Fixes: 1) Correct token decoding in user activation check.

Extra: None.
2025-05-28 15:26:53 +03:00 · 2025-05-28 15:26:53 +03:00 · 7f761f751a
commit 7f761f751a
parent cf721a50fa
1 changed files with 1 additions and 1 deletions
--- a/vibes_auth/viewsets.py
+++ b/vibes_auth/viewsets.py
@ -105,7 +105,7 @@ class UserViewSet(
        try:
            uuid = urlsafe_base64_decode(request.data.get("uidb64")).decode()
            user = User.objects.nocache().get(pk=uuid)
-            if not user.check_token(request.data.get("token")):
+            if not user.check_token(urlsafe_base64_decode(request.data.get("token"))):
                return Response(
                    {"error": _("activation link is invalid!")},
                    status=status.HTTP_400_BAD_REQUEST,