handle bad signatures (#17699)
This commit is contained in:
parent
5c56551cd7
commit
ab69f1e734
|
@ -163,7 +163,10 @@ class UnsubscribeView(DeleteView):
|
|||
model = models.Subscription
|
||||
|
||||
def get_object(self, queryset=None):
|
||||
data = signing.loads(self.kwargs['unsubscription_token'])
|
||||
try:
|
||||
data = signing.loads(self.kwargs['unsubscription_token'])
|
||||
except signing.BadSignature:
|
||||
raise Http404
|
||||
try:
|
||||
return models.Subscription.objects.get(category__pk=data['category'],
|
||||
identifier=data['identifier'])
|
||||
|
|
|
@ -152,6 +152,9 @@ def test_unsubscription_link(app, categories, announces, custom_mailoutbox):
|
|||
'category': announce.category.pk, 'identifier': destination.identifier}
|
||||
unsubscription_link_sentinel = unsubscription_link
|
||||
|
||||
# refuse altered signature
|
||||
resp = app.get(unsubscription_link + 'altered', status=404)
|
||||
|
||||
# make sure the uri schema is not in the page
|
||||
resp = app.get(unsubscription_link)
|
||||
assert scheme not in resp.content
|
||||
|
|
Reference in New Issue