[radius] Add max_length validation for called_station_id and calling_…

…station_id in PostAuthSerializer openwisp#467 Updated the PostAuthSerializer to include a `max_length` attribute of 50 for both the `called_station_id` and `calling_station_id` fields. This ensures that requests exceeding the character limit for either field return an HTTP 400 error with an appropriate error message. Added tests to validate the max_length constraint for both fields. Fixes openwisp#467
dee077 · Dec 19, 2024 · 0b8d193 · 0b8d193
1 parent 71551fa
commit 0b8d193
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/openwisp_radius/api/serializers.py b/openwisp_radius/api/serializers.py
@@ -123,7 +123,9 @@ class RadiusPostAuthSerializer(serializers.ModelSerializer):
     called_station_id = serializers.CharField(
         required=False, allow_blank=True, max_length=50
     )
-    calling_station_id = serializers.CharField(required=False, allow_blank=True)
+    calling_station_id = serializers.CharField(
+        required=False, allow_blank=True, max_length=50
+    )
 
     def validate(self, data):
         # do not save correct passwords in clear text

diff --git a/openwisp_radius/tests/test_api/test_freeradius_api.py b/openwisp_radius/tests/test_api/test_freeradius_api.py
@@ -299,7 +299,10 @@ def test_postauth_400(self):
         self.assertEqual(response.status_code, 400)
 
     def test_postauth_called_station_id_max_length_50_exceed_400(self):
-        params = {'called_station_id': 'C0-4A-00-EE-D1-0D:' + 'A' * 50}
+        params = {
+            'called_station_id': 'C0-4A-00-EE-D1-0D:' + 'A' * 50,
+            'calling_station_id': '00:26:b9:20:5f:10' + 'A' * 50,
+        }
         params = self._get_postauth_params(**params)
         response = self.client.post(
             reverse('radius:postauth'), params, HTTP_AUTHORIZATION=self.auth_header
@@ -309,6 +312,10 @@ def test_postauth_called_station_id_max_length_50_exceed_400(self):
             response.data['called_station_id'][0],
             'Ensure this field has no more than 50 characters.',
         )
+        self.assertEqual(
+            response.data['calling_station_id'][0],
+            'Ensure this field has no more than 50 characters.',
+        )
 
     @capture_any_output()
     def test_postauth_no_token_403(self):