Opened 13 years ago

Last modified 12 years ago

#274 closed defect (FIXED)

/auth/resend_verification/ crashes when not logged in

Reported by: Elrond Owned by: Aaron Williamson
Priority: major Milestone: 0.2.1
Component: programming Keywords:
Cc: Parent Tickets:


Quite simple to reproduce:

Go to:
`\_verification/ <>`_
(if you're still logged in from testing, log out first)


    File 'mediagoblin/auth/', line 193 in resend_activation
      request.user[u'verification_key'] = unicode(uuid.uuid4())
    TypeError: 'NoneType' object does not support item assignment

Change History (11)

comment:1 by Aaron Williamson, 13 years ago

Owner: set to Aaron Williamson
Status: NewFeedback
Proposed patch:
`\_requests/24 <>`_

comment:2 by Christopher Allan Webber, 13 years ago

Hm. Shouldn't it be checking if request.user is None instead of
these GET parameters if it's checking that the user is logged in?

comment:3 by Elrond, 13 years ago

Note 0.1: Sending a "forget password" mail requires an active

Note 0.2: Senidng an "activation" email requires one to be logged

I don't know, if this is good: If one registers, forgets the
password, and the first activation mail gets b0rked, one is locked

comment:4 by Aaron Williamson, 13 years ago

Chris, you're right, I put that together in a hurry and wasn't
thinking. Here's the revised patch:
`\_requests/24 <>`_

I also added a sanity check: if the user's email is already
verified, we shouldn't send a verification email.

Elrond: you're right that requiring users to be logged in to
request a new verification email is a bad idea. I propose that
instead, we redirect not-logged-in users to a form that allows them
to enter the username and/or email address they registered with,
and resend verification that way.

comment:5 by Christopher Allan Webber, 12 years ago


comment:5 by Christopher Allan Webber, 12 years ago

Hum, is there any reason this shouldn't be merged? I guess there's
the caveat elrond/aaron were discussing, but looks like that's not
a blocker on merging the existing code.

comment:6 by Elrond, 12 years ago

Okay, I'll review this! If it's fine, I'll merge it.

Then we can decide on either {closing this bug and opening a new
one} or updating the goal of this bug.

comment:7 by Elrond, 12 years ago

Status: FeedbackIn Progress
Okay, merged and fixed the slight redir-problem.

What now? new bug for clearing up the "Oh, I registered, missed my
verification mail.. oh well... AND forgot my password" issue?

comment:8 by Christopher Allan Webber, 12 years ago


comment:8 by Christopher Allan Webber, 12 years ago

Status: In ProgressClosed
I'm not sure what can be done about that. It actually seems like an
unsolvable problem, especially because forgot-password type things
is one of the point of verifying emails? You just have to hope you
don't make that many errors during registration!

If someone can think of a solution to what happens when you make
that many errors, then I think it deserves a new ticket. I can't
think of a clean one though.

comment:9 by Will Kahn-Greene, 12 years ago

The original url for this bug was .

Note: See TracTickets for help on using tickets.