Skip to content

E
edx-platform
Commit 18474b2d by Adam Palay
Options

raise 404 if non-int user is passed to cert view

parent 883712b2
Showing with 15 additions and 0 deletions
lms/djangoapps/certificates/tests/test_webview_views.py
......@@ -695,6 +695,16 @@ class CertificatesViewsTests(ModuleStoreTestCase, EventTrackingTestCase):
self.assertIn('invalid', response.content)
@override_settings(FEATURES=FEATURES_WITH_CERTS_ENABLED)
def test_render_html_view_non_int_user(self):
self._add_course_certificates(count=1, signatory_count=0)
test_url = get_certificate_url(
user_id="Good tests make good neighbors",
course_id=unicode(self.course.id)
)
response = self.client.get(test_url)
self.assertEqual(response.status_code, 404)
@override_settings(FEATURES=FEATURES_WITH_CERTS_ENABLED)
def test_render_html_view_invalid_user_certificate(self):
self._add_course_certificates(count=1, signatory_count=0)
test_url = get_certificate_url(
......
lms/djangoapps/certificates/views/webview.py
......@@ -496,6 +496,11 @@ def render_html_view(request, user_id, course_id):
This public view generates an HTML representation of the specified user and course
If a certificate is not available, we display a "Sorry!" screen instead
"""
try:
user_id = int(user_id)
except ValueError:
raise Http404
preview_mode = request.GET.get('preview', None)
platform_name = microsite.get_value("platform_name", settings.PLATFORM_NAME)
configuration = CertificateHtmlViewConfiguration.get_config()
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment