From a02b33a3cb6bc69e803ac95ff86e3f891285fea0 Mon Sep 17 00:00:00 2001
From: Jeremy Zhang <jkzhang@uw.edu>
Date: Fri, 16 Feb 2018 19:37:12 +0000
Subject: [PATCH] Disconnect if bad websocket requests instead of flasks abort

---
 webapp/titanembeds/blueprints/gateway/gateway.py | 2 ++
 webapp/titanembeds/oauth.py                      | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/webapp/titanembeds/blueprints/gateway/gateway.py b/webapp/titanembeds/blueprints/gateway/gateway.py
index 4bcf237..e49f54d 100644
--- a/webapp/titanembeds/blueprints/gateway/gateway.py
+++ b/webapp/titanembeds/blueprints/gateway/gateway.py
@@ -74,6 +74,8 @@ class Gateway(Namespace):
         visitor_mode = data["visitor_mode"]
         if not visitor_mode:
             key = None
+            if "unauthenticated" not in session:
+                disconnect()
             if session["unauthenticated"]:
                 key = session["user_keys"][guild_id]
             status = update_user_status(guild_id, session["username"], key)
diff --git a/webapp/titanembeds/oauth.py b/webapp/titanembeds/oauth.py
index aa83ce1..c67063a 100644
--- a/webapp/titanembeds/oauth.py
+++ b/webapp/titanembeds/oauth.py
@@ -3,6 +3,7 @@ import json
 from requests_oauthlib import OAuth2Session
 from flask import session, abort, url_for
 from titanembeds.utils import redis_store, make_user_cache_key
+from flask_socketio import disconnect
 
 authorize_url = "https://discordapp.com/api/oauth2/authorize"
 token_url = "https://discordapp.com/api/oauth2/token"
@@ -49,6 +50,9 @@ def get_user_guilds():
         return cache.decode("utf-8")
     req = discordrest_from_user("/users/@me/guilds")
     if req.status_code != 200:
+        if getattr(request, sid):
+            disconnect()
+            return
         abort(req.status_code)
     req = json.dumps(req.json())
     redis_store.set("OAUTH/USERGUILDS/"+str(make_user_cache_key()), req, 250)