0001-lingo-remove-character-from-return-url-39256.patch
| combo/apps/lingo/views.py | ||
|---|---|---|
| 49 | 49 |
LingoBasketCell, SelfDeclaredInvoicePayment, PaymentBackend, EXPIRED) |
| 50 | 50 | |
| 51 | 51 | |
| 52 |
def signing_dumps(content): |
|
| 53 |
serialization = signing.dumps(content) |
|
| 54 |
return serialization.replace(':', '.')
|
|
| 55 | ||
| 56 | ||
| 57 |
def signing_loads(serialization): |
|
| 58 |
serialization = serialization.replace('.', ':')
|
|
| 59 |
return signing.loads(serialization) |
|
| 60 | ||
| 61 | ||
| 52 | 62 |
def get_eopayment_object(request, regie_or_payment_backend, transaction_id=None): |
| 53 | 63 |
payment_backend = regie_or_payment_backend |
| 54 | 64 |
if isinstance(regie_or_payment_backend, Regie): |
| ... | ... | |
| 64 | 74 |
options['normal_return_url'] = request.build_absolute_uri( |
| 65 | 75 |
reverse('lingo-return-payment-backend', kwargs={
|
| 66 | 76 |
'payment_backend_pk': payment_backend.id, |
| 67 |
'transaction_signature': signing.dumps(transaction_id)
|
|
| 77 |
'transaction_signature': signing_dumps(transaction_id)
|
|
| 68 | 78 |
}) |
| 69 | 79 |
) |
| 70 | 80 |
return eopayment.Payment(payment_backend.service, options) |
| ... | ... | |
| 210 | 220 |
payment_url = reverse( |
| 211 | 221 |
'basket-item-pay-view', |
| 212 | 222 |
kwargs={
|
| 213 |
'item_signature': signing.dumps(item.pk)
|
|
| 223 |
'item_signature': signing_dumps(item.pk)
|
|
| 214 | 224 |
}) |
| 215 | 225 |
return JsonResponse({'result': 'success', 'id': str(item.id),
|
| 216 | 226 |
'payment_url': request.build_absolute_uri(payment_url)}) |
| ... | ... | |
| 456 | 466 |
url = reverse('payment-status')
|
| 457 | 467 |
params = [] |
| 458 | 468 |
if transaction_id: |
| 459 |
params.append(('transaction-id', signing.dumps(transaction_id)))
|
|
| 469 |
params.append(('transaction-id', signing_dumps(transaction_id)))
|
|
| 460 | 470 |
if next_url: |
| 461 | 471 |
params.append(('next', next_url))
|
| 462 | 472 |
return "%s?%s" % (url, urlencode(params)) |
| ... | ... | |
| 472 | 482 | |
| 473 | 483 |
item_signature = kwargs.get('item_signature')
|
| 474 | 484 |
try: |
| 475 |
item_id = signing.loads(item_signature)
|
|
| 485 |
item_id = signing_loads(item_signature)
|
|
| 476 | 486 |
except signing.BadSignature: |
| 477 | 487 |
return HttpResponseForbidden(_('Invalid payment request.'))
|
| 478 | 488 | |
| ... | ... | |
| 646 | 656 |
transaction_id = kwargs.get('transaction_signature')
|
| 647 | 657 |
if transaction_id: |
| 648 | 658 |
try: |
| 649 |
transaction_id = signing.loads(transaction_id)
|
|
| 659 |
transaction_id = signing_loads(transaction_id)
|
|
| 650 | 660 |
except signing.BadSignature: |
| 651 | 661 |
pass |
| 652 | 662 |
try: |
| ... | ... | |
| 842 | 852 |
return publish_page(request, page, template_name=template_name) |
| 843 | 853 | |
| 844 | 854 |
try: |
| 845 |
transaction_id = signing.loads(transaction_id)
|
|
| 855 |
transaction_id = signing_loads(transaction_id)
|
|
| 846 | 856 |
except signing.BadSignature: |
| 847 | 857 |
return HttpResponseForbidden(_('Invalid transaction signature.'))
