fix error related to mutating data while validating the challenge
This commit is contained in:
parent
62bb8d9e62
commit
5cba97f144
|
@ -32,13 +32,14 @@ class ChallengeMixin(forms.Form):
|
|||
self.initial["challenge"] = new_challenge
|
||||
|
||||
def clean_challenge(self):
|
||||
challenge_uri = urlparse(self.cleaned_data.get("challenge"))
|
||||
challenge = self.cleaned_data.get("challenge")
|
||||
challenge_uri = urlparse(challenge)
|
||||
query = parse_qs(challenge_uri.query)
|
||||
if not query.get("x"):
|
||||
raise forms.ValidationError(_("Invalid or outdated challenge"))
|
||||
|
||||
challenge = query["x"][0]
|
||||
if not challenge or not Challenge.objects.is_active(challenge):
|
||||
token = query["x"][0]
|
||||
if not token or not Challenge.objects.is_active(token):
|
||||
raise forms.ValidationError(_("Invalid or outdated challenge"))
|
||||
|
||||
return challenge
|
||||
|
@ -51,7 +52,7 @@ class SimpleLoginForm(ChallengeMixin, forms.Form):
|
|||
signature = forms.CharField()
|
||||
|
||||
error_messages = {
|
||||
"invalid_login": _("Please enter a correct Monero address or signature."),
|
||||
"invalid_login": _("Please enter a correct address or signature."),
|
||||
"inactive": _("This account is inactive."),
|
||||
}
|
||||
|
||||
|
|
|
@ -33,7 +33,6 @@ def verify_bitcoin_signature(
|
|||
warnings.warn(_("Please configure the bitcoin network in the settings file"))
|
||||
is_testnet = True if network == "testnet" else False
|
||||
callback_uri = request.build_absolute_uri()
|
||||
|
||||
return bitid.challenge_valid(
|
||||
address, signature, challenge, callback_uri, is_testnet
|
||||
)
|
||||
|
|
|
@ -121,7 +121,7 @@ LOGOUT_REDIRECT_URL = "/"
|
|||
|
||||
AUTHENTICATION_BACKENDS = [
|
||||
"django_cryptolock.backends.BitcoinAddressBackend",
|
||||
"django_cryptolock.backends.MoneroAddressBackend",
|
||||
# "django_cryptolock.backends.MoneroAddressBackend",
|
||||
]
|
||||
DJCL_BITCOIN_NETWORK = "mainnet"
|
||||
DJCL_MONERO_NETWORK = "mainnet"
|
||||
|
|
|
@ -200,9 +200,37 @@ def test_simplesignupform_invalid_addr():
|
|||
assert "Invalid address" in form.errors["address"]
|
||||
|
||||
|
||||
# def test_simplesignupform_invalid_challenge():
|
||||
# pass
|
||||
def test_simplesignupform_invalid_challenge(settings):
|
||||
set_bitcoin_settings(settings)
|
||||
mommy.make(Challenge, challenge="12345678", expires=FUTURE_TIME)
|
||||
|
||||
request = MagicMock()
|
||||
request.build_absolute_uri.return_value = "http://something/"
|
||||
form = SimpleSignUpForm(
|
||||
request=request,
|
||||
data={
|
||||
"username": "foo",
|
||||
"address": VALID_BITCOIN_ADDRESS,
|
||||
"challenge": gen_challenge(request, "1234567"),
|
||||
"signature": "some valid signature",
|
||||
},
|
||||
)
|
||||
assert not form.is_valid()
|
||||
|
||||
|
||||
# def test_simple_signupform_expired_challenge():
|
||||
# pass
|
||||
def test_simplesignupform_expired_challenge(settings):
|
||||
set_bitcoin_settings(settings)
|
||||
mommy.make(Challenge, challenge="12345678", expires=timezone.now())
|
||||
|
||||
request = MagicMock()
|
||||
request.build_absolute_uri.return_value = "http://something/"
|
||||
form = SimpleSignUpForm(
|
||||
request=request,
|
||||
data={
|
||||
"username": "foo",
|
||||
"address": VALID_BITCOIN_ADDRESS,
|
||||
"challenge": gen_challenge(request, "12345678"),
|
||||
"signature": "some valid signature",
|
||||
},
|
||||
)
|
||||
assert not form.is_valid()
|
||||
|
|
Loading…
Reference in New Issue