More validation to the free-form price text box and allow for decimal places

e7a3847e · Diana Huang · 3efa8033 · e7a3847e · e7a3847e
Commit e7a3847e authored Aug 28, 2013 by Diana Huang
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 6 deletions

common/djangoapps/course_modes/views.py
+12 -4

lms/djangoapps/verify_student/views.py
+7 -2

No files found.
--- a/common/djangoapps/course_modes/views.py
+++ b/common/djangoapps/course_modes/views.py
+import decimal
 from django.core.urlresolvers import reverse
 from django.http import (
    HttpResponse, HttpResponseBadRequest, HttpResponseForbidden, Http404
@@ -63,15 +64,22 @@ class ChooseModeView(View):
            amount = request.POST.get("contribution") or \
                request.POST.get("contribution-other-amt") or 0
-            donation_for_course = request.session.get("donation_for_course", {})
+            try:
-            donation_for_course[course_id] = amount
+                # validate the amount passed in and force it into two digits
-            request.session["donation_for_course"] = donation_for_course
+                amount_value = decimal.Decimal(amount).quantize(decimal.Decimal('.01'), rounding=decimal.ROUND_DOWN)
+            except decimal.InvalidOperation:
+                error_msg = _("Invalid amount selected.")
+                return self.get(request, error=error_msg)
            # Check for minimum pricing
-            if int(amount) < mode_info.min_price:
+            if amount_value < mode_info.min_price:
                error_msg = _("No selected price or selected price is too low.")
                return self.get(request, error=error_msg)
+            donation_for_course = request.session.get("donation_for_course", {})
+            donation_for_course[course_id] = donation_for_course
+            request.session["donation_for_course"] = donation_for_course
            return redirect(
                "{}?{}".format(
                    reverse('verify_student_show_requirements'),

--- a/lms/djangoapps/verify_student/views.py
+++ b/lms/djangoapps/verify_student/views.py
@@ -4,6 +4,7 @@
 """
 import json
 import logging
+import decimal
 from mitxmako.shortcuts import render_to_response
@@ -68,19 +69,23 @@ def create_order(request):
    course_id = request.POST['course_id']
    contribution = request.POST.get("contribution", 0)
+    try:
+        amount = decimal.Decimal(contribution).quantize(decimal.Decimal('.01'), rounding=decimal.ROUND_DOWN)
+    except decimal.InvalidOperation:
+        return HttpResponseBadRequest(_("Selected price is not valid number."))
    verified_mode = CourseMode.modes_for_course_dict(course_id).get('verified', None)
    # make sure this course has a verified mode
    if not verified_mode:
        return HttpResponseBadRequest(_("This course doesn't support verified certificates"))
-    if int(contribution) < verified_mode.min_price:
+    if amount < verified_mode.min_price:
        return HttpResponseBadRequest(_("No selected price or selected price is below minimum."))
    # I know, we should check this is valid. All kinds of stuff missing here
    cart = Order.get_cart_for_user(request.user)
    cart.clear()
-    CertificateItem.add_to_order(cart, course_id, contribution, 'verified')
+    CertificateItem.add_to_order(cart, course_id, amount, 'verified')
    params = get_signed_purchase_params(cart)