entrouvert
/
combo
16
1
Fork 0
Code Issues Pull Requests 12 Releases Wiki Activity

lingo: remove ':' character from return url (#39256)

This commit is contained in:
Benjamin Dauvergne 2020-01-24 18:36:55 +01:00
parent e40a3e8b67
commit 6ab914d714
2 changed files with 31 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
combo/apps/lingo/views.py
View File

@ -49,6 +49,16 @@ from .models import (Regie, BasketItem, Transaction, TransactionOperation,
LingoBasketCell, SelfDeclaredInvoicePayment, PaymentBackend, EXPIRED)
def signing_dumps(content):
serialization = signing.dumps(content)
return serialization.replace(':', '.')
def signing_loads(serialization):
serialization = serialization.replace('.', ':')
return signing.loads(serialization)
def get_eopayment_object(request, regie_or_payment_backend, transaction_id=None):
payment_backend = regie_or_payment_backend
if isinstance(regie_or_payment_backend, Regie):
@ -64,7 +74,7 @@ def get_eopayment_object(request, regie_or_payment_backend, transaction_id=None)
options['normal_return_url'] = request.build_absolute_uri(
reverse('lingo-return-payment-backend', kwargs={
'payment_backend_pk': payment_backend.id,
'transaction_signature': signing.dumps(transaction_id)
'transaction_signature': signing_dumps(transaction_id)
})
)
return eopayment.Payment(payment_backend.service, options)
@ -210,7 +220,7 @@ class AddBasketItemApiView(View):
payment_url = reverse(
'basket-item-pay-view',
kwargs={
'item_signature': signing.dumps(item.pk)
'item_signature': signing_dumps(item.pk)
})
return JsonResponse({'result': 'success', 'id': str(item.id),
'payment_url': request.build_absolute_uri(payment_url)})
@ -456,7 +466,7 @@ def get_payment_status_view(transaction_id=None, next_url=None):
url = reverse('payment-status')
params = []
if transaction_id:
params.append(('transaction-id', signing.dumps(transaction_id)))
params.append(('transaction-id', signing_dumps(transaction_id)))
if next_url:
params.append(('next', next_url))
return "%s?%s" % (url, urlencode(params))
@ -472,7 +482,7 @@ class BasketItemPayView(PayMixin, View):
item_signature = kwargs.get('item_signature')
try:
item_id = signing.loads(item_signature)
item_id = signing_loads(item_signature)
except signing.BadSignature:
return HttpResponseForbidden(_('Invalid payment request.'))
@ -646,7 +656,7 @@ class ReturnView(PaymentView):
transaction_id = kwargs.get('transaction_signature')
if transaction_id:
try:
transaction_id = signing.loads(transaction_id)
transaction_id = signing_loads(transaction_id)
except signing.BadSignature:
pass
try:
@ -842,7 +852,7 @@ class PaymentStatusView(View):
return publish_page(request, page, template_name=template_name)
try:
transaction_id = signing.loads(transaction_id)
transaction_id = signing_loads(transaction_id)
except signing.BadSignature:
return HttpResponseForbidden(_('Invalid transaction signature.'))
@ -858,7 +868,7 @@ class PaymentStatusView(View):
next_url = transaction.items.first().source_url
next_url = request.build_absolute_uri(next_url)
extra_context_data['transaction_id'] = signing.dumps(transaction.pk)
extra_context_data['transaction_id'] = signing_dumps(transaction.pk)
extra_context_data['next_url'] = next_url
request.extra_context_data = extra_context_data
return publish_page(request, page, template_name=template_name)
@ -871,7 +881,7 @@ class TransactionStatusApiView(View):
def get(self, request, *args, **kwargs):
transaction_signature = kwargs.get('transaction_signature')
try:
transaction_id = signing.loads(transaction_signature)
transaction_id = signing_loads(transaction_signature)
except signing.BadSignature:
return HttpResponseBadRequest(_('Invalid transaction.'))

25
tests/test_lingo_payment.py
View File

@ -9,7 +9,6 @@ import mock
from django.apps import apps
from django.contrib.auth.models import User
from django.core import signing
from django.core.urlresolvers import reverse
from django.core.wsgi import get_wsgi_application
from django.conf import settings
@ -25,6 +24,7 @@ from combo.apps.lingo.models import (
Regie, BasketItem, Transaction, TransactionOperation, RemoteItem, EXPIRED, LingoBasketCell,
PaymentBackend)
from combo.utils import aes_hex_decrypt, sign_url
from combo.apps.lingo.views import signing_loads, signing_dumps
from .test_manager import login
@ -131,7 +131,8 @@ def assert_payment_status(url, transaction_id=None):
url, part = url.split('?')
query = urlparse.parse_qs(part)
assert 'transaction-id' in query
assert signing.loads(query['transaction-id'][0]) == transaction_id
assert ':' not in query['transaction-id']
assert signing_loads(query['transaction-id'][0]) == transaction_id
assert url.startswith('/lingo/payment-status')
@ -1042,7 +1043,7 @@ def test_payment_no_basket(app, user, regie, authenticated):
assert path.startswith(start)
assert path.endswith(end)
signature = path.replace(start, '').replace(end, '')
assert signing.loads(signature) == item.id
assert signing_loads(signature) == item.id
if authenticated:
app = login(app)
@ -1118,7 +1119,7 @@ def test_transaction_status_api(app, regie, user):
# invalid transaction signature
url = reverse(
'api-transaction-status',
kwargs={'transaction_signature': signing.dumps('xxxx')}
kwargs={'transaction_signature': signing_dumps('xxxx')}
)
resp = app.get(url, status=404)
@ -1128,7 +1129,7 @@ def test_transaction_status_api(app, regie, user):
transaction_id = 1000
url = reverse(
'api-transaction-status',
kwargs={'transaction_signature': signing.dumps(transaction_id)}
kwargs={'transaction_signature': signing_dumps(transaction_id)}
)
resp = app.get(url, status=404)
assert 'Unknown transaction.' in resp.text
@ -1142,7 +1143,7 @@ def test_transaction_status_api(app, regie, user):
transaction = Transaction.objects.create(amount=Decimal('10.0'), regie=regie, status=0)
url = reverse(
'api-transaction-status',
kwargs={'transaction_signature': signing.dumps(transaction.pk)}
kwargs={'transaction_signature': signing_dumps(transaction.pk)}
)
resp = app.get(url)
assert resp.json == wait_response
@ -1151,7 +1152,7 @@ def test_transaction_status_api(app, regie, user):
transaction = Transaction.objects.create(amount=Decimal('10.0'), regie=regie, status=0)
url = reverse(
'api-transaction-status',
kwargs={'transaction_signature': signing.dumps(transaction.pk)}
kwargs={'transaction_signature': signing_dumps(transaction.pk)}
)
resp = login(app).get(url)
assert resp.json == wait_response
@ -1162,7 +1163,7 @@ def test_transaction_status_api(app, regie, user):
amount=Decimal('10.0'), regie=regie, status=0, user=user)
url = reverse(
'api-transaction-status',
kwargs={'transaction_signature': signing.dumps(transaction.pk)}
kwargs={'transaction_signature': signing_dumps(transaction.pk)}
)
resp = login(app).get(url)
assert resp.json == wait_response
@ -1174,7 +1175,7 @@ def test_transaction_status_api(app, regie, user):
amount=Decimal('10.0'), regie=regie, status=0, user=user)
url = reverse(
'api-transaction-status',
kwargs={'transaction_signature': signing.dumps(transaction.pk)}
kwargs={'transaction_signature': signing_dumps(transaction.pk)}
)
resp = app.get(url, status=403)
assert error_msg in resp.text
@ -1186,7 +1187,7 @@ def test_transaction_status_api(app, regie, user):
transaction = Transaction.objects.create(amount=Decimal('10.0'), regie=regie, status=0, user=user2)
url = reverse(
'api-transaction-status',
kwargs={'transaction_signature': signing.dumps(transaction.pk)}
kwargs={'transaction_signature': signing_dumps(transaction.pk)}
)
resp = login(app).get(url, status=403)
assert error_msg in resp.text
@ -1198,7 +1199,7 @@ def test_transaction_status_api(app, regie, user):
)
url = reverse(
'api-transaction-status',
kwargs={'transaction_signature': signing.dumps(transaction.pk)}
kwargs={'transaction_signature': signing_dumps(transaction.pk)}
)
resp = app.get(url)
assert resp.json == {
@ -1213,7 +1214,7 @@ def test_transaction_status_api(app, regie, user):
)
url = reverse(
'api-transaction-status',
kwargs={'transaction_signature': signing.dumps(transaction.pk)}
kwargs={'transaction_signature': signing_dumps(transaction.pk)}
)
resp = app.get(url)
assert resp.json == {