Skip to content
Permalink
Browse files

fix: allow being logged out when verifying email

  • Loading branch information
jkcclemens committed Jan 24, 2020
1 parent c00506a commit 1dcdf74f73657e0a23d9ea481d3ef90f34d79a73
Showing with 26 additions and 16 deletions.
  1. +2 −2 webserver/src/database/models/email_verifications.rs
  2. +24 −14 webserver/src/routes/web/account/verify.rs
@@ -29,8 +29,8 @@ use uuid::Uuid;
#[belongs_to(User)]
pub struct EmailVerification {
id: EmailVerificationId,
email: String,
user_id: UserId,
pub email: String,
pub user_id: UserId,
key: String,
last_sent: Option<NaiveDateTime>,
expiry: NaiveDateTime,
@@ -2,8 +2,11 @@ use crate::{
config::Config,
database::{
DbConn,
schema::email_verifications,
models::email_verifications::EmailVerification,
schema::{email_verifications, users},
models::{
email_verifications::EmailVerification,
users::User,
},
},
errors::*,
i18n::prelude::*,
@@ -88,7 +91,7 @@ pub fn resend(data: Form<Resend>, config: State<Config>, user: OptionalWebUser,
}

#[get("/account/verify?<data..>")]
pub fn get(data: Form<Verification>, user: OptionalWebUser, mut sess: Session, conn: DbConn, l10n: L10n) -> Result<Redirect> {
pub fn get(data: Form<Verification>, mut sess: Session, conn: DbConn, l10n: L10n) -> Result<Redirect> {
let key = match BASE64URL_NOPAD.decode(data.key.as_bytes()) {
Ok(k) => k,
Err(_) => {
@@ -97,19 +100,8 @@ pub fn get(data: Form<Verification>, user: OptionalWebUser, mut sess: Session, c
},
};

let mut user = match user.into_inner() {
Some(u) => u,
None => return Ok(Redirect::to(uri!(crate::routes::web::auth::login::get))),
};

if user.email_verified() {
sess.add_data("error", l10n.tr(("email-verify-error", "already-verified"))?);
return Ok(Redirect::to(uri!(super::index::get)));
}

let verification: Option<EmailVerification> = email_verifications::table
.find(*data.id)
.filter(email_verifications::email.eq(user.email()))
.first(&*conn)
.optional()?;

@@ -126,6 +118,24 @@ pub fn get(data: Form<Verification>, user: OptionalWebUser, mut sess: Session, c
return Ok(Redirect::to(uri!(super::index::get)));
}

let mut user: User = match users::table
.find(verification.user_id)
.filter(users::email.eq(&verification.email))
.first(&*conn)
.optional()?
{
Some(u) => u,
None => {
sess.add_data("error", l10n.tr(("email-verify-error", "invalid"))?);
return Ok(Redirect::to(uri!(super::index::get)));
},
};

if user.email_verified() {
sess.add_data("error", l10n.tr(("email-verify-error", "already-verified"))?);
return Ok(Redirect::to(uri!(super::index::get)));
}

user.set_email_verified(true);
user.update(&conn)?;

0 comments on commit 1dcdf74

Please sign in to comment.
You can’t perform that action at this time.