diff --git a/db.py b/db.py index 811d197..61100ae 100644 --- a/db.py +++ b/db.py @@ -14,7 +14,6 @@ class DB(object): self.conn = sqlite3.connect(dbfile) self.cur = self.conn.cursor() self.create() - self.secret = self.get_secret() def execute(self, *args, **kwargs): return self.cur.execute(*args, **kwargs) @@ -189,7 +188,7 @@ class DB(object): 'passhash': scrypt_mcf( password.encode('utf-8') ).decode('ascii') - }, self.secret).decode('ascii') + }, self.get_secret()).decode('ascii') def mail_subscription_token(self, email, city): """ @@ -203,17 +202,17 @@ class DB(object): token = jwt.encode({ 'email': email, 'city': city - }, self.secret).decode('ascii') + }, self.get_secret()).decode('ascii') return token def confirm_subscription(self, token): - json = jwt.decode(token, self.secret) + json = jwt.decode(token, self.get_secret()) return json['email'], json['city'] def confirm(self, token, city): from user import User try: - json = jwt.decode(token, self.secret) + json = jwt.decode(token, self.get_secret()) except jwt.DecodeError: return None # invalid token if 'passhash' in json.keys(): diff --git a/frontend.py b/frontend.py index 37144d3..63143d5 100755 --- a/frontend.py +++ b/frontend.py @@ -56,11 +56,15 @@ def register_post(): @get('/confirm//') @view('template/propaganda.tpl') def confirm(city, token): + # check whether city already exists + if db.by_city(city): + return dict(error='This Account was already confirmed, please try ' + 'signing in.') # create db-entry if db.confirm(token, city): # :todo show info "Account creation successful." redirect('/settings') - return dict(error='Email confirmation failed.') + return dict(error='Account creation failed. Please try to register again.') @post('/login')