Fix crash when trying to get a member from the wrong project

This was hidden by the CVE-2020-15120 issue: now that we no longer return members from the wrong project, we need to handle the case where there is nothing to return.
2025-04-30 18:22:38 +02:00 · 2020-07-17 17:43:33 +02:00 · 2020-07-17 17:43:33 +02:00 · 7fd1828888
commit 7fd1828888
parent 8d77cf5d56
1 changed files with 4 additions and 5 deletions
--- a/ihatemoney/models.py
+++ b/ihatemoney/models.py
@ -273,9 +273,8 @@ class Project(db.Model):
        This method returns the status DELETED or DEACTIVATED regarding the
        changes made.
        """
-        try:
        person = Person.query.get(member_id, self)
-        except orm.exc.NoResultFound:
+        if person is None:
            return None
        if not person.has_bills():
            db.session.delete(person)
@ -381,7 +380,7 @@ class Person(db.Model):
            return (
                Person.query.filter(Person.name == name)
                .filter(Person.project_id == project.id)
-                .one()
+                .one_or_none()
            )

        def get(self, id, project=None):
@ -390,7 +389,7 @@ class Person(db.Model):
            return (
                Person.query.filter(Person.id == id)
                .filter(Person.project_id == project.id)
-                .one()
+                .one_or_none()
            )

    query_class = PersonQuery