concrete-datastore icon indicating copy to clipboard operation
concrete-datastore copied to clipboard

Published 20 hours ago verified publisher icon Netsach

Validate uid tokens for unsubscription views

Open Souleymane-T opened this issue 2 years ago • 0 comments

For unsubscription views here: https://github.com/Netsach/concrete-datastore/blob/master/concrete_datastore/concrete/views.py#L50

A get_object_or_404 is done without checking the type of the token. If it's not an UUID, an error is raised and it should only return a 400.

Suggestions:

  • Check in the urls directly that we have an UUID in the path
  • Add an UUID validation before the get_object_or_404

Souleymane-T avatar Feb 20 '23 15:02 Souleymane-T