in case of token error, don't try to force authentication, it's useless

2025-05-05 20:51:49 +02:00 · 2021-10-10 23:45:58 +02:00 · 2021-10-10 23:45:58 +02:00 · e74d649196
commit e74d649196
parent 84862ec84a
2 changed files with 4 additions and 14 deletions
--- a/ihatemoney/tests/budget_test.py
+++ b/ihatemoney/tests/budget_test.py
@ -101,11 +101,9 @@ class BudgetTestCase(IhatemoneyTestCase):
        )
        assert "Create a new project" in resp.data.decode("utf-8")

-        resp = self.client.get("/authenticate")
-        self.assertIn("You either provided a bad token", resp.data.decode("utf-8"))
        # A token MUST have a point between payload and signature
        resp = self.client.get("/raclette/join/token.invalid", follow_redirects=True)
-        self.assertIn("You either provided a bad token", resp.data.decode("utf-8"))
+        self.assertIn("Provided token is invalid", resp.data.decode("utf-8"))

    def test_invite_code_invalidation(self):
        """Test that invitation link expire after code change"""
@ -137,7 +135,7 @@ class BudgetTestCase(IhatemoneyTestCase):
        self.client.get("/exit")
        response = self.client.get(link, follow_redirects=True)
        # Link is invalid
-        self.assertIn("You either provided a bad token", response.data.decode("utf-8"))
+        self.assertIn("Provided token is invalid", response.data.decode("utf-8"))

    def test_password_reminder(self):
        # test that it is possible to have an email containing the password of a
--- a/ihatemoney/web.py
+++ b/ihatemoney/web.py
@ -203,9 +203,8 @@ def join_project(token):
        token, token_type="auth", project_id=project_id
    )
    if verified_project_id != project_id:
-        # User doesn't provide project identifier or a valid token
-        # redirect to authenticate form
-        return redirect(url_for(".authenticate", project_id=project_id, bad_token=1))
+        flash(_("Provided token is invalid"), "danger")
+        return redirect("/")

    # maintain a list of visited projects
    if "projects" not in session:
@ -228,13 +227,6 @@ def authenticate(project_id=None):
        form.id.data = request.args["project_id"]
    project_id = form.id.data

-    if project_id is None or request.args.get("bad_token") is not None:
-        # User doesn't provide project identifier or a valid token
-        # return to authenticate form
-        msg = _("You either provided a bad token or no project identifier.")
-        form["id"].errors = [msg]
-        return render_template("authenticate.html", form=form)
-
    project = Project.query.get(project_id)
    if not project:
        # If the user try to connect to an unexisting project, we will