0001-lingo-detect-more-errors-in-remove-payload-40708.patch
| combo/apps/lingo/views.py | ||
|---|---|---|
| 243 | 243 |
if not 'basket_item_id' in request_body: |
| 244 | 244 |
return HttpResponseBadRequest('missing basket_item_id parameter')
|
| 245 | 245 | |
| 246 |
try: |
|
| 247 |
item = BasketItem.objects.get(id=request_body.get('basket_item_id'))
|
|
| 248 |
except BasketItem.DoesNotExist: |
|
| 249 |
return HttpResponseBadRequest('unknown basket item')
|
|
| 250 |
except ValueError: |
|
| 251 |
return HttpResponseBadRequest('invalid basket_item_id')
|
|
| 252 | ||
| 253 |
if item.cancellation_date: |
|
| 254 |
return HttpResponseBadRequest('basket item already cancelled')
|
|
| 255 | ||
| 246 | 256 |
try: |
| 247 | 257 |
if request.GET.get('NameId'):
|
| 248 | 258 |
user = get_user_from_name_id(request.GET.get('NameId'), raise_on_missing=True)
|
| ... | ... | |
| 255 | 265 |
except User.DoesNotExist: |
| 256 | 266 |
return HttpResponseBadRequest('unknown user')
|
| 257 | 267 | |
| 258 |
try: |
|
| 259 |
item = BasketItem.objects.get(id=request_body.get('basket_item_id'),
|
|
| 260 |
user=user, cancellation_date__isnull=True) |
|
| 261 |
except BasketItem.DoesNotExist: |
|
| 262 |
return HttpResponseBadRequest('unknown basket item')
|
|
| 268 |
if item.user != user: |
|
| 269 |
return HttpResponseBadRequest('user does not own the basket item')
|
|
| 263 | 270 | |
| 264 | 271 |
notify_origin = bool(request_body.get('notify', 'false') == 'true')
|
| 265 | 272 |
item.notify_cancellation(notify_origin=notify_origin) |
| tests/test_lingo_payment.py | ||
|---|---|---|
| 545 | 545 |
resp = app.post_json(url, params=data, status=400) |
| 546 | 546 |
assert 'missing basket_item_id parameter' in resp.text |
| 547 | 547 | |
| 548 |
url = '%s?email=%s&orig=wcs' % (reverse('api-remove-basket-item'), user_email)
|
|
| 549 |
url = sign_url(url, key) |
|
| 550 |
data = {'basket_item_id': 'eggs', 'notify': 'true'}
|
|
| 551 |
resp = app.post_json(url, params=data, status=400) |
|
| 552 |
assert 'invalid basket_item_id' in resp.text |
|
| 553 | ||
| 548 | 554 |
url = '%s?email=%s&orig=wcs' % (reverse('api-remove-basket-item'), user_email)
|
| 549 | 555 |
url = sign_url(url, key) |
| 550 | 556 |
data = {'basket_item_id': 0, 'notify': 'true'}
|
| ... | ... | |
| 563 | 569 |
resp = app.post_json(url, params=data, status=400) |
| 564 | 570 |
assert 'unknown user' in resp.text |
| 565 | 571 | |
| 572 |
other_user_email = 'bar@example.net' |
|
| 573 |
User.objects.get_or_create(email=other_user_email) |
|
| 574 |
url = '%s?email=%s&orig=wcs' % (reverse('api-remove-basket-item'), other_user_email)
|
|
| 575 |
url = sign_url(url, key) |
|
| 576 |
data = {'basket_item_id': basket_item_id, 'notify': 'true'}
|
|
| 577 |
resp = app.post_json(url, params=data, status=400) |
|
| 578 |
assert 'user does not own the basket item' in resp.text |
|
| 579 | ||
| 566 | 580 |
with mock.patch('combo.utils.requests_wrapper.RequestsSession.request') as request:
|
| 567 | 581 |
url = '%s?email=%s&orig=wcs' % (reverse('api-remove-basket-item'), user_email)
|
| 568 | 582 |
url = sign_url(url, key) |
| ... | ... | |
| 581 | 595 |
assert not BasketItem.objects.filter(amount=42, cancellation_date__isnull=True).exists() |
| 582 | 596 |
assert not BasketItem.objects.filter(amount=21, cancellation_date__isnull=True).exists() |
| 583 | 597 | |
| 598 |
url = '%s?email=%s&orig=wcs' % (reverse('api-remove-basket-item'), user_email)
|
|
| 599 |
url = sign_url(url, key) |
|
| 600 |
data = {'basket_item_id': basket_item_id}
|
|
| 601 |
resp = app.post_json(url, params=data, status=400) |
|
| 602 |
assert 'basket item already cancelled' in resp.text |
|
| 603 | ||
| 584 | 604 | |
| 585 | 605 |
def test_cancel_basket_item_from_cell(app, key, regie, user): |
| 586 | 606 |
page = Page(title='xxx', slug='test_basket_cell', template_name='standard') |
| 587 |
- |
|