From 7fd18288888b7cc913382da2f3d1020815d74cdf Mon Sep 17 00:00:00 2001
From: Baptiste Jonglez <git@bitsofnetworks.org>
Date: Fri, 17 Jul 2020 17:43:33 +0200
Subject: [PATCH] Fix crash when trying to get a member from the wrong project

This was hidden by the CVE-2020-15120 issue: now that we no longer return
members from the wrong project, we need to handle the case where there is
nothing to return.
---
 ihatemoney/models.py | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/ihatemoney/models.py b/ihatemoney/models.py
index 5691c75e..8dc9b553 100644
--- a/ihatemoney/models.py
+++ b/ihatemoney/models.py
@@ -273,9 +273,8 @@ class Project(db.Model):
         This method returns the status DELETED or DEACTIVATED regarding the
         changes made.
         """
-        try:
-            person = Person.query.get(member_id, self)
-        except orm.exc.NoResultFound:
+        person = Person.query.get(member_id, self)
+        if person is None:
             return None
         if not person.has_bills():
             db.session.delete(person)
@@ -381,7 +380,7 @@ class Person(db.Model):
             return (
                 Person.query.filter(Person.name == name)
                 .filter(Person.project_id == project.id)
-                .one()
+                .one_or_none()
             )
 
         def get(self, id, project=None):
@@ -390,7 +389,7 @@ class Person(db.Model):
             return (
                 Person.query.filter(Person.id == id)
                 .filter(Person.project_id == project.id)
-                .one()
+                .one_or_none()
             )
 
     query_class = PersonQuery