When an email code has already been used, just redirect to signin.

2013-12-18 19:47:42 -05:00 · 2013-12-18 19:47:42 -05:00 · dec74fc608
commit dec74fc608
parent d0e62d2099
2 changed files with 10 additions and 3 deletions
--- a/data/model.py
+++ b/data/model.py
@ -327,8 +327,11 @@ def create_confirm_email_code(user):


 def confirm_user_email(code):
-  code = EmailConfirmation.get(EmailConfirmation.code == code,
-                               EmailConfirmation.email_confirm == True)
+  try:
+    code = EmailConfirmation.get(EmailConfirmation.code == code,
+                                 EmailConfirmation.email_confirm == True)
+  except EmailConfirmation.DoesNotExist:
+    raise DataModelException('Invalid email confirmation code.')

  user = code.user
  user.verified = True
--- a/endpoints/web.py
+++ b/endpoints/web.py
@ -226,7 +226,11 @@ def github_oauth_callback():
@app.route('/confirm', methods=['GET'])
 def confirm_email():
  code = request.values['code']
-  user = model.confirm_user_email(code)
+
+  try:
+    user = model.confirm_user_email(code)
+  except model.DataModelException as ex:
+    return redirect(url_for('signin'))

  common_login(user)