From 5734a008e21f7d8a35762b13bc0c5808e6dbcfff Mon Sep 17 00:00:00 2001
From: Mitchell Henke <mitchell.henke@gsa.gov>
Date: Tue, 30 Aug 2022 10:24:33 -0500
Subject: [PATCH] Increase strictness in parsing timestamp parameter in
 Attempts API

changelog: Improvements, Attempts API, Increase strictness in parsing timestamp parameter
---
 app/controllers/api/irs_attempts_api_controller.rb       | 2 +-
 spec/controllers/api/irs_attempts_api_controller_spec.rb | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/app/controllers/api/irs_attempts_api_controller.rb b/app/controllers/api/irs_attempts_api_controller.rb
index 3042abbae52..dfc05db35f3 100644
--- a/app/controllers/api/irs_attempts_api_controller.rb
+++ b/app/controllers/api/irs_attempts_api_controller.rb
@@ -77,7 +77,7 @@ def timestamp
       timestamp_param = params.permit(:timestamp)[:timestamp]
       return nil if timestamp_param.nil?
 
-      ActiveSupport::TimeZone['UTC'].parse(timestamp_param)
+      Time.strptime(timestamp_param, '%Y-%m-%dT%H:%M:%S%z')
     rescue ArgumentError
       nil
     end
diff --git a/spec/controllers/api/irs_attempts_api_controller_spec.rb b/spec/controllers/api/irs_attempts_api_controller_spec.rb
index ac512f6198b..9bf243a71d3 100644
--- a/spec/controllers/api/irs_attempts_api_controller_spec.rb
+++ b/spec/controllers/api/irs_attempts_api_controller_spec.rb
@@ -71,6 +71,9 @@
     it 'returns an error with invalid timestamp parameter' do
       post :create, params: { timestamp: 'abc' }
       expect(response.status).to eq 422
+
+      post :create, params: { timestamp: 'T14' }
+      expect(response.status).to eq 422
     end
 
     it 'authenticates the client' do