diff --git a/confirmation/models.py b/confirmation/models.py index cc5dbe2886..0643ea7bc2 100644 --- a/confirmation/models.py +++ b/confirmation/models.py @@ -109,8 +109,8 @@ class ConfirmationType: self.validity_in_days = validity_in_days _properties = { - Confirmation.USER_REGISTRATION: ConfirmationType('confirmation.views.confirm'), - Confirmation.INVITATION: ConfirmationType('confirmation.views.confirm', + Confirmation.USER_REGISTRATION: ConfirmationType('check_prereg_key_and_redirect'), + Confirmation.INVITATION: ConfirmationType('check_prereg_key_and_redirect', validity_in_days=settings.INVITATION_LINK_VALIDITY_DAYS), Confirmation.EMAIL_CHANGE: ConfirmationType('zerver.views.user_settings.confirm_email_change'), Confirmation.UNSUBSCRIBE: ConfirmationType('zerver.views.unsubscribe.email_unsubscribe', @@ -118,7 +118,7 @@ _properties = { Confirmation.MULTIUSE_INVITE: ConfirmationType( 'zerver.views.registration.accounts_home_from_multiuse_invite', validity_in_days=settings.INVITATION_LINK_VALIDITY_DAYS), - Confirmation.REALM_CREATION: ConfirmationType('confirmation.views.confirm'), + Confirmation.REALM_CREATION: ConfirmationType('check_prereg_key_and_redirect'), } # Functions related to links generated by the generate_realm_creation_link.py diff --git a/confirmation/views.py b/confirmation/views.py index 65af2678b0..2133c069e4 100644 --- a/confirmation/views.py +++ b/confirmation/views.py @@ -13,20 +13,21 @@ from confirmation.models import Confirmation, get_object_from_key, ConfirmationK from typing import Any, Dict -# This is currently only used for confirming PreregistrationUser. -# Do not add other confirmation paths here. -def confirm(request: HttpRequest, confirmation_key: str) -> HttpResponse: +def check_prereg_key_and_redirect(request: HttpRequest, confirmation_key: str) -> HttpResponse: + # If the key isn't valid, show the error message on the original URL + confirmation = Confirmation.objects.filter(confirmation_key=confirmation_key).first() + if confirmation is None or confirmation.type not in [ + Confirmation.USER_REGISTRATION, Confirmation.INVITATION, Confirmation.REALM_CREATION]: + return render_confirmation_key_error( + request, ConfirmationKeyException(ConfirmationKeyException.DOES_NOT_EXIST)) try: - get_object_from_key(confirmation_key, Confirmation.USER_REGISTRATION) - except ConfirmationKeyException: - try: - get_object_from_key(confirmation_key, Confirmation.INVITATION) - except ConfirmationKeyException as exception: - try: - get_object_from_key(confirmation_key, Confirmation.REALM_CREATION) - except ConfirmationKeyException as exception: - return render_confirmation_key_error(request, exception) + get_object_from_key(confirmation_key, confirmation.type) + except ConfirmationKeyException as exception: + return render_confirmation_key_error(request, exception) + # confirm_preregistrationuser.html just extracts the confirmation_key + # (and GET parameters) and redirects to /accounts/register, so that the + # user can enter their information on a cleaner URL. return render(request, 'confirmation/confirm_preregistrationuser.html', context={ 'key': confirmation_key, diff --git a/zproject/urls.py b/zproject/urls.py index 66321e47b9..d8e60a71a7 100644 --- a/zproject/urls.py +++ b/zproject/urls.py @@ -411,7 +411,8 @@ i18n_urls = [ url(r'^accounts/register/', zerver.views.registration.accounts_register, name='zerver.views.registration.accounts_register'), url(r'^accounts/do_confirm/(?P[\w]+)', - confirmation.views.confirm, name='confirmation.views.confirm'), + confirmation.views.check_prereg_key_and_redirect, + name='check_prereg_key_and_redirect'), url(r'^accounts/confirm_new_email/(?P[\w]+)', zerver.views.user_settings.confirm_email_change,