From f02f6e9d239e7c9314bec60f55e5c063902d9712 Mon Sep 17 00:00:00 2001 From: Mark Veidemanis Date: Thu, 21 Jul 2022 13:51:27 +0100 Subject: [PATCH] Gracefully handle invalid queries --- core/lib/opensearch.py | 8 ++++++-- core/views/dynamic/search.py | 6 ++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/core/lib/opensearch.py b/core/lib/opensearch.py index 95ee575..40ded6b 100644 --- a/core/lib/opensearch.py +++ b/core/lib/opensearch.py @@ -1,5 +1,6 @@ from django.conf import settings from opensearchpy import OpenSearch +from opensearchpy.exceptions import RequestError def initialise_opensearch(): @@ -91,7 +92,10 @@ def run_main_query(client, user, query, fields=None, size=None): return False search_query = construct_query(query, fields, size) # fmt: off - response = client.search(body=search_query, - index=settings.OPENSEARCH_INDEX_MAIN) + try: + response = client.search(body=search_query, + index=settings.OPENSEARCH_INDEX_MAIN) + except RequestError: + return False filter_blacklisted(user, response) return response diff --git a/core/views/dynamic/search.py b/core/views/dynamic/search.py index cd09cae..fecdb64 100644 --- a/core/views/dynamic/search.py +++ b/core/views/dynamic/search.py @@ -2,7 +2,7 @@ import json from django.conf import settings from django.contrib.auth.mixins import LoginRequiredMixin -from django.http import HttpResponse, JsonResponse +from django.http import HttpResponse, HttpResponseForbidden, JsonResponse from django.shortcuts import render from django.views import View @@ -72,9 +72,11 @@ class Search(LoginRequiredMixin, View): def post(self, request): if not request.user.has_plan(self.plan_name): - return render(request, "denied.html") + return HttpResponseForbidden() context = query_results(request, request.POST) + if not context: + return HttpResponseForbidden() context["data"] = json.dumps( [ {