validate first (why even ...)

author: Florian Dold <florian.dold@gmail.com> 2019-11-28 18:19:00 +0100
committer: Florian Dold <florian.dold@gmail.com> 2019-11-28 18:19:00 +0100
commit: cffd65752c513bdd7668848da500a085d584f8a7 (patch)
tree: cc41a2d2050aaf182c620667a91ede4632b75341 /talerbank/app
parent: 75b5cb607e3de6a4ea08656ef05d69e234550a17 (diff)
download: bank-cffd65752c513bdd7668848da500a085d584f8a7.tar.gz
bank-cffd65752c513bdd7668848da500a085d584f8a7.tar.bz2
bank-cffd65752c513bdd7668848da500a085d584f8a7.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/talerbank/app/views.py b/talerbank/app/views.py
index 40de3e6..60ee598 100644
--- a/talerbank/app/views.py
+++ b/talerbank/app/views.py
@@ -901,6 +901,8 @@ def add_incoming(request, user_account):
 def withdraw_headless_uri(request, user):
     data_json = json.loads(request.body.decode("utf-8"))
     data = WithdrawHeadlessUri(data_json)
+    if not data.is_valid():
+        raise JSONFieldException(data.errors, 400)
     user_account = BankAccount.objects.get(user=user)
     op = TalerWithdrawOperation(amount=data.amount, withdraw_account=user_account)
     op.save()
author	Florian Dold <florian.dold@gmail.com>	2019-11-28 18:19:00 +0100
committer	Florian Dold <florian.dold@gmail.com>	2019-11-28 18:19:00 +0100
commit	cffd65752c513bdd7668848da500a085d584f8a7 (patch)
tree	cc41a2d2050aaf182c620667a91ede4632b75341 /talerbank/app
parent	75b5cb607e3de6a4ea08656ef05d69e234550a17 (diff)
download	bank-cffd65752c513bdd7668848da500a085d584f8a7.tar.gz bank-cffd65752c513bdd7668848da500a085d584f8a7.tar.bz2 bank-cffd65752c513bdd7668848da500a085d584f8a7.zip