From e73d007a19411af8f519c65fa36bc062a6bc38f5 Mon Sep 17 00:00:00 2001
From: Trever Fischer <tdfischer@fedoraproject.org>
Date: Wed, 7 Mar 2012 18:04:19 -0500
Subject: [PATCH] Prevent reuse of invites. Fixes #15

---
 profiles/views.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/profiles/views.py b/profiles/views.py
index b95976e..c5669be 100644
--- a/profiles/views.py
+++ b/profiles/views.py
@@ -1,6 +1,6 @@
 from django.contrib.auth.decorators import login_required
 from django.contrib.sites.models import Site
-from django.http import HttpResponseRedirect
+from django.http import HttpResponseRedirect, Http404
 from django.shortcuts import render_to_response
 from django.template import RequestContext
 from django.contrib.auth.models import User
@@ -92,7 +92,10 @@ def claimInvite(request, code=None):
     if form.is_valid():
         code = form.cleaned_data['code']
     if code:
-        invite = models.Invite.objects.get(code__exact=code)
+        try:
+            invite = models.Invite.objects.get(code__exact=code, claimer__exact=None, deleted__exact=False)
+        except models.Invite.DoesNotExist:
+            raise Http404
         request.session['profile-invite'] = invite
         return HttpResponseRedirect(reverse('profiles.views.register'))
     return render_to_response('profiles/claim_invite.html', {'form': form}, context_instance = RequestContext(request))