Opened 13 years ago
Last modified 13 years ago
#274 closed defect (FIXED)
/auth/resend_verification/ crashes when not logged in
| Reported by: | Elrond | Owned by: | Aaron Williamson |
|---|---|---|---|
| Priority: | major | Milestone: | 0.2.1 |
| Component: | programming | Keywords: | |
| Cc: | Parent Tickets: |
Description
Quite simple to reproduce:
Go to:
`http://omgmg.dyndns.org:6543/auth/resend\_verification/ <http://omgmg.dyndns.org:6543/auth/resend_verification/>`_
(if you're still logged in from testing, log out first)
::
File 'mediagoblin/auth/views.py', line 193 in resend_activation
request.user[u'verification_key'] = unicode(uuid.uuid4())
TypeError: 'NoneType' object does not support item assignment
Change History (11)
comment:2 by , 13 years ago
Hm. Shouldn't it be checking if request.user is None instead of these GET parameters if it's checking that the user is logged in?
comment:3 by , 13 years ago
Note 0.1: Sending a "forget password" mail requires an active account. Note 0.2: Senidng an "activation" email requires one to be logged in. I don't know, if this is good: If one registers, forgets the password, and the first activation mail gets b0rked, one is locked out.
comment:4 by , 13 years ago
Chris, you're right, I put that together in a hurry and wasn't thinking. Here's the revised patch: `https://gitorious.org/mediagoblin/mediagoblin/merge\_requests/24 <https://gitorious.org/mediagoblin/mediagoblin/merge_requests/24>`_ I also added a sanity check: if the user's email is already verified, we shouldn't send a verification email. Elrond: you're right that requiring users to be logged in to request a new verification email is a bad idea. I propose that instead, we redirect not-logged-in users to a form that allows them to enter the username and/or email address they registered with, and resend verification that way.
comment:5 by , 13 years ago
| Milestone: | 0.1.0 → 0.2.0 |
|---|
comment:5 by , 13 years ago
Hum, is there any reason this shouldn't be merged? I guess there's the caveat elrond/aaron were discussing, but looks like that's not a blocker on merging the existing code.
comment:6 by , 13 years ago
Okay, I'll review this! If it's fine, I'll merge it.
Then we can decide on either {closing this bug and opening a new
one} or updating the goal of this bug.
comment:7 by , 13 years ago
| Status: | Feedback → In Progress |
|---|
Okay, merged and fixed the slight redir-problem. What now? new bug for clearing up the "Oh, I registered, missed my verification mail.. oh well... AND forgot my password" issue?
comment:8 by , 13 years ago
| Milestone: | 0.2.0 → 0.2.1 |
|---|
comment:8 by , 13 years ago
| Status: | In Progress → Closed |
|---|
I'm not sure what can be done about that. It actually seems like an unsolvable problem, especially because forgot-password type things is one of the point of verifying emails? You just have to hope you don't make that many errors during registration! If someone can think of a solution to what happens when you make that many errors, then I think it deserves a new ticket. I can't think of a clean one though.
Note:
See TracTickets
for help on using tickets.
