paybox: raise ResponseError on malformed signatures (#49705)
This commit is contained in:
parent
b456c19e6a
commit
0c13ae109d
|
@ -376,7 +376,10 @@ class Payment(PaymentCommon):
|
||||||
signed = False
|
signed = False
|
||||||
if 'signature' in d:
|
if 'signature' in d:
|
||||||
sig = d['signature'][0]
|
sig = d['signature'][0]
|
||||||
sig = base64.b64decode(sig)
|
try:
|
||||||
|
sig = base64.b64decode(sig)
|
||||||
|
except (TypeError, ValueError):
|
||||||
|
raise ResponseError('invalid signature')
|
||||||
data = []
|
data = []
|
||||||
if callback:
|
if callback:
|
||||||
for key in ('montant', 'reference', 'code_autorisation',
|
for key in ('montant', 'reference', 'code_autorisation',
|
||||||
|
|
|
@ -362,6 +362,22 @@ FBFKOZhgBJnkC+l6+XhT4aYWKaQ4ocmOMV92yjeXTE4='''
|
||||||
self.assertIn('PBX_AUTOSEULE', form_params)
|
self.assertIn('PBX_AUTOSEULE', form_params)
|
||||||
self.assertEqual(form_params['PBX_AUTOSEULE'], 'O')
|
self.assertEqual(form_params['PBX_AUTOSEULE'], 'O')
|
||||||
|
|
||||||
|
def test_invalid_signature(self):
|
||||||
|
backend = eopayment.Payment('paybox', BACKEND_PARAMS)
|
||||||
|
order_id = '20160216'
|
||||||
|
transaction = '1234'
|
||||||
|
reference = '%s!%s' % (transaction, order_id)
|
||||||
|
data = {
|
||||||
|
'montant': '4242',
|
||||||
|
'reference': reference,
|
||||||
|
'code_autorisation': 'A',
|
||||||
|
'erreur': '00000',
|
||||||
|
'date_transaction': '20200101',
|
||||||
|
'heure_transaction': '01:01:01',
|
||||||
|
'signature': 'a'}
|
||||||
|
with pytest.raises(eopayment.ResponseError, match='invalid signature'):
|
||||||
|
backend.response(urllib.urlencode(data))
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.parametrize('name,value,result', [
|
@pytest.mark.parametrize('name,value,result', [
|
||||||
('shared_secret', '1f', True),
|
('shared_secret', '1f', True),
|
||||||
|
|
Loading…
Reference in New Issue