paybox: improve shared_secret validation (#49822)

eopayment/paybox.py

@@ -253,7 +253,7 @@ class Payment(PaymentCommon):
                 'name': 'shared_secret',
                 'caption': 'Secret partagé (clé HMAC)',
                 'validation': lambda x: isinstance(x, str)
-                and all(a.lower() in '0123456789abcdef' for a in x),
+                and all(a.lower() in '0123456789abcdef' for a in x) and (len(x) % 2 == 0),
                 'required': True,
             },
             {

tests/test_paybox.py

@@ -25,6 +25,8 @@ import six
 from six.moves.urllib import parse as urllib
 from xml.etree import ElementTree as ET
 
+import pytest
+
 import eopayment.paybox as paybox
 import eopayment
 
@@ -359,3 +361,18 @@ FBFKOZhgBJnkC+l6+XhT4aYWKaQ4ocmOMV92yjeXTE4='''
             if node.attrib['type'] == 'hidden'))
         self.assertIn('PBX_AUTOSEULE', form_params)
         self.assertEqual(form_params['PBX_AUTOSEULE'], 'O')
+
+
+@pytest.mark.parametrize('name,value,result', [
+    ('shared_secret', '1f', True),
+    ('shared_secret', '1fxx', False),
+    ('shared_secret', '1fa', False),
+    ('shared_secret', '1fa2', True),
+])
+def test_param_validation(name, value, result):
+    for param in paybox.Payment.description['parameters']:
+        if param['name'] == name:
+            assert param['validation'](value) is result
+            break
+    else:
+        assert False, 'param %s not found' % name