gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [taler-bank] branch master updated (c511745 -> 4e687bb)

From: gnunet
Subject: [GNUnet-SVN] [taler-bank] branch master updated (c511745 -> 4e687bb)
Date: Sun, 07 May 2017 13:08:41 +0200 
This is an automated email from the git hooks/post-receive script.

marcello pushed a change to branch master
in repository bank.

    from c511745  additional fixes as of the 'start' /history's argument. new 
crashes when trying to build the history response returning one element having 
row id in the middle of the id samples.
     new c20b274  fix ascending order in query set
     new 6225b37  testing empty responses from /history
     new 139edb5  querying non existent / non owned accounts
     new 4e687bb  simplifying errors handling when authenticating

The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 talerbank/app/tests.py | 35 ++++++++++++++++++++++++++++++-----
 talerbank/app/views.py | 30 +++++++++++++++++++++---------
 2 files changed, 51 insertions(+), 14 deletions(-)

diff --git a/talerbank/app/tests.py b/talerbank/app/tests.py
index a73e2db..7d3c057 100644
--- a/talerbank/app/tests.py
+++ b/talerbank/app/tests.py
@@ -99,6 +99,7 @@ class HistoryTestCase(TestCase):
         ub.save() 
         user_passive = User.objects.create_user(username='UserP', 
password="PasswordP")
         ub_p = BankAccount(user=user_passive, currency=settings.TALER_CURRENCY)
+        ub_p.account_no = 2
         ub_p.save() 
         wire_transfer(dict(value=1, fraction=0, 
currency=settings.TALER_CURRENCY), ub, ub_p, subject="a")
         wire_transfer(dict(value=1, fraction=0, 
currency=settings.TALER_CURRENCY), ub, ub_p, subject="b")
@@ -117,22 +118,46 @@ class HistoryTestCase(TestCase):
         response = c.get(reverse("history", urlconf=urls), {"auth": "basic", 
"delta": "+4"},
                          **{"HTTP_X_TALER_BANK_USERNAME": "User", 
"HTTP_X_TALER_BANK_PASSWORD": "Password"})
         self.assertEqual(200, response.status_code)
+
+        # Get a delta=+1 record in the middle of the list: FAILS
+        response = c.get(reverse("history", urlconf=urls), {"auth": "basic", 
"delta": "+1", "start": "5"},
+                         **{"HTTP_X_TALER_BANK_USERNAME": "User", 
"HTTP_X_TALER_BANK_PASSWORD": "Password"})
+        data = response.content.decode("utf-8")
+        data = json.loads(data)
+        self.assertEqual(data["data"][0]["row_id"], 6)
+
         # Get latest record
         response = c.get(reverse("history", urlconf=urls), {"auth": "basic", 
"delta": "-1"},
                          **{"HTTP_X_TALER_BANK_USERNAME": "User", 
"HTTP_X_TALER_BANK_PASSWORD": "Password"})
         data = response.content.decode("utf-8")
         data = json.loads(data)
         self.assertEqual(data["data"][0]["subject"], "h")
-        logger.info("latest row_id: %s" % data["data"][0]["row_id"])
+
         # Get non-existent record: the latest plus one in the future
         response = c.get(reverse("history", urlconf=urls), {"auth": "basic", 
"delta": "+1", "start": "10"},
                          **{"HTTP_X_TALER_BANK_USERNAME": "User", 
"HTTP_X_TALER_BANK_PASSWORD": "Password"})
-        data = response.content.decode("utf-8")
-        self.assertJSONEqual(data, {"data": []})
+        self.assertEqual(204, response.status_code)
 
