Added a catch for malformed apikey input.

- Legacy-Id: 17769
2020-05-10 14:16:22 +00:00 · 2020-05-10 14:16:22 +00:00 · 26e85ce53b
parent 02804ba163
commit 26e85ce53b
1 changed files with 4 additions and 1 deletions
--- a/ietf/person/models.py
+++ b/ietf/person/models.py
@ -351,7 +351,10 @@ class PersonalApiKey(models.Model):
    def validate_key(cls, s):
        import struct, hashlib, base64
        assert isinstance(s, bytes)
-        key = base64.urlsafe_b64decode(s)
+        try:
+            key = base64.urlsafe_b64decode(s)
+        except Exception:
+            return None
        id, salt, hash = struct.unpack(KEY_STRUCT, key)
        k = cls.objects.filter(id=id)
        if not k.exists():