Merge pull request #72 from ticketfrei/confirm-37

check if account already exists to avoid double use of confirmation mail
This commit is contained in:
b3yond 2019-01-11 13:33:04 +01:00 committed by GitHub
commit 5a782e47fb
2 changed files with 9 additions and 6 deletions

9
db.py
View file

@ -14,7 +14,6 @@ class DB(object):
self.conn = sqlite3.connect(dbfile)
self.cur = self.conn.cursor()
self.create()
self.secret = self.get_secret()
def execute(self, *args, **kwargs):
return self.cur.execute(*args, **kwargs)
@ -189,7 +188,7 @@ class DB(object):
'passhash': scrypt_mcf(
password.encode('utf-8')
).decode('ascii')
}, self.secret).decode('ascii')
}, self.get_secret()).decode('ascii')
def mail_subscription_token(self, email, city):
"""
@ -203,17 +202,17 @@ class DB(object):
token = jwt.encode({
'email': email,
'city': city
}, self.secret).decode('ascii')
}, self.get_secret()).decode('ascii')
return token
def confirm_subscription(self, token):
json = jwt.decode(token, self.secret)
json = jwt.decode(token, self.get_secret())
return json['email'], json['city']
def confirm(self, token, city):
from user import User
try:
json = jwt.decode(token, self.secret)
json = jwt.decode(token, self.get_secret())
except jwt.DecodeError:
return None # invalid token
if 'passhash' in json.keys():

View file

@ -56,11 +56,15 @@ def register_post():
@get('/confirm/<city>/<token>')
@view('template/propaganda.tpl')
def confirm(city, token):
# check whether city already exists
if db.by_city(city):
return dict(error='This Account was already confirmed, please try '
'signing in.')
# create db-entry
if db.confirm(token, city):
# :todo show info "Account creation successful."
redirect('/settings')
return dict(error='Email confirmation failed.')
return dict(error='Account creation failed. Please try to register again.')
@post('/login')