stages/authenticator_duo: fix 404 when current user does not have permissions to view stage
closes #3288 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
e477615b0f
commit
8b4a7666f0
|
@ -1,4 +1,5 @@
|
||||||
"""AuthenticatorDuoStage API Views"""
|
"""AuthenticatorDuoStage API Views"""
|
||||||
|
from django.http import Http404
|
||||||
from django_filters.rest_framework.backends import DjangoFilterBackend
|
from django_filters.rest_framework.backends import DjangoFilterBackend
|
||||||
from drf_spectacular.types import OpenApiTypes
|
from drf_spectacular.types import OpenApiTypes
|
||||||
from drf_spectacular.utils import (
|
from drf_spectacular.utils import (
|
||||||
|
@ -81,7 +82,9 @@ class AuthenticatorDuoStageViewSet(UsedByMixin, ModelViewSet):
|
||||||
# pylint: disable=invalid-name,unused-argument
|
# pylint: disable=invalid-name,unused-argument
|
||||||
def enrollment_status(self, request: Request, pk: str) -> Response:
|
def enrollment_status(self, request: Request, pk: str) -> Response:
|
||||||
"""Check enrollment status of user details in current session"""
|
"""Check enrollment status of user details in current session"""
|
||||||
stage: AuthenticatorDuoStage = self.get_object()
|
stage: AuthenticatorDuoStage = AuthenticatorDuoStage.objects.filter(pk=pk).first()
|
||||||
|
if not stage:
|
||||||
|
raise Http404
|
||||||
client = stage.client
|
client = stage.client
|
||||||
user_id = self.request.session.get(SESSION_KEY_DUO_USER_ID)
|
user_id = self.request.session.get(SESSION_KEY_DUO_USER_ID)
|
||||||
activation_code = self.request.session.get(SESSION_KEY_DUO_ACTIVATION_CODE)
|
activation_code = self.request.session.get(SESSION_KEY_DUO_ACTIVATION_CODE)
|
||||||
|
|
Reference in New Issue