Skip to content

Commit

Permalink
Fix incorrect NGO URLs being used
Browse files Browse the repository at this point in the history
  • Loading branch information
@tudoramariei
tudoramariei committed Jan 13, 2025
1 parent cff9a3e commit 9d76fe9
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 2 deletions.
3 changes: 3 additions & 0 deletions backend/donations/models/ngos.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,9 @@ def ngo_slug_validator(value):
if not value.islower():
raise ValidationError(error_message)

if not re.match(r"^[a-z0-9-]+$", value):
raise ValidationError(error_message)


def ngo_id_number_validator(value):
reg_num: str = "".join([char for char in value.upper() if char.isalnum()])
Expand Down
7 changes: 5 additions & 2 deletions backend/donations/views/api.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
from redirectioneaza.common.cache import cache_decorator

from ..models.jobs import Job, JobStatusChoices
from ..models.ngos import ALL_NGOS_CACHE_KEY, Ngo
from ..models.ngos import ALL_NGOS_CACHE_KEY, Ngo, ngo_slug_validator
from ..pdf import create_pdf
from ..workers.update_organization import update_organization
from .base import BaseTemplateView
Expand Down Expand Up @@ -81,7 +81,10 @@ def validate_ngo_slug(cls, user, slug):
if not slug or not user and not user.is_staff:
raise PermissionDenied()

if slug.lower() in cls.ngo_url_block_list:
if user.is_anonymous:
raise PermissionDenied()

if ngo_slug_validator(slug) in cls.ngo_url_block_list:
return HttpResponseBadRequest()

ngo_queryset = Ngo.objects
Expand Down

0 comments on commit 9d76fe9

Please sign in to comment.