Merge pull request #62 from CDC-IITDH/removed-security-leaks

Removed Security Leaks
This commit is contained in:
CDC-IITDH 2021-12-12 20:15:55 +05:30 committed by GitHub
commit cc95470a04
2 changed files with 10 additions and 6 deletions

View File

@ -99,6 +99,10 @@ def deleteResume(request, id, email, user_type):
try: try:
student = get_object_or_404(Student, id=id) student = get_object_or_404(Student, id=id)
file_name = request.data[RESUME_FILE_NAME] file_name = request.data[RESUME_FILE_NAME]
if file_name not in student.resumes:
return Response({'action': "Delete Resume", 'message': "Resume Not Found"},
status=status.HTTP_404_NOT_FOUND)
destination_path = STORAGE_DESTINATION_RESUMES + id + "/" + str(file_name) destination_path = STORAGE_DESTINATION_RESUMES + id + "/" + str(file_name)
if path.exists(destination_path): if path.exists(destination_path):
remove(destination_path) remove(destination_path)
@ -112,7 +116,7 @@ def deleteResume(request, id, email, user_type):
return Response({'action': "Delete Resume", 'message': 'Student Not Found'}, return Response({'action': "Delete Resume", 'message': 'Student Not Found'},
status=status.HTTP_404_NOT_FOUND) status=status.HTTP_404_NOT_FOUND)
except FileNotFoundError as e: except FileNotFoundError as e:
return Response({'action': "Delete Resume", 'message': str(e)}, return Response({'action': "Delete Resume", 'message': 'File Not Found'},
status=status.HTTP_404_NOT_FOUND) status=status.HTTP_404_NOT_FOUND)
except: except:
logger.warning("Delete Resume: " + str(sys.exc_info())) logger.warning("Delete Resume: " + str(sys.exc_info()))

View File

@ -48,7 +48,7 @@ def precheck(required_data=None):
return view_func(request, *args, **kwargs) return view_func(request, *args, **kwargs)
except: except:
return Response({'action': "Pre check", 'message': "Error Occurred " + str(sys.exc_info())}, return Response({'action': "Pre check", 'message': "Something went wrong"},
status=status.HTTP_400_BAD_REQUEST) status=status.HTTP_400_BAD_REQUEST)
return wrapper_func return wrapper_func
@ -79,15 +79,15 @@ def isAuthorized(allowed_users=None):
else: else:
raise PermissionError("Authorization Header Not Found") raise PermissionError("Authorization Header Not Found")
except PermissionError as e: except PermissionError:
return Response({'action': "Is Authorized?", 'message': str(e)}, return Response({'action': "Is Authorized?", 'message': 'Access Denied'},
status=status.HTTP_401_UNAUTHORIZED) status=status.HTTP_401_UNAUTHORIZED)
except Http404: except Http404:
return Response({'action': "Is Authorized?", 'message': "User Not Found. Contact CDC for more details"}, return Response({'action': "Is Authorized?", 'message': "User Not Found. Contact CDC for more details"},
status=status.HTTP_404_NOT_FOUND) status=status.HTTP_404_NOT_FOUND)
except ValueError as e: except ValueError as e:
logger.warning("Problem with Google Oauth2.0 " + str(e)) logger.error("Problem with Google Oauth2.0 " + str(e))
return Response({'action': "Is Authorized?", 'message': str(e)}, return Response({'action': "Is Authorized?", 'message': 'Problem with Google Sign In'},
status=status.HTTP_401_UNAUTHORIZED) status=status.HTTP_401_UNAUTHORIZED)
except: except:
logger.warning("Is Authorized? " + str(sys.exc_info())) logger.warning("Is Authorized? " + str(sys.exc_info()))