upload: improve error message for double verifications
Keep a rate limiter token around, and tell the user that a link was already clicked recently if that is the case.
This commit is contained in:
parent
02321777b9
commit
ecdf1001f4
|
@ -0,0 +1,3 @@
|
|||
{{#> layout }}
|
||||
<p>This address was already verified.</p>
|
||||
{{/layout}}
|
|
@ -1098,6 +1098,10 @@ pub mod tests {
|
|||
|
||||
let response = client.post(&confirm_uri).dispatch();
|
||||
assert_eq!(response.status(), Status::Ok);
|
||||
|
||||
let mut response_second = client.post(&confirm_uri).dispatch();
|
||||
assert_eq!(response_second.status(), Status::BadRequest);
|
||||
assert!(response_second.body_string().unwrap().contains("already verified"));
|
||||
}
|
||||
|
||||
fn check_mails_and_confirm_deletion(client: &Client, filemail_path: &Path, address: &str) {
|
||||
|
|
|
@ -263,7 +263,7 @@ pub fn verify_confirm(
|
|||
) -> response::PublishResponse {
|
||||
let (fingerprint, email) = match check_publish_token(&db, &token_service, token) {
|
||||
Ok(x) => x,
|
||||
Err(_) => return PublishResponse::err("token verification failed"),
|
||||
Err(_) => return PublishResponse::err("Invalid verification token!"),
|
||||
};
|
||||
|
||||
response::PublishResponse::Ok {
|
||||
|
|
|
@ -446,10 +446,13 @@ pub fn request_verify_form_data(
|
|||
pub fn verify_confirm(
|
||||
db: rocket::State<KeyDatabase>,
|
||||
token_service: rocket::State<StatefulTokens>,
|
||||
rate_limiter: rocket::State<RateLimiter>,
|
||||
token: String,
|
||||
) -> MyResponse {
|
||||
let rate_limit_id = format!("verify-token-{}", &token);
|
||||
match vks::verify_confirm(db, token_service, token) {
|
||||
PublishResponse::Ok { fingerprint, email } => {
|
||||
rate_limiter.action_perform(rate_limit_id);
|
||||
let userid_link = uri!(search: &email).to_string();
|
||||
let context = template::Verify {
|
||||
verified: true,
|
||||
|
@ -462,7 +465,15 @@ pub fn verify_confirm(
|
|||
|
||||
MyResponse::ok("upload/publish-result", context)
|
||||
},
|
||||
PublishResponse::Error(error) => MyResponse::plain(error),
|
||||
PublishResponse::Error(error) => {
|
||||
if rate_limiter.action_check(rate_limit_id) {
|
||||
MyResponse::bad_request(
|
||||
"400-plain", failure::err_msg(error))
|
||||
} else {
|
||||
MyResponse::bad_request(
|
||||
"upload/already-verified", failure::err_msg(""))
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue