registration: Return status code 404 if invalid confirmation key passed.

We were returning 200 before - 404 is more appropriate.
2025-11-19 14:08:23 +00:00 · 2021-05-21 00:10:00 +02:00
parent 40169353ad
commit d17a4f64d6
2 changed files with 6 additions and 10 deletions
--- a/zerver/tests/test_signup.py
+++ b/zerver/tests/test_signup.py
@@ -1968,10 +1968,8 @@ so we didn't send them an invitation. We did send invitations to everyone else!"
        response = self.client_post(
            url, {"key": registration_key, "from_confirmation": 1, "full_nme": "alice"}
        )
-        self.assertEqual(response.status_code, 200)
-        self.assert_in_success_response(
-            ["The registration link has expired or is not valid."], response
-        )
+        self.assertEqual(response.status_code, 404)
+        self.assert_in_response("The registration link has expired or is not valid.", response)

        registration_key = confirmation_link.split("/")[-1]
        response = self.client_post(
@@ -3567,10 +3565,8 @@ class UserSignUpTest(InviteUserBase):
            },
        )
        # Error page should be displayed
-        self.assert_in_success_response(
-            ["The registration link has expired or is not valid."], result
-        )
-        self.assertEqual(result.status_code, 200)
+        self.assertEqual(result.status_code, 404)
+        self.assert_in_response("The registration link has expired or is not valid.", result)

    def test_signup_with_multiple_default_stream_groups(self) -> None:
        # Check if user is subscribed to the streams of default
--- a/zerver/views/registration.py
+++ b/zerver/views/registration.py
@@ -123,11 +123,11 @@ def accounts_register(request: HttpRequest) -> HttpResponse:
        key = request.POST.get("key", default="")
        confirmation = Confirmation.objects.get(confirmation_key=key)
    except Confirmation.DoesNotExist:
-        return render(request, "zerver/confirmation_link_expired_error.html")
+        return render(request, "zerver/confirmation_link_expired_error.html", status=404)

    prereg_user = confirmation.content_object
    if prereg_user.status == confirmation_settings.STATUS_REVOKED:
-        return render(request, "zerver/confirmation_link_expired_error.html")
+        return render(request, "zerver/confirmation_link_expired_error.html", status=404)
    email = prereg_user.email
    realm_creation = prereg_user.realm_creation
    password_required = prereg_user.password_required