bot: validate token does not contain white spaces (#306)

in addition move validation code from validate.py into bot.py and delete the former file
2025-01-01 08:56:27 +01:00 · 2016-05-26 22:09:14 +03:00 · 2016-05-26 22:09:14 +03:00 · 561f1c3f02
commit 561f1c3f02
parent 86571bc75d
3 changed files with 20 additions and 33 deletions
--- a/telegram/bot.py
+++ b/telegram/bot.py
@ -24,8 +24,8 @@ import functools

 from telegram import (User, Message, Update, UserProfilePhotos, File, ReplyMarkup, TelegramObject,
                      NullHandler)
+from telegram.error import InvalidToken
 from telegram.utils import request
-from telegram.utils.validate import validate_token

 logging.getLogger(__name__).addHandler(NullHandler())

@ -48,7 +48,7 @@ class Bot(TelegramObject):
    """

    def __init__(self, token, base_url=None, base_file_url=None):
-        self.token = validate_token(token)
+        self.token = self._validate_token(token)

        if not base_url:
            self.base_url = 'https://api.telegram.org/bot{0}'.format(self.token)
@ -64,6 +64,18 @@ class Bot(TelegramObject):

        self.logger = logging.getLogger(__name__)

+    @staticmethod
+    def _validate_token(token):
+        """a very basic validation on token"""
+        if any(x.isspace() for x in token):
+            raise InvalidToken()
+
+        left, sep, _right = token.partition(':')
+        if (not sep) or (not left.isdigit()) or (len(left) < 3):
+            raise InvalidToken()
+
+        return token
+
    def info(func):

        @functools.wraps(func)
--- a/telegram/utils/validate.py
+++ b/telegram/utils/validate.py
@ -1,29 +0,0 @@
-#!/usr/bin/env python
-#
-# A library that provides a Python interface to the Telegram Bot API
-# Copyright (C) 2015-2016
-# Leandro Toledo de Souza <devs@python-telegram-bot.org>
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Lesser Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Lesser Public License for more details.
-#
-# You should have received a copy of the GNU Lesser Public License
-# along with this program.  If not, see [http://www.gnu.org/licenses/].
-"""This module contains functions to validate function arguments"""
-
-from telegram.error import InvalidToken
-
-
-def validate_token(token):
-    """a very basic validation on token"""
-    left, sep, _right = token.partition(':')
-    if (not sep) or (not left.isdigit()) or (len(left) < 3):
-        raise InvalidToken()
-    return token
--- a/tests/test_bot.py
+++ b/tests/test_bot.py
@ -192,8 +192,12 @@ class BotTest(BaseTest, unittest.TestCase):
    def testInvalidToken3(self):
        self._test_invalid_token('12:')

-    # def testInvalidToken4(self):
-    #     self._test_invalid_token('1234:abcd1234\n')
+    def testInvalidToken4(self):
+        # white spaces are invalid
+        self._test_invalid_token('1234:abcd1234\n')
+        self._test_invalid_token(' 1234:abcd1234')
+        self._test_invalid_token(' 1234:abcd1234\r')
+        self._test_invalid_token('1234:abcd 1234')

    def testUnauthToken(self):
        with self.assertRaisesRegexp(telegram.error.Unauthorized, 'Unauthorized'):