summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBenjamin Dauvergne <bdauvergne@entrouvert.com>2021-02-20 19:02:15 (GMT)
committerBenjamin Dauvergne <bdauvergne@entrouvert.com>2021-02-20 19:02:15 (GMT)
commit5afe44fd6044c09b9b727a4dec800531a11eda0b (patch)
tree488777626e512f2d2c45361290f6abb1a363e8fa
parent2acbdd4095ce78dcefc00dae905451d7789afa31 (diff)
downloadeopayment-5afe44fd6044c09b9b727a4dec800531a11eda0b.zip
eopayment-5afe44fd6044c09b9b727a4dec800531a11eda0b.tar.gz
eopayment-5afe44fd6044c09b9b727a4dec800531a11eda0b.tar.bz2
paybox: improve shared_secret validation (#49822)
-rw-r--r--eopayment/paybox.py2
-rw-r--r--tests/test_paybox.py17
2 files changed, 18 insertions, 1 deletions
diff --git a/eopayment/paybox.py b/eopayment/paybox.py
index d888bef..6312068 100644
--- a/eopayment/paybox.py
+++ b/eopayment/paybox.py
@@ -253,7 +253,7 @@ class Payment(PaymentCommon):
'name': 'shared_secret',
'caption': 'Secret partagé (clé HMAC)',
'validation': lambda x: isinstance(x, str)
- and all(a.lower() in '0123456789abcdef' for a in x),
+ and all(a.lower() in '0123456789abcdef' for a in x) and (len(x) % 2 == 0),
'required': True,
},
{
diff --git a/tests/test_paybox.py b/tests/test_paybox.py
index 7beb3f9..03f5e62 100644
--- a/tests/test_paybox.py
+++ b/tests/test_paybox.py
@@ -25,6 +25,8 @@ import six
from six.moves.urllib import parse as urllib
from xml.etree import ElementTree as ET
+import pytest
+
import eopayment.paybox as paybox
import eopayment
@@ -359,3 +361,18 @@ FBFKOZhgBJnkC+l6+XhT4aYWKaQ4ocmOMV92yjeXTE4='''
if node.attrib['type'] == 'hidden'))
self.assertIn('PBX_AUTOSEULE', form_params)
self.assertEqual(form_params['PBX_AUTOSEULE'], 'O')
+
+
+@pytest.mark.parametrize('name,value,result', [
+ ('shared_secret', '1f', True),
+ ('shared_secret', '1fxx', False),
+ ('shared_secret', '1fa', False),
+ ('shared_secret', '1fa2', True),
+])
+def test_param_validation(name, value, result):
+ for param in paybox.Payment.description['parameters']:
+ if param['name'] == name:
+ assert param['validation'](value) is result
+ break
+ else:
+ assert False, 'param %s not found' % name