stages/authenticator_duo: fix 404 when current user does not have permissions to view stage

closes #3288

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-09-11 21:43:29 +02:00
parent e477615b0f
commit 8b4a7666f0
1 changed files with 4 additions and 1 deletions

View File

@ -1,4 +1,5 @@
"""AuthenticatorDuoStage API Views""" """AuthenticatorDuoStage API Views"""
from django.http import Http404
from django_filters.rest_framework.backends import DjangoFilterBackend from django_filters.rest_framework.backends import DjangoFilterBackend
from drf_spectacular.types import OpenApiTypes from drf_spectacular.types import OpenApiTypes
from drf_spectacular.utils import ( from drf_spectacular.utils import (
@ -81,7 +82,9 @@ class AuthenticatorDuoStageViewSet(UsedByMixin, ModelViewSet):
# pylint: disable=invalid-name,unused-argument # pylint: disable=invalid-name,unused-argument
def enrollment_status(self, request: Request, pk: str) -> Response: def enrollment_status(self, request: Request, pk: str) -> Response:
"""Check enrollment status of user details in current session""" """Check enrollment status of user details in current session"""
stage: AuthenticatorDuoStage = self.get_object() stage: AuthenticatorDuoStage = AuthenticatorDuoStage.objects.filter(pk=pk).first()
if not stage:
raise Http404
client = stage.client client = stage.client
user_id = self.request.session.get(SESSION_KEY_DUO_USER_ID) user_id = self.request.session.get(SESSION_KEY_DUO_USER_ID)
activation_code = self.request.session.get(SESSION_KEY_DUO_ACTIVATION_CODE) activation_code = self.request.session.get(SESSION_KEY_DUO_ACTIVATION_CODE)