3pp-mirror/penpot
1
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-05-04 08:55:53 +02:00
Code Issues Projects Releases Packages Wiki Activity

🐛 Fix unhandled exception on try to reuse registration token

Browse source
This commit is contained in:
Andrey Antukh 2024-08-12 11:45:01 +02:00
parent 314742a563
commit ec56a4149b
1 changed files with 22 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
backend/src/app/rpc/commands/auth.clj
View file

@ -355,16 +355,22 @@
profile (if-let [profile-id (:profile-id claims)] profile (if-let [profile-id (:profile-id claims)]
(profile/get-profile conn profile-id) (profile/get-profile conn profile-id)
;; NOTE: we first try to match existing profile
;; by email, that in normal circumstances will
;; not return anything, but when a user tries to
;; reuse the same token multiple times, we need
;; to detect if the profile is already registered
(or (profile/get-profile-by-email conn (:email claims))
(let [is-active (or (boolean (:is-active claims)) (let [is-active (or (boolean (:is-active claims))
(not (contains? cf/flags :email-verification))) (not (contains? cf/flags :email-verification)))
params (-> params params (-> params
(assoc :is-active is-active) (assoc :is-active is-active)
(update :password #(profile/derive-password cfg %)))] (update :password #(profile/derive-password cfg %)))
(->> (create-profile! conn params) profile (->> (create-profile! conn params)
(create-profile-rels! conn)))) (create-profile-rels! conn))]
(vary-meta profile assoc :created true))))
;; When no profile-id comes on claims means a new register created? (-> profile meta :created true?)
created? (not (:profile-id claims))
invitation (when-let [token (:invitation-token params)] invitation (when-let [token (:invitation-token params)]
(tokens/verify (::setup/props cfg) {:token token :iss :team-invitation})) (tokens/verify (::setup/props cfg) {:token token :iss :team-invitation}))
@ -423,8 +429,8 @@
:else :else
(let [elapsed? (elapsed-verify-threshold? profile) (let [elapsed? (elapsed-verify-threshold? profile)
complaints? (eml/has-reports? conn (:email profile)) reports? (eml/has-reports? conn (:email profile))
action (if complaints? action (if reports?
"ignore-because-complaints" "ignore-because-complaints"
(if elapsed? (if elapsed?
"resend-email-verification" "resend-email-verification"