lingo: remove ':' character from return url (#39256)
This commit is contained in:
parent
e40a3e8b67
commit
6ab914d714
|
@ -49,6 +49,16 @@ from .models import (Regie, BasketItem, Transaction, TransactionOperation,
|
|||
LingoBasketCell, SelfDeclaredInvoicePayment, PaymentBackend, EXPIRED)
|
||||
|
||||
|
||||
def signing_dumps(content):
|
||||
serialization = signing.dumps(content)
|
||||
return serialization.replace(':', '.')
|
||||
|
||||
|
||||
def signing_loads(serialization):
|
||||
serialization = serialization.replace('.', ':')
|
||||
return signing.loads(serialization)
|
||||
|
||||
|
||||
def get_eopayment_object(request, regie_or_payment_backend, transaction_id=None):
|
||||
payment_backend = regie_or_payment_backend
|
||||
if isinstance(regie_or_payment_backend, Regie):
|
||||
|
@ -64,7 +74,7 @@ def get_eopayment_object(request, regie_or_payment_backend, transaction_id=None)
|
|||
options['normal_return_url'] = request.build_absolute_uri(
|
||||
reverse('lingo-return-payment-backend', kwargs={
|
||||
'payment_backend_pk': payment_backend.id,
|
||||
'transaction_signature': signing.dumps(transaction_id)
|
||||
'transaction_signature': signing_dumps(transaction_id)
|
||||
})
|
||||
)
|
||||
return eopayment.Payment(payment_backend.service, options)
|
||||
|
@ -210,7 +220,7 @@ class AddBasketItemApiView(View):
|
|||
payment_url = reverse(
|
||||
'basket-item-pay-view',
|
||||
kwargs={
|
||||
'item_signature': signing.dumps(item.pk)
|
||||
'item_signature': signing_dumps(item.pk)
|
||||
})
|
||||
return JsonResponse({'result': 'success', 'id': str(item.id),
|
||||
'payment_url': request.build_absolute_uri(payment_url)})
|
||||
|
@ -456,7 +466,7 @@ def get_payment_status_view(transaction_id=None, next_url=None):
|
|||
url = reverse('payment-status')
|
||||
params = []
|
||||
if transaction_id:
|
||||
params.append(('transaction-id', signing.dumps(transaction_id)))
|
||||
params.append(('transaction-id', signing_dumps(transaction_id)))
|
||||
if next_url:
|
||||
params.append(('next', next_url))
|
||||
return "%s?%s" % (url, urlencode(params))
|
||||
|
@ -472,7 +482,7 @@ class BasketItemPayView(PayMixin, View):
|
|||
|
||||
item_signature = kwargs.get('item_signature')
|
||||
try:
|
||||
item_id = signing.loads(item_signature)
|
||||
item_id = signing_loads(item_signature)
|
||||
except signing.BadSignature:
|
||||
return HttpResponseForbidden(_('Invalid payment request.'))
|
||||
|
||||
|
@ -646,7 +656,7 @@ class ReturnView(PaymentView):
|
|||
transaction_id = kwargs.get('transaction_signature')
|
||||
if transaction_id:
|
||||
try:
|
||||
transaction_id = signing.loads(transaction_id)
|
||||
transaction_id = signing_loads(transaction_id)
|
||||
except signing.BadSignature:
|
||||
pass
|
||||
try:
|
||||
|
@ -842,7 +852,7 @@ class PaymentStatusView(View):
|
|||
return publish_page(request, page, template_name=template_name)
|
||||
|
||||
try:
|
||||
transaction_id = signing.loads(transaction_id)
|
||||
transaction_id = signing_loads(transaction_id)
|
||||
except signing.BadSignature:
|
||||
return HttpResponseForbidden(_('Invalid transaction signature.'))
|
||||
|
||||
|
@ -858,7 +868,7 @@ class PaymentStatusView(View):
|
|||
next_url = transaction.items.first().source_url
|
||||
next_url = request.build_absolute_uri(next_url)
|
||||
|
||||
extra_context_data['transaction_id'] = signing.dumps(transaction.pk)
|
||||
extra_context_data['transaction_id'] = signing_dumps(transaction.pk)
|
||||
extra_context_data['next_url'] = next_url
|
||||
request.extra_context_data = extra_context_data
|
||||
return publish_page(request, page, template_name=template_name)
|
||||
|
@ -871,7 +881,7 @@ class TransactionStatusApiView(View):
|
|||
def get(self, request, *args, **kwargs):
|
||||
transaction_signature = kwargs.get('transaction_signature')
|
||||
try:
|
||||
transaction_id = signing.loads(transaction_signature)
|
||||
transaction_id = signing_loads(transaction_signature)
|
||||
except signing.BadSignature:
|
||||
return HttpResponseBadRequest(_('Invalid transaction.'))
|
||||
|
||||
|
|
|
@ -9,7 +9,6 @@ import mock
|
|||
|
||||
from django.apps import apps
|
||||
from django.contrib.auth.models import User
|
||||
from django.core import signing
|
||||
from django.core.urlresolvers import reverse
|
||||
from django.core.wsgi import get_wsgi_application
|
||||
from django.conf import settings
|
||||
|
@ -25,6 +24,7 @@ from combo.apps.lingo.models import (
|
|||
Regie, BasketItem, Transaction, TransactionOperation, RemoteItem, EXPIRED, LingoBasketCell,
|
||||
PaymentBackend)
|
||||
from combo.utils import aes_hex_decrypt, sign_url
|
||||
from combo.apps.lingo.views import signing_loads, signing_dumps
|
||||
|
||||
from .test_manager import login
|
||||
|
||||
|
@ -131,7 +131,8 @@ def assert_payment_status(url, transaction_id=None):
|
|||
url, part = url.split('?')
