Compare commits

...

2 Commits

Author SHA1 Message Date
Antoine Bartuccio 2480644f1c Merge branch 'eboutic_check_basket_amount' into 'master'
eboutic: check basket amount upon command validation

See merge request ae/Sith!192
2019-03-15 12:18:05 +01:00
Skia 03eeffdea0 eboutic: check basket amount upon command validation 2019-03-15 02:17:36 +01:00
2 changed files with 46 additions and 2 deletions

View File

@ -67,8 +67,6 @@ class EbouticTest(TestCase):
urllib.parse.quote_plus(b64sig),
)
response = self.client.get(url)
self.assertTrue(response.status_code == 200)
self.assertTrue(response.content.decode("utf-8") == "")
return response
def test_buy_simple_product_with_sith_account(self):
@ -140,6 +138,8 @@ class EbouticTest(TestCase):
)
response = self.generate_bank_valid_answer_from_page_content(response.content)
self.assertTrue(response.status_code == 200)
self.assertTrue(response.content.decode("utf-8") == "")
response = self.client.get(
reverse(
@ -161,6 +161,42 @@ class EbouticTest(TestCase):
" <td>Carte bancaire</td>" in str(response.content)
)
def test_alter_basket_with_credit_card(self):
self.client.login(username="subscriber", password="plop")
response = self.client.post(
reverse("eboutic:main"),
{"action": "add_product", "product_id": self.barbar.id},
)
self.assertTrue(
'<input type="hidden" name="action" value="add_product">\\n'
' <button type="submit" name="product_id" value="4"> + </button>\\n'
"</form>\\n Barbar: 1.70 \\xe2\\x82\\xac</li>" in str(response.content)
)
response = self.client.post(reverse("eboutic:command"))
self.assertTrue(
"<tr>\\n <td>Barbar</td>\\n <td>1</td>\\n"
" <td>1.70 \\xe2\\x82\\xac</td>\\n </tr>"
in str(response.content)
)
response_altered = self.client.post(
reverse("eboutic:main"),
{"action": "add_product", "product_id": self.barbar.id},
)
self.assertTrue(
'<input type="hidden" name="action" value="add_product">\\n'
' <button type="submit" name="product_id" value="4"> + </button>\\n'
"</form>\\n Barbar: 3.40 \\xe2\\x82\\xac</li>"
in str(response_altered.content)
)
response = self.generate_bank_valid_answer_from_page_content(response.content)
self.assertTrue(response.status_code == 400)
self.assertTrue(
"Payment failed with error: SuspiciousOperation('Basket total and amount do not match'"
in response.content.decode("utf-8")
)
def test_buy_refill_product_with_credit_card(self):
self.client.login(username="subscriber", password="plop")
response = self.client.post(
@ -181,6 +217,8 @@ class EbouticTest(TestCase):
)
response = self.generate_bank_valid_answer_from_page_content(response.content)
self.assertTrue(response.status_code == 200)
self.assertTrue(response.content.decode("utf-8") == "")
response = self.client.get(
reverse(
@ -227,6 +265,8 @@ class EbouticTest(TestCase):
)
response = self.generate_bank_valid_answer_from_page_content(response.content)
self.assertTrue(response.status_code == 200)
self.assertTrue(response.content.decode("utf-8") == "")
response = self.client.get(
reverse(

View File

@ -271,6 +271,10 @@ class EtransactionAutoAnswer(View):
)
if b is None:
raise SuspiciousOperation("Basket does not exists")
if int(b.get_total() * 100) != int(request.GET["Amount"]):
raise SuspiciousOperation(
"Basket total and amount do not match"
)
i = Invoice()
i.user = b.user
i.payment_method = "CARD"