From 45425e650a978ff7ee1540c14b4cb95aad3fc6e3 Mon Sep 17 00:00:00 2001
From: Kumi <git@kumi.email>
Date: Sat, 16 Nov 2024 21:19:40 +0100
Subject: [PATCH] feat: Handle missing registration token gracefully

Replaces the use of get_object_or_404 with a try-except block
to specifically catch UserRegistration.DoesNotExist. Returns
a 403 Forbidden response with a dedicated registration
forbidden template for invalid tokens.

Improves user experience by providing a clearer error
message when the registration token is missing or
invalid.
---
 src/synapse_registration/registration/views.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/synapse_registration/registration/views.py b/src/synapse_registration/registration/views.py
index 23473d5..e885426 100644
--- a/src/synapse_registration/registration/views.py
+++ b/src/synapse_registration/registration/views.py
@@ -78,7 +78,10 @@ class EmailInputView(FormView):
 
 class VerifyEmailView(View):
     def get(self, request, token):
-        registration = get_object_or_404(UserRegistration, token=token)
+        try:
+            registration = UserRegistration.objects.get(token=token)
+        except UserRegistration.DoesNotExist:
+            return render(request, "registration/registration_forbidden.html", status=403)
 
         if registration.status != UserRegistration.STATUS_STARTED:
             return render(request, "registration/registration_forbidden.html", status=403)