Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change settle endpoint to use POST instead of GET #1303

Merged
merged 6 commits into from
Jan 5, 2025
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Add security-related test to the new settle endpoint
  • Loading branch information
Baptiste Jonglez authored and almet committed Jan 5, 2025
commit 87112ec9d15e291e365bd0b3049134ecfae008d4
18 changes: 18 additions & 0 deletions ihatemoney/tests/budget_test.py
Original file line number Diff line number Diff line change
@@ -1630,6 +1630,24 @@ def test_access_other_projects(self):
member = models.Person.query.filter(models.Person.id == 1).one_or_none()
assert member is None

# test new settle endpoint to add bills with wrong payer / payed_for
self.client.post("/exit")
self.client.post(
"/authenticate", data={"id": "tartiflette", "password": "tartiflette"}
)
self.client.post(
"/tartiflette/settle",
data={
"sender_id": 4,
"receiver_id": 5,
"amount": "42.0",
},
)
piratebill = models.Bill.query.filter(
models.Bill.bill_type == models.BillType.REIMBURSEMENT
).one_or_none()
assert piratebill is None, "piratebill 3 should not exist"

@pytest.mark.skip(reason="Currency conversion is broken")
def test_currency_switch(self):
# A project should be editable
1 change: 1 addition & 0 deletions ihatemoney/web.py
Original file line number Diff line number Diff line change
@@ -874,6 +874,7 @@ def add_settlement_bill():
)
return redirect(url_for(".settle_bill"))

# TODO: check that sender and receiver ID are valid and part of this project

settlement = Bill(
amount=form.amount.data,