added error handling on bad token, fixed route, and added tests

2013-05-21 17:25:00 -07:00
parent 89e1563f68
commit 377db0e7ff
3 changed files with 120 additions and 7 deletions
--- a/mediagoblin/edit/routing.py
+++ b/mediagoblin/edit/routing.py
@@ -26,5 +26,5 @@ add_route('mediagoblin.edit.delete_account', '/edit/account/delete/',
    'mediagoblin.edit.views:delete_account')
 add_route('mediagoblin.edit.pass', '/edit/password/',
    'mediagoblin.edit.views:change_pass')
-add_route('mediagoblin.edit.verify_email', '/edit/verify_email',
+add_route('mediagoblin.edit.verify_email', '/edit/verify_email/',
    'mediagoblin.edit.views:verify_email')
--- a/mediagoblin/edit/views.py
+++ b/mediagoblin/edit/views.py
@@ -16,6 +16,7 @@

 from datetime import datetime

+from itsdangerous import BadSignature
 from werkzeug.exceptions import Forbidden
 from werkzeug.utils import secure_filename

@@ -417,10 +418,20 @@ def verify_email(request):
    if not 'token' in request.GET:
        return render_404(request)

-    # This throws an error, if the thing is faked or expired
-    # should be catched, probably.
-    token = get_timed_signer_url("mail_verification_token") \
-            .loads(request.GET['token'], max_age=10*24*3600)
+    # Catch error if token is faked or expired
+    token = None
+    try:
+        token = get_timed_signer_url("mail_verification_token") \
+                .loads(request.GET['token'], max_age=10*24*3600)
+    except BadSignature:
+        messages.add_message(
+            request,
+            messages.ERROR,
+            _('The verification key or user id is incorrect.'))
+
+        return redirect(
+            request,
+            'index')

    user = User.query.filter_by(id=int(token['user'])).first()