From 3204a7437bdea80df457e187e31e8d4a72832e8c Mon Sep 17 00:00:00 2001
From: Ben Adida <ben@adida.net>
Date: Sat, 19 Mar 2011 14:38:58 -0700
Subject: [PATCH] fixed trustee page to return a proper 404 when no such
 trustee

---
 helios/models.py |  5 ++++-
 helios/tests.py  |  4 ++--
 helios/views.py  | 13 ++++++++++---
 3 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/helios/models.py b/helios/models.py
index 04a7f64..af83572 100644
--- a/helios/models.py
+++ b/helios/models.py
@@ -1031,7 +1031,10 @@ class Trustee(HeliosModel):
 
   @classmethod
   def get_by_election_and_email(cls, election, email):
-    return cls.objects.get(election = election, email = email)
+    try:
+      return cls.objects.get(election = election, email = email)
+    except cls.DoesNotExist:
+      return None
 
   @property
   def datatype(self):
diff --git a/helios/tests.py b/helios/tests.py
index 26c4df6..b017290 100644
--- a/helios/tests.py
+++ b/helios/tests.py
@@ -343,8 +343,8 @@ class ElectionBlackboxTests(TestCase):
         self.assertEquals(response.content, views.ELGAMAL_PARAMS_LD_OBJECT.serialize())
 
     def test_election_bad_trustee(self):
-        response = self.client.get("/helios/elections/%s/trustees/foobar@bar.com/badsecret" % self.election.uuid)
-        import pdb; pdb.set_trace()
+        response = self.client.get("/helios/t/%s/foobar@bar.com/badsecret" % self.election.short_name)
+        self.assertEquals(response.status_code, 404)
 
     def test_get_election_shortcut(self):
         response = self.client.get("/helios/e/%s" % self.election.short_name, follow=True)
diff --git a/helios/views.py b/helios/views.py
index b7df7fa..80c5497 100644
--- a/helios/views.py
+++ b/helios/views.py
@@ -396,9 +396,16 @@ def trustee_login(request, election_short_name, trustee_email, trustee_secret):
   if election:
     trustee = Trustee.get_by_election_and_email(election, trustee_email)
     
-    if trustee and trustee.secret == trustee_secret:
-      set_logged_in_trustee(request, trustee)
-      return HttpResponseRedirect(reverse(trustee_home, args=[election.uuid, trustee.uuid]))
+    if trustee:
+      if trustee.secret == trustee_secret:
+        set_logged_in_trustee(request, trustee)
+        return HttpResponseRedirect(reverse(trustee_home, args=[election.uuid, trustee.uuid]))
+      else:
+        # bad secret, we'll let that redirect to the front page
+        pass
+    else:
+      # no such trustee
+      raise Http404
 
   return HttpResponseRedirect("/")
 
-- 
GitLab