-
-
Notifications
You must be signed in to change notification settings - Fork 47
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(api): improve validation of donation input data
Previously, IBAN and BIC were normalized and stripped from whitespace only for creating the direct debit attachment file. If the user entered spaces like ' DE123455....', those were stored in the database. Along with the 6-character cutoff, this was not desirable. Space stripping is now done in the Donation serializer so that it applies to both what's stored and to what's put in the direct debit file. Also, e2e tests were adapted to verify the presence of the masked IBAN.
- Loading branch information
1 parent
63c5785
commit 79ecccf
Showing
4 changed files
with
61 additions
and
64 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,79 +1,75 @@ | ||
var chakram = require("./../setup.js").chakram; | ||
var expect = chakram.expect; | ||
|
||
describe("dyndns service", function () { | ||
|
||
// ('name', 'iban', 'bic', 'amount', 'message', 'email') | ||
var apiDonationSchema = { | ||
properties: { | ||
name: {type: "string"}, | ||
iban: {type: "string"}, | ||
bic: {type: "string"}, | ||
amount: {type: "string"}, | ||
message: {type: "string"}, | ||
email: {type: "string"}, | ||
// ('name', 'iban', 'bic', 'amount', 'message', 'email') | ||
var apiDonationSchema = { | ||
properties: { | ||
name: {type: "string"}, | ||
iban: {type: "string"}, | ||
bic: {type: "string"}, | ||
amount: {type: "string"}, | ||
message: {type: "string"}, | ||
email: {type: "string"}, | ||
}, | ||
required: ["name", "iban", "bic", "amount"] | ||
}; | ||
|
||
before(function () { | ||
chakram.setRequestSettings({ | ||
headers: { | ||
'Host': 'desec.' + process.env.DESECSTACK_DOMAIN, | ||
}, | ||
required: ["name", "iban", "bic", "amount"] | ||
}; | ||
|
||
before(function () { | ||
chakram.setRequestSettings({ | ||
headers: { | ||
'Host': 'desec.' + process.env.DESECSTACK_DOMAIN, | ||
}, | ||
followRedirect: false, | ||
baseUrl: 'https://www/api/v1', | ||
}); | ||
followRedirect: false, | ||
baseUrl: 'https://www/api/v1', | ||
}); | ||
}); | ||
|
||
describe("donating", function () { | ||
describe("donating", function () { | ||
|
||
describe("without message and IBAN containing spaces", function () { | ||
describe("without message and IBAN containing spaces", function () { | ||
|
||
var response; | ||
var iban = "DE89 3704 0044 0532 0130 00"; | ||
var response; | ||
var iban = "DE89 3704 0044 0532 0130 00"; | ||
|
||
before(function() { | ||
response = chakram.post('/donation/', { | ||
"name": "Drama Queen", | ||
"iban": iban, | ||
"bic": "MARKDEF1100", | ||
"amount": "3.14", | ||
"email": "drama@queen.world", | ||
}); | ||
before(function() { | ||
response = chakram.post('/donation/', { | ||
"name": "Drama Queen", | ||
"iban": iban, | ||
"bic": "MARKDEF1100", | ||
"amount": "3.14", | ||
"email": "drama@queen.world", | ||
}); | ||
}); | ||
|
||
it("goes through", function () { | ||
return expect(response).to.have.status(201); | ||
}); | ||
it("goes through", function () { | ||
return expect(response).to.have.status(201); | ||
}); | ||
|
||
it("follows donation schema", function () { | ||
return expect(response).to.have.schema(apiDonationSchema); | ||
}); | ||
it("follows donation schema", function () { | ||
return expect(response).to.have.schema(apiDonationSchema); | ||
}); | ||
|
||
it("does not return the full iban", function () { | ||
return response.then(function (donationResponse) { | ||
expect(donationResponse.body.iban).to.not.contain(iban); | ||
}); | ||
it("does not return the full iban", function () { | ||
return response.then(function (donationResponse) { | ||
expect(donationResponse.body.iban).to.equal("DE8937xxx"); | ||
}); | ||
|
||
}); | ||
|
||
it("does not require an email address", function () { | ||
var email, password, token; | ||
}); | ||
|
||
var response = chakram.post('/donation/', { | ||
"name": "Drama Queen", | ||
"iban": "DE89370400440532013000", | ||
"bic": "MARKDEF1100", | ||
"amount": "3.14", | ||
}); | ||
it("does not require an email address", function () { | ||
var email, password, token; | ||
|
||
return expect(response).to.have.status(201); | ||
var response = chakram.post('/donation/', { | ||
"name": "Drama Queen", | ||
"iban": "DE89370400440532013000", | ||
"bic": "MARKDEF1100", | ||
"amount": "3.14", | ||
}); | ||
|
||
// TODO it(sends emails) | ||
|
||
return expect(response).to.have.status(201); | ||
}); | ||
|
||
// TODO it(sends emails) | ||
|
||
}); |