added validation to client.feed and feed.follow

tschellenbach · tschellenbach · commit 728bad8b9052 · 2014-11-18T12:55:42.000+02:00
diff --git a/stream/client.py b/stream/client.py
@@ -4,6 +4,7 @@
 import logging
 import os
 import requests
+from stream.utils import validate_feed_slug, validate_user_id
 
 
 logger = logging.getLogger(__name__)
@@ -58,8 +59,8 @@ def feed(self, feed_slug, user_id):
         :param user_id: the user id
         '''
         from stream.feed import Feed
-        user_id = str(user_id)
-        feed_slug = str(feed_slug)
+        feed_slug = validate_feed_slug(feed_slug)
+        user_id = validate_user_id(user_id)
 
         # generate the token
         feed_id = '%s%s' % (feed_slug, user_id)
diff --git a/stream/feed.py b/stream/feed.py
@@ -1,4 +1,4 @@
-from stream.utils import validate_feed
+from stream.utils import validate_feed_id, validate_user_id, validate_feed_slug
 
 
 class Feed(object):
@@ -110,6 +110,8 @@ def follow(self, target_feed_slug, target_user_id):
         :param target_feed_slug: the slug of the target feed
         :param target_user_id: the user id
         '''
+        target_feed_slug = validate_feed_slug(target_feed_slug)
+        target_user_id = validate_user_id(target_user_id)
         target_feed_id = '%s:%s' % (target_feed_slug, target_user_id)
         url = self.feed_url + 'follows/'
         data = {
@@ -167,7 +169,7 @@ def add_to_signature(self, recipients):
         '''
         data = []
         for recipient in recipients:
-            validate_feed(recipient)
+            validate_feed_id(recipient)
             feed_slug, user_id = recipient.split(':')
             feed = self.client.feed(feed_slug, user_id)
             data.append("%s %s" % (recipient, feed.token))
diff --git a/stream/tests.py b/stream/tests.py
@@ -70,6 +70,23 @@ def test_heroku_overwrite(self):
         self.assertEqual(client.api_key, 'a')
         self.assertEqual(client.api_secret, 'b')
         self.assertEqual(client.app_id, 'c')
+        
+    def test_invalid_feed_values(self):
+        def invalid_feed_slug():
+            client.feed('user:', '1')
+        self.assertRaises(ValueError, invalid_feed_slug)
+        
+        def invalid_user_id():
+            client.feed('user:', '1-a')
+        self.assertRaises(ValueError, invalid_user_id)
+            
+        def invalid_follow_feed_slug():
+            self.user1.follow('user:', '1')
+        self.assertRaises(ValueError, invalid_follow_feed_slug)
+            
+        def invalid_follow_user_id():
+            self.user1.follow('user', '1-:a')
+        self.assertRaises(ValueError, invalid_follow_user_id)
 
     def test_token_retrieval(self):
         self.user1.token
diff --git a/stream/utils.py b/stream/utils.py
@@ -1,13 +1,45 @@
+import re
 
+valid_re = re.compile('^\w+$')
 
-def validate_feed(feed_id):
+
+def validate_feed_id(feed_id):
     '''
     Validates the input is in the format of user:1
 
     :param feed_id: a feed such as user:1
 
     Raises ValueError if the format doesnt match
     '''
+    feed_id = str(feed_id)
     if len(feed_id.split(':')) != 2:
         msg = 'Invalid feed_id spec %s, please specify the feed_id as feed_slug:feed_id'
         raise ValueError(msg % feed_id)
+    
+    feed_slug, user_id = feed_id.split(':')
+    feed_slug = validate_feed_slug(feed_slug)
+    user_id = validate_user_id(user_id)
+    return feed_id
+    
+
+def validate_feed_slug(feed_slug):
+    '''
+    Validates the feed slug falls into \w
+    '''
+    feed_slug = str(feed_slug)
+    if not valid_re.match(feed_slug):
+        msg = 'Invalid feed slug %s, please only use letters, numbers and _'
+        raise ValueError(msg % feed_slug)
+    return feed_slug
+
+
+def validate_user_id(user_id):
+    '''
+    Validates the user id falls into \w
+    '''
+    user_id = str(user_id)
+    if not valid_re.match(user_id):
+        msg = 'Invalid user id %s, please only use letters, numbers and _'
+        raise ValueError(msg % user_id)
+    return user_id
+    
