Merge pull request #62 from CDC-IITDH/removed-security-leaks
Removed Security Leaks
This commit is contained in:
commit
d99c8ab5d9
|
@ -99,6 +99,10 @@ def deleteResume(request, id, email, user_type):
|
||||||
try:
|
try:
|
||||||
student = get_object_or_404(Student, id=id)
|
student = get_object_or_404(Student, id=id)
|
||||||
file_name = request.data[RESUME_FILE_NAME]
|
file_name = request.data[RESUME_FILE_NAME]
|
||||||
|
if file_name not in student.resumes:
|
||||||
|
return Response({'action': "Delete Resume", 'message': "Resume Not Found"},
|
||||||
|
status=status.HTTP_404_NOT_FOUND)
|
||||||
|
|
||||||
destination_path = STORAGE_DESTINATION_RESUMES + id + "/" + str(file_name)
|
destination_path = STORAGE_DESTINATION_RESUMES + id + "/" + str(file_name)
|
||||||
if path.exists(destination_path):
|
if path.exists(destination_path):
|
||||||
remove(destination_path)
|
remove(destination_path)
|
||||||
|
@ -112,7 +116,7 @@ def deleteResume(request, id, email, user_type):
|
||||||
return Response({'action': "Delete Resume", 'message': 'Student Not Found'},
|
return Response({'action': "Delete Resume", 'message': 'Student Not Found'},
|
||||||
status=status.HTTP_404_NOT_FOUND)
|
status=status.HTTP_404_NOT_FOUND)
|
||||||
except FileNotFoundError as e:
|
except FileNotFoundError as e:
|
||||||
return Response({'action': "Delete Resume", 'message': str(e)},
|
return Response({'action': "Delete Resume", 'message': 'File Not Found'},
|
||||||
status=status.HTTP_404_NOT_FOUND)
|
status=status.HTTP_404_NOT_FOUND)
|
||||||
except:
|
except:
|
||||||
logger.warning("Delete Resume: " + str(sys.exc_info()))
|
logger.warning("Delete Resume: " + str(sys.exc_info()))
|
||||||
|
|
|
@ -48,7 +48,7 @@ def precheck(required_data=None):
|
||||||
|
|
||||||
return view_func(request, *args, **kwargs)
|
return view_func(request, *args, **kwargs)
|
||||||
except:
|
except:
|
||||||
return Response({'action': "Pre check", 'message': "Error Occurred " + str(sys.exc_info())},
|
return Response({'action': "Pre check", 'message': "Something went wrong"},
|
||||||
status=status.HTTP_400_BAD_REQUEST)
|
status=status.HTTP_400_BAD_REQUEST)
|
||||||
|
|
||||||
return wrapper_func
|
return wrapper_func
|
||||||
|
@ -79,15 +79,15 @@ def isAuthorized(allowed_users=None):
|
||||||
else:
|
else:
|
||||||
raise PermissionError("Authorization Header Not Found")
|
raise PermissionError("Authorization Header Not Found")
|
||||||
|
|
||||||
except PermissionError as e:
|
except PermissionError:
|
||||||
return Response({'action': "Is Authorized?", 'message': str(e)},
|
return Response({'action': "Is Authorized?", 'message': 'Access Denied'},
|
||||||
status=status.HTTP_401_UNAUTHORIZED)
|
status=status.HTTP_401_UNAUTHORIZED)
|
||||||
except Http404:
|
except Http404:
|
||||||
return Response({'action': "Is Authorized?", 'message': "User Not Found. Contact CDC for more details"},
|
return Response({'action': "Is Authorized?", 'message': "User Not Found. Contact CDC for more details"},
|
||||||
status=status.HTTP_404_NOT_FOUND)
|
status=status.HTTP_404_NOT_FOUND)
|
||||||
except ValueError as e:
|
except ValueError as e:
|
||||||
logger.warning("Problem with Google Oauth2.0 " + str(e))
|
logger.error("Problem with Google Oauth2.0 " + str(e))
|
||||||
return Response({'action': "Is Authorized?", 'message': str(e)},
|
return Response({'action': "Is Authorized?", 'message': 'Problem with Google Sign In'},
|
||||||
status=status.HTTP_401_UNAUTHORIZED)
|
status=status.HTTP_401_UNAUTHORIZED)
|
||||||
except:
|
except:
|
||||||
logger.warning("Is Authorized? " + str(sys.exc_info()))
|
logger.warning("Is Authorized? " + str(sys.exc_info()))
|
||||||
|
|
Loading…
Reference in New Issue