gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [taler-bank] branch master updated: fix /history testcase

From: gnunet
Subject: [GNUnet-SVN] [taler-bank] branch master updated: fix /history testcase
Date: Wed, 22 Nov 2017 20:34:54 +0100 
This is an automated email from the git hooks/post-receive script.

marcello pushed a commit to branch master
in repository bank.

The following commit(s) were added to refs/heads/master by this push:
     new c670a31  fix /history testcase
c670a31 is described below

commit c670a3132126adb7638a0685d2325708883e2e1b
Author: Marcello Stanisci <address@hidden>
AuthorDate: Wed Nov 22 20:34:27 2017 +0100

    fix /history testcase
---
 talerbank/app/schemas.py | 22 +++++++++++++++
 talerbank/app/tests.py   |  9 ++----
 talerbank/app/views.py   | 71 ++++++++++++++++++++----------------------------
 3 files changed, 55 insertions(+), 47 deletions(-)

diff --git a/talerbank/app/schemas.py b/talerbank/app/schemas.py
index b823595..9e25505 100644
--- a/talerbank/app/schemas.py
+++ b/talerbank/app/schemas.py
@@ -74,6 +74,25 @@ AUTH_SCHEMA = {
     }
 }
 
+HISTORY_REQUEST_SCHEMA = {
+    "type": "object",
+    "properties": {
+        "auth": {"type": "string",
+                 "patter": "^basic$"},
+        "delta": {"type": "string",
+                  "pattern": "^([\+-])?([0-9])+$"},
+        "start": {"type": "string",
+                  "pattern": "^([0-9]+)$",
+                  "required": False},
+        "direction": {"type": "string",
+                      "pattern": "^(debit|credit)$",
+                      "required": False},
+        "account_number": {"type": "string",
+                           "pattern": "^([0-9]+)$",
+                           "required": False}
+    }
+}
+
 INCOMING_REQUEST_SCHEMA = {
     "type": "object",
     "properties": {
@@ -114,6 +133,9 @@ def validate_pin_tan_args(pin_tan_args):
         "wiredetails_string": validate_pintan_types}
     validictory.validate(pin_tan_args, PIN_TAN_ARGS, 
format_validators=format_dict)
 
+def validate_history_request(history_request):
+    validictory.validate(history_request, HISTORY_REQUEST_SCHEMA)
+
 def validate_amount(amount):
     validictory.validate(amount, AMOUNT_SCHEMA)
 
diff --git a/talerbank/app/tests.py b/talerbank/app/tests.py
index 5387fff..63de569 100644
--- a/talerbank/app/tests.py
+++ b/talerbank/app/tests.py
@@ -314,11 +314,7 @@ class HistoryTestCase(TestCase):
                     HistoryContext(expected_resp={"status": 204},
                                    delta="+1", direction="credit"),
                     HistoryContext(expected_resp={"status": 200},
-                                   delta="+1", direction="debit"),
-                    HistoryContext(expected_resp={"status": 403},
-                                   delta="+1", account_number=2),
-                    HistoryContext(expected_resp={"status": 404},
-                                   delta="-1", account_number=9)):
+                                   delta="+1", direction="debit")):
             response = client.get(reverse("history", urlconf=urls), 
ctx.urlargs,
                                   **{"HTTP_X_TALER_BANK_USERNAME": "User",
                                      "HTTP_X_TALER_BANK_PASSWORD": "Password"})
@@ -331,7 +327,8 @@ class HistoryTestCase(TestCase):
             # FIXME print urls which break the test.
             self.assertEqual(data.get(ctx.expected_resp.get("field")),
                              ctx.expected_resp.get("value"))
-            self.assertEqual(ctx.expected_resp.get("status"), 
response.status_code)
+            self.assertEqual(ctx.expected_resp.get("status"),
+                             response.status_code)
 
 class DBAmountSubtraction(TestCase):
     def setUp(self):
diff --git a/talerbank/app/views.py b/talerbank/app/views.py
index 40dcc01..7daa06e 100644
--- a/talerbank/app/views.py
+++ b/talerbank/app/views.py
@@ -35,15 +35,16 @@ from django.views.decorators.http import require_POST, 
require_GET
 from django.core.urlresolvers import reverse
 from django.contrib.auth.models import User
 from django.db.models import Q
-from simplemathcaptcha.fields import MathCaptchaField, MathCaptchaWidget
 from django.http import (JsonResponse, HttpResponse,
                          HttpResponseBadRequest as HRBR)
 from django.shortcuts import render, redirect
 from validictory.validator import (RequiredFieldValidationError as RFVE,
                                    FieldValidationError as FVE)
-from . import schemas
+from simplemathcaptcha.fields import MathCaptchaField, MathCaptchaWidget
 from .models import BankAccount, BankTransaction
 from .amount import Amount, CurrencyMismatch, BadFormatAmount
+from .schemas import (validate_pin_tan_args, check_withdraw_session,
+                      validate_history_request, validate_incoming_request)
 
 LOGGER = logging.getLogger(__name__)
 
