diff --git a/tests/test_tip_json.py b/tests/test_tip_json.py index 36ea55a019..7db1d68bfb 100644 --- a/tests/test_tip_json.py +++ b/tests/test_tip_json.py @@ -42,3 +42,23 @@ def test_get_amount_and_total_back_from_api(self): assert first_data['total_giving'] == "1.00" assert second_data['amount'] == "3.00" assert second_data['total_giving'] == "4.00" + + def test_set_tip_out_of_range(self): + client = TestClient() + now = datetime.datetime.now(pytz.utc) + self.make_participant("alice", claimed_time=now) + self.make_participant("bob", claimed_time=now) + + response = client.get('/') + csrf_token = response.request.context['csrf_token'] + response = client.post("/alice/tip.json", + {'amount': "110.00", 'csrf_token': csrf_token}, + user='bob') + assert "bad amount" in response.body + assert response.code == 400 + + response = client.post("/alice/tip.json", + {'amount': "-1.00", 'csrf_token': csrf_token}, + user='bob') + assert "bad amount" in response.body + assert response.code == 400 diff --git a/www/%username/tip.json.spt b/www/%username/tip.json.spt index fed5578d29..7039614b27 100644 --- a/www/%username/tip.json.spt +++ b/www/%username/tip.json.spt @@ -3,7 +3,7 @@ from decimal import InvalidOperation from aspen import Response -from gittip.models.participant import Participant +from gittip.models.participant import Participant, BadAmount [-----------------------------------------------------------------------------] @@ -30,7 +30,7 @@ if not user.ANON: amount, first_time_tipper = tipper.set_tip_to( tippee.username , body['amount'] ) - except (InvalidOperation, ValueError): + except (InvalidOperation, ValueError, BadAmount): raise Response(400, "bad amount") else: amount = tipper.get_tip_to(tippee.username)