confirmation: Use error status codes for confirmation link error pages.

confirmation/models.py

@@ -34,10 +34,10 @@ def render_confirmation_key_error(
     request: HttpRequest, exception: ConfirmationKeyException
 ) -> HttpResponse:
     if exception.error_type == ConfirmationKeyException.WRONG_LENGTH:
-        return render(request, "confirmation/link_malformed.html")
+        return render(request, "confirmation/link_malformed.html", status=404)
     if exception.error_type == ConfirmationKeyException.EXPIRED:
-        return render(request, "confirmation/link_expired.html")
+        return render(request, "confirmation/link_expired.html", status=404)
-    return render(request, "confirmation/link_does_not_exist.html")
+    return render(request, "confirmation/link_does_not_exist.html", status=404)
 
 
 def generate_key() -> str:

zerver/tests/test_email_change.py

@@ -30,8 +30,9 @@ class EmailChangeTestCase(ZulipTestCase):
         key = generate_key()
         url = confirmation_url(key, None, Confirmation.EMAIL_CHANGE)
         response = self.client_get(url)
-        self.assert_in_success_response(
+        self.assertEqual(response.status_code, 404)
-            ["Whoops. We couldn't find your confirmation link in the system."], response
+        self.assert_in_response(
+            "Whoops. We couldn't find your confirmation link in the system.", response
         )
 
     def test_confirm_email_change_with_invalid_key(self) -> None:
@@ -39,7 +40,8 @@ class EmailChangeTestCase(ZulipTestCase):
         key = "invalid_key"
         url = confirmation_url(key, None, Confirmation.EMAIL_CHANGE)
         response = self.client_get(url)
-        self.assert_in_success_response(["Whoops. The confirmation link is malformed."], response)
+        self.assertEqual(response.status_code, 404)
+        self.assert_in_response("Whoops. The confirmation link is malformed.", response)
 
     def test_confirm_email_change_when_time_exceeded(self) -> None:
         user_profile = self.example_user("hamlet")
@@ -57,9 +59,8 @@ class EmailChangeTestCase(ZulipTestCase):
             url = create_confirmation_link(obj, Confirmation.EMAIL_CHANGE)
 
         response = self.client_get(url)
-        self.assert_in_success_response(
+        self.assertEqual(response.status_code, 404)
-            ["The confirmation link has expired or been deactivated."], response
+        self.assert_in_response("The confirmation link has expired or been deactivated.", response)
-        )
 
     def test_confirm_email_change(self) -> None:
         user_profile = self.example_user("hamlet")

zerver/tests/test_signup.py

@@ -1878,8 +1878,9 @@ so we didn't send them an invitation. We did send invitations to everyone else!"
         email_change_key = email_change_url.split("/")[-1]
         url = "/accounts/do_confirm/" + email_change_key
         result = self.client_get(url)
-        self.assert_in_success_response(
+        self.assertEqual(result.status_code, 404)
-            ["Whoops. We couldn't find your confirmation link in the system."], result
+        self.assert_in_response(
+            "Whoops. We couldn't find your confirmation link in the system.", result
         )
 
     def test_confirmation_expired(self) -> None:
@@ -1898,8 +1899,9 @@ so we didn't send them an invitation. We did send invitations to everyone else!"
 
         target_url = "/" + url.split("/", 3)[3]
         result = self.client_get(target_url)
-        self.assert_in_success_response(
+        self.assertEqual(result.status_code, 404)
-            ["Whoops. The confirmation link has expired or been deactivated."], result
+        self.assert_in_response(
+            "Whoops. The confirmation link has expired or been deactivated.", result
         )
 
     def test_send_more_than_one_invite_to_same_user(self) -> None:
@@ -2501,7 +2503,7 @@ class MultiuseInviteTest(ZulipTestCase):
         invite_link = self.generate_multiuse_invite_link(date_sent=date_sent)
         result = self.client_post(invite_link, {"email": email})
 
-        self.assertEqual(result.status_code, 200)
+        self.assertEqual(result.status_code, 404)
         self.assert_in_response("The confirmation link has expired or been deactivated.", result)
 
     def test_invalid_multiuse_link(self) -> None:
@@ -2509,7 +2511,7 @@ class MultiuseInviteTest(ZulipTestCase):
         invite_link = "/join/invalid_key/"
         result = self.client_post(invite_link, {"email": email})
 
-        self.assertEqual(result.status_code, 200)
+        self.assertEqual(result.status_code, 404)
         self.assert_in_response("Whoops. The confirmation link is malformed.", result)
 
     def test_invalid_multiuse_link_in_open_realm(self) -> None:
@@ -3555,7 +3557,7 @@ class UserSignUpTest(InviteUserBase):
 
         # Now try to to register using the first confirmation url:
         result = self.client_get(first_confirmation_url)
-        self.assertEqual(result.status_code, 200)
+        self.assertEqual(result.status_code, 404)
         result = self.client_post(
             "/accounts/register/",
             {
@@ -3806,7 +3808,8 @@ class UserSignUpTest(InviteUserBase):
             },
             subdomain="zephyr",
         )
-        self.assert_in_success_response(["We couldn't find your confirmation link"], result)
+        self.assertEqual(result.status_code, 404)
+        self.assert_in_response("We couldn't find your confirmation link", result)
 
     def test_failed_signup_due_to_restricted_domain(self) -> None:
         realm = get_realm("zulip")

zerver/views/registration.py

@@ -100,7 +100,7 @@ def check_prereg_key_and_redirect(request: HttpRequest, confirmation_key: str) -
 
     prereg_user = confirmation.content_object
     if prereg_user.status == confirmation_settings.STATUS_REVOKED:
-        return render(request, "zerver/confirmation_link_expired_error.html")
+        return render(request, "zerver/confirmation_link_expired_error.html", status=404)
 
     try:
         get_object_from_key(confirmation_key, confirmation.type, activate_object=False)