Fix #470

app/auth/logic.py

@@ -31,7 +31,7 @@ def verify_password(username, password):
 @basic_auth.error_handler
 def basic_auth_error(status):
     "error response (401 for invalid auth.)"
-    return error_response(status)
+    return json_error(status)
 
 
 @login.user_loader
@@ -55,7 +55,7 @@ def verify_token(token) -> User:
 @token_auth.error_handler
 def token_auth_error(status):
     "Réponse en cas d'erreur d'auth."
-    return error_response(status)
+    return json_error(status)
 
 
 @token_auth.get_user_roles

app/scodoc/sco_bulletins.py

@@ -77,9 +77,7 @@ def get_formsemestre_bulletin_etud_json(
     if formsemestre.formation.is_apc():
         bul = bulletin_but.BulletinBUT(formsemestre)
         if not etud.id in bul.res.identdict:
-            return error_response(
+            return json_error(404, "get_formsemestre_bulletin_etud_json: invalid etud")
-                404, "get_formsemestre_bulletin_etud_json: invalid etud"
-            )
         return jsonify(
             bul.bulletin_etud(
                 etud,

app/scodoc/sco_bulletins_json.py

@@ -31,6 +31,8 @@
 import datetime
 import json
 
+from flask import abort
+
 from app.comp import res_sem
 from app.comp.res_compat import NotesTableCompat
 from app.models import but_validations
@@ -92,6 +94,8 @@ def formsemestre_bulletinetud_published_dict(
     sem = sco_formsemestre.get_formsemestre(formsemestre_id)
 
     nt: NotesTableCompat = res_sem.load_formsemestre_results(formsemestre)
+    if not etudid in nt.identdict:
+        abort(404, "etudiant non inscrit dans ce semestre")
     d = {"type": "classic", "version": "0"}
     if (not sem["bul_hide_xml"]) or force_publishing:
         published = True

app/scodoc/sco_photos.py

@@ -53,7 +53,7 @@ import time
 import PIL
 from PIL import Image as PILImage
 
-from flask import request, g
+from flask import request, g, has_request_context
 from flask.helpers import make_response, url_for
 
 from app import log
@@ -91,8 +91,15 @@ def photo_portal_url(etud):
 
 
 def get_etud_photo_url(etudid, size="small"):
-    return url_for(
+    return (
-        "scolar.get_photo_image", scodoc_dept=g.scodoc_dept, etudid=etudid, size=size
+        url_for(
+            "scolar.get_photo_image",
+            scodoc_dept=g.scodoc_dept,
+            etudid=etudid,
+            size=size,
+        )
+        if has_request_context()
+        else ""
     )
 
 

tests/api/setup_test_api.py

@@ -32,10 +32,16 @@ print(f"SCODOC_URL={SCODOC_URL}")
 print(f"API URL={API_URL}")
 
 
+class APIError(Exception):
+    pass
+
+
 def get_auth_headers(user, password) -> dict:
     "Demande de jeton, dict à utiliser dans les en-têtes de requêtes http"
-    r0 = requests.post(API_URL + "/tokens", auth=(user, password))
+    ans = requests.post(API_URL + "/tokens", auth=(user, password))
-    token = r0.json()["token"]
+    if ans.status_code != 200:
+        raise APIError(f"Echec demande jeton par {user}")
+    token = ans.json()["token"]
     return {"Authorization": f"Bearer {token}"}
 
 
@@ -51,10 +57,6 @@ def api_admin_headers() -> dict:
     return get_auth_headers(API_USER_ADMIN, API_PASSWORD_ADMIN)
 
 
-class APIError(Exception):
-    pass
-
-
 def GET(path: str, headers: dict = None, errmsg=None, dept=None):
     """Get and returns as JSON"""
     if dept: