From ab69f1e7340fdea43676ab48380e99378fa729ea Mon Sep 17 00:00:00 2001
From: Serghei Mihai <smihai@entrouvert.com>
Date: Tue, 19 Nov 2019 17:01:02 +0100
Subject: [PATCH] handle bad signatures (#17699)

---
 corbo/views.py             | 5 ++++-
 tests/test_broadcasting.py | 3 +++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/corbo/views.py b/corbo/views.py
index 5e38cb5..ff07bb7 100644
--- a/corbo/views.py
+++ b/corbo/views.py
@@ -163,7 +163,10 @@ class UnsubscribeView(DeleteView):
     model = models.Subscription
 
     def get_object(self, queryset=None):
-        data = signing.loads(self.kwargs['unsubscription_token'])
+        try:
+            data = signing.loads(self.kwargs['unsubscription_token'])
+        except signing.BadSignature:
+            raise Http404
         try:
             return models.Subscription.objects.get(category__pk=data['category'],
                                                    identifier=data['identifier'])
diff --git a/tests/test_broadcasting.py b/tests/test_broadcasting.py
index 4b4fa74..5eda09d 100644
--- a/tests/test_broadcasting.py
+++ b/tests/test_broadcasting.py
@@ -152,6 +152,9 @@ def test_unsubscription_link(app, categories, announces, custom_mailoutbox):
                     'category': announce.category.pk, 'identifier': destination.identifier}
                 unsubscription_link_sentinel = unsubscription_link
 
+                # refuse altered signature
+                resp = app.get(unsubscription_link + 'altered', status=404)
+
                 # make sure the uri schema is not in the page
                 resp = app.get(unsubscription_link)
                 assert scheme not in resp.content