From 0731e3dc7ed0a2a065de8b7c51115e01d5b9db67 Mon Sep 17 00:00:00 2001 From: Xavi Caballe Date: Tue, 28 Aug 2012 15:43:32 +0200 Subject: [PATCH] /email-changes/resend-confirmation must be invoked through an HTTP POST now (see source code for details) --- README.md | 4 +++- src/noir_auth_app/views/settings.clj | 8 +++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index f9e193e..a68f16c 100644 --- a/README.md +++ b/README.md @@ -113,10 +113,12 @@ It allows to cancel an email change request. This link is available in the `/set The reason to use POST instead of GET is the same as for `/logout` (see above). -#### `GET /email-changes/resend-confirmation` +#### `POST /email-changes/resend-confirmation` It resends the link to confirm the new address of an email change request. This link is available in the `/settings` page while there's an email change waiting to be confirmed. +The reason to use POST instead of GET is the same as for `/logout` (see above). + #### `GET /email-changes/:email-change-code/verify` diff --git a/src/noir_auth_app/views/settings.clj b/src/noir_auth_app/views/settings.clj index 8c0eb8f..e591700 100644 --- a/src/noir_auth_app/views/settings.clj +++ b/src/noir_auth_app/views/settings.clj @@ -54,7 +54,8 @@ [:p (i18n/translate :email-change-confirmation-sent {:email new_requested_email}) [:br] - (link-to "/email-changes/resend-confirmation" + (link-to {:data-method "post"} + "/email-changes/resend-confirmation" (i18n/translate :resend-confirmation)) " ยท " (link-to {:data-method "post"} "/email-changes/cancel" @@ -171,8 +172,9 @@ (users/cancel-email-change! (session/get :user-id)) (resp/redirect "/settings")) -; -(defpage "/email-changes/resend-confirmation" {} +; HTTP POST is used instead of GET for the same reason it's used for /logout +; (see comment for /logout in noir-auth-app.views.users) +(defpage [:post "/email-changes/resend-confirmation"] {} (email-email-change-code (common/current-user)) (resp/redirect "/settings"))