From e74d6491960418814801344f57fa46e7d4ddaecf Mon Sep 17 00:00:00 2001
From: Glandos <bugs-github@antipoul.fr>
Date: Sun, 10 Oct 2021 23:45:58 +0200
Subject: [PATCH] in case of token error, don't try to force authentication,
 it's useless

---
 ihatemoney/tests/budget_test.py |  6 ++----
 ihatemoney/web.py               | 12 ++----------
 2 files changed, 4 insertions(+), 14 deletions(-)

diff --git a/ihatemoney/tests/budget_test.py b/ihatemoney/tests/budget_test.py
index bbf98ff1..b96a802e 100644
--- a/ihatemoney/tests/budget_test.py
+++ b/ihatemoney/tests/budget_test.py
@@ -101,11 +101,9 @@ class BudgetTestCase(IhatemoneyTestCase):
         )
         assert "Create a new project" in resp.data.decode("utf-8")
 
-        resp = self.client.get("/authenticate")
-        self.assertIn("You either provided a bad token", resp.data.decode("utf-8"))
         # A token MUST have a point between payload and signature
         resp = self.client.get("/raclette/join/token.invalid", follow_redirects=True)
-        self.assertIn("You either provided a bad token", resp.data.decode("utf-8"))
+        self.assertIn("Provided token is invalid", resp.data.decode("utf-8"))
 
     def test_invite_code_invalidation(self):
         """Test that invitation link expire after code change"""
@@ -137,7 +135,7 @@ class BudgetTestCase(IhatemoneyTestCase):
         self.client.get("/exit")
         response = self.client.get(link, follow_redirects=True)
         # Link is invalid
-        self.assertIn("You either provided a bad token", response.data.decode("utf-8"))
+        self.assertIn("Provided token is invalid", response.data.decode("utf-8"))
 
     def test_password_reminder(self):
         # test that it is possible to have an email containing the password of a
diff --git a/ihatemoney/web.py b/ihatemoney/web.py
index d43b49ea..b7f6d073 100644
--- a/ihatemoney/web.py
+++ b/ihatemoney/web.py
@@ -203,9 +203,8 @@ def join_project(token):
         token, token_type="auth", project_id=project_id
     )
     if verified_project_id != project_id:
-        # User doesn't provide project identifier or a valid token
-        # redirect to authenticate form
-        return redirect(url_for(".authenticate", project_id=project_id, bad_token=1))
+        flash(_("Provided token is invalid"), "danger")
+        return redirect("/")
 
     # maintain a list of visited projects
     if "projects" not in session:
@@ -228,13 +227,6 @@ def authenticate(project_id=None):
         form.id.data = request.args["project_id"]
     project_id = form.id.data
 
-    if project_id is None or request.args.get("bad_token") is not None:
-        # User doesn't provide project identifier or a valid token
-        # return to authenticate form
-        msg = _("You either provided a bad token or no project identifier.")
-        form["id"].errors = [msg]
-        return render_template("authenticate.html", form=form)
-
     project = Project.query.get(project_id)
     if not project:
         # If the user try to connect to an unexisting project, we will