From 155f24f9f5ac1c944addddf84c7a129d55f63263 Mon Sep 17 00:00:00 2001
From: Christopher Allan Webber <cwebber@dustycloud.org>
Date: Tue, 31 May 2011 19:37:28 -0500
Subject: [PATCH] If a user doesn't provide a userid and a token to the
 verify_email function, might as well 404

---
 mediagoblin/auth/views.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py
index 906d6f13..4ccd3d86 100644
--- a/mediagoblin/auth/views.py
+++ b/mediagoblin/auth/views.py
@@ -149,12 +149,16 @@ def verify_email(request):
     validates GET parameters against database and unlocks the user account, if
     you are lucky :)
     """
+    # If we don't have userid and token parameters, we can't do anything; 404
+    if not request.GET.has_key('userid') or not request.GET.has_key('token'):
+        return exc.HTTPNotFound()
+
     user = request.db.User.find_one(
-        {'_id': bson.objectid.ObjectId(unicode(request.GET.get('userid')))})
+        {'_id': bson.objectid.ObjectId(unicode(request.GET['userid']))})
 
     verification_successful = bool
 
-    if user and user['verification_key'] == unicode(request.GET.get('token')):
+    if user and user['verification_key'] == unicode(request.GET['token']):
         user['status'] = u'active'
         user['email_verified'] = True
         verification_successful = True