Projet

Général

Profil

0001-franceconnect-ensure-id-and-secret-input-are-64-char.patch

Paul Marillonnet, 14 juin 2021 17:35

Télécharger (2,59 ko)

Voir les différences:

Subject: [PATCH] franceconnect: ensure id and secret input are 64-character
 long (#54852)

 hobo/franceconnect/forms.py |  6 +++++-
 tests/test_franceconnect.py | 14 ++++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)
hobo/franceconnect/forms.py
32 32
            'See <a href="https://partenaires.franceconnect.gouv.fr/fcp/fournisseur-service">'
33 33
            'FranceConnect partners site</a> for getting client ID and secret.'
34 34
        ),
35
        max_length=64,
36
        min_length=64,
35 37
        widget=forms.TextInput(attrs={'size': 64}),
36 38
    )
37
    client_secret = forms.CharField(label=_('Client Secret'), widget=forms.TextInput(attrs={'size': 64}))
39
    client_secret = forms.CharField(
40
        label=_('Client Secret'), max_length=64, min_length=64, widget=forms.TextInput(attrs={'size': 64})
41
    )
38 42
    scopes = forms.MultipleChoiceField(
39 43
        label=_('Scopes'),
40 44
        choices=[
tests/test_franceconnect.py
41 41
    assert Variable.objects.filter(name__startswith='SETTING_A2_FC').count() == 1
42 42
    assert Variable.objects.filter(name__startswith='SETTING_A2_FC_ENABLE', value='true').count() == 1
43 43

  
44
    # id and secret too short
44 45
    response.form.set('platform', 'prod')
45 46
    response.form.set('client_id', 'xyz')
46 47
    response.form.set('client_secret', '1234')
48
    response = response.form.submit()
49
    assert "Ensure this value has at least 64 characters (it has 3)" in response.text
50
    assert "Ensure this value has at least 64 characters (it has 4)" in response.text
51

  
52
    # id and secret too long
53
    response.form.set('client_id', 'xyz' * 30)
54
    response.form.set('client_secret', '1234' * 30)
55
    response = response.form.submit()
56
    assert "Ensure this value has at most 64 characters (it has 90)" in response.text
57
    assert "Ensure this value has at most 64 characters (it has 120)" in response.text
58

  
59
    response.form.set('client_id', 'wxyz' * 16)
60
    response.form.set('client_secret', '1234' * 16)
47 61
    response = response.form.submit().follow()
48 62

  
49 63
    assert Variable.objects.filter(name__startswith='SETTING_A2_FC').count() == 10
50
-