[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [taler-bank] branch master updated: fix /history testcase
From: |
gnunet |
Subject: |
[GNUnet-SVN] [taler-bank] branch master updated: fix /history testcase |
Date: |
Wed, 22 Nov 2017 20:34:54 +0100 |
This is an automated email from the git hooks/post-receive script.
marcello pushed a commit to branch master
in repository bank.
The following commit(s) were added to refs/heads/master by this push:
new c670a31 fix /history testcase
c670a31 is described below
commit c670a3132126adb7638a0685d2325708883e2e1b
Author: Marcello Stanisci <address@hidden>
AuthorDate: Wed Nov 22 20:34:27 2017 +0100
fix /history testcase
---
talerbank/app/schemas.py | 22 +++++++++++++++
talerbank/app/tests.py | 9 ++----
talerbank/app/views.py | 71 ++++++++++++++++++++----------------------------
3 files changed, 55 insertions(+), 47 deletions(-)
diff --git a/talerbank/app/schemas.py b/talerbank/app/schemas.py
index b823595..9e25505 100644
--- a/talerbank/app/schemas.py
+++ b/talerbank/app/schemas.py
@@ -74,6 +74,25 @@ AUTH_SCHEMA = {
}
}
+HISTORY_REQUEST_SCHEMA = {
+ "type": "object",
+ "properties": {
+ "auth": {"type": "string",
+ "patter": "^basic$"},
+ "delta": {"type": "string",
+ "pattern": "^([\+-])?([0-9])+$"},
+ "start": {"type": "string",
+ "pattern": "^([0-9]+)$",
+ "required": False},
+ "direction": {"type": "string",
+ "pattern": "^(debit|credit)$",
+ "required": False},
+ "account_number": {"type": "string",
+ "pattern": "^([0-9]+)$",
+ "required": False}
+ }
+}
+
INCOMING_REQUEST_SCHEMA = {
"type": "object",
"properties": {
@@ -114,6 +133,9 @@ def validate_pin_tan_args(pin_tan_args):
"wiredetails_string": validate_pintan_types}
validictory.validate(pin_tan_args, PIN_TAN_ARGS,
format_validators=format_dict)
+def validate_history_request(history_request):
+ validictory.validate(history_request, HISTORY_REQUEST_SCHEMA)
+
def validate_amount(amount):
validictory.validate(amount, AMOUNT_SCHEMA)
diff --git a/talerbank/app/tests.py b/talerbank/app/tests.py
index 5387fff..63de569 100644
--- a/talerbank/app/tests.py
+++ b/talerbank/app/tests.py
@@ -314,11 +314,7 @@ class HistoryTestCase(TestCase):
HistoryContext(expected_resp={"status": 204},
delta="+1", direction="credit"),
HistoryContext(expected_resp={"status": 200},
- delta="+1", direction="debit"),
- HistoryContext(expected_resp={"status": 403},
- delta="+1", account_number=2),
- HistoryContext(expected_resp={"status": 404},
- delta="-1", account_number=9)):
+ delta="+1", direction="debit")):
response = client.get(reverse("history", urlconf=urls),
ctx.urlargs,
**{"HTTP_X_TALER_BANK_USERNAME": "User",
"HTTP_X_TALER_BANK_PASSWORD": "Password"})
@@ -331,7 +327,8 @@ class HistoryTestCase(TestCase):
# FIXME print urls which break the test.
self.assertEqual(data.get(ctx.expected_resp.get("field")),
ctx.expected_resp.get("value"))
- self.assertEqual(ctx.expected_resp.get("status"),
response.status_code)
+ self.assertEqual(ctx.expected_resp.get("status"),
+ response.status_code)
class DBAmountSubtraction(TestCase):
def setUp(self):
diff --git a/talerbank/app/views.py b/talerbank/app/views.py
index 40dcc01..7daa06e 100644
--- a/talerbank/app/views.py
+++ b/talerbank/app/views.py
@@ -35,15 +35,16 @@ from django.views.decorators.http import require_POST,
require_GET
from django.core.urlresolvers import reverse
from django.contrib.auth.models import User
from django.db.models import Q
-from simplemathcaptcha.fields import MathCaptchaField, MathCaptchaWidget
from django.http import (JsonResponse, HttpResponse,
HttpResponseBadRequest as HRBR)
from django.shortcuts import render, redirect
from validictory.validator import (RequiredFieldValidationError as RFVE,
FieldValidationError as FVE)
-from . import schemas
+from simplemathcaptcha.fields import MathCaptchaField, MathCaptchaWidget
from .models import BankAccount, BankTransaction
from .amount import Amount, CurrencyMismatch, BadFormatAmount
+from .schemas import (validate_pin_tan_args, check_withdraw_session,
+ validate_history_request, validate_incoming_request)
LOGGER = logging.getLogger(__name__)
@@ -171,7 +172,7 @@ class Pin(forms.Form):
@login_required
def pin_tan_question(request):
try:
- schemas.validate_pin_tan_args(request.GET.dict())
+ validate_pin_tan_args(request.GET.dict())
# Currency is not checked, as any mismatches will be
# detected afterwards
except (FVE, RFVE) as err:
@@ -214,7 +215,7 @@ def pin_tan_verify(request):
return redirect(request.POST.get("question_url", "profile"))
# Check the session is a "pin tan" one
try:
- schemas.check_withdraw_session(request.session)
+ check_withdraw_session(request.session)
amount = Amount(**request.session["amount"])
exchange_bank_account = BankAccount.objects.get(
account_no=request.session["exchange_account_number"])
@@ -361,57 +362,44 @@ def serve_history(request, user_account):
"""
This API is used to get a list of transactions related to one user.
