From a882055f62e2f749b77cb2a7d69dc2928f6981b2 Mon Sep 17 00:00:00 2001
From: Joseph Schorr <josephschorr@users.noreply.github.com>
Date: Wed, 30 Mar 2016 16:02:47 -0400
Subject: [PATCH] Better error message for invalid recovery codes

---
 endpoints/web.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/endpoints/web.py b/endpoints/web.py
index 7147594c6..cc12565c8 100644
--- a/endpoints/web.py
+++ b/endpoints/web.py
@@ -392,8 +392,7 @@ def confirm_email():
 
   common_login(user)
 
-  return redirect(url_for('web.user', tab='email')
-                  if new_email else url_for('web.index'))
+  return redirect(url_for('web.user', tab='email') if new_email else url_for('web.index'))
 
 
 @web.route('/recovery', methods=['GET'])
@@ -403,11 +402,12 @@ def confirm_recovery():
   code = request.values['code']
   user = model.user.validate_reset_code(code)
 
-  if user:
+  if user is not None:
     common_login(user)
     return redirect(url_for('web.user'))
   else:
-    abort(403)
+    message = 'Invalid recovery code: This code is invalid or may have already been used.'
+    return render_page_template_with_routedata('message.html', message=message)
 
 
 @web.route('/repository/<repopath:repository>/status', methods=['GET'])