1 files changed, 24 insertions, 2 deletions

diff --git a/apps/provisioning_api/lib/Controller/VerificationController.php b/apps/provisioning_api/lib/Controller/VerificationController.php
index b248d3e8285..c4ddd1e644d 100644
--- a/apps/provisioning_api/lib/Controller/VerificationController.php
+++ b/apps/provisioning_api/lib/Controller/VerificationController.php
@@ -74,6 +74,27 @@ class VerificationController extends Controller {
 
 	/**
 	 * @NoCSRFRequired
+	 * @NoAdminRequired
+	 * @NoSubAdminRequired
+	 */
+	public function showVerifyMail(string $token, string $userId, string $key) {
+		if ($this->userSession->getUser()->getUID() !== $userId) {
+			// not a public page, hence getUser() must return an IUser
+			throw new InvalidArgumentException('Logged in user is not mail address owner');
+		}
+		$email = $this->crypto->decrypt($key);
+
+		return new TemplateResponse(
+			'core', 'confirmation', [
+				'title' => $this->l10n->t('Email confirmation'),
+				'message' => $this->l10n->t('To enable the email address %s please click the button below.', [$email]),
+				'action' => $this->l10n->t('Confirm'),
+			], TemplateResponse::RENDER_AS_GUEST);
+	}
+
+	/**
+	 * @NoAdminRequired
+	 * @NoSubAdminRequired
 	 */
 	public function verifyMail(string $token, string $userId, string $key) {
 		try {
@@ -95,6 +116,7 @@ class VerificationController extends Controller {
 			}
 			$emailProperty->setLocallyVerified(IAccountManager::VERIFIED);
 			$this->accountManager->updateAccount($userAccount);
+			$this->verificationToken->delete($token, $user, 'verifyMail' . $ref);
 		} catch (InvalidTokenException $e) {
 			$error = $e->getCode() === InvalidTokenException::TOKEN_EXPIRED
 				? $this->l10n->t('Could not verify mail because the token is expired.')
@@ -109,13 +131,13 @@ class VerificationController extends Controller {
 			return new TemplateResponse(
 				'core', 'error', [
 					'errors' => [['error' => $error]]
-				], 'guest');
+				], TemplateResponse::RENDER_AS_GUEST);
 		}
 
 		return new TemplateResponse(
 			'core', 'success', [
 				'title' => $this->l10n->t('Email confirmation successful'),
 				'message' => $this->l10n->t('Email confirmation successful'),
-			], 'guest');
+			], TemplateResponse::RENDER_AS_GUEST);
 	}
 }