aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristopher Allan Webber <cwebber@dustycloud.org>2011-05-31 19:37:28 -0500
committerChristopher Allan Webber <cwebber@dustycloud.org>2011-05-31 19:37:28 -0500
commit155f24f9f5ac1c944addddf84c7a129d55f63263 (patch)
tree71e8f5070752d955f08e42b1c6b95164333af4e2
parent73a1bc85f1beb257169c777452eb878fa7e684a1 (diff)
downloadmediagoblin-155f24f9f5ac1c944addddf84c7a129d55f63263.tar.lz
mediagoblin-155f24f9f5ac1c944addddf84c7a129d55f63263.tar.xz
mediagoblin-155f24f9f5ac1c944addddf84c7a129d55f63263.zip
If a user doesn't provide a userid and a token to the verify_email function, might as well 404
Diffstat
-rw-r--r--mediagoblin/auth/views.py8
1 files changed, 6 insertions, 2 deletions
diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py
index 906d6f13..4ccd3d86 100644
--- a/mediagoblin/auth/views.py
+++ b/mediagoblin/auth/views.py
@@ -149,12 +149,16 @@ def verify_email(request):
validates GET parameters against database and unlocks the user account, if
you are lucky :)
"""
+ # If we don't have userid and token parameters, we can't do anything; 404
+ if not request.GET.has_key('userid') or not request.GET.has_key('token'):
+ return exc.HTTPNotFound()
+
user = request.db.User.find_one(
- {'_id': bson.objectid.ObjectId(unicode(request.GET.get('userid')))})
+ {'_id': bson.objectid.ObjectId(unicode(request.GET['userid']))})
verification_successful = bool
- if user and user['verification_key'] == unicode(request.GET.get('token')):
+ if user and user['verification_key'] == unicode(request.GET['token']):
user['status'] = u'active'
user['email_verified'] = True
verification_successful = True
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-18 05:37:41 +0000