From 6f43f39a58b4b9231a39c3aa90292465621b0e54 Mon Sep 17 00:00:00 2001
From: Pierre-Yves Chibon <pingou@pingoured.fr>
Date: Nov 28 2017 14:00:47 +0000
Subject: Fix giving a project if no user is specified


Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>

---

diff --git a/pagure/ui/repo.py b/pagure/ui/repo.py
index 9ec5704..62b657a 100644
--- a/pagure/ui/repo.py
+++ b/pagure/ui/repo.py
@@ -2733,6 +2733,8 @@ def give_project(repo, username=None, namespace=None):
 
     if form.validate_on_submit():
         new_username = flask.request.form.get('user', '').strip()
+        if not new_username:
+            flask.abort(404, 'No user specified')
         new_owner = pagure.lib.search_user(
             SESSION, username=new_username)
         if not new_owner:
diff --git a/tests/test_pagure_flask_ui_app_give_project.py b/tests/test_pagure_flask_ui_app_give_project.py
index 2335694..e26bbe3 100644
--- a/tests/test_pagure_flask_ui_app_give_project.py
+++ b/tests/test_pagure_flask_ui_app_give_project.py
@@ -109,6 +109,28 @@ class PagureFlaskGiveRepotests(tests.SimplePagureTest):
 
             self._check_user()
 
+    def test_give_project_no_user(self):
+        """ Test the give_project endpoint. """
+
+        user = tests.FakeUser()
+        user.username = 'pingou'
+        with tests.user_set(pagure.APP, user):
+            csrf_token = self.get_csrf()
+
+            self._check_user()
+
+            # No user
+            data = {
+                'csrf_token': csrf_token,
+            }
+
+            output = self.app.post(
+                '/test/give', data=data, follow_redirects=True)
+            self.assertEqual(output.status_code, 404)
+            self.assertIn('<p>No user specified</p>', output.data)
+
+            self._check_user()
+
     def test_give_project_not_owner(self):
         """ Test the give_project endpoint. """