From 17177b8d25e4177eba3efe9df444d62ebeaf58d6 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone <exarkun@twistedmatrix.com> Date: Fri, 2 Aug 2019 11:02:37 -0600 Subject: [PATCH] just catch all wrong length strings --- src/_secureaccesstokenauthorizer/resource.py | 4 +++- .../tests/test_client_resource.py | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/_secureaccesstokenauthorizer/resource.py b/src/_secureaccesstokenauthorizer/resource.py index 9c4d60e..bab22f4 100644 --- a/src/_secureaccesstokenauthorizer/resource.py +++ b/src/_secureaccesstokenauthorizer/resource.py @@ -101,7 +101,9 @@ class _PaymentReferenceNumberCollection(Resource): prn = payload[u"payment-reference-number"] if not isinstance(prn, unicode): return bad_request().render(request) - if not prn.strip(): + if len(prn) != 44: + # TODO. 44 is the length of 32 bytes base64 encoded. This model + # information presumably belongs somewhere else. return bad_request().render(request) try: urlsafe_b64decode(prn.encode("ascii")) diff --git a/src/_secureaccesstokenauthorizer/tests/test_client_resource.py b/src/_secureaccesstokenauthorizer/tests/test_client_resource.py index d8a8d68..3c1216b 100644 --- a/src/_secureaccesstokenauthorizer/tests/test_client_resource.py +++ b/src/_secureaccesstokenauthorizer/tests/test_client_resource.py @@ -137,6 +137,7 @@ def not_payment_reference_numbers(): ), ) + def is_urlsafe_base64(text): try: urlsafe_b64decode(text) @@ -145,7 +146,6 @@ def is_urlsafe_base64(text): return True - def invalid_bodies(): """ Build byte strings that ``PUT /payment-reference-number`` considers -- GitLab