From dd32c0476db3ed9b9997056ca2f5299d73f2a2e2 Mon Sep 17 00:00:00 2001
From: Daniel Wang <dewang@linkedin.com>
Date: Mon, 22 Oct 2018 15:55:37 -0700
Subject: [PATCH] Fix potential 5xx, move dataTables to bundle for CSP

---
 src/oncall/api/v0/event_override.py | 8 ++++++--
 src/oncall/ui/__init__.py           | 5 +----
 src/oncall/ui/static/js/oncall.js   | 1 -
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/oncall/api/v0/event_override.py b/src/oncall/api/v0/event_override.py
index c11667f..2a24cf1 100644
--- a/src/oncall/api/v0/event_override.py
+++ b/src/oncall/api/v0/event_override.py
@@ -84,8 +84,12 @@ def on_post(req, resp):
         now = time.time()
 
         cursor.execute('SELECT `id` FROM `user` WHERE `name` = %s', user)
-        user_id = cursor.fetchone()['id']
-        team_id = events[0]['team_id']
+        user_id = cursor.fetchone()
+        if not (events and user_id):
+            raise HTTPBadRequest('Invalid name or list of events')
+        else:
+            user_id = user_id['id']
+            team_id = events[0]['team_id']
 
         check_calendar_auth_by_id(team_id, req)
         # Check that events are not in the past
diff --git a/src/oncall/ui/__init__.py b/src/oncall/ui/__init__.py
index f511853..6bc994a 100644
--- a/src/oncall/ui/__init__.py
+++ b/src/oncall/ui/__init__.py
@@ -24,11 +24,8 @@ assets_env = AssetsEnvironment(path.join(STATIC_ROOT, 'static'),
 assets_env.register('libs', Bundle(
     'js/jquery-3.3.1.min.js', 'js/handlebars-4.0.12.min.js', 'js/bootstrap.min.js',
     'js/moment.js', 'js/moment-timezone.js', 'js/moment-tz-data.js',
-    'js/typeahead.js',
+    'js/typeahead.js', 'js/jquery.dataTables.min.js',
     output='bundles/libs.js'))
-assets_env.register('datatables_js', Bundle(
-    'js/jquery.dataTables.min.js',
-    output='bundles/dataTables.js'))
 assets_env.register('oncall_js', Bundle(
     'js/navigo.js', 'js/incalendar.js', 'js/oncall.js',
     output='bundles/oncall.bundle.js'))
diff --git a/src/oncall/ui/static/js/oncall.js b/src/oncall/ui/static/js/oncall.js
index 35c6249..fc129d9 100644
--- a/src/oncall/ui/static/js/oncall.js
+++ b/src/oncall/ui/static/js/oncall.js
@@ -2430,7 +2430,6 @@ var oncall = {
       init: function(name){
         var start_time = moment().subtract(30, 'days');
         this.data.teamName = decodeURIComponent(name);
-        $.getScript('/static/bundles/dataTables.js');
         this.getData(start_time);
       },
       events: function(){