From ff4e77bcc7995aeb3b8bc28b50f078798edc9634 Mon Sep 17 00:00:00 2001
From: Alex Ioannidis <a.ioannidis@cern.ch>
Date: Mon, 13 Nov 2023 09:36:08 +0100
Subject: [PATCH] tokens: fix expiration message flashing

---
 site/zenodo_rdm/legacy/tokens.py | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/site/zenodo_rdm/legacy/tokens.py b/site/zenodo_rdm/legacy/tokens.py
index c5ea0eb0..14b0070f 100644
--- a/site/zenodo_rdm/legacy/tokens.py
+++ b/site/zenodo_rdm/legacy/tokens.py
@@ -90,7 +90,7 @@ def __init__(self, expires_at=None, **kwargs):
             current_app.config["SECRET_KEY"],
             expires_in=int(dt.total_seconds()) if dt else None,
             salt="accessrequests-timedlink",
-            **kwargs
+            **kwargs,
         )
 
 
@@ -133,15 +133,26 @@ def load_token(cls, token, force=False):
 
 def verify_legacy_secret_link(identity):
     """Verify the legacy secret linlk token."""
-    token_arg = "token"
-    session_arg = "_legacy_secret_link_token"
-    token = request.args.get(token_arg, session.get(session_arg, None))
+    token = None
+    token_source = None
+    arg_key = "token"
+    session_key = "_legacy_secret_link_token"
+    arg_token = request.args.get(arg_key, None)
+    session_token = session.get(session_key, None)
+    if arg_token:
+        token = arg_token
+        token_source = "arg"
+    elif session_token:
+        token = session_token
+        token_source = "session"
 
     if token:
         try:
             data = SecretLinkFactory.load_token(token)
             if data:
                 identity.provides.add(LegacySecretLinkNeed(str(data["data"]["recid"])))
-                session[session_arg] = token
+                session[session_key] = token
         except SignatureExpired:
-            flash(_("Your shared link has expired."))
+            if token_source == "arg":
+                flash(_("Your shared link has expired."))
+            session.pop(session_key, None)