From 4885bd898c466562f37919930ff32d697e1f5d39 Mon Sep 17 00:00:00 2001 From: Valentin Deniaud Date: Tue, 8 Jun 2021 10:59:12 +0200 Subject: [PATCH] api_particulier: validate numero_allocataire (#54607) --- passerelle/apps/api_particulier/models.py | 4 ++- tests/test_api_particulier.py | 41 +++++++++++++++++------ 2 files changed, 34 insertions(+), 11 deletions(-) diff --git a/passerelle/apps/api_particulier/models.py b/passerelle/apps/api_particulier/models.py index 2fb52121..af15bc5e 100644 --- a/passerelle/apps/api_particulier/models.py +++ b/passerelle/apps/api_particulier/models.py @@ -286,7 +286,9 @@ class APIParticulier(BaseResource): ) def v2_situation_familiale(self, request, code_postal, numero_allocataire, user=None): if not code_postal.strip() or not numero_allocataire.strip(): - raise APIError('missing code_postal or numero_allocataire', status_code=400) + raise APIError('missing code_postal or numero_allocataire') + if len(numero_allocataire) != 7 or not numero_allocataire.isdigit(): + raise APIError('numero_allocataire should be a 7 digits number') return self.get( 'v2/composition-familiale', params={ diff --git a/tests/test_api_particulier.py b/tests/test_api_particulier.py index 0a8c6a6e..9c297aec 100644 --- a/tests/test_api_particulier.py +++ b/tests/test_api_particulier.py @@ -178,7 +178,7 @@ def test_error(app, resource, mock_api_particulier): 'reference_avis': '3210987654321', }, ), - (['caf_famille', 'situation-familiale'], {'code_postal': 12, 'numero_allocataire': 15}), + (['caf_famille', 'situation-familiale'], {'code_postal': 12, 'numero_allocataire': '0000015'}), ] with HTTMock(api_particulier_error_500): @@ -296,19 +296,40 @@ def test_avis_imposition(app, resource, mock_api_particulier): def test_situation_familiale(app, resource, mock_api_particulier): + params = { + 'code_postal': '99148', + 'numero_allocataire': '0000354', + 'user': 'John Doe', + } resp = endpoint_get( - '/api-particulier/test/situation-familiale', - app, - resource, - 'situation-familiale', - params={ - 'code_postal': '99148', - 'numero_allocataire': '000354', - 'user': 'John Doe', - }, + '/api-particulier/test/situation-familiale', app, resource, 'situation-familiale', params=params ) assert resp.json['data']['adresse']['codePostalVille'] == '12345 CONDAT' + params['numero_allocataire'] = '11' + resp = endpoint_get( + '/api-particulier/test/situation-familiale', app, resource, 'situation-familiale', params=params + ) + assert resp.status_code == 200 + assert resp.json['err'] == 1 + assert '7 digits' in resp.json['err_desc'] + + params['numero_allocataire'] = '123456a' + resp = endpoint_get( + '/api-particulier/test/situation-familiale', app, resource, 'situation-familiale', params=params + ) + assert resp.status_code == 200 + assert resp.json['err'] == 1 + assert '7 digits' in resp.json['err_desc'] + + params['code_postal'] = ' ' + resp = endpoint_get( + '/api-particulier/test/situation-familiale', app, resource, 'situation-familiale', params=params + ) + assert resp.status_code == 200 + assert resp.json['err'] == 1 + assert 'missing' in resp.json['err_desc'] + def test_detail_page(app, resource, admin_user): login(app) -- 2.20.1