From 0be30f1f198e84c33631108416a099e699fdfb8b Mon Sep 17 00:00:00 2001
From: Se Yeon Kim <sykim@mozilla.com>
Date: Tue, 30 Jun 2020 12:15:02 -0500
Subject: [PATCH] Validate user authentication and api address

---
 emails/views.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/emails/views.py b/emails/views.py
index 5726456a85..cb50021072 100644
--- a/emails/views.py
+++ b/emails/views.py
@@ -42,9 +42,11 @@
 def index(request):
     incr_if_enabled('emails_index', 1)
     request_data = get_post_data_from_request(request)
-    if (not request.user.is_authenticated and
-        not request_data.get("api_token", False)
-       ):
+    is_validated_user = (
+        request.user.is_authenticated and
+        request_data.get("api_token", False)
+    )
+    if not is_validated_user:
         raise PermissionDenied
     if request.method == 'POST':
         return _index_POST(request)