From f53fc1ad0bdb8ed9c7662c232a3821937dc4027c Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Wed, 28 Jul 2021 14:49:24 -0400
Subject: [PATCH] feat: return generic 404 on invalid confirm code

---
 src/controllers/index.js | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/src/controllers/index.js b/src/controllers/index.js
index 8a54519f8d..dc23e6918f 100644
--- a/src/controllers/index.js
+++ b/src/controllers/index.js
@@ -222,12 +222,19 @@ Controllers.registerInterstitial = async function (req, res, next) {
 	}
 };
 
-Controllers.confirmEmail = function (req, res) {
-	user.email.confirmByCode(req.params.code, (err) => {
-		res.render('confirm', {
-			error: err ? err.message : '',
-			title: '[[pages:confirm]]',
-		});
+Controllers.confirmEmail = async (req, res, next) => {
+	try {
+		await user.email.confirmByCode(req.params.code, req.session.id);
+	} catch (e) {
+		if (e.message === '[[error:invalid-data]]') {
+			return next();
+		}
+
+		throw e;
+	}
+
+	res.render('confirm', {
+		title: '[[pages:confirm]]',
 	});
 };