Make Ikhaya service robuster

Eliminate some lines where an exception could occur. Instead return a errors via HTTP-status-codes. Traceback in sentry for missing check of post-keys was ``` KeyError: 'username' File "django/utils/datastructures.py", line 76, in __getitem__ list_ = super().__getitem__(key) MultiValueDictKeyError: 'username' File "django/core/handlers/exception.py", line 47, in inner response = get_response(request) File "django/utils/deprecation.py", line 116, in __call__ response = self.process_request(request) File "inyoka/middlewares/services.py", line 40, in process_request response = call(request, parts[1]) File "inyoka/utils/services.py", line 33, in __call__ return self.methods[name](request) File "inyoka/ikhaya/services.py", line 22, in change_suggestion_assignment username, suggestion = post['username'], post['suggestion'] File "django/utils/datastructures.py", line 78, in __getitem__ raise MultiValueDictKeyError(key) ```
inyokaproject · Dec 8, 2023 · 7adb024 · 7adb024
1 parent 102a129
commit 7adb024
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 5 deletions.
diff --git a/inyoka/ikhaya/services.py b/inyoka/ikhaya/services.py
@@ -5,6 +5,8 @@
     :copyright: (c) 2007-2023 by the Inyoka Team, see AUTHORS for more details.
     :license: BSD, see LICENSE for more details.
 """
+from django.http import HttpResponseBadRequest
+from django.shortcuts import get_object_or_404
 from django.views.decorators.http import require_POST
 from inyoka.ikhaya.models import Suggestion
 from inyoka.portal.models import User
@@ -18,13 +20,17 @@
 @dispatcher.register()
 def change_suggestion_assignment(request):
     post = request.POST
+
+    if 'username' not in post or 'suggestion' not in post:
+        return HttpResponseBadRequest()
+
     username, suggestion = post['username'], post['suggestion']
-    suggestion = Suggestion.objects.get(id=suggestion)
+    suggestion = get_object_or_404(Suggestion, id=suggestion)
 
     if username == '-':
         suggestion.owner = None
-        suggestion.save()
     else:
-        suggestion.owner = User.objects.get(username__iexact=username)
-        suggestion.save()
+        suggestion.owner = get_object_or_404(User, username__iexact=username)
+
+    suggestion.save()
     return True
diff --git a/tests/apps/ikhaya/test_views.py b/tests/apps/ikhaya/test_views.py
@@ -15,7 +15,7 @@
 from django.test import RequestFactory
 from guardian.shortcuts import assign_perm
 
-from inyoka.ikhaya.models import Article, Category, Comment, Report
+from inyoka.ikhaya.models import Article, Category, Comment, Report, Suggestion
 from inyoka.ikhaya.views import events
 from inyoka.portal.user import User
 from inyoka.utils.test import InyokaClient, TestCase
@@ -211,3 +211,43 @@ def test_anonymous_gets_error(self):
     def test_queries_needed(self):
         with self.assertNumQueries(10):
             self.client.get('/events/')
+
+
+class TestServices(TestCase):
+
+    client_class = InyokaClient
+    url = "/?__service__=ikhaya.change_suggestion_assignment"
+
+    def test_post_misses_username(self):
+        response = self.client.post(self.url, data={"suggestion": 1})
+        self.assertEqual(response.status_code, 400)
+
+    def test_post_misses_suggestion_id(self):
+        response = self.client.post(self.url, data={"username": "foo"})
+        self.assertEqual(response.status_code, 400)
+
+    def test_set_owner(self):
+        user = User.objects.register_user('test', '[email protected]', password='test', send_mail=False)
+        suggestion = Suggestion.objects.create(author=user, title='title', text='text', intro='intro', notes='notes')
+        self.assertIsNone(suggestion.owner)
+
+        self.client.post(self.url, data={"username": user.username, "suggestion": suggestion.id})
+        suggestion.refresh_from_db()
+        self.assertEqual(suggestion.owner_id, user.id)
+
+        self.client.post(self.url, data={"username": "-", "suggestion": suggestion.id})
+        suggestion.refresh_from_db()
+        self.assertIsNone(suggestion.owner)
+
+    def test_invalid_owner(self):
+        suggestion = Suggestion.objects.create(
+            author=User.objects.get_anonymous_user(), title='title', text='text', intro='intro', notes='notes')
+
+        response = self.client.post(self.url, data={"username": "foo", "suggestion": suggestion.id})
+        self.assertEqual(response.status_code, 404)
+
+    def test_invalid_suggestion(self):
+        user = User.objects.register_user('test', '[email protected]', password='test', send_mail=False)
+
+        response = self.client.post(self.url, data={"username": user.username, "suggestion": 4242})
+        self.assertEqual(response.status_code, 404)