Change API calls that expect non-robots to explicitly filter
Before this change, we'd filter in the UI but calls to the API could allow robots accounts where we only expect real users
This commit is contained in:
Joseph Schorr
parent
e5e2384998
commit
fdd43e2490
6 changed files with 21 additions and 14 deletions
|
|
@ -10,7 +10,7 @@ from flask import Flask, current_app
|
|||
from flask_mail import Mail
|
||||
|
||||
def sendReset(username):
|
||||
user = model.get_user(username)
|
||||
user = model.get_nonrobot_user(username)
|
||||
if not user:
|
||||
print 'No user found'
|
||||
return
|
||||
|
|
|
|||
Reference in a new issue