Fix: ensure redirect to user group view includes required group path param and validate inputs

Kabir Panda · Kabir Panda · commit ade813bece7a · 2025-11-01T08:04:57.000+05:30
Signed-off-by: Kabir Panda &lt;kabirpanda@Kabirs-MacBook-Air.local&gt;
diff --git a/augur/api/view/api.py b/augur/api/view/api.py
@@ -155,21 +155,29 @@ def user_remove_repo():
     group = request.args.get("group_name")
     repo = request.args.get("repo_id")
 
-    if not repo:
-        flash("No repo id provided")
-    if not group:
-        flash("No group name provided")
-
-    repo = int(repo)
-
-    result = current_user.remove_repo(group, repo)[0]
+    # Validate inputs early and avoid proceeding with invalid data
+    if not repo or not group:
+        if not repo:
+            flash("No repo id provided")
+        if not group:
+            flash("No group name provided")
+       
+
+    try:
+        repo_id = int(repo)
+    except (TypeError, ValueError):
+        flash("Invalid repo id provided")
+      
+
+    result = current_user.remove_repo(group, repo_id)[0]
 
     if result:
         flash(f"Successfully removed repo {repo} from group {group}")
     else:
         flash("An error occurred removing repo from group")
     
-    return redirect(url_for("user_group_view") + f"?group={group}")
+    # Redirect to the group view; the route requires a 'group' path parameter
+    return redirect(url_for("user_group_view", group=group))
 
 @app.route('/account/application/deauthorize')
 @login_required
