From 3950904fb3bcb8e42f47b1b18b100a396feaa5ad Mon Sep 17 00:00:00 2001
From: yackob03 <jacob.moshenko@gmail.com>
Date: Mon, 23 Dec 2013 14:50:01 -0500
Subject: [PATCH] Prevent a user from subscribing to a deprecated plan through
 the API.

---
 endpoints/api.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/endpoints/api.py b/endpoints/api.py
index 205fabb0b..b5c4a49ec 100644
--- a/endpoints/api.py
+++ b/endpoints/api.py
@@ -1537,11 +1537,15 @@ def subscribe(user, plan, token, require_business_plan):
     if plan_obj['stripeId'] == plan:
       plan_found = plan_obj
 
-  if not plan_found:
+  if not plan_found or plan_found['deprecated']:
+    logger.warning('Plan not found or deprecated: %s', plan)
     abort(404)
 
-  if require_business_plan and not plan_found['bus_features'] and not plan_found['price'] == 0:
-    abort(404)
+  if (require_business_plan and not plan_found['bus_features'] and not
+                                  plan_found['price'] == 0):
+    logger.warning('Business attempting to subscribe to personal plan: %s',
+                   user.username)
+    abort(400)
 
   private_repos = model.get_private_repo_count(user.username)