core: handle error when ?for_user is not numberical

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-08-23 15:17:13 +02:00
parent 58712047e1
commit e4790f9060
4 changed files with 7 additions and 4 deletions

View File

@ -122,7 +122,10 @@ class ApplicationViewSet(UsedByMixin, ModelViewSet):
# If the current user is superuser, they can set `for_user`
for_user = request.user
if request.user.is_superuser and "for_user" in request.query_params:
try:
for_user = get_object_or_404(User, pk=request.query_params.get("for_user"))
except ValueError:
return HttpResponseBadRequest("for_user must be numerical")
engine = PolicyEngine(application, for_user, request)
engine.use_cache = False
engine.build()

View File

@ -6,8 +6,6 @@ It exposes the ASGI callable as a module-level variable named ``application``.
For more information on this file, see
https://docs.djangoproject.com/en/3.0/howto/deployment/asgi/
"""
from time import time
import django
from asgiref.compatibility import guarantee_single_callable
from channels.routing import ProtocolTypeRouter, URLRouter

View File

@ -17,11 +17,12 @@ class ASGIErrorHandler:
async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None:
try:
return await self.app(scope, receive, send)
except Exception as exc: # pylint: disable=
except Exception as exc: # pylint: disable=broad-except
LOGGER.warning("Fatal ASGI exception", exc=exc)
return await self.error_handler(send)
async def error_handler(self, send: Send) -> None:
"""Return a generic error message"""
return await send(
{
"type": "http.request",

View File

@ -1,3 +1,4 @@
"""ASGI Types"""
import typing
# See https://github.com/encode/starlette/blob/master/starlette/types.py