[API] Check for DB-nuking empty data in users POST

author: Gareth Coles <[email protected]> 2018-06-23 22:10:39 +0100
committer: Gareth Coles <[email protected]> 2018-06-23 22:10:39 +0100
commit: cb6521f977537d758c3c98f87f19ef65bab00611 (patch)
tree: b377098a9b7b23a0a3f2812006454b6a17065865 /pysite
parent: [Jams/Teams] Replace user Discord button with avatar link (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/pysite/views/api/bot/user.py b/pysite/views/api/bot/user.py
index ced39306..febddd64 100644
--- a/pysite/views/api/bot/user.py
+++ b/pysite/views/api/bot/user.py
@@ -4,7 +4,7 @@ from flask import jsonify, request
 from schema import Optional, Schema
 
 from pysite.base_route import APIView
-from pysite.constants import ValidationTypes
+from pysite.constants import ErrorCodes, ValidationTypes
 from pysite.decorators import api_key, api_params
 from pysite.mixins import DBMixin
 
@@ -48,6 +48,9 @@ class UserView(APIView, DBMixin):
     def post(self, data):
         logging.getLogger(__name__).debug(f"Size of request: {len(request.data)} bytes")
 
+        if not data:
+            return self.error(ErrorCodes.bad_data_format, "No users supplied")
+
         deletions = 0
         oauth_deletions = 0
         profile_deletions = 0
author	Gareth Coles <[email protected]>	2018-06-23 22:10:39 +0100
committer	Gareth Coles <[email protected]>	2018-06-23 22:10:39 +0100
commit	cb6521f977537d758c3c98f87f19ef65bab00611 (patch)
tree	b377098a9b7b23a0a3f2812006454b6a17065865 /pysite
parent	[Jams/Teams] Replace user Discord button with avatar link (diff)