From b2db3d566b417175ff75baa43764f4314afbe350 Mon Sep 17 00:00:00 2001 From: Jeremy Zhang Date: Tue, 14 Mar 2017 18:49:59 -0700 Subject: [PATCH] Check guild existance on creating an unauth user --- titanembeds/blueprints/api/api.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/titanembeds/blueprints/api/api.py b/titanembeds/blueprints/api/api.py index 3e58d6d..a235a62 100644 --- a/titanembeds/blueprints/api/api.py +++ b/titanembeds/blueprints/api/api.py @@ -1,6 +1,6 @@ from titanembeds.database import db, Guilds, UnauthenticatedUsers, UnauthenticatedBans from titanembeds.decorators import valid_session_required -from flask import Blueprint, jsonify, session, request +from flask import Blueprint, abort, jsonify, session, request from sqlalchemy import and_ from werkzeug.contrib.cache import SimpleCache import random @@ -156,6 +156,8 @@ def create_unauthenticated_user(): username = request.form['username'] guild_id = request.form['guild_id'] ip_address = get_client_ipaddr() + if not check_guild_existance(guild_id): + abort(404) if not checkUserBanned(guild_id, ip_address): session['username'] = username if 'user_id' not in session: