From 3352349687417d83c561b5169674290561d8a095 Mon Sep 17 00:00:00 2001
From: Usama Bin Nadeem <32700508+usamabinnadeem-10@users.noreply.github.com>
Date: Fri, 18 Oct 2024 16:34:20 +0500
Subject: [PATCH] add check for contractItemID validity to prevent 500

---
 webapp/shop/cred/views.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/webapp/shop/cred/views.py b/webapp/shop/cred/views.py
index ee1e645a470..e87c29a44a7 100644
--- a/webapp/shop/cred/views.py
+++ b/webapp/shop/cred/views.py
@@ -268,7 +268,7 @@ def cred_schedule(
             f"{data['date']}T{data['time']}", "%Y-%m-%dT%H:%M"
         )
         starts_at = tz_info.localize(scheduled_time)
-        contract_item_id = data["contract_item_id"]
+        contract_item_id = flask.request.args.get("contractItemID")
         first_name, last_name = get_user_first_last_name()
         country_code = TIMEZONE_COUNTRIES[timezone]
         assessment_reservation_uuid = None
@@ -280,6 +280,14 @@ def cred_schedule(
         template_data["max_date"] = max_date
         template_data["time_delay"] = time_delay
 
+        if not contract_item_id or not str(contract_item_id).isdigit():
+            error = "Invalid contract item ID"
+            return flask.render_template(
+                "/credentials/schedule.html",
+                error=error,
+                **template_data,
+            )
+
         if flask.request.args.get("uuid", default=None, type=str):
             assessment_reservation_uuid = flask.request.args.get("uuid")