darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-05-03 07:31:28 -04:00
Code Issues Packages Projects Releases Wiki Activity

Stop automatically resending email verification links

Browse Source 
This commit stops a new email verification link from being sent to a
user if they click on an email link which has expired or which has
already been used. Instead, they will be see an error message with a
link to the sign in page. This stops the situation where someone could
log in indefinitely (without the needing to enter their password) by
trying to use a used / expired email verification link and receiving a
valid link automatically.
This commit is contained in:
Katie Smith
2019-01-15 16:32:26 +00:00
parent 55a41f9239
commit 9095893e03
4 changed files with 30 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/notify_client/user_api_client.py
View File

@@ -129,13 +129,7 @@ class UserApiClient(NotifyAdminAPIClient):
return True, ''
except HTTPError as e:
if e.status_code == 400 or e.status_code == 404:
if 'Code not found' in e.message:
return False, 'Code not found'
elif 'Code has expired' in e.message:
return False, 'Code has expired'
else:
# TODO what is the default message?
return False, 'Code not found'
return False, e.message
raise e
def get_users_for_service(self, service_id):