validate uuid token before use
This commit is contained in:
parent
ecab4cc23d
commit
1b8f5d0d27
|
@ -1,8 +1,10 @@
|
|||
from django.core.exceptions import PermissionDenied
|
||||
from django.contrib.auth.decorators import login_required
|
||||
from django.shortcuts import get_object_or_404
|
||||
from django.http import Http404
|
||||
|
||||
from functools import wraps
|
||||
from uuid import UUID
|
||||
|
||||
from cfp.utils import is_staff
|
||||
from cfp.models import Participant, Volunteer
|
||||
|
@ -12,6 +14,10 @@ def speaker_required(view_func):
|
|||
def wrapped_view(request, **kwargs):
|
||||
speaker_token = kwargs.pop('speaker_token')
|
||||
if speaker_token:
|
||||
try:
|
||||
speaker_token = UUID(speaker_token)
|
||||
except ValueError:
|
||||
raise Http404
|
||||
speaker = get_object_or_404(Participant, site=request.conference.site, token=speaker_token)
|
||||
elif request.user.is_authenticated():
|
||||
speaker = get_object_or_404(Participant, site=request.conference.site, email=request.user.email)
|
||||
|
@ -26,6 +32,10 @@ def volunteer_required(view_func):
|
|||
def wrapped_view(request, **kwargs):
|
||||
volunteer_token = kwargs.pop('volunteer_token')
|
||||
if volunteer_token:
|
||||
try:
|
||||
volunteer_token = UUID(volunteer_token)
|
||||
except ValueError:
|
||||
raise Http404
|
||||
volunteer = get_object_or_404(Volunteer, site=request.conference.site, token=volunteer_token)
|
||||
elif request.user.is_authenticated():
|
||||
volunteer = get_object_or_404(Volunteer, site=request.conference.site, email=request.user.email)
|
||||
|
|
Loading…
Reference in New Issue