diff --git a/common/djangoapps/enrollment/tests/test_views.py b/common/djangoapps/enrollment/tests/test_views.py index 8c7789a8ba..93d67fdefc 100644 --- a/common/djangoapps/enrollment/tests/test_views.py +++ b/common/djangoapps/enrollment/tests/test_views.py @@ -236,3 +236,17 @@ class EnrollmentTest(ModuleStoreTestCase, APITestCase): self.assertEqual('honor', data['mode']) self.assertTrue(data['is_active']) return resp + + def test_get_enrollment_with_invalid_key(self): + resp = self.client.post( + reverse('courseenrollments'), + { + 'course_details': { + 'course_id': 'invalidcourse' + }, + 'user': self.user.username + }, + format='json' + ) + self.assertEqual(resp.status_code, status.HTTP_400_BAD_REQUEST) + self.assertIn("No course ", resp.content) diff --git a/common/djangoapps/enrollment/views.py b/common/djangoapps/enrollment/views.py index 3874adee9e..7815f05536 100644 --- a/common/djangoapps/enrollment/views.py +++ b/common/djangoapps/enrollment/views.py @@ -3,6 +3,7 @@ The Enrollment API Views should be simple, lean HTTP endpoints for API access. T consist primarily of authentication, request validation, and serialization. """ +from opaque_keys import InvalidKeyError from rest_framework import status from rest_framework.authentication import OAuth2Authentication from rest_framework import permissions @@ -304,3 +305,10 @@ class EnrollmentListView(APIView): ).format(user=user, course_id=course_id) } ) + except InvalidKeyError: + return Response( + status=status.HTTP_400_BAD_REQUEST, + data={ + "message": u"No course '{course_id}' found for enrollment".format(course_id=course_id) + } + ) diff --git a/openedx/core/djangoapps/user_api/tests/test_views.py b/openedx/core/djangoapps/user_api/tests/test_views.py index 80976989a6..a99dd95872 100644 --- a/openedx/core/djangoapps/user_api/tests/test_views.py +++ b/openedx/core/djangoapps/user_api/tests/test_views.py @@ -1533,3 +1533,17 @@ class UpdateEmailOptInTestCase(ApiTestCase): user=self.user, org=self.course.id.org, key="email-optin" ) self.assertEquals(preference.value, u"True") + + def test_update_email_opt_with_invalid_course_key(self): + """ + Test that with invalid key it returns bad request + and not update their email optin preference. + """ + response = self.client.post(self.url, { + "course_id": 'invalid', + "email_opt_in": u"True" + }) + self.assertHttpBadRequest(response) + with self.assertRaises(UserOrgTag.DoesNotExist): + UserOrgTag.objects.get(user=self.user, org=self.course.id.org, key="email-optin") + diff --git a/openedx/core/djangoapps/user_api/views.py b/openedx/core/djangoapps/user_api/views.py index 230c0b2e90..22aabf0189 100644 --- a/openedx/core/djangoapps/user_api/views.py +++ b/openedx/core/djangoapps/user_api/views.py @@ -1,5 +1,6 @@ """HTTP end-points for the User API. """ import copy +from opaque_keys import InvalidKeyError import third_party_auth from django.conf import settings @@ -862,7 +863,14 @@ class UpdateEmailOptInPreference(APIView): """ course_id = request.DATA['course_id'] - org = locator.CourseLocator.from_string(course_id).org + try: + org = locator.CourseLocator.from_string(course_id).org + except InvalidKeyError: + return HttpResponse( + status=400, + content="No course '{course_id}' found".format(course_id=course_id), + content_type="text/plain" + ) # Only check for true. All other values are False. email_opt_in = request.DATA['email_opt_in'].lower() == 'true' profile_api.update_email_opt_in(request.user, org, email_opt_in)