From 56a05a90465ddbd2d68866be6b839b4fc2218761 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Thu, 6 Dec 2018 10:21:20 +0100
Subject: [PATCH] data_transfer: check that import is a dictionnary

---
 src/authentic2/data_transfer.py | 3 +++
 tests/test_manager.py           | 5 +++++
 2 files changed, 8 insertions(+)

diff --git a/src/authentic2/data_transfer.py b/src/authentic2/data_transfer.py
index 346d2803..090c7b33 100644
--- a/src/authentic2/data_transfer.py
+++ b/src/authentic2/data_transfer.py
@@ -246,6 +246,9 @@ def import_ou(ou_d):
 def import_site(json_d, import_context):
     result = ImportResult()
 
+    if not isinstance(json_d, dict):
+        raise DataImportError('Export file is invalid: not a dictionnary')
+
     for ou_d in json_d.get('ous', []):
         result.update_ous(*import_ou(ou_d))
 
diff --git a/tests/test_manager.py b/tests/test_manager.py
index 70f945eb..33bec66b 100644
--- a/tests/test_manager.py
+++ b/tests/test_manager.py
@@ -667,6 +667,11 @@ def test_manager_site_import_error(app, db, superuser):
     with pytest.raises(Role.DoesNotExist):
         Role.objects.get(slug='basic')
 
+    form['site_json'] = Upload(
+        'site_export.json', json.dumps([]), 'application/octet-stream')
+    res = form.submit()
+    assert res.status_code == 200
+
 
 def test_manager_site_import_forbidden(app, simple_user):
     login(app, simple_user)
-- 
2.18.0