From 58613de3033dbc99397fafa64e5b2eecb3ae49bf Mon Sep 17 00:00:00 2001
From: Valentin Deniaud <vdeniaud@entrouvert.com>
Date: Mon, 31 May 2021 17:11:27 +0200
Subject: [PATCH] api: prevent crash on invalid event_display_template (#54388)

---
 chrono/agendas/models.py | 1 +
 chrono/api/views.py      | 7 +++++--
 tests/test_api.py        | 6 ++++++
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/chrono/agendas/models.py b/chrono/agendas/models.py
index 2bccb82..3ba5927 100644
--- a/chrono/agendas/models.py
+++ b/chrono/agendas/models.py
@@ -221,6 +221,7 @@ class Agenda(models.Model):
         _('Event display template'),
         max_length=256,
         blank=True,
+        validators=[django_template_validator],
         help_text=_(
             'By default event labels will be displayed to users. This allows for a custom template to include additional informations. For example, "{{ event.label }} - {{ event.start_datetime }}" will show event datetime after label. Available variables: event.label (label), event.start_datetime (start date/time), event.places (places), event.remaining_places (remaining places), event.duration (duration), event.pricing (pricing).'
         ),
diff --git a/chrono/api/views.py b/chrono/api/views.py
index edc5248..bdb507c 100644
--- a/chrono/api/views.py
+++ b/chrono/api/views.py
@@ -24,7 +24,7 @@ from django.db.models import Count, Prefetch, Q
 from django.db.models.functions import TruncDay
 from django.http import Http404, HttpResponse
 from django.shortcuts import get_object_or_404
-from django.template import Context, Template
+from django.template import Context, Template, TemplateSyntaxError, VariableDoesNotExist
 from django.urls import reverse
 from django.utils.dateparse import parse_date, parse_datetime
 from django.utils.encoding import force_text
@@ -417,7 +417,10 @@ def get_event_detail(request, event, agenda=None, min_places=1):
     agenda = agenda or event.agenda
     event_text = force_text(event)
     if agenda.event_display_template:
-        event_text = Template(agenda.event_display_template).render(Context({'event': event}))
+        try:
+            event_text = Template(agenda.event_display_template).render(Context({'event': event}))
+        except (VariableDoesNotExist, TemplateSyntaxError):
+            pass
     elif event.label and event.primary_event is not None:
         event_text = '%s (%s)' % (
             event.label,
diff --git a/tests/test_api.py b/tests/test_api.py
index 214e69c..44baaf8 100644
--- a/tests/test_api.py
+++ b/tests/test_api.py
@@ -566,6 +566,12 @@ def test_datetime_api_label(app):
     resp = app.get('/api/agenda/%s/datetimes/' % agenda.slug)
     assert resp.json['data'][0]['text'] == 'Hello world (4/5 places remaining)'
 
+    # invalid template yields default text
+    agenda.event_display_template = '{{ event.not-found }}'
+    agenda.save()
+    resp = app.get('/api/agenda/%s/datetimes/' % agenda.slug)
+    assert resp.json['data'][0]['text'] == 'Hello world'
+
 
 def test_datetime_api_urls(app):
     agenda = Agenda.objects.create(label='Foo bar', kind='events', minimal_booking_delay=0)
-- 
2.20.1