Mirror/app-MAIL-temp
1
0
Fork 0
mirror of https://github.com/simple-login/app.git synced 2024-11-16 17:08:30 +01:00
Code Issues Projects Releases Packages Wiki Activity

fix: missing None check on alias contacts api (#2288)

Browse source
This commit is contained in:
Carlos Quintana 2024-10-24 09:50:35 +02:00 committed by GitHub
parent ccd687f091
commit d65994c3c6
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 15 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
app/api/views/alias.py
View file

@ -419,9 +419,8 @@ def create_contact_route(alias_id):
if not data:
return jsonify(error="request body cannot be empty"), 400
alias: Alias = Alias.get(alias_id)
if alias.user_id != g.user.id:
alias: Optional[Alias] = Alias.get_by(id=alias_id, user_id=g.user.id)
if not alias:
return jsonify(error="Forbidden"), 403
contact_address = data.get("contact")

13
tests/api/test_alias.py
View file

@ -511,6 +511,19 @@ def test_create_contact_route_invalid_alias(flask_client):
assert r.status_code == 403
def test_create_contact_route_non_existing_alias(flask_client):
user, api_key = get_new_user_and_api_key()
Session.commit()
r = flask_client.post(
url_for("api.create_contact_route", alias_id=99999999),
headers={"Authentication": api_key.code},
json={"contact": "First Last <first@example.com>"},
)
assert r.status_code == 403
def test_create_contact_route_free_users(flask_client):
user, api_key = get_new_user_and_api_key()