0001-paybox-raise-ResponseError-on-malformed-signatures-4.patch
eopayment/paybox.py | ||
---|---|---|
376 | 376 |
signed = False |
377 | 377 |
if 'signature' in d: |
378 | 378 |
sig = d['signature'][0] |
379 |
sig = base64.b64decode(sig) |
|
379 |
try: |
|
380 |
sig = base64.b64decode(sig) |
|
381 |
except (TypeError, ValueError): |
|
382 |
raise ResponseError('invalid signature') |
|
380 | 383 |
data = [] |
381 | 384 |
if callback: |
382 | 385 |
for key in ('montant', 'reference', 'code_autorisation', |
tests/test_paybox.py | ||
---|---|---|
362 | 362 |
self.assertIn('PBX_AUTOSEULE', form_params) |
363 | 363 |
self.assertEqual(form_params['PBX_AUTOSEULE'], 'O') |
364 | 364 | |
365 |
def test_invalid_signature(self): |
|
366 |
backend = eopayment.Payment('paybox', BACKEND_PARAMS) |
|
367 |
order_id = '20160216' |
|
368 |
transaction = '1234' |
|
369 |
reference = '%s!%s' % (transaction, order_id) |
|
370 |
data = { |
|
371 |
'montant': '4242', |
|
372 |
'reference': reference, |
|
373 |
'code_autorisation': 'A', |
|
374 |
'erreur': '00000', |
|
375 |
'date_transaction': '20200101', |
|
376 |
'heure_transaction': '01:01:01', |
|
377 |
'signature': 'a'} |
|
378 |
with pytest.raises(eopayment.ResponseError, match='invalid signature'): |
|
379 |
backend.response(urllib.urlencode(data)) |
|
380 | ||
365 | 381 | |
366 | 382 |
@pytest.mark.parametrize('name,value,result', [ |
367 | 383 |
('shared_secret', '1f', True), |
368 |
- |