From e8d55b06a23b93f2c4aee74eece0b72374db064e Mon Sep 17 00:00:00 2001 From: bbonf Date: Thu, 12 Dec 2024 16:53:14 +0100 Subject: [PATCH] fix for login bug with email link protection --- lab/mailauth/models.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lab/mailauth/models.py b/lab/mailauth/models.py index e850004f..b588e8f1 100644 --- a/lab/mailauth/models.py +++ b/lab/mailauth/models.py @@ -104,7 +104,11 @@ def try_authenticate(token: str) -> MailAuthResult: # the parent app sets it via an api call possible_pps = participants - mauth.session_token = token_urlsafe() + if mauth.session_token is None: + # link might be visited several times, and we don't want to invalidate a session + # (this causes issues with e.g. outlook link protection visiting the auth link for you) + mauth.session_token = token_urlsafe() + mauth.save() return MailAuthResult(mauth=mauth, possible_pps=possible_pps, reason=MailAuthReason.SUCCESS)