieldValidationError as FVE)
from . import schemas
from .models import BankAccount, BankTransaction
from .amount import Amount, CurrencyMismatch, BadFormatAmount
@@ -320,6 +320,16 @@ def serve_public_accounts(request, name=None):
)
return render(request, "public_accounts.html", context)
+def login_via_headers(view_func):
+ def _decorator(request, *args, **kwargs):
+ user_account = auth_and_login(request)
+ if not user_account:
+ LOGGER.error("authentication failed")
+ return JsonResponse(dict(error="authentication failed"),
+ status=401)
+ return view_func(request, user_account, *args, **kwargs)
+ return wraps(view_func)(_decorator)
+
@require_GET
@login_via_headers
def serve_history(request, user_account):
@@ -418,17 +428,6 @@ def auth_and_login(request):
return django.contrib.auth.authenticate(username=username,
password=password)
-def login_via_headers(view_func):
- def _decorator(request, *args, **kwargs):
- user_account = auth_and_login(request)
- if not user_account:
- LOGGER.error("authentication failed")
- return JsonResponse(dict(error="authentication failed"),
- status=401)
- return view_func(request, user_account, *args, **kwargs)
- return wraps(view_func)(_decorator)
-
-
@csrf_exempt
@require_POST
@login_via_headers
@@ -443,17 +442,14 @@ def add_incoming(request, user_account):
data = json.loads(request.body.decode("utf-8"))
subject = "%s %s" % (data["wtid"], data["exchange_url"])
try:
+ # Note, this does check the currency.
schemas.validate_incoming_request(data)
- except ValueError as exc:
- LOGGER.error(exc)
- return JsonResponse({"error": exc}, status=400)
-
+ except (FVE, RFVE) as exc:
+ return JsonResponse({"error": "invalid '%s'" % exc.fieldname},
+ status=406 if exc.fieldname == "currency" else 400)
try:
credit_account = BankAccount.objects.get(user=data["credit_account"])
schemas.validate_amount(data["amount"])
- if settings.TALER_CURRENCY != data["amount"]["currency"]:
- LOGGER.error("Currency differs from bank's")
- return JsonResponse(dict(error="Currency differs from bank's"),
status=406)
wtrans = wire_transfer(Amount(**data["amount"]),
user_account.bankaccount,
credit_account,
--
To stop receiving notification emails like this one, please contact
address@hidden
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] [taler-bank] branch master updated: validate /add/incoming body via validictory.,
gnunet <=