From acb16f08b8367c420814143b7116b9b1080a596f Mon Sep 17 00:00:00 2001
From: fhs52267 <sgruber.aitb-m2024@fh-salzburg.ac.at>
Date: Thu, 2 Apr 2026 22:25:42 +0200
Subject: [PATCH] Fix confirmation token handling

---
 src/backend/app/main.py  | 39 ++++++++++++++++++++++++++++++++++++++-
 src/frontend/src/App.tsx |  2 ++
 2 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/src/backend/app/main.py b/src/backend/app/main.py
index 4423571..3f2ae06 100644
--- a/src/backend/app/main.py
+++ b/src/backend/app/main.py
@@ -403,10 +403,47 @@ def confirm_account_action(token: str) -> dict[str, Any]:
         raise HTTPException(status_code=422, detail="Token is required")
 
     with get_connection() as conn:
-        confirmation = consume_confirmation_token(conn, token.strip())
+        normalized_token = token.strip()
+
+        try:
+            confirmation = consume_confirmation_token(conn, normalized_token)
+            already_consumed = False
+        except HTTPException as exc:
+            if exc.status_code != 409 or str(exc.detail) != "Confirmation token already used":
+                raise
+
+            confirmation = conn.execute(
+                """
+                SELECT token, user_id, action, process_id, email, new_email, new_user_id, created_at, expires_at, consumed_at
+                FROM account_confirmation_tokens
+                WHERE token = ?
+                """,
+                (normalized_token,),
+            ).fetchone()
+
+            if not confirmation:
+                raise HTTPException(status_code=404, detail="Confirmation token not found")
+
+            already_consumed = True
+
         action = str(confirmation["action"])
         confirmed_user_id = str(confirmation["user_id"])
 
+        if already_consumed:
+            if action == "user_id_change_confirm":
+                migrated_user_id = str(confirmation["new_user_id"] or "").strip() or confirmed_user_id
+                return {
+                    "status": "already_confirmed",
+                    "action": action,
+                    "user_id": migrated_user_id,
+                }
+
+            return {
+                "status": "already_confirmed",
+                "action": action,
+                "user_id": confirmed_user_id,
+            }
+
         if action == "register_confirm":
             conn.execute(
                 "UPDATE user_profiles SET email_confirmed = 1, updated_at = ? WHERE user_id = ?",
diff --git a/src/frontend/src/App.tsx b/src/frontend/src/App.tsx
index a186b5a..5405155 100644
--- a/src/frontend/src/App.tsx
+++ b/src/frontend/src/App.tsx
@@ -416,6 +416,7 @@ export default function App() {
       message.success("Registration email sent. Open the link in your inbox to finish setup.");
     } catch (error: any) {
       message.error(error?.message || "Could not create account.");
+      throw error;
     }
   };
 
@@ -430,6 +431,7 @@ export default function App() {
       message.success("Migration email sent. Open the link in your inbox to complete migration.");
     } catch (error: any) {
       message.error(error?.message || "Could not migrate account.");
+      throw error;
     }
   };