From bae40c1692514bfb6a6096db5bafe6d2b3f94d0f Mon Sep 17 00:00:00 2001
From: Lloyd Hilaiel <lloyd@hilaiel.com>
Date: Mon, 11 Jun 2012 18:18:47 +0300
Subject: [PATCH] complete_user_creation is less aggressive about deleting the
 pendingCreation toeken - this allows a user to reload to try to complete
 email creation if the database is temporarily down

---
 lib/wsapi/complete_user_creation.js | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/lib/wsapi/complete_user_creation.js b/lib/wsapi/complete_user_creation.js
index 1996285ec..7a65ec488 100644
--- a/lib/wsapi/complete_user_creation.js
+++ b/lib/wsapi/complete_user_creation.js
@@ -58,20 +58,25 @@ exports.process = function(req, res) {
   }
 
   function postAuthentication() {
-    // the time the email verification is performed, we'll clear the pendingCreation
-    // data on the session.
-    delete req.session.pendingCreation;
-
     db.haveVerificationSecret(req.body.token, function(err, known) {
       if (err) return wsapi.databaseDown(res, err);
 
-      if (!known) return res.json({ success: false} );
+      if (!known) {
+        // clear the pendingCreation token from the session if we find no such
+        // token in the database
+        delete req.session.pendingCreation;
+        return res.json({ success: false} );
+      }
 
       db.gotVerificationSecret(req.body.token, function(err, email, uid) {
         if (err) {
           logger.warn("couldn't complete email verification: " + err);
           wsapi.databaseDown(res, err);
         } else {
+          // clear the pendingCreation token from the session once we
+          // successfully complete user creation
+          delete req.session.pendingCreation;
+
           // At this point, the user is either on the same browser with a token from
           // their email address, OR they've provided their account password.  It's
           // safe to grant them an authenticated session.
-- 
GitLab