Merge pull request #6816 from edx/aamir-khan/ECOM-763-invalidkeyerror

Aamir khan/ecom 763 invalidkeyerror

common/djangoapps/enrollment/tests/test_views.py

@@ -236,3 +236,17 @@ class EnrollmentTest(ModuleStoreTestCase, APITestCase):
             self.assertEqual('honor', data['mode'])
             self.assertTrue(data['is_active'])
         return resp
+
+    def test_get_enrollment_with_invalid_key(self):
+        resp = self.client.post(
+            reverse('courseenrollments'),
+            {
+                'course_details': {
+                    'course_id': 'invalidcourse'
+                },
+                'user': self.user.username
+            },
+            format='json'
+        )
+        self.assertEqual(resp.status_code, status.HTTP_400_BAD_REQUEST)
+        self.assertIn("No course ", resp.content)

common/djangoapps/enrollment/views.py

@@ -3,6 +3,7 @@ The Enrollment API Views should be simple, lean HTTP endpoints for API access. T
 consist primarily of authentication, request validation, and serialization.
 
 """
+from opaque_keys import InvalidKeyError
 from rest_framework import status
 from rest_framework.authentication import OAuth2Authentication
 from rest_framework import permissions
@@ -304,3 +305,10 @@ class EnrollmentListView(APIView):
                     ).format(user=user, course_id=course_id)
                 }
             )
+        except InvalidKeyError:
+            return Response(
+                status=status.HTTP_400_BAD_REQUEST,
+                data={
+                    "message": u"No course '{course_id}' found for enrollment".format(course_id=course_id)
+                }
+            )

openedx/core/djangoapps/user_api/tests/test_views.py

@@ -1533,3 +1533,17 @@ class UpdateEmailOptInTestCase(ApiTestCase):
             user=self.user, org=self.course.id.org, key="email-optin"
         )
         self.assertEquals(preference.value, u"True")
+
+    def test_update_email_opt_with_invalid_course_key(self):
+        """
+        Test that with invalid key it returns bad request
+        and not update their email optin preference.
+        """
+        response = self.client.post(self.url, {
+            "course_id": 'invalid',
+            "email_opt_in": u"True"
+        })
+        self.assertHttpBadRequest(response)
+        with self.assertRaises(UserOrgTag.DoesNotExist):
+            UserOrgTag.objects.get(user=self.user, org=self.course.id.org, key="email-optin")
+

openedx/core/djangoapps/user_api/views.py

 """HTTP end-points for the User API. """
 import copy
+from opaque_keys import InvalidKeyError
 import third_party_auth
 
 from django.conf import settings
@@ -862,7 +863,14 @@ class UpdateEmailOptInPreference(APIView):
 
         """
         course_id = request.DATA['course_id']
-        org = locator.CourseLocator.from_string(course_id).org
+        try:
+            org = locator.CourseLocator.from_string(course_id).org
+        except InvalidKeyError:
+            return HttpResponse(
+                status=400,
+                content="No course '{course_id}' found".format(course_id=course_id),
+                content_type="text/plain"
+            )
         # Only check for true. All other values are False.
         email_opt_in = request.DATA['email_opt_in'].lower() == 'true'
         profile_api.update_email_opt_in(request.user, org, email_opt_in)