|
||||
query = urlparse.parse_qs(part)
|
||||
assert 'transaction-id' in query
|
||||
assert signing.loads(query['transaction-id'][0]) == transaction_id
|
||||
assert ':' not in query['transaction-id']
|
||||
assert signing_loads(query['transaction-id'][0]) == transaction_id
|
||||
|
||||
assert url.startswith('/lingo/payment-status')
|
||||
|
||||
|
@ -1042,7 +1043,7 @@ def test_payment_no_basket(app, user, regie, authenticated):
|
|||
assert path.startswith(start)
|
||||
assert path.endswith(end)
|
||||
signature = path.replace(start, '').replace(end, '')
|
||||
assert signing.loads(signature) == item.id
|
||||
assert signing_loads(signature) == item.id
|
||||
|
||||
if authenticated:
|
||||
app = login(app)
|
||||
|
@ -1118,7 +1119,7 @@ def test_transaction_status_api(app, regie, user):
|
|||
# invalid transaction signature
|
||||
url = reverse(
|
||||
'api-transaction-status',
|
||||
kwargs={'transaction_signature': signing.dumps('xxxx')}
|
||||
kwargs={'transaction_signature': signing_dumps('xxxx')}
|
||||
|
||||
)
|
||||
resp = app.get(url, status=404)
|
||||
|
@ -1128,7 +1129,7 @@ def test_transaction_status_api(app, regie, user):
|
|||
transaction_id = 1000
|
||||
url = reverse(
|
||||
'api-transaction-status',
|
||||
kwargs={'transaction_signature': signing.dumps(transaction_id)}
|
||||
kwargs={'transaction_signature': signing_dumps(transaction_id)}
|
||||
)
|
||||
resp = app.get(url, status=404)
|
||||
assert 'Unknown transaction.' in resp.text
|
||||
|
@ -1142,7 +1143,7 @@ def test_transaction_status_api(app, regie, user):
|
|||
transaction = Transaction.objects.create(amount=Decimal('10.0'), regie=regie, status=0)
|
||||
url = reverse(
|
||||
'api-transaction-status',
|
||||
kwargs={'transaction_signature': signing.dumps(transaction.pk)}
|
||||
kwargs={'transaction_signature': signing_dumps(transaction.pk)}
|
||||
)
|
||||
resp = app.get(url)
|
||||
assert resp.json == wait_response
|
||||
|
@ -1151,7 +1152,7 @@ def test_transaction_status_api(app, regie, user):
|
|||
transaction = Transaction.objects.create(amount=Decimal('10.0'), regie=regie, status=0)
|
||||
url = reverse(
|
||||
'api-transaction-status',
|
||||
kwargs={'transaction_signature': signing.dumps(transaction.pk)}
|
||||
kwargs={'transaction_signature': signing_dumps(transaction.pk)}
|
||||
)
|
||||
resp = login(app).get(url)
|
||||
assert resp.json == wait_response
|
||||
|
@ -1162,7 +1163,7 @@ def test_transaction_status_api(app, regie, user):
|
|||
amount=Decimal('10.0'), regie=regie, status=0, user=user)
|
||||
url = reverse(
|
||||
'api-transaction-status',
|
||||
kwargs={'transaction_signature': signing.dumps(transaction.pk)}
|
||||
kwargs={'transaction_signature': signing_dumps(transaction.pk)}
|
||||
)
|
||||
resp = login(app).get(url)
|
||||
assert resp.json == wait_response
|
||||
|
@ -1174,7 +1175,7 @@ def test_transaction_status_api(app, regie, user):
|
|||
amount=Decimal('10.0'), regie=regie, status=0, user=user)
|
||||
url = reverse(
|
||||
'api-transaction-status',
|
||||
kwargs={'transaction_signature': signing.dumps(transaction.pk)}
|
||||
kwargs={'transaction_signature': signing_dumps(transaction.pk)}
|
||||
)
|
||||
resp = app.get(url, status=403)
|
||||
assert error_msg in resp.text
|
||||
|
@ -1186,7 +1187,7 @@ def test_transaction_status_api(app, regie, user):
|
|||
transaction = Transaction.objects.create(amount=Decimal('10.0'), regie=regie, status=0, user=user2)
|
||||
url = reverse(
|
||||
'api-transaction-status',
|
||||
kwargs={'transaction_signature': signing.dumps(transaction.pk)}
|
||||
kwargs={'transaction_signature': signing_dumps(transaction.pk)}
|
||||
)
|
||||
resp = login(app).get(url, status=403)
|
||||
assert error_msg in resp.text
|
||||
|
@ -1198,7 +1199,7 @@ def test_transaction_status_api(app, regie, user):
|
|||
)
|
||||
url = reverse(
|
||||
'api-transaction-status',
|
||||
kwargs={'transaction_signature': signing.dumps(transaction.pk)}
|
||||
kwargs={'transaction_signature': signing_dumps(transaction.pk)}
|
||||
)
|
||||
resp = app.get(url)
|
||||
assert resp.json == {
|
||||
|
@ -1213,7 +1214,7 @@ def test_transaction_status_api(app, regie, user):
|
|||
)
|
||||
url = reverse(
|
||||
'api-transaction-status',
|
||||
kwargs={'transaction_signature': signing.dumps(transaction.pk)}
|
||||
kwargs={'transaction_signature': signing_dumps(transaction.pk)}
|
||||
)
|
||||
resp = app.get(url)
|
||||
assert resp.json == {
|
||||
|
|
Loading…
Reference in New Issue