@@ -171,7 +172,7 @@ class Pin(forms.Form):
 @login_required
 def pin_tan_question(request):
     try:
-        schemas.validate_pin_tan_args(request.GET.dict())
+        validate_pin_tan_args(request.GET.dict())
         # Currency is not checked, as any mismatches will be
         # detected afterwards
     except (FVE, RFVE) as err:
@@ -214,7 +215,7 @@ def pin_tan_verify(request):
         return redirect(request.POST.get("question_url", "profile"))
     # Check the session is a "pin tan" one
     try:
-        schemas.check_withdraw_session(request.session)
+        check_withdraw_session(request.session)
         amount = Amount(**request.session["amount"])
         exchange_bank_account = BankAccount.objects.get(
             account_no=request.session["exchange_account_number"])
@@ -361,57 +362,44 @@ def serve_history(request, user_account):
     """
     This API is used to get a list of transactions related to one user.
     """
-    # delta
-    delta = request.GET.get("delta")
-    if not delta:
-        return HRBR()
-    parsed_delta = re.search(r"([\+-])?([0-9]+)", delta)
     try:
-        parsed_delta.group(0)
-    except AttributeError:
-        return JsonResponse(dict(error="Bad 'delta' parameter"), status=400)
-    delta = int(parsed_delta.group(2))
+        # Note, this does check the currency.
+        validate_history_request(request.GET.dict())
+    except (FVE, RFVE) as exc:
+        LOGGER.error("/history, bad '%s' arg" % exc.fieldname)
+        return JsonResponse({"error": "invalid '%s'" % exc.fieldname},
+                            status=400)
+
+    # delta
+    parsed_delta = re.search(r"([\+-])?([0-9]+)",
+                             request.GET.get("delta"))
     # start
-    start = request.GET.get("start")
-    if start:
-        start = int(start)
+    start = int(request.GET.get("start", -1))
 
     sign = parsed_delta.group(1)
 
-    if (sign == "+") or (not sign):
-        sign = ""
     # Assuming Q() means 'true'
     sign_filter = Q()
-    if sign == "-" and start:
-        sign_filter = Q(id__lt=start)
-    elif sign == "" and start:
+    if start >= 0:
         sign_filter = Q(id__gt=start)
+        if sign == "-":
+            sign_filter = Q(id__lt=start)
+
     # direction (debit/credit)
     direction = request.GET.get("direction")
 
-    # target account
-    target_account = request.GET.get("account_number")
-    if not target_account:
-        target_account = user_account.bankaccount
-    else:
-        try:
-            target_account = BankAccount.objects.get(account_no=target_account)
-        except BankAccount.DoesNotExist:
-            LOGGER.error("Attempted /history about non existent account")
-            return JsonResponse(dict(error="Queried account does not exist"), 
status=404)
-
-    if target_account != user_account.bankaccount:
-        return JsonResponse(dict(error="Querying unowned accounts not 
allowed"), status=403)
-
-    query_string = Q(debit_account=target_account) | 
Q(credit_account=target_account)
+    query_string = Q(debit_account=user_account.bankaccount) \
+                   | Q(credit_account=user_account.bankaccount)
     history = []
 
     if direction == "credit":
-        query_string = Q(credit_account=target_account)
+        query_string = Q(credit_account=user_account.bankaccount)
     if direction == "debit":
-        query_string = Q(debit_account=target_account)
+        query_string = Q(debit_account=user_account.bankaccount)
 
-    qs = BankTransaction.objects.filter(query_string, 
sign_filter).order_by("%sid" % sign)[:delta]
+    qs = BankTransaction.objects.filter(
+        query_string, sign_filter).order_by(
+            "-id" if sign == "-" else "id")[:int(parsed_delta.group(2))]
     if qs.count() == 0:
         return HttpResponse(status=204)
     for entry in qs:
@@ -467,7 +455,7 @@ def add_incoming(request, user_account):
     subject = "%s %s" % (data["wtid"], data["exchange_url"])
     try:
         # Note, this does check the currency.
-        schemas.validate_incoming_request(data)
+        validate_incoming_request(data)
     except (FVE, RFVE) as exc:
         return JsonResponse({"error": "invalid '%s'" % exc.fieldname},
                             status=406 if exc.fieldname == "currency" else 400)
@@ -517,6 +505,7 @@ class WireTransferException(Exception):
     def __init__(self, exc, response):
         self.exc = exc
         self.response = response
+        super().__init__()
 
 def wire_transfer_exc_handler(view_func):
     def err_cb(exc, resp):
@@ -543,7 +532,7 @@ def wire_transfer_exc_handler(view_func):
     return wraps(view_func)(_decorator)
 
 @wire_transfer_exc_handler
-def wire_transfer(amount, debit_account, credit_account, subject):
+def wire_transfer(amount, debit_account, credit_account, subject, **kwargs):
     LOGGER.info("%s => %s, %s, %s" %
                 (debit_account.account_no,
                  credit_account.account_no,

-- 
To stop receiving notification emails like this one, please contact
address@hidden
reply via email to
[Prev in Thread] Current Thread [Next in Thread]