diff --git a/pagure/ui/repo.py b/pagure/ui/repo.py index 9ec5704..62b657a 100644 --- a/pagure/ui/repo.py +++ b/pagure/ui/repo.py @@ -2733,6 +2733,8 @@ def give_project(repo, username=None, namespace=None): if form.validate_on_submit(): new_username = flask.request.form.get('user', '').strip() + if not new_username: + flask.abort(404, 'No user specified') new_owner = pagure.lib.search_user( SESSION, username=new_username) if not new_owner: diff --git a/tests/test_pagure_flask_ui_app_give_project.py b/tests/test_pagure_flask_ui_app_give_project.py index 2335694..e26bbe3 100644 --- a/tests/test_pagure_flask_ui_app_give_project.py +++ b/tests/test_pagure_flask_ui_app_give_project.py @@ -109,6 +109,28 @@ class PagureFlaskGiveRepotests(tests.SimplePagureTest): self._check_user() + def test_give_project_no_user(self): + """ Test the give_project endpoint. """ + + user = tests.FakeUser() + user.username = 'pingou' + with tests.user_set(pagure.APP, user): + csrf_token = self.get_csrf() + + self._check_user() + + # No user + data = { + 'csrf_token': csrf_token, + } + + output = self.app.post( + '/test/give', data=data, follow_redirects=True) + self.assertEqual(output.status_code, 404) + self.assertIn('

No user specified

', output.data) + + self._check_user() + def test_give_project_not_owner(self): """ Test the give_project endpoint. """