0001-franceconnect-ensure-id-and-secret-input-are-64-char.patch
hobo/franceconnect/forms.py | ||
---|---|---|
15 | 15 |
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
16 | 16 | |
17 | 17 |
from django import forms |
18 |
from django.core.exceptions import ValidationError |
|
18 | 19 |
from django.utils.translation import ugettext_lazy as _ |
19 | 20 | |
20 | 21 | |
... | ... | |
56 | 57 |
help_text=_('These scopes will be requested in addition to openid'), |
57 | 58 |
) |
58 | 59 | |
60 |
def clean(self): |
|
61 |
cleaned_data = super().clean() |
|
62 |
cleaned_data['client_id'] = cleaned_data['client_id'].strip() |
|
63 |
cleaned_data['client_secret'] = cleaned_data['client_secret'].strip() |
|
64 |
errors = [] |
|
65 | ||
66 |
if len(cleaned_data['client_id']) != 64: |
|
67 |
errors.append( |
|
68 |
ValidationError( |
|
69 |
_('Client identifier must be a 64-character-long string.'), code='client_id_64' |
|
70 |
) |
|
71 |
) |
|
72 |
if len(cleaned_data['client_secret']) != 64: |
|
73 |
errors.append( |
|
74 |
ValidationError( |
|
75 |
_('Client secret must be a 64-character-long string.'), code='client_secret_64' |
|
76 |
) |
|
77 |
) |
|
78 | ||
79 |
try: |
|
80 |
int(cleaned_data['client_id'], 16) |
|
81 |
except ValueError: |
|
82 |
errors.append(ValidationError(_('Client identifier must be hexadecimal.'), code='client_id_hexa')) |
|
83 |
try: |
|
84 |
int(cleaned_data['client_secret'], 16) |
|
85 |
except ValueError: |
|
86 |
errors.append(ValidationError(_('Client secret must be hexadecimal.'), code='client_secret_hexa')) |
|
87 | ||
88 |
if errors: |
|
89 |
raise ValidationError(errors) |
|
90 | ||
91 |
return cleaned_data |
|
92 | ||
59 | 93 | |
60 | 94 |
class EnableForm(forms.Form): |
61 | 95 |
pass |
tests/test_franceconnect.py | ||
---|---|---|
41 | 41 |
assert Variable.objects.filter(name__startswith='SETTING_A2_FC').count() == 1 |
42 | 42 |
assert Variable.objects.filter(name__startswith='SETTING_A2_FC_ENABLE', value='true').count() == 1 |
43 | 43 | |
44 |
# id and secret too short |
|
44 | 45 |
response.form.set('platform', 'prod') |
45 | 46 |
response.form.set('client_id', 'xyz') |
46 | 47 |
response.form.set('client_secret', '1234') |
48 |
response = response.form.submit() |
|
49 |
assert "Client identifier must be a 64-character-long string." in response.text |
|
50 |
assert "Client secret must be a 64-character-long string." in response.text |
|
51 | ||
52 |
# id and secret too long |
|
53 |
response.form.set('client_id', 'wxyz' * 30) |
|
54 |
response.form.set('client_secret', '1234' * 30) |
|
55 |
response = response.form.submit() |
|
56 |
assert "Client identifier must be a 64-character-long string." in response.text |
|
57 |
assert "Client secret must be a 64-character-long string." in response.text |
|
58 | ||
59 |
# id and secret not hexadecimal |
|
60 |
response.form.set('client_id', 'wxyz' * 16) |
|
61 |
response.form.set('client_secret', '123z' * 16) |
|
62 |
response = response.form.submit() |
|
63 |
assert "Client identifier must be hexadecimal." in response.text |
|
64 |
assert "Client secret must be hexadecimal." in response.text |
|
65 | ||
66 |
response.form.set('client_id', '01ab' * 16) |
|
67 |
response.form.set('client_secret', '23cd' * 16) |
|
47 | 68 |
response = response.form.submit().follow() |
48 | 69 | |
49 | 70 |
assert Variable.objects.filter(name__startswith='SETTING_A2_FC').count() == 10 |
50 |
- |