|
| 848 | 858 | |
| ... | ... | |
| 858 | 868 |
next_url = transaction.items.first().source_url |
| 859 | 869 |
next_url = request.build_absolute_uri(next_url) |
| 860 | 870 | |
| 861 |
extra_context_data['transaction_id'] = signing.dumps(transaction.pk)
|
|
| 871 |
extra_context_data['transaction_id'] = signing_dumps(transaction.pk)
|
|
| 862 | 872 |
extra_context_data['next_url'] = next_url |
| 863 | 873 |
request.extra_context_data = extra_context_data |
| 864 | 874 |
return publish_page(request, page, template_name=template_name) |
| ... | ... | |
| 871 | 881 |
def get(self, request, *args, **kwargs): |
| 872 | 882 |
transaction_signature = kwargs.get('transaction_signature')
|
| 873 | 883 |
try: |
| 874 |
transaction_id = signing.loads(transaction_signature)
|
|
| 884 |
transaction_id = signing_loads(transaction_signature)
|
|
| 875 | 885 |
except signing.BadSignature: |
| 876 | 886 |
return HttpResponseBadRequest(_('Invalid transaction.'))
|
| 877 | 887 | |
| tests/test_lingo_payment.py | ||
|---|---|---|
| 9 | 9 | |
| 10 | 10 |
from django.apps import apps |
| 11 | 11 |
from django.contrib.auth.models import User |
| 12 |
from django.core import signing |
|
| 13 | 12 |
from django.core.urlresolvers import reverse |
| 14 | 13 |
from django.core.wsgi import get_wsgi_application |
| 15 | 14 |
from django.conf import settings |
| ... | ... | |
| 25 | 24 |
Regie, BasketItem, Transaction, TransactionOperation, RemoteItem, EXPIRED, LingoBasketCell, |
| 26 | 25 |
PaymentBackend) |
| 27 | 26 |
from combo.utils import aes_hex_decrypt, sign_url |
| 27 |
from combo.apps.lingo.views import signing_loads, signing_dumps |
|
| 28 | 28 | |
| 29 | 29 |
from .test_manager import login |
| 30 | 30 | |
| ... | ... | |
| 131 | 131 |
url, part = url.split('?')
|
| 132 | 132 |
query = urlparse.parse_qs(part) |
| 133 | 133 |
assert 'transaction-id' in query |
| 134 |
assert signing.loads(query['transaction-id'][0]) == transaction_id |
|
| 134 |
assert ':' not in query['transaction-id'] |
|
| 135 |
assert signing_loads(query['transaction-id'][0]) == transaction_id |
|
| 135 | 136 | |
| 136 | 137 |
assert url.startswith('/lingo/payment-status')
|
| 137 | 138 | |
| ... | ... | |
| 1042 | 1043 |
assert path.startswith(start) |
| 1043 | 1044 |
assert path.endswith(end) |
| 1044 | 1045 |
signature = path.replace(start, '').replace(end, '') |
| 1045 |
assert signing.loads(signature) == item.id
|
|
| 1046 |
assert signing_loads(signature) == item.id
|
|
| 1046 | 1047 | |
| 1047 | 1048 |
if authenticated: |
| 1048 | 1049 |
app = login(app) |
| ... | ... | |
| 1118 | 1119 |
# invalid transaction signature |
| 1119 | 1120 |
url = reverse( |
| 1120 | 1121 |
'api-transaction-status', |
| 1121 |
kwargs={'transaction_signature': signing.dumps('xxxx')}
|
|
| 1122 |
kwargs={'transaction_signature': signing_dumps('xxxx')}
|
|
| 1122 | 1123 | |
| 1123 | 1124 |
) |
| 1124 | 1125 |
resp = app.get(url, status=404) |
| ... | ... | |
| 1128 | 1129 |
transaction_id = 1000 |
| 1129 | 1130 |
url = reverse( |
| 1130 | 1131 |
'api-transaction-status', |
| 1131 |
kwargs={'transaction_signature': signing.dumps(transaction_id)}
|
|
| 1132 |
kwargs={'transaction_signature': signing_dumps(transaction_id)}
