diff options
author | Marcello Stanisci <stanisci.m@gmail.com> | 2019-05-31 20:11:56 +0200 |
---|---|---|
committer | Marcello Stanisci <stanisci.m@gmail.com> | 2019-05-31 20:11:56 +0200 |
commit | c43180054aa9440916cf417cd9b123beaedfd078 (patch) | |
tree | 5b46f23f9b9e9125c6504a4667a3686666d5297c /talerbank/app/views.py | |
parent | 47d6ec42a49e9a87681d386c4a1dfac5733d7f90 (diff) | |
download | bank-c43180054aa9440916cf417cd9b123beaedfd078.tar.gz bank-c43180054aa9440916cf417cd9b123beaedfd078.tar.bz2 bank-c43180054aa9440916cf417cd9b123beaedfd078.zip |
5715.
Porting the withdraw-state checking logic,
and removig all the old Validictory data/functions.
Diffstat (limited to 'talerbank/app/views.py')
-rw-r--r-- | talerbank/app/views.py | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/talerbank/app/views.py b/talerbank/app/views.py index a5001e3..550f658 100644 --- a/talerbank/app/views.py +++ b/talerbank/app/views.py @@ -44,7 +44,12 @@ from django.shortcuts import render, redirect from datetime import datetime from .models import BankAccount, BankTransaction from .amount import Amount -from .schemas import validate_data, HistoryParams, HistoryRangeParams, URLParamValidationError, RejectData, AddIncomingData, JSONFieldException, PinTanParams +from .schemas import \ + (HistoryParams, HistoryRangeParams, + URLParamValidationError, RejectData, + AddIncomingData, JSONFieldException, + PinTanParams, InvalidSession, + WithdrawSessionData) LOGGER = logging.getLogger(__name__) @@ -378,7 +383,14 @@ def pin_tan_verify(request): request.session["captcha_failed"] = True, False, "Wrong CAPTCHA answer." return redirect(request.POST.get("question_url", "profile")) # Check the session is a "pin tan" one - validate_data(request, request.session) + + if not WithdrawSessionData(request.session): + # The session is not valid: either because the client simply + # requested the page without passing through the prior step, + # or because the bank broke it in the meanwhile. Let's blame + # ourselves for now. + raise InvalidSession(503) + amount = Amount(**request.session["amount"]) exchange_bank_account = BankAccount.objects.get( account_no=request.session["exchange_account_number"]) |