0e2691815e
The .status value of EmailChangeStatus was not being looked at anywhere to prevent re-use of email change confirmation links. This is not a security issue, since the EmailChangeStatus object has a fixed value for the new_email, while the confirmation link has expiry time of 1 day, which prevents any reasonable malicious scenarios. We fix this by making get_object_from_key look at confirmation.content_object.status - which applies generally to all confirmations where the attached object has the .status attribute. This is desired, because we never want to successfully get_object_from_key an object that has already been used or reused. This makes the prereg_user.status check in check_prereg_key redundant so it can be deleted.
Zulip overview
Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and delightful. Fortune 500 companies, leading open source projects, and thousands of other organizations use Zulip every day. Zulip is the only modern team chat app that is designed for both live and asynchronous conversations.
Zulip is built by a distributed community of developers from all around the world, with 74+ people who have each contributed 100+ commits. With over 1000 contributors merging over 500 commits a month, Zulip is the largest and fastest growing open source team chat project.
Come find us on the development community chat!
Getting started
-
Contributing code. Check out our guide for new contributors to get started. We have invested into making Zulip’s code uniquely readable, well tested, and easy to modify. Beyond that, we have written an extraordinary 150K words of documentation on how to contribute to Zulip.
-
Contributing non-code. Report an issue, translate Zulip into your language, or give us feedback. We'd love to hear from you, whether you've been using Zulip for years, or are just trying it out for the first time.
-
Checking Zulip out. The best way to see Zulip in action is to drop by the Zulip community server. We also recommend reading about Zulip's unique approach to organizing conversations.
-
Running a Zulip server. Self host Zulip directly on Ubuntu or Debian Linux, in Docker, or with prebuilt images for Digital Ocean and Render. Learn more about self-hosting Zulip.
-
Using Zulip without setting up a server. Learn about Zulip Cloud hosting options. Zulip sponsors free Zulip Cloud Standard for hundreds of worthy organizations, including fellow open-source projects.
-
Participating in outreach programs like Google Summer of Code and Outreachy.
-
Supporting Zulip. Advocate for your organization to use Zulip, become a sponsor, write a review in the mobile app stores, or help others find Zulip.
You may also be interested in reading our blog, and following us on Twitter and LinkedIn.
Zulip is distributed under the Apache 2.0 license.