almet/ihatemoney
1
0
Fork 0
mirror of https://github.com/spiral-project/ihatemoney.git synced 2025-05-05 20:51:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

project_id can be None in verify_token, don't make a DB request

Browse source 
Add a test for valid token with invalid project_id query parameter
This commit is contained in:
Glandos 2021-07-18 00:04:16 +02:00
parent bbcc233cda
commit 4f0a616f1b
2 changed files with 10 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
ihatemoney/models.py
View file

@ -378,7 +378,7 @@ class Project(db.Model):
)
loads_kwargs["max_age"] = max_age
else:
project = Project.query.get(project_id)
project = Project.query.get(project_id) if project_id is not None else None
password = project.password if project is not None else ""
serializer = URLSafeSerializer(
current_app.config["SECRET_KEY"] + password, salt=token_type

9
ihatemoney/tests/budget_test.py
View file

@ -4,6 +4,8 @@ import json
import re
from time import sleep
import unittest
from unittest.mock import MagicMock
from urllib.parse import urlparse, urlencode, parse_qs, urlunparse
from flask import session
from markupsafe import Markup
@ -88,6 +90,13 @@ class BudgetTestCase(IhatemoneyTestCase):
)
# Test empty and invalid tokens
self.client.get("/exit")
# Use another project_id
parsed_url = urlparse(url)
query = parse_qs(parsed_url.query)
query['project_id'] = 'invalid'
resp = self.client.get(urlunparse(parsed_url._replace(query=urlencode(query, doseq=True))))
assert "You either provided a bad token" in resp.data.decode("utf-8")
resp = self.client.get("/authenticate")
self.assertIn("You either provided a bad token", resp.data.decode("utf-8"))
resp = self.client.get("/authenticate?token=token")