Commit 46de96c3 authored by Linus Lewandowski's avatar Linus Lewandowski

Show user-friendly messages for dead confirmation links.

parent b125569b
Pipeline #12289805 passed with stages
in 4 minutes and 5 seconds
......@@ -5,6 +5,7 @@ from django.conf import settings
from django.contrib import messages
from django.contrib.auth import login as auth_login
from django.contrib.auth import get_user_model
from django.shortcuts import redirect
from django.utils import timezone
from django.utils.translation import gettext_lazy as _
......@@ -35,6 +36,10 @@ def authenticate_token(request, token):
def in_url_authentication(func):
def wrapper(request, auth_token, **kwargs):
authenticate_token(request, auth_token)
try:
authenticate_token(request, auth_token)
except jwt.ExpiredSignatureError:
messages.error(request, _("Link expired."))
return redirect(settings.HOME_URL)
return func(request, **kwargs)
return wrapper
......@@ -83,12 +83,14 @@ class FinishRegistrationByEmail(TemplateView):
messages.success(request, _("Your email addres has been confirmed before."))
return redirect(settings.HOME_URL)
else:
raise SuspiciousOperation()
messages.error(request, _("Link expired."))
return redirect(settings.HOME_URL)
user = User.objects.get(id=request.token["user_id"])
if user.last_login:
# You can't finish registration after logging in.
raise SuspiciousOperation()
messages.error(request, _("Link expired."))
return redirect(settings.HOME_URL)
return super().dispatch(request, user)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment