From 8a4f16ab4f7e12ee6255ccaf43c86d4a176b1af7 Mon Sep 17 00:00:00 2001
From: Josue Kouka <jkouka@entrouvert.com>
Date: Fri, 4 May 2018 15:50:16 +0200
Subject: [PATCH] teamnet axel: return 400 when nameid is missing (#23607)

---
 passerelle/contrib/teamnet_axel/views.py | 19 ++++++++++---------
 tests/test_teamnet_axel.py               |  7 ++++++-
 2 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/passerelle/contrib/teamnet_axel/views.py b/passerelle/contrib/teamnet_axel/views.py
index 1d6a9ba..16f0dc1 100644
--- a/passerelle/contrib/teamnet_axel/views.py
+++ b/passerelle/contrib/teamnet_axel/views.py
@@ -22,11 +22,18 @@ from django.views.generic import DetailView as GenericDetailView
 from django.http import HttpResponse, HttpResponseNotFound
 
 from passerelle import utils
+from passerelle.views import WrongParameter
 
 from .models import TeamnetAxel, Link, APIError
 from . import soap
 
 
+def get_name_id(request):
+    if 'nameid' not in request.GET:
+        raise WrongParameter(['nameid'], [])
+    return request.GET['nameid']
+
+
 class DetailView(GenericDetailView):
     model = TeamnetAxel
 
@@ -61,9 +68,7 @@ class AuthView(DetailView):
 
 class LinkView(DetailView):
     def get_data(self, request, *args, **kwargs):
-        nameid = request.GET.get('NameID')
-        if not nameid:
-            raise APIError('NameID required')
+        nameid = get_name_id(request)
         login = request.GET.get('login')
         pwd = request.GET.get('password')
         user = self.object.auth(login, pwd)
@@ -81,9 +86,7 @@ class LinkView(DetailView):
 
 class UnlinkView(DetailView):
     def get_data(self, request, *args, **kwargs):
-        nameid = request.GET.get('NameID')
-        if not nameid:
-            raise APIError('NameID required')
+        nameid = get_name_id(request)
         logins = [v['login'] for v in Link.objects.filter(resource=self.object, nameid=nameid).values('login')]
         Link.objects.filter(resource=self.object, nameid=nameid).delete()
         if logins:
@@ -94,9 +97,7 @@ class UnlinkView(DetailView):
 
 class FamilyView(DetailView):
     def get_family_id(self, request):
-        nameid = request.GET.get('NameID')
-        if not nameid:
-            raise APIError('NameID required')
+        nameid = get_name_id(request)
         links = Link.objects.filter(resource=self.object, nameid=nameid)
         if len(links) > 1:
             raise APIError('multiple links')
diff --git a/tests/test_teamnet_axel.py b/tests/test_teamnet_axel.py
index b64c344..afffdac 100644
--- a/tests/test_teamnet_axel.py
+++ b/tests/test_teamnet_axel.py
@@ -1,6 +1,5 @@
 import mock
 import pytest
-from requests.exceptions import ConnectionError
 
 import utils
 
@@ -21,3 +20,9 @@ def test_authentication_failed(app, setup):
         resp = app.get('/teamnet-axel/test/family/', params={'nameid': nameid})
         assert resp.json['err'] == 1
         assert resp.json['err_desc'] == 'authentication failed'
+
+
+def test_missing_name_id(app, setup):
+    resp = app.get('/teamnet-axel/test/family/', params={}, status=400)
+    assert resp.json['err'] == 1
+    assert resp.json['err_desc'] == "missing parameters: 'nameid'."
-- 
2.14.2