diff --git a/src/_secureaccesstokenauthorizer/resource.py b/src/_secureaccesstokenauthorizer/resource.py index 9c4d60ec8ac7ab1b24d3189e19983884f1cd2779..bab22f4eb0f39a28321b18ce13017296e10346c8 100644 --- a/src/_secureaccesstokenauthorizer/resource.py +++ b/src/_secureaccesstokenauthorizer/resource.py @@ -101,7 +101,9 @@ class _PaymentReferenceNumberCollection(Resource): prn = payload[u"payment-reference-number"] if not isinstance(prn, unicode): return bad_request().render(request) - if not prn.strip(): + if len(prn) != 44: + # TODO. 44 is the length of 32 bytes base64 encoded. This model + # information presumably belongs somewhere else. return bad_request().render(request) try: urlsafe_b64decode(prn.encode("ascii")) diff --git a/src/_secureaccesstokenauthorizer/tests/test_client_resource.py b/src/_secureaccesstokenauthorizer/tests/test_client_resource.py index d8a8d6852832bdd9ef4e167932e0b59cda65ae2f..3c1216b6f48fc13a55bf50c0d9c345b3999c36e9 100644 --- a/src/_secureaccesstokenauthorizer/tests/test_client_resource.py +++ b/src/_secureaccesstokenauthorizer/tests/test_client_resource.py @@ -137,6 +137,7 @@ def not_payment_reference_numbers(): ), ) + def is_urlsafe_base64(text): try: urlsafe_b64decode(text) @@ -145,7 +146,6 @@ def is_urlsafe_base64(text): return True - def invalid_bodies(): """ Build byte strings that ``PUT /payment-reference-number`` considers