From c3166521286d656534a4589d51e83ef99669bfe3 Mon Sep 17 00:00:00 2001
From: sadnub <josh@torchlake.com>
Date: Thu, 20 Aug 2020 09:08:41 -0600
Subject: [PATCH] Update views.py

Added 404 replies if User doesn't exist
---
 api/tacticalrmm/accounts/views.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/api/tacticalrmm/accounts/views.py b/api/tacticalrmm/accounts/views.py
index 7a9c7ba6..a99ae5f7 100644
--- a/api/tacticalrmm/accounts/views.py
+++ b/api/tacticalrmm/accounts/views.py
@@ -25,7 +25,7 @@ class CheckCreds(KnoxLoginView):
         serializer = AuthTokenSerializer(data=request.data)
         serializer.is_valid(raise_exception=True)
 
-        user = User.objects.get(username=request.data["username"])
+        user = get_object_or_404(User, username=request.data["username"])
 
         if not user.totp_key:
             return Response("totp not set")
@@ -99,7 +99,7 @@ class GetUpdateDeleteUser(APIView):
         return Response("ok")
 
     def delete(self, request, pk):
-        User.objects.get(pk=pk).delete()
+        get_object_or_404(User, pk=pk).delete()
 
         return Response("ok")
 
@@ -109,7 +109,7 @@ class UserActions(APIView):
     # reset password
     def post(self, request):
 
-        user = User.objects.get(pk=request.data["id"])
+        user = get_object_or_404(User, pk=request.data["id"])
         user.set_password(request.data["password"])
         user.save()
 
@@ -118,7 +118,7 @@ class UserActions(APIView):
     # reset two factor token
     def put(self, request):
 
-        user = User.objects.get(pk=request.data["id"])
+        user = get_object_or_404(User, pk=request.data["id"])
         user.totp_key = ""
         user.save()