0001-franceconnect-ensure-id-and-secret-input-are-64-char.patch
| hobo/franceconnect/forms.py | ||
|---|---|---|
| 15 | 15 |
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 16 | 16 | |
| 17 | 17 |
from django import forms |
| 18 |
from django.core.exceptions import ValidationError |
|
| 18 | 19 |
from django.utils.translation import ugettext_lazy as _ |
| 19 | 20 | |
| 20 | 21 | |
| ... | ... | |
| 56 | 57 |
help_text=_('These scopes will be requested in addition to openid'),
|
| 57 | 58 |
) |
| 58 | 59 | |
| 60 |
def clean(self): |
|
| 61 |
cleaned_data = super().clean() |
|
| 62 |
cleaned_data['client_id'] = cleaned_data['client_id'].strip() |
|
| 63 |
cleaned_data['client_secret'] = cleaned_data['client_secret'].strip() |
|
| 64 |
errors = [] |
|
| 65 | ||
| 66 |
if len(cleaned_data['client_id']) != 64: |
|
| 67 |
errors.append( |
|
| 68 |
ValidationError( |
|
| 69 |
_('Client identifier must be a 64-character-long string.'), code='client_id_64'
|
|
| 70 |
) |
|
| 71 |
) |
|
| 72 |
if len(cleaned_data['client_secret']) != 64: |
|
| 73 |
errors.append( |
|
| 74 |
ValidationError( |
|
| 75 |
_('Client secret must be a 64-character-long string.'), code='client_secret_64'
|
|
| 76 |
) |
|
| 77 |
) |
|
| 78 | ||
| 79 |
try: |
|
| 80 |
int(cleaned_data['client_id'], 16) |
|
| 81 |
except ValueError: |
|
| 82 |
errors.append(ValidationError(_('Client identifier must be hexadecimal.'), code='client_id_hexa'))
|
|
| 83 |
try: |
|
| 84 |
int(cleaned_data['client_secret'], 16) |
|
| 85 |
except ValueError: |
|
| 86 |
errors.append(ValidationError(_('Client secret must be hexadecimal.'), code='client_secret_hexa'))
|
|
| 87 | ||
| 88 |
if errors: |
|
| 89 |
raise ValidationError(errors) |
|
| 90 | ||
| 91 |
return cleaned_data |
|
| 92 | ||
| 59 | 93 | |
| 60 | 94 |
class EnableForm(forms.Form): |
| 61 | 95 |
pass |
| tests/test_franceconnect.py | ||
|---|---|---|
| 41 | 41 |
assert Variable.objects.filter(name__startswith='SETTING_A2_FC').count() == 1 |
| 42 | 42 |
assert Variable.objects.filter(name__startswith='SETTING_A2_FC_ENABLE', value='true').count() == 1 |
| 43 | 43 | |
| 44 |
# id and secret too short |
|
| 44 | 45 |
response.form.set('platform', 'prod')
|
| 45 | 46 |
response.form.set('client_id', 'xyz')
|
| 46 | 47 |
response.form.set('client_secret', '1234')
|
| 48 |
response = response.form.submit() |
|
| 49 |
assert "Client identifier must be a 64-character-long string." in response.text |
|
| 50 |
assert "Client secret must be a 64-character-long string." in response.text |
|
| 51 | ||
| 52 |
# id and secret too long |
|
| 53 |
response.form.set('client_id', 'wxyz' * 30)
|
|
| 54 |
response.form.set('client_secret', '1234' * 30)
|
|
| 55 |
response = response.form.submit() |
|
| 56 |
assert "Client identifier must be a 64-character-long string." in response.text |
|
| 57 |
assert "Client secret must be a 64-character-long string." in response.text |
|
| 58 | ||
| 59 |
# id and secret not hexadecimal |
|
| 60 |
response.form.set('client_id', 'wxyz' * 16)
|
|
| 61 |
response.form.set('client_secret', '123z' * 16)
|
|
| 62 |
response = response.form.submit() |
|
| 63 |
assert "Client identifier must be hexadecimal." in response.text |
|
| 64 |
assert "Client secret must be hexadecimal." in response.text |
|
| 65 | ||
| 66 |
response.form.set('client_id', '01ab' * 16)
|
|
| 67 |
response.form.set('client_secret', '23cd' * 16)
|
|
| 47 | 68 |
response = response.form.submit().follow() |
| 48 | 69 | |
| 49 | 70 |
assert Variable.objects.filter(name__startswith='SETTING_A2_FC').count() == 10 |
| 50 |
- |
|