From 8b85c7bc325f9c7f84c481d77d03fa1536fd188a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= <fpeters@entrouvert.com>
Date: Tue, 4 Sep 2018 09:42:35 +0200
Subject: [PATCH] general: give a custom error message on invalid action link
 (#25722)

---
 tests/test_form_pages.py | 21 +++++++++++++++++++--
 wcs/forms/actions.py     | 10 ++++++++--
 2 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/tests/test_form_pages.py b/tests/test_form_pages.py
index 2aa0c1c07..311320dd4 100644
--- a/tests/test_form_pages.py
+++ b/tests/test_form_pages.py
@@ -4963,8 +4963,25 @@ def test_email_actions(pub, emails):
     formdata = formdef.data_class().select()[0]
     assert formdata.status == 'wf-accepted'
 
-    # no longer on a correct status, action url will now return a 404
-    app.get(action_url, status=404)
+    # action token has been used, it will now return a custom 404
+    resp = app.get(action_url, status=404)
+    assert 'This action link has already been used or has expired.' in resp.body
+
+    # check against independently changed status, it should also return a
+    # custom 404.
+    emails.empty()
+    formdef.data_class().wipe()
+    app = login(get_app(pub), username='foo', password='foo')
+    resp = app.get(formdef.get_url())
+    resp = resp.form.submit('submit')
+    resp = resp.form.submit('submit')
+    email_data = emails.get('New form2 (test email action)')
+    action_url = re.findall(r'http.* ', email_data['payload'])[0].strip()
+    formdata = formdef.data_class().select()[0]
+    formdata.jump_status('rejected')
+    app = get_app(pub)
+    resp = app.get(action_url, status=404)
+    assert 'This action link has already been used or has expired.' in resp.body
 
 def test_manager_public_access(pub):
     user, manager = create_user_and_admin(pub)
diff --git a/wcs/forms/actions.py b/wcs/forms/actions.py
index c8f44e06f..f61e403d1 100644
--- a/wcs/forms/actions.py
+++ b/wcs/forms/actions.py
@@ -28,12 +28,18 @@ from wcs.forms.common import FormTemplateMixin
 from wcs.wf.jump import jump_and_perform
 
 
+class MissingOrExpiredToken(errors.PublishError):
+    status_code = 404
+    title = N_('Error')
+    description = N_('This action link has already been used or has expired.')
+
+
 class ActionsDirectory(Directory):
     def _q_lookup(self, component):
         try:
             token = tokens.Token.get(component)
         except KeyError:
-            raise errors.TraversalError()
+            raise MissingOrExpiredToken()
         if token.type != 'action':
             raise errors.TraversalError()
         return ActionDirectory(token)
@@ -54,7 +60,7 @@ class ActionDirectory(Directory, FormTemplateMixin):
                 self.action = item
                 break
         else:
-            raise errors.TraversalError()
+            raise MissingOrExpiredToken()
 
     def _q_index(self):
         template.html_top(title=self.formdef.name)
-- 
2.19.0.rc1