[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-bank] branch master updated: check limit before withdrawing
From: |
gnunet |
Subject: |
[taler-bank] branch master updated: check limit before withdrawing |
Date: |
Thu, 19 Dec 2019 11:43:38 +0100 |
This is an automated email from the git hooks/post-receive script.
dold pushed a commit to branch master
in repository bank.
The following commit(s) were added to refs/heads/master by this push:
new 0a2cc0a check limit before withdrawing
0a2cc0a is described below
commit 0a2cc0a9b519ba5a4ee2ff0b73137c7e7846180b
Author: Florian Dold <address@hidden>
AuthorDate: Thu Dec 19 11:43:35 2019 +0100
check limit before withdrawing
---
talerbank/app/views.py | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/talerbank/app/views.py b/talerbank/app/views.py
index a8aaa4f..4f36ba6 100644
--- a/talerbank/app/views.py
+++ b/talerbank/app/views.py
@@ -923,6 +923,13 @@ def withdraw_headless_uri(request, user):
data = WithdrawHeadlessUri(json.loads(decode_body(request)))
amount = Amount.parse(data.get("amount"))
user_account = BankAccount.objects.get(user=user)
+ debt_threshold = Amount.parse(settings.TALER_MAX_DEBT)
+ if not check_transfer_allowed(
+ user_account.amount, user_account.debit, debt_threshold, amount
+ ):
+ raise DebitLimitException(
+ f"Aborting payment initiated by '{user_account.user.username}',
debit limit crossed."
+ )
op = TalerWithdrawOperation(amount=amount, withdraw_account=user_account)
op.save()
host = request.get_host()
@@ -1027,6 +1034,14 @@ def api_withdraw_operation(request, withdraw_id):
return JsonResponse(dict(error="only GET and POST are allowed"),
status=305)
+def check_transfer_allowed(balance, balance_is_debit, debt_limit,
transfer_amount):
+ if amount_is_debit:
+ total_debt = Amount(**transfer_amount).add(balance)
+ return Amount.cmp(total_debt, debt_limit) <= 0
+ max_transfer = Amount(**balance).add(debt_limit)
+ return Amount.cmp(transfer_amount, max_transfer) <= 0
+
+
##
# Serve a Taler withdrawal request; takes the amount chosen
# by the user, and builds a response to trigger the wallet into
@@ -1039,6 +1054,13 @@ def api_withdraw_operation(request, withdraw_id):
def start_withdrawal(request):
user_account = BankAccount.objects.get(user=request.user)
amount = Amount.parse(request.POST.get("kudos_amount", "not-given"))
+ debt_threshold = Amount.parse(settings.TALER_MAX_DEBT)
+ if not check_transfer_allowed(
+ user_account.amount, user_account.debit, debt_threshold, amount
+ ):
+ raise DebitLimitException(
+ f"Aborting payment initiated by '{user_account.user.username}',
debit limit crossed."
+ )
op = TalerWithdrawOperation(amount=amount, withdraw_account=user_account)
op.save()
return redirect("withdraw-show", withdraw_id=op.withdraw_id)
--
To stop receiving notification emails like this one, please contact
address@hidden.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-bank] branch master updated: check limit before withdrawing,
gnunet <=