diff --git a/app/auth/logic.py b/app/auth/logic.py index 4dfa18604..ba3f73a42 100644 --- a/app/auth/logic.py +++ b/app/auth/logic.py @@ -31,7 +31,7 @@ def verify_password(username, password): @basic_auth.error_handler def basic_auth_error(status): "error response (401 for invalid auth.)" - return error_response(status) + return json_error(status) @login.user_loader @@ -55,7 +55,7 @@ def verify_token(token) -> User: @token_auth.error_handler def token_auth_error(status): "Réponse en cas d'erreur d'auth." - return error_response(status) + return json_error(status) @token_auth.get_user_roles diff --git a/app/scodoc/sco_bulletins.py b/app/scodoc/sco_bulletins.py index 168dca58e..c4bff4743 100644 --- a/app/scodoc/sco_bulletins.py +++ b/app/scodoc/sco_bulletins.py @@ -77,9 +77,7 @@ def get_formsemestre_bulletin_etud_json( if formsemestre.formation.is_apc(): bul = bulletin_but.BulletinBUT(formsemestre) if not etud.id in bul.res.identdict: - return error_response( - 404, "get_formsemestre_bulletin_etud_json: invalid etud" - ) + return json_error(404, "get_formsemestre_bulletin_etud_json: invalid etud") return jsonify( bul.bulletin_etud( etud, diff --git a/app/scodoc/sco_bulletins_json.py b/app/scodoc/sco_bulletins_json.py index 3d9a6592c..6253d95a4 100644 --- a/app/scodoc/sco_bulletins_json.py +++ b/app/scodoc/sco_bulletins_json.py @@ -31,6 +31,8 @@ import datetime import json +from flask import abort + from app.comp import res_sem from app.comp.res_compat import NotesTableCompat from app.models import but_validations @@ -92,6 +94,8 @@ def formsemestre_bulletinetud_published_dict( sem = sco_formsemestre.get_formsemestre(formsemestre_id) nt: NotesTableCompat = res_sem.load_formsemestre_results(formsemestre) + if not etudid in nt.identdict: + abort(404, "etudiant non inscrit dans ce semestre") d = {"type": "classic", "version": "0"} if (not sem["bul_hide_xml"]) or force_publishing: published = True diff --git a/app/scodoc/sco_photos.py b/app/scodoc/sco_photos.py index 0dfeaafe3..e42b6586c 100644 --- a/app/scodoc/sco_photos.py +++ b/app/scodoc/sco_photos.py @@ -53,7 +53,7 @@ import time import PIL from PIL import Image as PILImage -from flask import request, g +from flask import request, g, has_request_context from flask.helpers import make_response, url_for from app import log @@ -91,8 +91,15 @@ def photo_portal_url(etud): def get_etud_photo_url(etudid, size="small"): - return url_for( - "scolar.get_photo_image", scodoc_dept=g.scodoc_dept, etudid=etudid, size=size + return ( + url_for( + "scolar.get_photo_image", + scodoc_dept=g.scodoc_dept, + etudid=etudid, + size=size, + ) + if has_request_context() + else "" ) diff --git a/tests/api/setup_test_api.py b/tests/api/setup_test_api.py index 631b890d2..eb926d591 100644 --- a/tests/api/setup_test_api.py +++ b/tests/api/setup_test_api.py @@ -32,10 +32,16 @@ print(f"SCODOC_URL={SCODOC_URL}") print(f"API URL={API_URL}") +class APIError(Exception): + pass + + def get_auth_headers(user, password) -> dict: "Demande de jeton, dict à utiliser dans les en-têtes de requêtes http" - r0 = requests.post(API_URL + "/tokens", auth=(user, password)) - token = r0.json()["token"] + ans = requests.post(API_URL + "/tokens", auth=(user, password)) + if ans.status_code != 200: + raise APIError(f"Echec demande jeton par {user}") + token = ans.json()["token"] return {"Authorization": f"Bearer {token}"} @@ -51,10 +57,6 @@ def api_admin_headers() -> dict: return get_auth_headers(API_USER_ADMIN, API_PASSWORD_ADMIN) -class APIError(Exception): - pass - - def GET(path: str, headers: dict = None, errmsg=None, dept=None): """Get and returns as JSON""" if dept: