prevent potential redirect loop with activation link

2017-10-14 23:35:22 +03:00 · 2017-10-14 23:35:22 +03:00 · b0a6856fbc
commit b0a6856fbc
parent 1e027c4b88
1 changed files with 6 additions and 3 deletions
--- a/server/routes/index.js
+++ b/server/routes/index.js
@ -737,11 +737,14 @@ router.get('/logout', (req, res) => {
 router.get('/activate/:token', wrap(async (req, res) => {
  if (req.session.user) return res.redirect('/login')
  let token = req.params.token
-
  let success = await API.User.Login.activationToken(token)
-  if (!success) return formError(req, res, 'Unknown or invalid activation token')

+  if (!success) {
+    req.flash('message', {error: true, text: 'Invalid or expired activation token.'})
+  } else {
    req.flash('message', {error: false, text: 'Your account has been activated! You may now log in.'})
+  }
+
  res.redirect('/login')
 }))