thenewboston-blockchain · JonSchapiro · Dec 24, 2020 · Dec 31, 2020 · Dec 31, 2020 · vosi
diff --git a/v1/accounts/factories/account.py b/v1/accounts/factories/account.py
@@ -6,7 +6,7 @@
 
 
 class AccountFactory(DjangoModelFactory):
-    account_number = Faker('pystr', max_chars=VERIFY_KEY_LENGTH)
+    account_number = Faker('pystr', max_chars=VERIFY_KEY_LENGTH - 1)
     balance = Faker('pyint', max_value=MAX_POINT_VALUE)
     balance_lock = Faker('pystr', max_chars=BALANCE_LOCK_LENGTH)
 

diff --git a/v1/accounts/tests/account.py b/v1/accounts/tests/account.py
@@ -1,6 +1,8 @@
+import random
+
 import pytest
 from rest_framework.reverse import reverse
-from rest_framework.status import HTTP_200_OK
+from rest_framework.status import HTTP_200_OK, HTTP_401_UNAUTHORIZED
 from thenewboston.third_party.pytest.asserts import assert_objects_vs_dicts
 
 
@@ -35,3 +37,15 @@ def test_account_balance_lock(client, account):
         expected=HTTP_200_OK,
     )
     assert response['balance_lock'] == account.balance_lock
+
+
+def test_validator_account_max_length(client, account):
+    account.account_number = ''.join(random.choice('0123456789ABCDEF') for i in range(66))
+    response = client.get_json(
+        reverse(
+            'account-balance',
+            args=[account.account_number],
+        ),
+        expected=HTTP_401_UNAUTHORIZED,
+    )
+    assert response
diff --git a/v1/accounts/views/account.py b/v1/accounts/views/account.py
@@ -1,7 +1,9 @@
+from rest_framework import status
 from rest_framework.decorators import action
 from rest_framework.mixins import ListModelMixin
 from rest_framework.response import Response
 from rest_framework.viewsets import GenericViewSet
+from thenewboston.constants.network import VERIFY_KEY_LENGTH
 
 from v1.cache_tools.accounts import get_account_balance, get_account_balance_lock
 from ..models.account import Account
@@ -31,12 +33,18 @@ class AccountViewSet(
 
     @action(methods=['get'], detail=True)
     def balance(self, request, account_number=None):
+        if account_number is not None and len(account_number) >= VERIFY_KEY_LENGTH:
+            return Response({'balance': None}, status=status.HTTP_401_UNAUTHORIZED)
+
         return Response({
             'balance': get_account_balance(account_number=account_number)
         })
 
     @action(methods=['get'], detail=True)
     def balance_lock(self, request, account_number=None):
+        if account_number is not None and len(account_number) >= VERIFY_KEY_LENGTH:
+            return Response({'balance': None}, status=status.HTTP_401_UNAUTHORIZED)
+
         return Response({
             'balance_lock': get_account_balance_lock(account_number=account_number)
         })
diff --git a/v1/bank_blocks/tests/bank_block.py b/v1/bank_blocks/tests/bank_block.py
@@ -1,6 +1,8 @@
+import random
+
 from django.core.cache import cache
 from rest_framework.reverse import reverse
-from rest_framework.status import HTTP_200_OK
+from rest_framework.status import HTTP_200_OK, HTTP_401_UNAUTHORIZED
 
 from v1.cache_tools.cache_keys import BLOCK_QUEUE
 
@@ -14,3 +16,14 @@ def test_bank_block_post(client, primary_validator_configuration, signed_block,
 
     assert response == signed_block['block']
     assert cache.get(BLOCK_QUEUE) == [signed_block['block']]
+
+
+def test_validator_bank_block_max_length(client, primary_validator_configuration, signed_block, celery_worker):
+    signed_block['block']['account_number'] = ''.join(random.choice('0123456789ABCDEF') for i in range(66))
+    response = client.post_json(
+        reverse('bank_blocks-list'),
+        signed_block,
+        expected=HTTP_401_UNAUTHORIZED,
+    )
+
+    assert response