From 1407c969d274510eaf6aa106660aa61c44cac040 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adri=C3=A0=20Casaj=C3=BAs?= Date: Tue, 23 Jul 2024 16:23:37 +0200 Subject: [PATCH] Only allow latest activation code to be used (#2160) (cherry picked from commit dd09297bead4ea27731ac3bd60fcf2a3e7001268) --- app/auth/views/register.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/auth/views/register.py b/app/auth/views/register.py index 6740e579..1799a76f 100644 --- a/app/auth/views/register.py +++ b/app/auth/views/register.py @@ -115,7 +115,8 @@ def register(): def send_activation_email(user, next_url): - # the activation code is valid for 1h + # the activation code is valid for 1h and delete all previous codes + Session.query(ActivationCode).filter(ActivationCode.user_id == user.id).delete() activation = ActivationCode.create(user_id=user.id, code=random_string(30)) Session.commit()