From 274a9afff0369209fe3d882971935512bf192b9d Mon Sep 17 00:00:00 2001 From: Tomas Stary Date: Sun, 29 Apr 2018 22:34:21 +0200 Subject: [PATCH] resolves #6 --- evodoc/api/userapi.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/evodoc/api/userapi.py b/evodoc/api/userapi.py index fe19c96..4e1dc49 100644 --- a/evodoc/api/userapi.py +++ b/evodoc/api/userapi.py @@ -105,7 +105,7 @@ def activation_action(): user_id = data['user_id'] user = User.get_user_by_id(user_id) token = check_token_exists(data['token']) - if token == None: + if token == None or token.user_id != user_id: raise ApiException(403, "Invalid token") if user.activated: raise ApiException(401, "User has been already activated.")