2 files changed, 17 insertions, 2 deletions

diff --git a/app/tests/test_views.py b/app/tests/test_views.py
index a9645b2..0abd5e4 100644
--- a/app/tests/test_views.py
+++ b/app/tests/test_views.py
@@ -32,6 +32,12 @@ data2check_visitors = {
 	},
 	"/admin/user/":{
 	"code":403,"data":b"Forbidden"
+	},
+	"/confirm":{
+	"code":200,"data":b"Token not provided in URL Parameter"
+	},
+	"/confirm?confirmation_token=123":{
+	"code":200,"data":b"Bad Token Provided"
 	}
 }
 
@@ -52,6 +58,13 @@ def test_user_auth_flow(app, client):
 	assert res.status_code == 200
 	assert b"confirm your email" in res.data
 
+	res = client.post("/signin",data=dict(
+		email="test@example.com",
+		password="testpassword"),
+		follow_redirects=True)
+	assert res.status_code == 200
+	assert b"Please Confirm Your Email First." in res.data
+
 	confirmation_token = ts.dumps("test@example.com",salt="email-confirm-key")
 	res = client.get("/confirm?confirmation_token={}".format(confirmation_token),
 		follow_redirects=True)
diff --git a/app/views/auth.py b/app/views/auth.py
index f2cf338..d6f02b8 100644
--- a/app/views/auth.py
+++ b/app/views/auth.py
@@ -5,6 +5,7 @@ from app.misc_func import flash_errors, send, send_async
 import flask_login
 from sqlalchemy.exc import IntegrityError
 from itsdangerous.url_safe import URLSafeSerializer
+from itsdangerous.exc import BadSignature
 
 ts = URLSafeSerializer(app.config["SECRET_KEY"])
 
@@ -111,8 +112,9 @@ def confirm_email():
     try:
         email = ts.loads(confirmation_token, salt="email-confirm-key",max_age=86400)
     except TypeError:
-        return render_template("message.html",message="Expired or Invalid Token")
-
+        return render_template("message.html",message="Token not provided in URL Parameter")
+    except BadSignature:
+        return render_template("message.html",message="Bad Token Provided")
     user = models.User.query.filter_by(email=email).first()
     print(email)
     user.confirmation = True