commit 8d4919c1043f980698cc1b2b43446594f74ddfd8
parent c7ddd3e6ee289f2f26e9ab42f780af56e80b3a10
Author: MS <ms@taler.net>
Date: Thu, 16 Jun 2022 12:03:17 +0200
input amounts
only validate amounts as strings, without parsing
them into a number type.
Diffstat:
2 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/sandbox/src/main/kotlin/tech/libeufin/sandbox/EbicsProtocolBackend.kt b/sandbox/src/main/kotlin/tech/libeufin/sandbox/EbicsProtocolBackend.kt
@@ -58,7 +58,7 @@ data class PainParseResult(
val debtorName: String,
val debtorBic: String?,
val subject: String,
- val amount: Amount,
+ val amount: String,
val currency: String,
val pmtInfId: String,
val msgId: String
@@ -663,9 +663,14 @@ private fun parsePain001(paymentRequest: String): PainParseResult {
}
}
+ if (!validatePlainAmount(txDetails.amt.textContent)) {
+ throw EbicsProcessingError(
+ "Amount number malformed: ${txDetails.amt.textContent}"
+ )
+ }
PainParseResult(
currency = txDetails.amt.getAttribute("Ccy"),
- amount = Amount(txDetails.amt.textContent),
+ amount = txDetails.amt.textContent,
subject = txDetails.subject,
debtorIban = debtorIban,
debtorName = debtorName,
@@ -692,6 +697,10 @@ private fun handleCct(paymentRequest: String) {
transaction {
try {
val bankAccount = getBankAccountFromIban(parseResult.debtorIban)
+ if (parseResult.currency != bankAccount.demoBank.currency) throw EbicsRequestError(
+ "[EBICS_PROCESSING_ERROR] Currency (${parseResult.currency}) not supported.",
+ "091116"
+ )
BankAccountTransactionEntity.new {
account = bankAccount
demobank = bankAccount.demoBank
@@ -702,7 +711,7 @@ private fun handleCct(paymentRequest: String) {
debtorName = parseResult.debtorName
debtorBic = parseResult.debtorBic
subject = parseResult.subject
- amount = parseResult.amount.toString()
+ amount = parseResult.amount
currency = parseResult.currency
date = getUTCnow().toInstant().toEpochMilli()
pmtInfId = parseResult.pmtInfId
@@ -723,7 +732,7 @@ private fun handleCct(paymentRequest: String) {
debtorName = parseResult.debtorName
debtorBic = parseResult.debtorBic
subject = parseResult.subject
- amount = parseResult.amount.toString()
+ amount = parseResult.amount
currency = parseResult.currency
date = getUTCnow().toInstant().toEpochMilli()
pmtInfId = parseResult.pmtInfId
diff --git a/sandbox/src/main/kotlin/tech/libeufin/sandbox/Main.kt b/sandbox/src/main/kotlin/tech/libeufin/sandbox/Main.kt
@@ -1191,6 +1191,7 @@ val sandboxApp: Application.() -> Unit = {
* return a pair, consisting of the bank account and the demobank
* hosting it.
*/
+ if (!validatePlainAmount(amount)) throw badRequest("Invalid amount: $amount")
transaction {
wireTransfer(
debitAccount = bankAccount,
@@ -1199,7 +1200,7 @@ val sandboxApp: Application.() -> Unit = {
subject = payto.message ?: throw badRequest(
"'message' query parameter missing in Payto address"
),
- amount = parseAmount(amount).amount.toPlainString()
+ amount = amount
)
}
call.respond(object {})
