From dae3ae3f16f5adc7572099423be5b54b65d5203f Mon Sep 17 00:00:00 2001 From: Ben Adida <ben@adida.net> Date: Sun, 3 Jul 2011 12:36:21 -0700 Subject: [PATCH] check for 404 in security checks --- helios/security.py | 4 ++++ helios/tests.py | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/helios/security.py b/helios/security.py index 05e99b4..0eb218c 100644 --- a/helios/security.py +++ b/helios/security.py @@ -9,6 +9,7 @@ from functools import update_wrapper from django.core.urlresolvers import reverse from django.core.exceptions import * +from django.http import * from django.conf import settings from models import * @@ -92,6 +93,9 @@ def election_view(**checks): def election_view_wrapper(request, election_uuid=None, *args, **kw): election = get_election_by_uuid(election_uuid) + if not election: + raise Http404 + # do checks do_election_checks(election, checks) diff --git a/helios/tests.py b/helios/tests.py index 46f7ffc..7dcfe56 100644 --- a/helios/tests.py +++ b/helios/tests.py @@ -390,6 +390,10 @@ class ElectionBlackboxTests(WebTest): response = self.client.get("/helios/elections/params") self.assertEquals(response.content, views.ELGAMAL_PARAMS_LD_OBJECT.serialize()) + def test_election_404(self): + response = self.client.get("/helios/elections/foobar") + self.assertEquals(response.status_code, 404) + def test_election_bad_trustee(self): response = self.client.get("/helios/t/%s/foobar@bar.com/badsecret" % self.election.short_name) self.assertEquals(response.status_code, 404) -- GitLab