From 01a9505cc7874472cbfde6961949188e0479df59 Mon Sep 17 00:00:00 2001 From: Di Wu Date: Tue, 19 Jan 2016 06:07:18 -0800 Subject: [PATCH 1/2] remove channel doesn't crash --- hc/front/tests/test_remove_channel.py | 2 +- hc/front/views.py | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/hc/front/tests/test_remove_channel.py b/hc/front/tests/test_remove_channel.py index 9ea87c9d..d6a94fd2 100644 --- a/hc/front/tests/test_remove_channel.py +++ b/hc/front/tests/test_remove_channel.py @@ -45,4 +45,4 @@ class RemoveChannelTestCase(BaseTestCase): self.client.login(username="alice@example.org", password="password") r = self.client.post(url) - assert r.status_code == 404 + assert r.status_code == 302 diff --git a/hc/front/views.py b/hc/front/views.py index be714ff9..f53780ee 100644 --- a/hc/front/views.py +++ b/hc/front/views.py @@ -336,11 +336,11 @@ def verify_email(request, code, token): def remove_channel(request, code): assert request.method == "POST" - channel = get_object_or_404(Channel, code=code) - if channel.user != request.user: - return HttpResponseForbidden() - - channel.delete() + channel = Channel.objects.filter(code=code).first() + if channel: + if channel.user != request.user: + return HttpResponseForbidden() + channel.delete() return redirect("hc-channels") From 625d2cf298e06499ed63b9255aabfffdeb82f940 Mon Sep 17 00:00:00 2001 From: Di Wu Date: Tue, 19 Jan 2016 07:36:53 -0800 Subject: [PATCH 2/2] comment --- hc/front/views.py | 1 + 1 file changed, 1 insertion(+) diff --git a/hc/front/views.py b/hc/front/views.py index f53780ee..c39b9350 100644 --- a/hc/front/views.py +++ b/hc/front/views.py @@ -336,6 +336,7 @@ def verify_email(request, code, token): def remove_channel(request, code): assert request.method == "POST" + # user may refresh the page during POST and cause two deletion attempts channel = Channel.objects.filter(code=code).first() if channel: if channel.user != request.user: