From dae3ae3f16f5adc7572099423be5b54b65d5203f Mon Sep 17 00:00:00 2001
From: Ben Adida <ben@adida.net>
Date: Sun, 3 Jul 2011 12:36:21 -0700
Subject: [PATCH] check for 404 in security checks

---
 helios/security.py | 4 ++++
 helios/tests.py    | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/helios/security.py b/helios/security.py
index 05e99b4..0eb218c 100644
--- a/helios/security.py
+++ b/helios/security.py
@@ -9,6 +9,7 @@ from functools import update_wrapper
 
 from django.core.urlresolvers import reverse
 from django.core.exceptions import *
+from django.http import *
 from django.conf import settings
 
 from models import *
@@ -92,6 +93,9 @@ def election_view(**checks):
     def election_view_wrapper(request, election_uuid=None, *args, **kw):
       election = get_election_by_uuid(election_uuid)
 
+      if not election:
+        raise Http404
+
       # do checks
       do_election_checks(election, checks)
 
diff --git a/helios/tests.py b/helios/tests.py
index 46f7ffc..7dcfe56 100644
--- a/helios/tests.py
+++ b/helios/tests.py
@@ -390,6 +390,10 @@ class ElectionBlackboxTests(WebTest):
         response = self.client.get("/helios/elections/params")
         self.assertEquals(response.content, views.ELGAMAL_PARAMS_LD_OBJECT.serialize())
 
+    def test_election_404(self):
+        response = self.client.get("/helios/elections/foobar")
+        self.assertEquals(response.status_code, 404)
+
     def test_election_bad_trustee(self):
         response = self.client.get("/helios/t/%s/foobar@bar.com/badsecret" % self.election.short_name)
         self.assertEquals(response.status_code, 404)
-- 
GitLab