lingo: return a 404 in case invoice id can't be decrypted (#12669)
This commit is contained in:
parent
1b71d7849e
commit
e7e5da510d
|
@ -37,7 +37,7 @@ from django.utils.encoding import smart_text
|
|||
|
||||
import eopayment
|
||||
|
||||
from combo.utils import check_query, aes_hex_decrypt
|
||||
from combo.utils import check_query, aes_hex_decrypt, DecryptionError
|
||||
|
||||
try:
|
||||
from mellon.models import UserSAMLIdentifier
|
||||
|
@ -470,9 +470,17 @@ class ItemDownloadView(View):
|
|||
http_method_names = [u'get']
|
||||
|
||||
def get(self, request, *args, **kwargs):
|
||||
regie = Regie.objects.get(pk=kwargs['regie_id'])
|
||||
try:
|
||||
regie = Regie.objects.get(pk=kwargs['regie_id'])
|
||||
except Regie.DoesNotExist:
|
||||
raise Http404()
|
||||
|
||||
try:
|
||||
item_id = aes_hex_decrypt(settings.SECRET_KEY, kwargs['item_crypto_id'])
|
||||
except DecryptionError:
|
||||
raise Http404()
|
||||
|
||||
try:
|
||||
data = regie.download_item(request, item_id)
|
||||
except PermissionDenied:
|
||||
return HttpResponseForbidden()
|
||||
|
@ -494,8 +502,14 @@ class ItemView(TemplateView):
|
|||
template_name = 'lingo/combo/item.html'
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
regie = Regie.objects.get(pk=kwargs['regie_id'])
|
||||
item_id = aes_hex_decrypt(settings.SECRET_KEY, kwargs['item_crypto_id'])
|
||||
try:
|
||||
regie = Regie.objects.get(pk=kwargs['regie_id'])
|
||||
except Regie.DoesNotExist:
|
||||
raise Http404()
|
||||
try:
|
||||
item_id = aes_hex_decrypt(settings.SECRET_KEY, kwargs['item_crypto_id'])
|
||||
except DecryptionError:
|
||||
raise Http404()
|
||||
item = regie.get_item(self.request, item_id)
|
||||
if not item:
|
||||
raise Http404(_('No item was found.'))
|
||||
|
|
Loading…
Reference in New Issue