Revision 0b817216 snf-astakos-app/astakos/im/views.py

b/snf-astakos-app/astakos/im/views.py
781 781

  
782 782
    if activation_key:
783 783
        try:
784
            user = EmailChange.objects.change_email(activation_key)
785
            if request.user.is_authenticated() and \
786
                request.user == user or not \
784
            try:
785
                email_change = EmailChange.objects.get(
786
                    activation_key=activation_key)
787
            except EmailChange.DoesNotExist:
788
                transaction.rollback()
789
                logger.error("[change-email] Invalid or used activation "
790
                             "code, %s", activation_key)
791
                raise Http404
792

  
793
            if (request.user.is_authenticated() and \
794
                request.user == email_change.user) or not \
787 795
                    request.user.is_authenticated():
796
                user = EmailChange.objects.change_email(activation_key)
788 797
                msg = _(astakos_messages.EMAIL_CHANGED)
789 798
                messages.success(request, msg)
790 799
                transaction.commit()
791 800
                return HttpResponseRedirect(reverse('edit_profile'))
801
            else:
802
                logger.error("[change-email] Access from invalid user, %s %s",
803
                             email_change.user, request.user.log_display)
804
                transaction.rollback()
805
                raise PermissionDenied
792 806
        except ValueError, e:
793 807
            messages.error(request, e)
794 808
            transaction.rollback()

Also available in: Unified diff