fix for login bug with email link protection

UiL-OTS-labs · Dec 12, 2024 · e8d55b0 · e8d55b0
1 parent da017a1
commit e8d55b0
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/lab/mailauth/models.py b/lab/mailauth/models.py
@@ -104,7 +104,11 @@ def try_authenticate(token: str) -> MailAuthResult:
             # the parent app sets it via an api call
             possible_pps = participants
 
-    mauth.session_token = token_urlsafe()
+    if mauth.session_token is None:
+        # link might be visited several times, and we don't want to invalidate a session
+        # (this causes issues with e.g. outlook link protection visiting the auth link for you)
+        mauth.session_token = token_urlsafe()
+
     mauth.save()
     return MailAuthResult(mauth=mauth, possible_pps=possible_pps, reason=MailAuthReason.SUCCESS)