error on differing emails and allow messages to be built on the client (bug 776041)

Andy McKay · Andy McKay · commit d1abc92a382b · 2012-07-23T13:38:44.000-07:00
diff --git a/lib/paypal/client.py b/lib/paypal/client.py
@@ -172,9 +172,12 @@ def _call(self, url, data, errs, auth_token=None):
         if 'error(0).errorId' in response:
             id_, msg = (response['error(0).errorId'],
                         response['error(0).message'])
-            log.error('Paypal Error (%s): %s' % (id_, msg))
-            raise errs.get(id_, PaypalError)(id=id_, paypal_data=data,
-                                             message=msg)
+            # We want some data to produce a nice error. However
+            # we do not want to pass everything back since this will go back in
+            # the REST response and that might leak data.
+            data = {'currency': data.get('currencyCode')}
+            log.error('Paypal Error (%s): %s, %s' % (id_, msg, data))
+            raise errs.get(id_, PaypalError)(id=id_, message=msg, data=data)
 
         return response
 
diff --git a/lib/paypal/errors.py b/lib/paypal/errors.py
@@ -3,10 +3,10 @@
 
 class PaypalError(Exception):
     # The generic Paypal error and message.
-    def __init__(self, message='', id=None, paypal_data=None):
+    def __init__(self, message='', id=None, data=None):
         super(PaypalError, self).__init__(message)
-        self.id = id
-        self.paypal_data = paypal_data
+        self.id = str(id)
+        self.data = data or {}
         self.default = ('There was an error communicating with PayPal. '
                         'Please try again later.')
 
@@ -36,12 +36,8 @@ class CurrencyError(PaypalError):
     # This currency was bad.
 
     def __str__(self):
-        if self.paypal_data and 'currencyCode' in self.paypal_data:
-            try:
-                return PAYPAL_CURRENCIES[self.paypal_data['currencyCode']]
-            except:
-                pass
-        return 'Unknown currency'
+        return PAYPAL_CURRENCIES.get(self.data.get('currency', ''),
+                                     'Unknown currency')
 
 
 errors = {'default': {'520003': AuthError}}
diff --git a/lib/paypal/resources/personal.py b/lib/paypal/resources/personal.py
@@ -1,6 +1,7 @@
 from cached import Resource
 
 from lib.paypal.client import Client
+from lib.paypal.errors import PaypalError
 from lib.paypal.forms import GetPersonal
 
 
@@ -13,8 +14,14 @@ def obj_create(self, bundle, request, **kwargs):
 
         paypal = Client()
         result = getattr(paypal, self._meta.method)(*form.args())
+        if 'email' in result:
+            if form.cleaned_data['seller'].paypal_id != result['email']:
+                raise PaypalError('The user data did not match',
+                                  data={'email': result['email']}, id=100001)
+
         for k, v in result.items():
             setattr(form.cleaned_data['seller'], k, v)
+
         form.cleaned_data['seller'].save()
         bundle.data = result
         bundle.obj = form.cleaned_data['seller']
diff --git a/lib/paypal/tests/test_personal.py b/lib/paypal/tests/test_personal.py
@@ -3,6 +3,7 @@
 from mock import patch
 from nose.tools import eq_
 
+from lib.paypal.errors import PaypalError
 from lib.paypal.header import escape
 from lib.sellers.models import Seller, SellerPaypal
 from solitude.base import APITest
@@ -27,6 +28,15 @@ def test_basic_data(self, result):
         obj = SellerPaypal.objects.get(pk=self.paypal.pk)
         eq_(obj.first_name, '..')
 
+    @patch('lib.paypal.resources.pay.Client.get_personal_basic')
+    def test_email_differs(self, result):
+        result.return_value = {'email': 'foo@bar.com'}
+        res = self.client.post(self.get_list_url('personal-basic'),
+                               data={'seller': self.uid})
+        err = json.loads(res.content)
+        eq_(err['error_code'], '100001')
+        eq_(err['error_data'], {'email': 'foo@bar.com'})
+
     @patch('lib.paypal.resources.pay.Client.get_personal_advanced')
     def test_advanced_data(self, result):
         result.return_value = {'phone': '..'}
diff --git a/solitude/base.py b/solitude/base.py
@@ -133,7 +133,8 @@ def _handle_500(self, request, exception):
                         extra={'status_code': 500, 'request': request})
         data = {
             'error_message': str(exception),
-            'error_code': getattr(exception, 'id', '')
+            'error_code': getattr(exception, 'id', ''),
+            'error_data': getattr(exception, 'data', {})
         }
         serialized = self.serialize(request, data, 'application/json')
         return http.HttpApplicationError(content=serialized,
diff --git a/solitude/tests/test.py b/solitude/tests/test.py
@@ -30,5 +30,5 @@ def test_paypal_error(self):
             res = self.resource._handle_500(self.request, error)
 
         data = json.loads(res.content)
-        eq_(data['error_code'], 520003)
+        eq_(data['error_code'], '520003')
         eq_(data['error_message'], 'wat?')
