5715.

Porting the withdraw-state checking logic,
and removig all the old Validictory data/functions.

1 files changed, 14 insertions, 2 deletions

diff --git a/talerbank/app/views.py b/talerbank/app/views.py
index a5001e3..550f658 100644
--- a/talerbank/app/views.py
+++ b/talerbank/app/views.py
@@ -44,7 +44,12 @@ from django.shortcuts import render, redirect
 from datetime import datetime
 from .models import BankAccount, BankTransaction
 from .amount import Amount
-from .schemas import validate_data, HistoryParams, HistoryRangeParams, URLParamValidationError, RejectData, AddIncomingData, JSONFieldException, PinTanParams
+from .schemas import \
+    (HistoryParams, HistoryRangeParams,
+     URLParamValidationError, RejectData,
+     AddIncomingData, JSONFieldException,
+     PinTanParams, InvalidSession,
+     WithdrawSessionData)
 
 LOGGER = logging.getLogger(__name__)
 
@@ -378,7 +383,14 @@ def pin_tan_verify(request):
         request.session["captcha_failed"] = True, False, "Wrong CAPTCHA answer."
         return redirect(request.POST.get("question_url", "profile"))
     # Check the session is a "pin tan" one
-    validate_data(request, request.session)
+
+    if not WithdrawSessionData(request.session):
+        # The session is not valid: either because the client simply
+        # requested the page without passing through the prior step,
+        # or because the bank broke it in the meanwhile.  Let's blame
+        # ourselves for now.
+        raise InvalidSession(503)
+
     amount = Amount(**request.session["amount"])
     exchange_bank_account = BankAccount.objects.get(
         account_no=request.session["exchange_account_number"])