From ad1a5f083cffea45ae9a792e19000311d6313bec Mon Sep 17 00:00:00 2001 From: Johanna England Date: Wed, 22 Nov 2023 11:40:24 +0100 Subject: [PATCH 1/3] Catch updating profile with non int id --- python/nav/web/alertprofiles/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/nav/web/alertprofiles/views.py b/python/nav/web/alertprofiles/views.py index bf764c071c..aa888d560d 100644 --- a/python/nav/web/alertprofiles/views.py +++ b/python/nav/web/alertprofiles/views.py @@ -273,7 +273,7 @@ def profile_save(request): if request.POST.get('id'): try: profile = AlertProfile.objects.get(pk=request.POST.get('id')) - except AlertProfile.DoesNotExist: + except (ValueError, AlertProfile.DoesNotExist): return alertprofiles_response_not_found( request, 'Requested profile does not exist' ) From 2ad2168537ad0cd464315bba01a0cec1c088e102 Mon Sep 17 00:00:00 2001 From: Johanna England Date: Wed, 22 Nov 2023 11:40:36 +0100 Subject: [PATCH 2/3] Add tests for updating alert profiles --- tests/integration/web/alertprofiles_test.py | 43 +++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/tests/integration/web/alertprofiles_test.py b/tests/integration/web/alertprofiles_test.py index 2330fd7de5..61a3041a2f 100644 --- a/tests/integration/web/alertprofiles_test.py +++ b/tests/integration/web/alertprofiles_test.py @@ -163,6 +163,49 @@ def test_alertprofiles_save_profile_with_time_period_template( valid_during=TimePeriod.WEEKENDS, ).exists() + def test_alertprofiles_save_profile_with_non_existent_id_should_fail( + self, db, client + ): + url = reverse('alertprofiles-profile-save') + profile_name = 'Catch 22' + + response = client.post( + url, + follow=True, + data={ + 'id': "-9337'))) ORDER BY 1-- SVmx", + 'name': profile_name, + 'daily_dispatch_time': '08:00', + 'weekly_dispatch_time': '08:00', + 'weekly_dispatch_day': AlertProfile.MONDAY, + }, + ) + + assert response.status_code == 404 + assert 'Requested profile does not exist' in smart_str(response.content) + assert not AlertProfile.objects.filter(name=profile_name).exists() + + def test_alertprofiles_save_profile_with_str_id_should_fail(self, db, client): + url = reverse('alertprofiles-profile-save') + profile_name = 'Catch 22' + last_alert_profile_id = getattr(AlertProfile.objects.last(), "pk", 0) + + response = client.post( + url, + follow=True, + data={ + 'id': last_alert_profile_id + 1, + 'name': profile_name, + 'daily_dispatch_time': '08:00', + 'weekly_dispatch_time': '08:00', + 'weekly_dispatch_day': AlertProfile.MONDAY, + }, + ) + + assert response.status_code == 404 + assert 'Requested profile does not exist' in smart_str(response.content) + assert not AlertProfile.objects.filter(name=profile_name).exists() + def test_alertprofiles_confirm_remove_profile(self, db, client, dummy_profile): url = reverse('alertprofiles-profile-remove') response = client.post( From a6054893605b793b2ee2c090b5245992319f02f6 Mon Sep 17 00:00:00 2001 From: Johanna England Date: Wed, 22 Nov 2023 12:11:51 +0100 Subject: [PATCH 3/3] fixup! Add tests for updating alert profiles --- tests/integration/web/alertprofiles_test.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/integration/web/alertprofiles_test.py b/tests/integration/web/alertprofiles_test.py index 61a3041a2f..cc9d72850c 100644 --- a/tests/integration/web/alertprofiles_test.py +++ b/tests/integration/web/alertprofiles_test.py @@ -163,9 +163,7 @@ def test_alertprofiles_save_profile_with_time_period_template( valid_during=TimePeriod.WEEKENDS, ).exists() - def test_alertprofiles_save_profile_with_non_existent_id_should_fail( - self, db, client - ): + def test_alertprofiles_save_profile_with_str_id_should_fail(self, db, client): url = reverse('alertprofiles-profile-save') profile_name = 'Catch 22' @@ -185,7 +183,9 @@ def test_alertprofiles_save_profile_with_non_existent_id_should_fail( assert 'Requested profile does not exist' in smart_str(response.content) assert not AlertProfile.objects.filter(name=profile_name).exists() - def test_alertprofiles_save_profile_with_str_id_should_fail(self, db, client): + def test_alertprofiles_save_profile_with_non_existent_id_should_fail( + self, db, client + ): url = reverse('alertprofiles-profile-save') profile_name = 'Catch 22' last_alert_profile_id = getattr(AlertProfile.objects.last(), "pk", 0)