billing: Verify that plan names are not tampered.

2018-07-22 15:23:57 +00:00 · 2018-07-22 15:23:57 +00:00 · 15eff517f4
parent 82fc82b7e2
commit 15eff517f4
2 changed files with 18 additions and 1 deletions
--- a/zilencer/tests/test_stripe.py
+++ b/zilencer/tests/test_stripe.py
@ -218,6 +218,18 @@ class StripeTest(ZulipTestCase):
        })
        self.assert_in_success_response(["Something went wrong. Please contact"], result)

+    @mock.patch("zilencer.lib.stripe.STRIPE_PUBLISHABLE_KEY", "stripe_publishable_key")
+    @mock.patch("zilencer.views.STRIPE_PUBLISHABLE_KEY", "stripe_publishable_key")
+    def test_upgrade_with_tampered_plan(self) -> None:
+        self.login(self.user.email)
+        result = self.client_post("/upgrade/", {
+            'stripeToken': self.token,
+            'signed_seat_count': self.signed_seat_count,
+            'salt': self.salt,
+            'plan': "invalid"
+        })
+        self.assert_in_success_response(["Something went wrong. Please contact"], result)
+
    @mock.patch("zilencer.lib.stripe.STRIPE_PUBLISHABLE_KEY", "stripe_publishable_key")
    @mock.patch("zilencer.views.STRIPE_PUBLISHABLE_KEY", "stripe_publishable_key")
    @mock.patch("stripe.Customer.retrieve", side_effect=mock_retrieve_customer)
--- a/zilencer/views.py
+++ b/zilencer/views.py
@ -168,6 +168,11 @@ def initial_upgrade(request: HttpRequest) -> HttpResponse:
        return HttpResponseRedirect(reverse('zilencer.views.billing_home'))

    if request.method == 'POST':
+        plan = request.POST['plan']
+        if plan not in [Plan.CLOUD_ANNUAL, Plan.CLOUD_MONTHLY]:
+            billing_logger.warning("Tampered plan during realm upgrade. user: %s, realm: %s (%s)."
+                                   % (user.id, user.realm.id, user.realm.string_id))
+            error_message = "Something went wrong. Please contact support@zulipchat.com"
        try:
            seat_count = int(unsign_string(request.POST['signed_seat_count'], request.POST['salt']))
        except signing.BadSignature:
@ -179,7 +184,7 @@ def initial_upgrade(request: HttpRequest) -> HttpResponse:
            stripe_customer = do_create_customer_with_payment_source(user, request.POST['stripeToken'])
            do_subscribe_customer_to_plan(
                stripe_customer=stripe_customer,
-                stripe_plan_id=Plan.objects.get(nickname=request.POST['plan']).stripe_plan_id,
+                stripe_plan_id=Plan.objects.get(nickname=plan).stripe_plan_id,
                seat_count=seat_count,
                # TODO: billing address details are passed to us in the request;
                # use that to calculate taxes.