More validation to the free-form price text box and allow for decimal places

2013-08-28 17:43:01 -04:00
parent 3efa803321
commit e7a3847e48
2 changed files with 19 additions and 6 deletions
--- a/common/djangoapps/course_modes/views.py
+++ b/common/djangoapps/course_modes/views.py
@@ -1,3 +1,4 @@
+import decimal
 from django.core.urlresolvers import reverse
 from django.http import (
    HttpResponse, HttpResponseBadRequest, HttpResponseForbidden, Http404
@@ -63,15 +64,22 @@ class ChooseModeView(View):
            amount = request.POST.get("contribution") or \
                request.POST.get("contribution-other-amt") or 0

-            donation_for_course = request.session.get("donation_for_course", {})
-            donation_for_course[course_id] = amount
-            request.session["donation_for_course"] = donation_for_course
+            try:
+                # validate the amount passed in and force it into two digits
+                amount_value = decimal.Decimal(amount).quantize(decimal.Decimal('.01'), rounding=decimal.ROUND_DOWN)
+            except decimal.InvalidOperation:
+                error_msg = _("Invalid amount selected.")
+                return self.get(request, error=error_msg)

            # Check for minimum pricing
-            if int(amount) < mode_info.min_price:
+            if amount_value < mode_info.min_price:
                error_msg = _("No selected price or selected price is too low.")
                return self.get(request, error=error_msg)

+            donation_for_course = request.session.get("donation_for_course", {})
+            donation_for_course[course_id] = donation_for_course
+            request.session["donation_for_course"] = donation_for_course
+
            return redirect(
                "{}?{}".format(
                    reverse('verify_student_show_requirements'),
--- a/lms/djangoapps/verify_student/views.py
+++ b/lms/djangoapps/verify_student/views.py
@@ -4,6 +4,7 @@
 """
 import json
 import logging
+import decimal

 from mitxmako.shortcuts import render_to_response

@@ -68,19 +69,23 @@ def create_order(request):

    course_id = request.POST['course_id']
    contribution = request.POST.get("contribution", 0)
+    try:
+        amount = decimal.Decimal(contribution).quantize(decimal.Decimal('.01'), rounding=decimal.ROUND_DOWN)
+    except decimal.InvalidOperation:
+        return HttpResponseBadRequest(_("Selected price is not valid number."))

    verified_mode = CourseMode.modes_for_course_dict(course_id).get('verified', None)
    # make sure this course has a verified mode
    if not verified_mode:
        return HttpResponseBadRequest(_("This course doesn't support verified certificates"))

-    if int(contribution) < verified_mode.min_price:
+    if amount < verified_mode.min_price:
        return HttpResponseBadRequest(_("No selected price or selected price is below minimum."))

    # I know, we should check this is valid. All kinds of stuff missing here
    cart = Order.get_cart_for_user(request.user)
    cart.clear()
-    CertificateItem.add_to_order(cart, course_id, contribution, 'verified')
+    CertificateItem.add_to_order(cart, course_id, amount, 'verified')

    params = get_signed_purchase_params(cart)