Removed Security Leaks

This commit is contained in:
gowtham 2021-12-12 20:13:47 +05:30
parent 1da9ae2d11
commit 26f334fd63
2 changed files with 10 additions and 6 deletions

View File

@ -99,6 +99,10 @@ def deleteResume(request, id, email, user_type):
try:
student = get_object_or_404(Student, id=id)
file_name = request.data[RESUME_FILE_NAME]
if file_name not in student.resumes:
return Response({'action': "Delete Resume", 'message': "Resume Not Found"},
status=status.HTTP_404_NOT_FOUND)
destination_path = STORAGE_DESTINATION_RESUMES + id + "/" + str(file_name)
if path.exists(destination_path):
remove(destination_path)
@ -112,7 +116,7 @@ def deleteResume(request, id, email, user_type):
return Response({'action': "Delete Resume", 'message': 'Student Not Found'},
status=status.HTTP_404_NOT_FOUND)
except FileNotFoundError as e:
return Response({'action': "Delete Resume", 'message': str(e)},
return Response({'action': "Delete Resume", 'message': 'File Not Found'},
status=status.HTTP_404_NOT_FOUND)
except:
logger.warning("Delete Resume: " + str(sys.exc_info()))

View File

@ -48,7 +48,7 @@ def precheck(required_data=None):
return view_func(request, *args, **kwargs)
except:
return Response({'action': "Pre check", 'message': "Error Occurred " + str(sys.exc_info())},
return Response({'action': "Pre check", 'message': "Something went wrong"},
status=status.HTTP_400_BAD_REQUEST)
return wrapper_func
@ -79,15 +79,15 @@ def isAuthorized(allowed_users=None):
else:
raise PermissionError("Authorization Header Not Found")
except PermissionError as e:
return Response({'action': "Is Authorized?", 'message': str(e)},
except PermissionError:
return Response({'action': "Is Authorized?", 'message': 'Access Denied'},
status=status.HTTP_401_UNAUTHORIZED)
except Http404:
return Response({'action': "Is Authorized?", 'message': "User Not Found. Contact CDC for more details"},
status=status.HTTP_404_NOT_FOUND)
except ValueError as e:
logger.warning("Problem with Google Oauth2.0 " + str(e))
return Response({'action': "Is Authorized?", 'message': str(e)},
logger.error("Problem with Google Oauth2.0 " + str(e))
return Response({'action': "Is Authorized?", 'message': 'Problem with Google Sign In'},
status=status.HTTP_401_UNAUTHORIZED)
except:
logger.warning("Is Authorized? " + str(sys.exc_info()))