Internal error when accessing student details #5
Description
In some cases, the server crashes with internal server error when calling API to retrieve student details. The problem is caused by user in a request being AnonymousUser (and not having id) instead of LazyUser.
Example:
TypeError at /learn/api/students/5439/
int() argument must be a string, a bytes-like object or a number, not 'AnonymousUser'
...
File "/var/www/webs/flocs/source/backend/learn/views.py" in get_queryset
229. return Student.objects.filter(user=user)
...
Steps to reproduce:
- Disable cookies in your browser for the robomise.cz
- Remove any cookies already stored by your browser.
- Go to any page requiring student details (e.g. https://robomise.cz/)
In this case, the problem is that a new LazyUser is created and sent back together with sessionid cookie. The user contains link to the student details. The cookie is ignored and when the UI app follows the link to student details the browser does not provide sessionid to lookup LazyUser.
Note:
There might be other ways to induce such behaviour, but I was unable to come up with any other way.