almet/ihatemoney
1
0
Fork 0
mirror of https://github.com/spiral-project/ihatemoney.git synced 2025-04-29 01:42:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Check for too high values (#989)

Browse source 
* check for too high values

see https://github.com/python-babel/babel/issues/821

fix #957

* black & isort

* add API test
This commit is contained in:
Glandos 2022-02-02 10:09:49 +01:00 committed by GitHub
parent 1bea93f8a5
commit e355894cee
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 51 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
ihatemoney/forms.py
View file

@ -1,4 +1,5 @@
from datetime import datetime from datetime import datetime
import decimal
from re import match from re import match
from types import SimpleNamespace from types import SimpleNamespace
@ -26,6 +27,7 @@ try:
from wtforms.fields.html5 import URLField from wtforms.fields.html5 import URLField
except ModuleNotFoundError: except ModuleNotFoundError:
from wtforms.fields import URLField from wtforms.fields import URLField
from wtforms.validators import ( from wtforms.validators import (
URL, URL,
DataRequired, DataRequired,
@ -384,6 +386,9 @@ class BillForm(FlaskForm):
def validate_amount(self, field): def validate_amount(self, field):
if field.data == "0": if field.data == "0":
raise ValidationError(_("Bills can't be null")) raise ValidationError(_("Bills can't be null"))
elif decimal.Decimal(field.data) > decimal.MAX_EMAX:
# See https://github.com/python-babel/babel/issues/821
raise ValidationError(f"Result is too high: {field.data}")
class MemberForm(FlaskForm): class MemberForm(FlaskForm):

20
ihatemoney/tests/api_test.py
View file

@ -937,6 +937,26 @@ class APITestCase(IhatemoneyTestCase):
) )
self.assertStatus(200, resp) self.assertStatus(200, resp)
def test_amount_too_high(self):
self.api_create("raclette")
# add participants
self.api_add_member("raclette", "zorglub")
# add a bill with too high amount
# See https://github.com/python-babel/babel/issues/821
req = self.client.post(
"/api/projects/raclette/bills",
data={
"date": "2011-08-10",
"what": "fromage",
"payer": "1",
"payed_for": ["1"],
"amount": "9347242149381274732472348728748723473278472843.12",
},
headers=self.get_auth("raclette"),
)
self.assertStatus(400, req)
if __name__ == "__main__": if __name__ == "__main__":
unittest.main() unittest.main()

26
ihatemoney/tests/budget_test.py
View file

@ -1578,6 +1578,32 @@ class BudgetTestCase(IhatemoneyTestCase):
'fred<span class="light">(x1.15)</span>', resp.data.decode("utf-8") 'fred<span class="light">(x1.15)</span>', resp.data.decode("utf-8")
) )
def test_amount_too_high(self):
self.post_project("raclette")
# add participants
self.client.post("/raclette/members/add", data={"name": "zorglub"})
# High amount should be rejected.
# See https://github.com/python-babel/babel/issues/821
resp = self.client.post(
"/raclette/add",
data={
"date": "2016-12-31",
"what": "fromage à raclette",
"payer": 1,
"payed_for": [1],
"amount": "9347242149381274732472348728748723473278472843.12",
"original_currency": "EUR",
},
)
assert '<p class="alert alert-danger">' in resp.data.decode("utf-8")
# Without any check, the following request will fail.
resp = self.client.get("/raclette/")
# No bills, the previous one was not added
assert "No bills" in resp.data.decode("utf-8")
if __name__ == "__main__": if __name__ == "__main__":
unittest.main() unittest.main()