perf: Validate connection token id

2025-08-28 17:31:14 +08:00 · 2025-08-28 17:31:14 +08:00 · 468b84eb3d
parent 28d5475d0f
commit 468b84eb3d
2 changed files with 7 additions and 1 deletions
--- a/apps/authentication/api/connection_token.py
+++ b/apps/authentication/api/connection_token.py
@ -618,6 +618,8 @@ class SuperConnectionTokenViewSet(ConnectionTokenViewSet):

        token_id = request.data.get('id') or ''
        token = ConnectionToken.get_typed_connection_token(token_id)
+        if not token:
+            raise PermissionDenied('Token {} is not valid'.format(token))
        token.is_valid()
        serializer = self.get_serializer(instance=token)

--- a/apps/authentication/models/connection_token.py
+++ b/apps/authentication/models/connection_token.py
@ -4,6 +4,7 @@ from datetime import timedelta

 from django.conf import settings
 from django.core.cache import cache
+from django.core.exceptions import ValidationError
 from django.db import models
 from django.shortcuts import get_object_or_404
 from django.utils import timezone
@ -76,7 +77,10 @@ class ConnectionToken(JMSOrgBaseModel):

    @classmethod
    def get_typed_connection_token(cls, token_id):
-        token = get_object_or_404(cls, id=token_id)
+        try:
+            token = get_object_or_404(cls, id=token_id)
+        except ValidationError:
+            return None

        if token.type == ConnectionTokenType.ADMIN.value:
            token = AdminConnectionToken.objects.get(id=token_id)