paybox: improve shared_secret validation (#49822)

2021-02-20 20:02:15 +01:00 · 2021-02-20 20:02:15 +01:00 · 5afe44fd60
parent 2acbdd4095
commit 5afe44fd60
2 changed files with 18 additions and 1 deletions
--- a/eopayment/paybox.py
+++ b/eopayment/paybox.py
@ -253,7 +253,7 @@ class Payment(PaymentCommon):
                'name': 'shared_secret',
                'caption': 'Secret partagé (clé HMAC)',
                'validation': lambda x: isinstance(x, str)
-                and all(a.lower() in '0123456789abcdef' for a in x),
+                and all(a.lower() in '0123456789abcdef' for a in x) and (len(x) % 2 == 0),
                'required': True,
            },
            {
--- a/tests/test_paybox.py
+++ b/tests/test_paybox.py
@ -25,6 +25,8 @@ import six
 from six.moves.urllib import parse as urllib
 from xml.etree import ElementTree as ET

+import pytest
+
 import eopayment.paybox as paybox
 import eopayment

@ -359,3 +361,18 @@ FBFKOZhgBJnkC+l6+XhT4aYWKaQ4ocmOMV92yjeXTE4='''
            if node.attrib['type'] == 'hidden'))
        self.assertIn('PBX_AUTOSEULE', form_params)
        self.assertEqual(form_params['PBX_AUTOSEULE'], 'O')
+
+
+@pytest.mark.parametrize('name,value,result', [
+    ('shared_secret', '1f', True),
+    ('shared_secret', '1fxx', False),
+    ('shared_secret', '1fa', False),
+    ('shared_secret', '1fa2', True),
+])
+def test_param_validation(name, value, result):
+    for param in paybox.Payment.description['parameters']:
+        if param['name'] == name:
+            assert param['validation'](value) is result
+            break
+    else:
+        assert False, 'param %s not found' % name