paybox: raise ResponseError on malformed signatures (#49705)

This commit is contained in:
Benjamin Dauvergne 2021-03-11 12:53:24 +01:00
parent b456c19e6a
commit 0c13ae109d
2 changed files with 20 additions and 1 deletions

View File

@ -376,7 +376,10 @@ class Payment(PaymentCommon):
signed = False
if 'signature' in d:
sig = d['signature'][0]
sig = base64.b64decode(sig)
try:
sig = base64.b64decode(sig)
except (TypeError, ValueError):
raise ResponseError('invalid signature')
data = []
if callback:
for key in ('montant', 'reference', 'code_autorisation',

View File

@ -362,6 +362,22 @@ FBFKOZhgBJnkC+l6+XhT4aYWKaQ4ocmOMV92yjeXTE4='''
self.assertIn('PBX_AUTOSEULE', form_params)
self.assertEqual(form_params['PBX_AUTOSEULE'], 'O')
def test_invalid_signature(self):
backend = eopayment.Payment('paybox', BACKEND_PARAMS)
order_id = '20160216'
transaction = '1234'
reference = '%s!%s' % (transaction, order_id)
data = {
'montant': '4242',
'reference': reference,
'code_autorisation': 'A',
'erreur': '00000',
'date_transaction': '20200101',
'heure_transaction': '01:01:01',
'signature': 'a'}
with pytest.raises(eopayment.ResponseError, match='invalid signature'):
backend.response(urllib.urlencode(data))
@pytest.mark.parametrize('name,value,result', [
('shared_secret', '1f', True),