htwkmooc/codeocean
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Raise NotAuthorized Error if ID cannot be found

Browse Source 
Fixes CODEOCEAN-F3
This commit is contained in:
Sebastian Serth
2022-11-17 20:38:42 +01:00
parent 61c4d5a894
commit 9bd900bd86
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/helpers/authenticated_url_helper.rb
View File

@ -29,7 +29,11 @@ module AuthenticatedUrlHelper
end end
cookie_name = AuthenticatedUrlHelper.cookie_name_for(:render_file_token) cookie_name = AuthenticatedUrlHelper.cookie_name_for(:render_file_token)
object = klass.find(request.parameters[:id]) begin
object = klass.find(request.parameters[:id])
rescue ActiveRecord::RecordNotFound
raise Pundit::NotAuthorizedError
end
signed_url = request.parameters[TOKEN_PARAM].present? ? request.url : cookies[cookie_name] signed_url = request.parameters[TOKEN_PARAM].present? ? request.url : cookies[cookie_name]
# Throws an exception if the token is not matching the object or has expired # Throws an exception if the token is not matching the object or has expired