lingo: raise a 404 if regie or payment backend is not found (#39846)

combo/apps/lingo/views.py

@@ -36,6 +36,7 @@ from django.conf import settings
 from django.contrib import messages
 from django.utils.translation import ugettext_lazy as _
 from django.db.transaction import atomic
+from django.shortcuts import get_object_or_404
 from django.utils.encoding import smart_text
 
 import eopayment
@@ -525,9 +526,14 @@ class UnknownPaymentException(PaymentException):
 class PaymentView(View):
     def handle_response(self, request, backend_response, **kwargs):
         if 'regie_pk' in kwargs:
-            payment_backend = Regie.objects.get(id=kwargs['regie_pk']).payment_backend
+            payment_backend = get_object_or_404(
+                Regie,
+                pk=kwargs['regie_pk']
+            ).payment_backend
         elif 'payment_backend_pk' in kwargs:
-            payment_backend = PaymentBackend.objects.get(id=kwargs['payment_backend_pk'])
+            payment_backend = get_object_or_404(
+                PaymentBackend,
+                pk=kwargs['payment_backend_pk'])
         else:
             return HttpResponseBadRequest("A payment backend or regie primary key must be specified")
 

tests/test_lingo_payment.py

@@ -1058,6 +1058,17 @@ def test_payment_callback_error(app, basket_page, regie, user, with_payment_back
     assert BasketItem.objects.get(id=item.id).notification_date
 
 
+def test_payment_callback_not_found(app, user, regie):
+    data = {'transaction_id': 42, 'signed': True,
+            'amount': 42, 'ok': True}
+
+    callback_url = reverse('lingo-callback', kwargs={'regie_pk': 0})
+    app.get(callback_url, params=data, status=404)
+
+    callback_url = reverse('lingo-callback-payment-backend', kwargs={'payment_backend_pk': 0})
+    app.get(callback_url, params=data, status=404)
+
+
 @pytest.mark.parametrize("authenticated", [True, False])
 def test_payment_no_basket(app, user, regie, authenticated):
     url = reverse('api-add-basket-item')