heckyel/mediagoblin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

If a user doesn't provide a userid and a token to the verify_email function, might as well 404

Browse Source
This commit is contained in:
Christopher Allan Webber 2011-05-31 19:37:28 -05:00
parent 73a1bc85f1
commit 155f24f9f5
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
mediagoblin/auth/views.py
View File

@ -149,12 +149,16 @@ def verify_email(request):
validates GET parameters against database and unlocks the user account, if validates GET parameters against database and unlocks the user account, if
you are lucky :) you are lucky :)
""" """
# If we don't have userid and token parameters, we can't do anything; 404
if not request.GET.has_key('userid') or not request.GET.has_key('token'):
return exc.HTTPNotFound()
user = request.db.User.find_one( user = request.db.User.find_one(
{'_id': bson.objectid.ObjectId(unicode(request.GET.get('userid')))}) {'_id': bson.objectid.ObjectId(unicode(request.GET['userid']))})
verification_successful = bool verification_successful = bool
if user and user['verification_key'] == unicode(request.GET.get('token')): if user and user['verification_key'] == unicode(request.GET['token']):
user['status'] = u'active' user['status'] = u'active'
user['email_verified'] = True user['email_verified'] = True
verification_successful = True verification_successful = True