Changeset - 360f31856657
Parent rev.
Child rev.
[Not reviewed]
default
0 1 0
Marcin Kuzminski - 12 years ago 2013-09-01 20:34:57
marcin@python-works.com
backport fix

fixed password refill in login form when wrong password was given

It's better to not refill the passwords on wrong credentials given.
Standard behaviour on all pages are making the password blank
1 file changed with 1 insertions and 1 deletions:
rhodecode/controllers/login.py
1
1
0 comments (0 inline, 0 general)
rhodecode/controllers/login.py
Show inline comments
 
@@ -101,97 +101,97 @@ class LoginController(BaseController):
 
                    parsed = urlparse.urlparse(c.came_from)
 
                    server_parsed = urlparse.urlparse(url.current())
 
                    if parsed.scheme and parsed.scheme not in allowed_schemes:
 
                        log.error(
 
                            'Suspicious URL scheme detected %s for url %s' %
 
                            (parsed.scheme, parsed))
 
                        c.came_from = url('home')
 
                    elif server_parsed.netloc != parsed.netloc:
 
                        log.error('Suspicious NETLOC detected %s for url %s'
 
                                  'server url is: %s' %
 
                                  (parsed.netloc, parsed, server_parsed))
 
                        c.came_from = url('home')
 
                    raise HTTPFound(location=c.came_from, headers=headers)
 
                else:
 
                    raise HTTPFound(location=url('home'), headers=headers)
 

			




	
	
	
		
 
            except formencode.Invalid, errors:

			




	
	
	
		
 
                defaults = errors.value

			




	
	
	
		
 
                # remove password from filling in form again

			




	
	
	
		
 
                del defaults['password']

			




	
	
	
		
 
                return htmlfill.render(

			




	
	
	
		
 
                    render('/login.html'),

			




	
	
	
		
 
                    defaults=errors.value,

			




	
	
	
		
 
                    errors=errors.error_dict or {},

			




	
	
	
		
 
                    prefix_error=False,

			




	
	
	
		
 
                    encoding="UTF-8")

			




	
	
	
		
 
            except UserCreationError, e:

			




	
	
	
		
 
                # container auth or other auth functions that create users on

			




	
	
	
		
 
                # the fly can throw this exception signaling that there's issue

			




	
	
	
		
 
                # with user creation, explanation should be provided in

			




	
	
	
		
 
                # Exception itself

			




	
	
	
		
 
                h.flash(e, 'error')

			




	
	
	
		
 

			




	
	
	
		
 
        return render('/login.html')

			




	
	
	
		
 

			




	
	
	
		
 
    @HasPermissionAnyDecorator('hg.admin', 'hg.register.auto_activate',

			




	
	
	
		
 
                               'hg.register.manual_activate')

			




	
	
	
		
 
    def register(self):

			




	
	
	
		
 
        c.auto_active = 'hg.register.auto_activate' in User.get_default_user()\

			




	
	
	
		
 
            .AuthUser.permissions['global']

			




	
	
	
		
 

			




	
	
	
		
 
        if request.POST:

			




	
	
	
		
 
            register_form = RegisterForm()()

			




	
	
	
		
 
            try:

			




	
	
	
		
 
                form_result = register_form.to_python(dict(request.POST))

			




	
	
	
		
 
                form_result['active'] = c.auto_active

			




	
	
	
		
 
                UserModel().create_registration(form_result)

			




	
	
	
		
 
                h.flash(_('You have successfully registered into RhodeCode'),

			




	
	
	
		
 
                            category='success')

			




	
	
	
		
 
                        category='success')

			




	
	
	
		
 
                Session().commit()

			




	
	
	
		
 
                return redirect(url('login_home'))

			




	
	
	
		
 

			




	
	
	
		
 
            except formencode.Invalid, errors:

			




	
	
	
		
 
                return htmlfill.render(

			




	
	
	
		
 
                    render('/register.html'),

			




	
	
	
		
 
                    defaults=errors.value,

			




	
	
	
		
 
                    errors=errors.error_dict or {},

			




	
	
	
		
 
                    prefix_error=False,

			




	
	
	
		
 
                    encoding="UTF-8")

			




	
	
	
		
 
            except UserCreationError, e:

			




	
	
	
		
 
                # container auth or other auth functions that create users on

			




	
	
	
		
 
                # the fly can throw this exception signaling that there's issue

			




	
	
	
		
 
                # with user creation, explanation should be provided in

			




	
	
	
		
 
                # Exception itself

			




	
	
	
		
 
                h.flash(e, 'error')

			




	
	
	
		
 

			




	
	
	
		
 
        return render('/register.html')

			




	
	
	
		
 

			




	
	
	
		
 
    def password_reset(self):

			




	
	
	
		
 
        if request.POST:

			




	
	
	
		
 
            password_reset_form = PasswordResetForm()()

			




	
	
	
		
 
            try:

			




	
	
	
		
 
                form_result = password_reset_form.to_python(dict(request.POST))

			




	
	
	
		
 
                UserModel().reset_password_link(form_result)

			




	
	
	
		
 
                h.flash(_('Your password reset link was sent'),

			




	
	
	
		
 
                            category='success')

			




	
	
	
		
 
                return redirect(url('login_home'))

			




	
	
	
		
 

			




	
	
	
		
 
            except formencode.Invalid, errors:

			




	
	
	
		
 
                return htmlfill.render(

			




	
	
	
		
 
                    render('/password_reset.html'),

			




	
	
	
		
 
                    defaults=errors.value,

			




	
	
	
		
 
                    errors=errors.error_dict or {},

			




	
	
	
		
 
                    prefix_error=False,

			




	
	
	
		
 
                    encoding="UTF-8")

			




	
	
	
		
 

			




	
	
	
		
 
        return render('/password_reset.html')

			




	
	
	
		
 

			




	
	
	
		
 
    def password_reset_confirmation(self):

			




	
	
	
		
 
        if request.GET and request.GET.get('key'):

			




	
	
	
		
 
            try:

			




	
	
	
		
 
                user = User.get_by_api_key(request.GET.get('key'))

			




	
	
	
		
 
                data = dict(email=user.email)

			




	
	
	
		
 
                UserModel().reset_password(data)

			




	
	
	
		
 
                h.flash(_('Your password reset was successful, '

			




	
	
	
		
 
                          'new password has been sent to your email'),

			




	
	
	
		
 
                            category='success')

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.