From f92d02feae13bc240dba5fe26f39fb9021b5387c Mon Sep 17 00:00:00 2001
From: Michael Frey <mfrey@edx.org>
Date: Tue, 27 Jun 2017 08:25:08 -0400
Subject: [PATCH] catch InvalidKeyError

---
 openedx/core/djangoapps/embargo/tests/test_views.py |  5 +++++
 openedx/core/djangoapps/embargo/views.py            | 13 +++++++++----
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/openedx/core/djangoapps/embargo/tests/test_views.py b/openedx/core/djangoapps/embargo/tests/test_views.py
index 1c93fba33e..3ceb9b6af6 100644
--- a/openedx/core/djangoapps/embargo/tests/test_views.py
+++ b/openedx/core/djangoapps/embargo/tests/test_views.py
@@ -147,3 +147,8 @@ class CheckCourseAccessViewTest(CourseApiFactoryMixin, ModuleStoreTestCase):
     def test_course_access_endpoint_with_invalid_data(self):
         response = self.client.get(self.url, data=None)
         self.assertEqual(response.status_code, 400)
+
+    def test_invalid_course_id(self):
+        self.request_data['course_ids'] = ['foo']
+        response = self.client.get(self.url, data=self.request_data)
+        self.assertEqual(response.status_code, 400)
diff --git a/openedx/core/djangoapps/embargo/views.py b/openedx/core/djangoapps/embargo/views.py
index 93a368561a..c94bdbfd6d 100644
--- a/openedx/core/djangoapps/embargo/views.py
+++ b/openedx/core/djangoapps/embargo/views.py
@@ -4,8 +4,10 @@ from django.contrib.auth.models import User
 from django.http import Http404
 from django.views.generic.base import View
 from edx_rest_framework_extensions.authentication import JwtAuthentication
+from opaque_keys import InvalidKeyError
 from opaque_keys.edx.keys import CourseKey
 from rest_framework import permissions, status
+from rest_framework.exceptions import ValidationError
 from rest_framework.response import Response
 from rest_framework.views import APIView
 
@@ -42,11 +44,14 @@ class CheckCourseAccessView(APIView):
 
         if course_ids and user and user_ip_address:
             for course_id in course_ids:
-                if not check_course_access(CourseKey.from_string(course_id), user, user_ip_address):
-                    response['access'] = False
-                    break
+                try:
+                    if not check_course_access(CourseKey.from_string(course_id), user, user_ip_address):
+                        response['access'] = False
+                        break
+                except InvalidKeyError:
+                    raise ValidationError('Invalid course_ids')
         else:
-            return Response(data=None, status=status.HTTP_400_BAD_REQUEST)
+            raise ValidationError('Missing parameters')
 
         return Response(response)