wcs: check code syntax before searching for it (#89461)
gitea/combo/pipeline/head This commit looks good
Details
gitea/combo/pipeline/head This commit looks good
Details
This commit is contained in:
parent
46e7c037f5
commit
d9b5247f44
|
@ -46,6 +46,8 @@ class TrackingCodeView(View):
|
|||
@classmethod
|
||||
def search(cls, code, request, wcs_site=None, backoffice=False):
|
||||
code = code.strip().upper()
|
||||
if not re.match(r'^[BCDFGHJKLMNPQRSTVWXZ]{8}$', code):
|
||||
return None
|
||||
if wcs_site:
|
||||
wcs_sites = [get_wcs_services().get(wcs_site)]
|
||||
else:
|
||||
|
|
|
@ -1430,14 +1430,14 @@ def test_tracking_code_cell(app, nocache):
|
|||
cell.save()
|
||||
|
||||
resp = app.get('/')
|
||||
resp.form['code'] = 'FOOBAR'
|
||||
resp.form['code'] = 'FFQQBRRR'
|
||||
with mock.patch('combo.apps.wcs.models.requests.get') as requests_get:
|
||||
mock_json = mock.Mock(status_code=200)
|
||||
requests_get.return_value = mock_json
|
||||
resp = resp.form.submit()
|
||||
assert len(requests_get.call_args_list) == 2
|
||||
assert requests_get.call_args_list[0][0][0] == '/api/code/FOOBAR'
|
||||
assert requests_get.call_args_list[1][0][0] == '/api/code/FOOBAR'
|
||||
assert requests_get.call_args_list[0][0][0] == '/api/code/FFQQBRRR'
|
||||
assert requests_get.call_args_list[1][0][0] == '/api/code/FFQQBRRR'
|
||||
remote_service_urls = [c[1]['remote_service']['url'] for c in requests_get.call_args_list]
|
||||
assert set(remote_service_urls) == {'http://127.0.0.1:8999/', 'http://127.0.0.2:8999/'}
|
||||
assert resp.status_code == 302
|
||||
|
@ -1450,7 +1450,7 @@ def test_tracking_code_cell(app, nocache):
|
|||
mock_json = mock.Mock(status_code=200)
|
||||
requests_get.return_value = mock_json
|
||||
resp = resp.form.submit()
|
||||
assert requests_get.call_args_list[0][0][0] == '/api/code/FOO%3FBAR%3FBAD%3CCODE%3E'
|
||||
assert requests_get.called is False
|
||||
assert resp.status_code == 302
|
||||
resp = resp.follow()
|
||||
assert '<li class="error">The tracking code could not been found.</li>' in resp.text
|
||||
|
@ -1668,6 +1668,15 @@ def test_tracking_code_search(settings, app, nocache):
|
|||
assert requests_get.call_args_list[0][0][0] == '/api/code/CNPHNTFB?backoffice=true'
|
||||
|
||||
|
||||
@pytest.mark.parametrize('invalid_code', ('../users', 'FOOBAR', 'BBCCDDF%00'))
|
||||
def test_tracking_code_search_invalid(settings, app, nocache, invalid_code):
|
||||
with mock.patch('combo.apps.wcs.models.requests.get') as requests_get:
|
||||
result = app.get(f'/api/search/tracking-code/?q={invalid_code}').json
|
||||
assert len(result.get('data')) == 0
|
||||
assert result.get('err') == 0
|
||||
assert requests_get.called is False # no code
|
||||
|
||||
|
||||
def test_tracking_code_search_rate_limit(settings, app):
|
||||
settings.TEMPLATE_VARS['is_portal_agent'] = True
|
||||
settings.WCS_TRACKING_CODE_RATE_LIMIT = '0/s'
|
||||
|
@ -1679,14 +1688,14 @@ def test_tracking_code_search_rate_limit(settings, app):
|
|||
cell.save()
|
||||
|
||||
resp = app.get('/')
|
||||
resp.form['code'] = 'FOOBAR'
|
||||
resp.form['code'] = 'FFQQBRRR'
|
||||
resp = resp.form.submit()
|
||||
assert resp.status_code == 302
|
||||
resp = resp.follow()
|
||||
assert '<li class="error">Looking up tracking code is currently rate limited.</li>' in resp.text
|
||||
|
||||
resp = app.get('/')
|
||||
resp.form['code'] = 'FOOBAR'
|
||||
resp.form['code'] = 'FFQQBRRR'
|
||||
resp.form['url'] = 'http://example.org/'
|
||||
resp = resp.form.submit(status=403)
|
||||
|
||||
|
|
Loading…
Reference in New Issue