paybox: raise ResponseError on malformed signatures (#49705)
This commit is contained in:
parent
b456c19e6a
commit
0c13ae109d
|
@ -376,7 +376,10 @@ class Payment(PaymentCommon):
|
|||
signed = False
|
||||
if 'signature' in d:
|
||||
sig = d['signature'][0]
|
||||
sig = base64.b64decode(sig)
|
||||
try:
|
||||
sig = base64.b64decode(sig)
|
||||
except (TypeError, ValueError):
|
||||
raise ResponseError('invalid signature')
|
||||
data = []
|
||||
if callback:
|
||||
for key in ('montant', 'reference', 'code_autorisation',
|
||||
|
|
|
@ -362,6 +362,22 @@ FBFKOZhgBJnkC+l6+XhT4aYWKaQ4ocmOMV92yjeXTE4='''
|
|||
self.assertIn('PBX_AUTOSEULE', form_params)
|
||||
self.assertEqual(form_params['PBX_AUTOSEULE'], 'O')
|
||||
|
||||
def test_invalid_signature(self):
|
||||
backend = eopayment.Payment('paybox', BACKEND_PARAMS)
|
||||
order_id = '20160216'
|
||||
transaction = '1234'
|
||||
reference = '%s!%s' % (transaction, order_id)
|
||||
data = {
|
||||
'montant': '4242',
|
||||
'reference': reference,
|
||||
'code_autorisation': 'A',
|
||||
'erreur': '00000',
|
||||
'date_transaction': '20200101',
|
||||
'heure_transaction': '01:01:01',
|
||||
'signature': 'a'}
|
||||
with pytest.raises(eopayment.ResponseError, match='invalid signature'):
|
||||
backend.response(urllib.urlencode(data))
|
||||
|
||||
|
||||
@pytest.mark.parametrize('name,value,result', [
|
||||
('shared_secret', '1f', True),
|
||||
|
|
Loading…
Reference in New Issue