entrouvert
/
hobo
16
0
Fork 0
Code Issues Pull Requests 15 Releases Activity

franceconnect: ensure id and secret input are 64-caracter long (#54852)

This commit is contained in:
Paul Marillonnet 2021-06-14 17:33:05 +02:00 committed by Nicolas ROCHE
parent afb89ff9a8
commit 136a28eb96
2 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
hobo/franceconnect/forms.py
View File

@ -32,9 +32,13 @@ class SettingsForm(forms.Form):
'See <a href="https://partenaires.franceconnect.gouv.fr/fcp/fournisseur-service">'
'FranceConnect partners site</a> for getting client ID and secret.'
),
max_length=64,
min_length=64,
widget=forms.TextInput(attrs={'size': 64}),
)
client_secret = forms.CharField(label=_('Client Secret'), widget=forms.TextInput(attrs={'size': 64}))
client_secret = forms.CharField(
label=_('Client Secret'), max_length=64, min_length=64, widget=forms.TextInput(attrs={'size': 64})
)
scopes = forms.MultipleChoiceField(
label=_('Scopes'),
choices=[

14
tests/test_franceconnect.py
View File

@ -41,9 +41,23 @@ def test_franceconnect(app, admin_user):
assert Variable.objects.filter(name__startswith='SETTING_A2_FC').count() == 1
assert Variable.objects.filter(name__startswith='SETTING_A2_FC_ENABLE', value='true').count() == 1
# id and secret too short
response.form.set('platform', 'prod')
response.form.set('client_id', 'xyz')
response.form.set('client_secret', '1234')
response = response.form.submit()
assert "Ensure this value has at least 64 characters (it has 3)" in response.text
assert "Ensure this value has at least 64 characters (it has 4)" in response.text
# id and secret too long
response.form.set('client_id', 'xyz' * 30)
response.form.set('client_secret', '1234' * 30)
response = response.form.submit()
assert "Ensure this value has at most 64 characters (it has 90)" in response.text
assert "Ensure this value has at most 64 characters (it has 120)" in response.text
response.form.set('client_id', 'wxyz' * 16)
response.form.set('client_secret', '1234' * 16)
response = response.form.submit().follow()
assert Variable.objects.filter(name__startswith='SETTING_A2_FC').count() == 10