jlengrand/bugsink
1
0
Fork 0
mirror of https://github.com/jlengrand/bugsink.git synced 2026-03-10 08:01:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

On email confirmation: just log in

Browse Source
This commit is contained in:
Klaas van Schelven
2024-05-30 21:21:34 +02:00
parent 142c704682
commit a191f38670
1 changed files with 3 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
users/views.py
View File

@@ -58,13 +58,9 @@ def confirm_email(request, token=None):
verification.user.save()
verification.delete()
# I don't want to log the user in based on the verification email alone; although in principle doing so would not
# be something fundamentally more insecure than what we do in the password-reset loop (in both cases access to the
# email is enough to get access to Bugsink), better to err on the side of security.
# If we ever want to introduce a more user-friendly approach, we could make automatic login dependent on some
# (signed) cookie that's being set when registring. i.e.: if you've just recently entered your password in the same
# browser, it works.
# login(request, verification.user)
# this mirrors the approach of what we do in password-resetting; and rightfully so because the in both cases access
# to email is assumed to be sufficient proof of identity.
login(request, verification.user)
return render(request, "users/email_confirmed.html")