diff options
author | Florian Dold <florian.dold@gmail.com> | 2019-11-28 18:19:00 +0100 |
---|---|---|
committer | Florian Dold <florian.dold@gmail.com> | 2019-11-28 18:19:00 +0100 |
commit | cffd65752c513bdd7668848da500a085d584f8a7 (patch) | |
tree | cc41a2d2050aaf182c620667a91ede4632b75341 /talerbank/app | |
parent | 75b5cb607e3de6a4ea08656ef05d69e234550a17 (diff) | |
download | bank-cffd65752c513bdd7668848da500a085d584f8a7.tar.gz bank-cffd65752c513bdd7668848da500a085d584f8a7.tar.bz2 bank-cffd65752c513bdd7668848da500a085d584f8a7.zip |
validate first (why even ...)
Diffstat (limited to 'talerbank/app')
-rw-r--r-- | talerbank/app/views.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/talerbank/app/views.py b/talerbank/app/views.py index 40de3e6..60ee598 100644 --- a/talerbank/app/views.py +++ b/talerbank/app/views.py @@ -901,6 +901,8 @@ def add_incoming(request, user_account): def withdraw_headless_uri(request, user): data_json = json.loads(request.body.decode("utf-8")) data = WithdrawHeadlessUri(data_json) + if not data.is_valid(): + raise JSONFieldException(data.errors, 400) user_account = BankAccount.objects.get(user=user) op = TalerWithdrawOperation(amount=data.amount, withdraw_account=user_account) op.save() |