8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-11-23 11:53:12 +00:00

Ensure confirmation email tokens are deleted if no longer valid

This commit is contained in:
Jean-Romain Garnier 2020-04-17 20:12:12 +00:00 committed by Gabriel Detraz
parent b88fea3b4b
commit 216d14bb25
2 changed files with 26 additions and 0 deletions

View file

@ -0,0 +1,20 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.11.28 on 2020-04-17 20:10
from __future__ import unicode_literals
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('users', '0086_user_email_change_date'),
]
operations = [
migrations.AddField(
model_name='request',
name='email',
field=models.EmailField(blank=True, max_length=254, null=True),
),
]

View file

@ -831,10 +831,15 @@ class User(
def confirm_email_address_mail(self, request): def confirm_email_address_mail(self, request):
"""Prend en argument un request, envoie un mail pour """Prend en argument un request, envoie un mail pour
confirmer l'adresse""" confirmer l'adresse"""
# Delete all older requests for this user, that aren't for this email
filter = Q(user=self) & Q(type=Request.EMAIL) & ~Q(email=self.email)
Request.objects.filter(filter).delete()
# Create the request and send the email # Create the request and send the email
req = Request() req = Request()
req.type = Request.EMAIL req.type = Request.EMAIL
req.user = self req.user = self
req.email = self.email
req.save() req.save()
template = loader.get_template("users/email_confirmation_request") template = loader.get_template("users/email_confirmation_request")
@ -1873,6 +1878,7 @@ class Request(models.Model):
type = models.CharField(max_length=2, choices=TYPE_CHOICES) type = models.CharField(max_length=2, choices=TYPE_CHOICES)
token = models.CharField(max_length=32) token = models.CharField(max_length=32)
user = models.ForeignKey("User", on_delete=models.CASCADE) user = models.ForeignKey("User", on_delete=models.CASCADE)
email = models.EmailField(blank=True, null=True)
created_at = models.DateTimeField(auto_now_add=True, editable=False) created_at = models.DateTimeField(auto_now_add=True, editable=False)
expires_at = models.DateTimeField() expires_at = models.DateTimeField()