diff --git a/tests/form_pages/test_all.py b/tests/form_pages/test_all.py
index 6fd2dda72..85af08825 100644
--- a/tests/form_pages/test_all.py
+++ b/tests/form_pages/test_all.py
@@ -2062,6 +2062,41 @@ def test_form_tracking_code_email(pub, emails, nocache):
assert resp.forms[1]['f0'].value == 'barfoo'
+def test_form_tracking_code_email_and_verification(pub, emails, nocache):
+ formdef = create_formdef()
+ formdef.fields = [
+ fields.StringField(id='0', label='string1', required=False),
+ fields.StringField(id='1', label='string2', required=False),
+ fields.DateField(id='2', label='date', required=False),
+ ]
+ formdef.enable_tracking_codes = True
+ formdef.tracking_code_verify_fields = ['0', '1', '2']
+ formdef.store()
+
+ app = get_app(pub)
+ resp = app.get('/test/')
+ resp.form['f0'] = 'barfoo'
+ # autosave will be made using javascript in real world
+ app.post('/test/autosave', params=resp.form.submit_fields())
+
+ tracking_code = get_displayed_tracking_code(resp)
+ assert tracking_code is not None
+
+ resp = app.get('/test/code/%s/' % tracking_code)
+ assert '
Keep your tracking code
' in resp.text
+ resp.forms[0]['email'] = 'foo@localhost'
+ resp = resp.forms[0].submit()
+ assert emails.get('Tracking Code reminder')
+ assert tracking_code in emails.get('Tracking Code reminder')['payload']
+ assert resp.location == 'http://example.net/test/code/%s/load' % tracking_code
+
+ # returns to the form, without verification: formdata is mine
+ resp = resp.follow()
+ resp = resp.follow()
+ resp = resp.follow()
+ assert resp.forms[1]['f0'].value == 'barfoo'
+
+
def test_form_tracking_code_email_antibot(pub, emails, nocache):
formdef = create_formdef()
formdef.data_class().wipe()
diff --git a/wcs/forms/root.py b/wcs/forms/root.py
index 0f817d9ae..cc1cabfdc 100644
--- a/wcs/forms/root.py
+++ b/wcs/forms/root.py
@@ -191,6 +191,9 @@ class TrackingCodeDirectory(Directory):
if get_request().is_from_bot():
raise errors.AccessForbiddenError()
+ if formdata.is_submitter(get_request().user):
+ return redirect(formdata.get_url())
+
verify_fields = []
for field in formdata.formdef.fields:
if field.id in (formdata.formdef.tracking_code_verify_fields or []):