Fix crash when trying to get a member from the wrong project

This was hidden by the CVE-2020-15120 issue: now that we no longer return
members from the wrong project, we need to handle the case where there is
nothing to return.

1 files changed, 4 insertions, 5 deletions

diff --git a/ihatemoney/models.py b/ihatemoney/models.py
index 5691c75..8dc9b55 100644
--- a/ihatemoney/models.py
+++ b/ihatemoney/models.py
@@ -273,9 +273,8 @@ class Project(db.Model):
         This method returns the status DELETED or DEACTIVATED regarding the
         changes made.
         """
-        try:
-            person = Person.query.get(member_id, self)
-        except orm.exc.NoResultFound:
+        person = Person.query.get(member_id, self)
+        if person is None:
             return None
         if not person.has_bills():
             db.session.delete(person)
@@ -381,7 +380,7 @@ class Person(db.Model):
             return (
                 Person.query.filter(Person.name == name)
                 .filter(Person.project_id == project.id)
-                .one()
+                .one_or_none()
             )
 
         def get(self, id, project=None):
@@ -390,7 +389,7 @@ class Person(db.Model):
             return (
                 Person.query.filter(Person.id == id)
                 .filter(Person.project_id == project.id)
-                .one()
+                .one_or_none()
             )
 
     query_class = PersonQuery