api_particulier: validate numero_allocataire (#54607)

2021-06-08 10:59:12 +02:00 · 2021-06-08 10:59:12 +02:00 · 77f3fe3551
parent e741d458ec
commit 77f3fe3551
2 changed files with 35 additions and 11 deletions
--- a/passerelle/apps/api_particulier/models.py
+++ b/passerelle/apps/api_particulier/models.py
@ -38,6 +38,7 @@ from passerelle.base.models import BaseResource
 from passerelle.utils.api import endpoint
 from passerelle.utils.conversion import exception_to_text
 from passerelle.utils.jsonresponse import APIError
+from passerelle.utils.validation import is_number

 from .known_errors import KNOWN_ERRORS

@ -320,7 +321,9 @@ class APIParticulier(BaseResource):
    )
    def v2_situation_familiale(self, request, code_postal, numero_allocataire, user=None):
        if not code_postal.strip() or not numero_allocataire.strip():
-            raise APIError('missing code_postal or numero_allocataire', status_code=400)
+            raise APIError('missing code_postal or numero_allocataire')
+        if len(numero_allocataire) != 7 or not is_number(numero_allocataire):
+            raise APIError('numero_allocataire should be a 7 digits number')
        return self.get(
            'v2/composition-familiale',
            params={
--- a/tests/test_api_particulier.py
+++ b/tests/test_api_particulier.py
@ -178,7 +178,7 @@ def test_error(app, resource, mock_api_particulier):
                'reference_avis': '3210987654321',
            },
        ),
-        (['caf_famille', 'situation-familiale'], {'code_postal': 12, 'numero_allocataire': 15}),
+        (['caf_famille', 'situation-familiale'], {'code_postal': 12, 'numero_allocataire': '0000015'}),
    ]
    with HTTMock(api_particulier_error_500):

@ -296,19 +296,40 @@ def test_avis_imposition(app, resource, mock_api_particulier):


 def test_situation_familiale(app, resource, mock_api_particulier):
+    params = {
+        'code_postal': '99148',
+        'numero_allocataire': '0000354',
+        'user': 'John Doe',
+    }
    resp = endpoint_get(
-        '/api-particulier/test/situation-familiale',
-        app,
-        resource,
-        'situation-familiale',
-        params={
-            'code_postal': '99148',
-            'numero_allocataire': '000354',
-            'user': 'John Doe',
-        },
+        '/api-particulier/test/situation-familiale', app, resource, 'situation-familiale', params=params
    )
    assert resp.json['data']['adresse']['codePostalVille'] == '12345 CONDAT'

+    params['numero_allocataire'] = '11'
+    resp = endpoint_get(
+        '/api-particulier/test/situation-familiale', app, resource, 'situation-familiale', params=params
+    )
+    assert resp.status_code == 200
+    assert resp.json['err'] == 1
+    assert '7 digits' in resp.json['err_desc']
+
+    params['numero_allocataire'] = '123456a'
+    resp = endpoint_get(
+        '/api-particulier/test/situation-familiale', app, resource, 'situation-familiale', params=params
+    )
+    assert resp.status_code == 200
+    assert resp.json['err'] == 1
+    assert '7 digits' in resp.json['err_desc']
+
+    params['code_postal'] = ' '
+    resp = endpoint_get(
+        '/api-particulier/test/situation-familiale', app, resource, 'situation-familiale', params=params
+    )
+    assert resp.status_code == 200
+    assert resp.json['err'] == 1
+    assert 'missing' in resp.json['err_desc']
+

 def test_detail_page(app, resource, admin_user):
    login(app)