|
|
| 1132 | 1133 |
) |
| 1133 | 1134 |
resp = app.get(url, status=404) |
| 1134 | 1135 |
assert 'Unknown transaction.' in resp.text |
| ... | ... | |
| 1142 | 1143 |
transaction = Transaction.objects.create(amount=Decimal('10.0'), regie=regie, status=0)
|
| 1143 | 1144 |
url = reverse( |
| 1144 | 1145 |
'api-transaction-status', |
| 1145 |
kwargs={'transaction_signature': signing.dumps(transaction.pk)}
|
|
| 1146 |
kwargs={'transaction_signature': signing_dumps(transaction.pk)}
|
|
| 1146 | 1147 |
) |
| 1147 | 1148 |
resp = app.get(url) |
| 1148 | 1149 |
assert resp.json == wait_response |
| ... | ... | |
| 1151 | 1152 |
transaction = Transaction.objects.create(amount=Decimal('10.0'), regie=regie, status=0)
|
| 1152 | 1153 |
url = reverse( |
| 1153 | 1154 |
'api-transaction-status', |
| 1154 |
kwargs={'transaction_signature': signing.dumps(transaction.pk)}
|
|
| 1155 |
kwargs={'transaction_signature': signing_dumps(transaction.pk)}
|
|
| 1155 | 1156 |
) |
| 1156 | 1157 |
resp = login(app).get(url) |
| 1157 | 1158 |
assert resp.json == wait_response |
| ... | ... | |
| 1162 | 1163 |
amount=Decimal('10.0'), regie=regie, status=0, user=user)
|
| 1163 | 1164 |
url = reverse( |
| 1164 | 1165 |
'api-transaction-status', |
| 1165 |
kwargs={'transaction_signature': signing.dumps(transaction.pk)}
|
|
| 1166 |
kwargs={'transaction_signature': signing_dumps(transaction.pk)}
|
|
| 1166 | 1167 |
) |
| 1167 | 1168 |
resp = login(app).get(url) |
| 1168 | 1169 |
assert resp.json == wait_response |
| ... | ... | |
| 1174 | 1175 |
amount=Decimal('10.0'), regie=regie, status=0, user=user)
|
| 1175 | 1176 |
url = reverse( |
| 1176 | 1177 |
'api-transaction-status', |
| 1177 |
kwargs={'transaction_signature': signing.dumps(transaction.pk)}
|
|
| 1178 |
kwargs={'transaction_signature': signing_dumps(transaction.pk)}
|
|
| 1178 | 1179 |
) |
| 1179 | 1180 |
resp = app.get(url, status=403) |
| 1180 | 1181 |
assert error_msg in resp.text |
| ... | ... | |
| 1186 | 1187 |
transaction = Transaction.objects.create(amount=Decimal('10.0'), regie=regie, status=0, user=user2)
|
| 1187 | 1188 |
url = reverse( |
| 1188 | 1189 |
'api-transaction-status', |
| 1189 |
kwargs={'transaction_signature': signing.dumps(transaction.pk)}
|
|
| 1190 |
kwargs={'transaction_signature': signing_dumps(transaction.pk)}
|
|
| 1190 | 1191 |
) |
| 1191 | 1192 |
resp = login(app).get(url, status=403) |
| 1192 | 1193 |
assert error_msg in resp.text |
| ... | ... | |
| 1198 | 1199 |
) |
| 1199 | 1200 |
url = reverse( |
| 1200 | 1201 |
'api-transaction-status', |
| 1201 |
kwargs={'transaction_signature': signing.dumps(transaction.pk)}
|
|
| 1202 |
kwargs={'transaction_signature': signing_dumps(transaction.pk)}
|
|
| 1202 | 1203 |
) |
| 1203 | 1204 |
resp = app.get(url) |
| 1204 | 1205 |
assert resp.json == {
|
| ... | ... | |
| 1213 | 1214 |
) |
| 1214 | 1215 |
url = reverse( |
| 1215 | 1216 |
'api-transaction-status', |
| 1216 |
kwargs={'transaction_signature': signing.dumps(transaction.pk)}
|
|
| 1217 |
kwargs={'transaction_signature': signing_dumps(transaction.pk)}
|
|
| 1217 | 1218 |
) |
| 1218 | 1219 |
resp = app.get(url) |
| 1219 | 1220 |
assert resp.json == {
|
| 1220 |
- |
|