-        # Get a delta=+1 record in the middle of the list
-        response = c.get(reverse("history", urlconf=urls), {"auth": "basic", 
"delta": "+1", "start": "5"},
+        # Get credit records
+        response = c.get(reverse("history", urlconf=urls), {"auth": "basic", 
"delta": "+1", "direction": "credit"},
+                         **{"HTTP_X_TALER_BANK_USERNAME": "User", 
"HTTP_X_TALER_BANK_PASSWORD": "Password"})
+        self.assertEqual(204, response.status_code)
+
+        # Get debit records
+        response = c.get(reverse("history", urlconf=urls), {"auth": "basic", 
"delta": "+1", "direction": "debit"},
+                         **{"HTTP_X_TALER_BANK_USERNAME": "User", 
"HTTP_X_TALER_BANK_PASSWORD": "Password"})
+        self.assertNotEqual(204, response.status_code)
+
+        # Query about non-owned account
+        response = c.get(reverse("history", urlconf=urls), {"auth": "basic", 
"delta": "+1", "account_number": 2},
+                         **{"HTTP_X_TALER_BANK_USERNAME": "User", 
"HTTP_X_TALER_BANK_PASSWORD": "Password"})
+        self.assertEqual(403, response.status_code)
+
+        # Query about non-existent account
+        response = c.get(reverse("history", urlconf=urls), {"auth": "basic", 
"delta": "-1", "account_number": 9},
                          **{"HTTP_X_TALER_BANK_USERNAME": "User", 
"HTTP_X_TALER_BANK_PASSWORD": "Password"})
+        self.assertEqual(404, response.status_code)
+
 
 # This tests whether a bank account goes red and then
 # goes green again
diff --git a/talerbank/app/views.py b/talerbank/app/views.py
index e0bb3c0..68c1946 100644
--- a/talerbank/app/views.py
+++ b/talerbank/app/views.py
@@ -331,7 +331,7 @@ def history(request):
     # login caller
     user_account = auth_and_login(request)
     if not user_account:
-        return JsonResponse(dict(error="authentication failed"),
+        return JsonResponse(dict(error="authentication failed: bad credentials 
OR auth method"),
                             status=401)
     # delta
     delta = request.GET.get("delta")
@@ -357,14 +357,28 @@ def history(request):
         sign_filter = Q(id__lt=start)
     elif "+" == sign and start:
         sign_filter = Q(id__gt=start)
+        sign = ""
 
     # direction (debit/credit)
     direction = request.GET.get("direction")
 
     # target account
-    target_account = account_number = request.GET.get("account_number")
+    target_account = request.GET.get("account_number")
     if not target_account:
         target_account = user_account.bankaccount
+    else:
+        try:
+            target_account = BankAccount.objects.get(account_no=target_account)
+        except BankAccount.DoesNotExist:
+            return JsonResponse(dict(error="Queried account does not exist"), 
status=404)
+
+    # Temporarily only allowing querying for the user's owned unique
+    # account.  Future releases will give the way for user A to query
+    # about multiple accounts of his own, or others accounts from other
+    # users.
+
+    if target_account != user_account.bankaccount:
+        return JsonResponse(dict(error="Querying unowned accounts not 
allowed"), status=403)
 
     query_string = Q(debit_account=target_account) | 
Q(credit_account=target_account)
     history = []
@@ -374,11 +388,9 @@ def history(request):
     if "debit" == direction:
         query_string = Q(debit_account=target_account)
 
-    # FIXME *DO* return 204 No content when history is empty.
-
-    qs = BankTransaction.objects.filter(query_string, sign_filter)
-    if 0 < qs.count():
-        qs = qs.order_by("%sid" % sign)[:delta]
+    qs = BankTransaction.objects.filter(query_string, 
sign_filter).order_by("%sid" % sign)[:delta]
+    if 0 == qs.count():
+        return HttpResponse(status=204)
     for entry in qs:
         counterpart = entry.credit_account.user.username
         sign_ = "-"
@@ -407,8 +419,8 @@ def auth_and_login(request):
         auth_type = request.GET.get("auth")
 
     if "basic" != auth_type:
-        return JsonResponse(dict(error="auth method not supported"),
-                            status=405)        
+        logger.error("auth method not supported")
+        return False
 
     username = request.META.get("HTTP_X_TALER_BANK_USERNAME")
     password = request.META.get("HTTP_X_TALER_BANK_PASSWORD")

-- 
To stop receiving notification emails like this one, please contact
address@hidden
reply via email to
[Prev in Thread] Current Thread [Next in Thread]