"""
- # delta
- delta = request.GET.get("delta")
- if not delta:
- return HRBR()
- parsed_delta = re.search(r"([\+-])?([0-9]+)", delta)
try:
- parsed_delta.group(0)
- except AttributeError:
- return JsonResponse(dict(error="Bad 'delta' parameter"), status=400)
- delta = int(parsed_delta.group(2))
+ # Note, this does check the currency.
+ validate_history_request(request.GET.dict())
+ except (FVE, RFVE) as exc:
+ LOGGER.error("/history, bad '%s' arg" % exc.fieldname)
+ return JsonResponse({"error": "invalid '%s'" % exc.fieldname},
+ status=400)
+
+ # delta
+ parsed_delta = re.search(r"([\+-])?([0-9]+)",
+ request.GET.get("delta"))
# start
- start = request.GET.get("start")
- if start:
- start = int(start)
+ start = int(request.GET.get("start", -1))
sign = parsed_delta.group(1)
- if (sign == "+") or (not sign):
- sign = ""
# Assuming Q() means 'true'
sign_filter = Q()
- if sign == "-" and start:
- sign_filter = Q(id__lt=start)
- elif sign == "" and start:
+ if start >= 0:
sign_filter = Q(id__gt=start)
+ if sign == "-":
+ sign_filter = Q(id__lt=start)
+
# direction (debit/credit)
direction = request.GET.get("direction")
- # target account
- target_account = request.GET.get("account_number")
- if not target_account:
- target_account = user_account.bankaccount
- else:
- try:
- target_account = BankAccount.objects.get(account_no=target_account)
- except BankAccount.DoesNotExist:
- LOGGER.error("Attempted /history about non existent account")
- return JsonResponse(dict(error="Queried account does not exist"),
status=404)
-
- if target_account != user_account.bankaccount:
- return JsonResponse(dict(error="Querying unowned accounts not
allowed"), status=403)
-
- query_string = Q(debit_account=target_account) |
Q(credit_account=target_account)
+ query_string = Q(debit_account=user_account.bankaccount) \
+ | Q(credit_account=user_account.bankaccount)
history = []
if direction == "credit":
- query_string = Q(credit_account=target_account)
+ query_string = Q(credit_account=user_account.bankaccount)
if direction == "debit":
- query_string = Q(debit_account=target_account)
+ query_string = Q(debit_account=user_account.bankaccount)
- qs = BankTransaction.objects.filter(query_string,
sign_filter).order_by("%sid" % sign)[:delta]
+ qs = BankTransaction.objects.filter(
+ query_string, sign_filter).order_by(
+ "-id" if sign == "-" else "id")[:int(parsed_delta.group(2))]
if qs.count() == 0:
return HttpResponse(status=204)
for entry in qs:
@@ -467,7 +455,7 @@ def add_incoming(request, user_account):
subject = "%s %s" % (data["wtid"], data["exchange_url"])
try:
# Note, this does check the currency.
- schemas.validate_incoming_request(data)
+ validate_incoming_request(data)
except (FVE, RFVE) as exc:
return JsonResponse({"error": "invalid '%s'" % exc.fieldname},
status=406 if exc.fieldname == "currency" else 400)
@@ -517,6 +505,7 @@ class WireTransferException(Exception):
def __init__(self, exc, response):
self.exc = exc
self.response = response
+ super().__init__()
def wire_transfer_exc_handler(view_func):
def err_cb(exc, resp):
@@ -543,7 +532,7 @@ def wire_transfer_exc_handler(view_func):
return wraps(view_func)(_decorator)
@wire_transfer_exc_handler
-def wire_transfer(amount, debit_account, credit_account, subject):
+def wire_transfer(amount, debit_account, credit_account, subject, **kwargs):
LOGGER.info("%s => %s, %s, %s" %
(debit_account.account_no,
credit_account.account_no,
--
To stop receiving notification emails like this one, please contact
address@hidden
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] [taler-bank] branch master updated: fix /history testcase,
gnunet <=