From 17177b8d25e4177eba3efe9df444d62ebeaf58d6 Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Fri, 2 Aug 2019 11:02:37 -0600
Subject: [PATCH] just catch all wrong length strings

---
 src/_secureaccesstokenauthorizer/resource.py                  | 4 +++-
 .../tests/test_client_resource.py                             | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/_secureaccesstokenauthorizer/resource.py b/src/_secureaccesstokenauthorizer/resource.py
index 9c4d60e..bab22f4 100644
--- a/src/_secureaccesstokenauthorizer/resource.py
+++ b/src/_secureaccesstokenauthorizer/resource.py
@@ -101,7 +101,9 @@ class _PaymentReferenceNumberCollection(Resource):
         prn = payload[u"payment-reference-number"]
         if not isinstance(prn, unicode):
             return bad_request().render(request)
-        if not prn.strip():
+        if len(prn) != 44:
+            # TODO.  44 is the length of 32 bytes base64 encoded.  This model
+            # information presumably belongs somewhere else.
             return bad_request().render(request)
         try:
             urlsafe_b64decode(prn.encode("ascii"))
diff --git a/src/_secureaccesstokenauthorizer/tests/test_client_resource.py b/src/_secureaccesstokenauthorizer/tests/test_client_resource.py
index d8a8d68..3c1216b 100644
--- a/src/_secureaccesstokenauthorizer/tests/test_client_resource.py
+++ b/src/_secureaccesstokenauthorizer/tests/test_client_resource.py
@@ -137,6 +137,7 @@ def not_payment_reference_numbers():
         ),
     )
 
+
 def is_urlsafe_base64(text):
     try:
         urlsafe_b64decode(text)
@@ -145,7 +146,6 @@ def is_urlsafe_base64(text):
     return True
 
 
-
 def invalid_bodies():
     """
     Build byte strings that ``PUT /payment-reference-number`` considers
-- 
GitLab