From 3c99e59afb417e86732db741504305888adbdb40 Mon Sep 17 00:00:00 2001 From: Sander Roosendaal Date: Wed, 7 Oct 2020 21:20:30 +0200 Subject: [PATCH] bug fixes --- rowers/views/workoutviews.py | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/rowers/views/workoutviews.py b/rowers/views/workoutviews.py index 4bcd3e23..46ef01fc 100644 --- a/rowers/views/workoutviews.py +++ b/rowers/views/workoutviews.py @@ -4622,6 +4622,7 @@ def workout_upload_api(request): return JSONResponse(status=403,data=message) + # test if JSON try: json_data = json.loads(request.body) @@ -4631,7 +4632,7 @@ def workout_upload_api(request): q = request.POST post_data = {k: q.getlist(k) if len(q.getlist(k))>1 else v for k, v in q.items()} - + # only allow local host hostt = request.get_host().split(':') if hostt[0] not in ['localhost','127.0.0.1','dev.rowsandall.com','rowsandall.com']: @@ -4678,6 +4679,7 @@ def workout_upload_api(request): except KeyError: garminid = 0 + r = None if form.is_valid(): t = form.cleaned_data['title'] boattype = form.cleaned_data['boattype'] @@ -4685,9 +4687,7 @@ def workout_upload_api(request): if rowerform.is_valid(): u = rowerform.cleaned_data['user'] r = getrower(u) - else: - message = {'status':'false','message':'invalid user'} - return JSONResponse(status=400,data=message) + if 'useremail' in post_data: us = User.objects.filter(email=post_data['useremail']) @@ -4705,6 +4705,12 @@ def workout_upload_api(request): return JSONResponse(status=400,data=message) + if r is None: + message = {'status':'false','message':'invalid user'} + return JSONResponse(status=400,data=message) + + + notes = form.cleaned_data['notes'] if optionsform.is_valid(): make_plot = optionsform.cleaned_data['make_plot']