diff --git a/flask_security/confirmable.py b/flask_security/confirmable.py index 9c1a849..992c8dc 100644 --- a/flask_security/confirmable.py +++ b/flask_security/confirmable.py @@ -76,12 +76,15 @@ def confirm_by_token(token): except UserNotFoundError: raise ConfirmationError('Invalid confirmation token') + if user.confirmed_at: + raise ConfirmationError('Account has already been confirmed') + if confirmation_token_is_expired(user): raise TokenExpiredError(message='Confirmation token is expired', user=user) - user.confirmation_token = None - user.confirmation_sent_at = None + #user.confirmation_token = None + #user.confirmation_sent_at = None user.confirmed_at = datetime.utcnow() security.datastore._save_model(user) diff --git a/tests/functional_tests.py b/tests/functional_tests.py index 059d842..e80f6ae 100644 --- a/tests/functional_tests.py +++ b/tests/functional_tests.py @@ -186,7 +186,7 @@ class ConfirmableTests(SecurityTest): self.client.get('/confirm?confirmation_token=' + token, follow_redirects=True) r = self.client.get('/confirm?confirmation_token=' + token, follow_redirects=True) - self.assertIn('Invalid confirmation token', r.data) + self.assertIn('Account has already been confirmed', r.data) def test_unprovided_token_when_confirming_email(self): r = self.client.get('/confirm', follow_redirects=True)