Check for too high values (#989)

* check for too high values see https://github.com/python-babel/babel/issues/821 fix #957 * black & isort * add API test
2025-04-28 17:32:38 +02:00 · 2022-02-02 10:09:49 +01:00 · 2022-02-02 10:09:49 +01:00 · e355894cee
commit e355894cee
parent 1bea93f8a5
3 changed files with 51 additions and 0 deletions
--- a/ihatemoney/forms.py
+++ b/ihatemoney/forms.py
@ -1,4 +1,5 @@
 from datetime import datetime
+import decimal
 from re import match
 from types import SimpleNamespace

@ -26,6 +27,7 @@ try:
    from wtforms.fields.html5 import URLField
 except ModuleNotFoundError:
    from wtforms.fields import URLField
+
 from wtforms.validators import (
    URL,
    DataRequired,
@ -384,6 +386,9 @@ class BillForm(FlaskForm):
    def validate_amount(self, field):
        if field.data == "0":
            raise ValidationError(_("Bills can't be null"))
+        elif decimal.Decimal(field.data) > decimal.MAX_EMAX:
+            # See https://github.com/python-babel/babel/issues/821
+            raise ValidationError(f"Result is too high: {field.data}")


 class MemberForm(FlaskForm):
--- a/ihatemoney/tests/api_test.py
+++ b/ihatemoney/tests/api_test.py
@ -937,6 +937,26 @@ class APITestCase(IhatemoneyTestCase):
        )
        self.assertStatus(200, resp)

+    def test_amount_too_high(self):
+        self.api_create("raclette")
+        # add participants
+        self.api_add_member("raclette", "zorglub")
+
+        # add a bill with too high amount
+        # See https://github.com/python-babel/babel/issues/821
+        req = self.client.post(
+            "/api/projects/raclette/bills",
+            data={
+                "date": "2011-08-10",
+                "what": "fromage",
+                "payer": "1",
+                "payed_for": ["1"],
+                "amount": "9347242149381274732472348728748723473278472843.12",
+            },
+            headers=self.get_auth("raclette"),
+        )
+        self.assertStatus(400, req)
+

 if __name__ == "__main__":
    unittest.main()
--- a/ihatemoney/tests/budget_test.py
+++ b/ihatemoney/tests/budget_test.py
@ -1578,6 +1578,32 @@ class BudgetTestCase(IhatemoneyTestCase):
            'fred<span class="light">(x1.15)</span>', resp.data.decode("utf-8")
        )

+    def test_amount_too_high(self):
+        self.post_project("raclette")
+
+        # add participants
+        self.client.post("/raclette/members/add", data={"name": "zorglub"})
+
+        # High amount should be rejected.
+        # See https://github.com/python-babel/babel/issues/821
+        resp = self.client.post(
+            "/raclette/add",
+            data={
+                "date": "2016-12-31",
+                "what": "fromage à raclette",
+                "payer": 1,
+                "payed_for": [1],
+                "amount": "9347242149381274732472348728748723473278472843.12",
+                "original_currency": "EUR",
+            },
+        )
+        assert '<p class="alert alert-danger">' in resp.data.decode("utf-8")
+
+        # Without any check, the following request will fail.
+        resp = self.client.get("/raclette/")
+        # No bills, the previous one was not added
+        assert "No bills" in resp.data.decode("utf-8")
+

 if __name__ == "__main__":
    unittest.main()