Check for too high values (#989)

* check for too high values see python-babel/babel#821 fix #957 * black & isort * add API test
spiral-project · Feb 2, 2022 · e355894 · e355894
1 parent 1bea93f
commit e355894
Show file tree

Hide file tree

Showing 3 changed files with 51 additions and 0 deletions.
diff --git a/ihatemoney/forms.py b/ihatemoney/forms.py
@@ -1,4 +1,5 @@
 from datetime import datetime
+import decimal
 from re import match
 from types import SimpleNamespace
 
@@ -26,6 +27,7 @@
     from wtforms.fields.html5 import URLField
 except ModuleNotFoundError:
     from wtforms.fields import URLField
+
 from wtforms.validators import (
     URL,
     DataRequired,
@@ -384,6 +386,9 @@ def set_default(self):
     def validate_amount(self, field):
         if field.data == "0":
             raise ValidationError(_("Bills can't be null"))
+        elif decimal.Decimal(field.data) > decimal.MAX_EMAX:
+            # See https://github.com/python-babel/babel/issues/821
+            raise ValidationError(f"Result is too high: {field.data}")
 
 
 class MemberForm(FlaskForm):

diff --git a/ihatemoney/tests/api_test.py b/ihatemoney/tests/api_test.py
@@ -937,6 +937,26 @@ def test_project_creation_with_mixed_case(self):
         )
         self.assertStatus(200, resp)
 
+    def test_amount_too_high(self):
+        self.api_create("raclette")
+        # add participants
+        self.api_add_member("raclette", "zorglub")
+
+        # add a bill with too high amount
+        # See https://github.com/python-babel/babel/issues/821
+        req = self.client.post(
+            "/api/projects/raclette/bills",
+            data={
+                "date": "2011-08-10",
+                "what": "fromage",
+                "payer": "1",
+                "payed_for": ["1"],
+                "amount": "9347242149381274732472348728748723473278472843.12",
+            },
+            headers=self.get_auth("raclette"),
+        )
+        self.assertStatus(400, req)
+
 
 if __name__ == "__main__":
     unittest.main()
diff --git a/ihatemoney/tests/budget_test.py b/ihatemoney/tests/budget_test.py
@@ -1578,6 +1578,32 @@ def test_decimals_on_weighted_members_list(self):
             'fred<span class="light">(x1.15)</span>', resp.data.decode("utf-8")
         )
 
+    def test_amount_too_high(self):
+        self.post_project("raclette")
+
+        # add participants
+        self.client.post("/raclette/members/add", data={"name": "zorglub"})
+
+        # High amount should be rejected.
+        # See https://github.com/python-babel/babel/issues/821
+        resp = self.client.post(
+            "/raclette/add",
+            data={
+                "date": "2016-12-31",
+                "what": "fromage à raclette",
+                "payer": 1,
+                "payed_for": [1],
+                "amount": "9347242149381274732472348728748723473278472843.12",
+                "original_currency": "EUR",
+            },
+        )
+        assert '<p class="alert alert-danger">' in resp.data.decode("utf-8")
+
+        # Without any check, the following request will fail.
+        resp = self.client.get("/raclette/")
+        # No bills, the previous one was not added
+        assert "No bills" in resp.data.decode("utf-8")
+
 
 if __name__ == "__main__":
     unittest.main()