bot: validate token does not contain white spaces (#306)

in addition move validation code from validate.py into bot.py and delete
the former file

telegram/bot.py

@@ -24,8 +24,8 @@ import functools
 
 from telegram import (User, Message, Update, UserProfilePhotos, File, ReplyMarkup, TelegramObject,
                       NullHandler)
+from telegram.error import InvalidToken
 from telegram.utils import request
-from telegram.utils.validate import validate_token
 
 logging.getLogger(__name__).addHandler(NullHandler())
 
@@ -48,7 +48,7 @@ class Bot(TelegramObject):
     """
 
     def __init__(self, token, base_url=None, base_file_url=None):
-        self.token = validate_token(token)
+        self.token = self._validate_token(token)
 
         if not base_url:
             self.base_url = 'https://api.telegram.org/bot{0}'.format(self.token)
@@ -64,6 +64,18 @@ class Bot(TelegramObject):
 
         self.logger = logging.getLogger(__name__)
 
+    @staticmethod
+    def _validate_token(token):
+        """a very basic validation on token"""
+        if any(x.isspace() for x in token):
+            raise InvalidToken()
+
+        left, sep, _right = token.partition(':')
+        if (not sep) or (not left.isdigit()) or (len(left) < 3):
+            raise InvalidToken()
+
+        return token
+
     def info(func):
 
         @functools.wraps(func)

telegram/utils/validate.py

@@ -1,29 +0,0 @@
-#!/usr/bin/env python
-#
-# A library that provides a Python interface to the Telegram Bot API
-# Copyright (C) 2015-2016
-# Leandro Toledo de Souza <devs@python-telegram-bot.org>
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Lesser Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Lesser Public License for more details.
-#
-# You should have received a copy of the GNU Lesser Public License
-# along with this program.  If not, see [http://www.gnu.org/licenses/].
-"""This module contains functions to validate function arguments"""
-
-from telegram.error import InvalidToken
-
-
-def validate_token(token):
-    """a very basic validation on token"""
-    left, sep, _right = token.partition(':')
-    if (not sep) or (not left.isdigit()) or (len(left) < 3):
-        raise InvalidToken()
-    return token

tests/test_bot.py

@@ -192,8 +192,12 @@ class BotTest(BaseTest, unittest.TestCase):
     def testInvalidToken3(self):
         self._test_invalid_token('12:')
 
-    # def testInvalidToken4(self):
+    def testInvalidToken4(self):
-    #     self._test_invalid_token('1234:abcd1234\n')
+        # white spaces are invalid
+        self._test_invalid_token('1234:abcd1234\n')
+        self._test_invalid_token(' 1234:abcd1234')
+        self._test_invalid_token(' 1234:abcd1234\r')
+        self._test_invalid_token('1234:abcd 1234')
 
     def testUnauthToken(self):
         with self.assertRaisesRegexp(telegram.error.Unauthorized, 'Unauthorized'):