bic validation

author: Florian Dold <florian@dold.me> 2021-08-07 21:40:49 +0200
committer: Florian Dold <florian@dold.me> 2021-08-07 21:40:59 +0200
commit: a48071fa8bb1de5bfb6b07102f170cc5053212da (patch)
tree: 3c3dbb53ebb00506785345584dccf76640d8c67d /nexus
parent: 575613d4d9f4c63a07ed22f245944f5b34214a8b (diff)
download: libeufin-a48071fa8bb1de5bfb6b07102f170cc5053212da.tar.gz
libeufin-a48071fa8bb1de5bfb6b07102f170cc5053212da.tar.bz2
libeufin-a48071fa8bb1de5bfb6b07102f170cc5053212da.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/server/NexusServer.kt b/nexus/src/main/kotlin/tech/libeufin/nexus/server/NexusServer.kt
index 4742d99b..9737090c 100644
--- a/nexus/src/main/kotlin/tech/libeufin/nexus/server/NexusServer.kt
+++ b/nexus/src/main/kotlin/tech/libeufin/nexus/server/NexusServer.kt
@@ -646,6 +646,9 @@ fun serverMain(host: String, port: Int) {
                 requireSuperuser(call.request)
                 val body = call.receive<CreatePaymentInitiationRequest>()
                 val accountId = ensureNonNull(call.parameters["accountid"])
+                if (!validateBic(body.bic)) {
+                    throw NexusError(HttpStatusCode.BadRequest, "invalid BIC (${body.bic})")
+                }
                 val res = transaction {
                     authenticateRequest(call.request)
                     val bankAccount = NexusBankAccountEntity.findByName(accountId)
author	Florian Dold <florian@dold.me>	2021-08-07 21:40:49 +0200
committer	Florian Dold <florian@dold.me>	2021-08-07 21:40:59 +0200
commit	a48071fa8bb1de5bfb6b07102f170cc5053212da (patch)
tree	3c3dbb53ebb00506785345584dccf76640d8c67d /nexus
parent	575613d4d9f4c63a07ed22f245944f5b34214a8b (diff)
download	libeufin-a48071fa8bb1de5bfb6b07102f170cc5053212da.tar.gz libeufin-a48071fa8bb1de5bfb6b07102f170cc5053212da.tar.bz2 libeufin-a48071fa8bb1de5bfb6b07102f170cc5053212da.zip