Changeset - 5b147d0f8927
Parent rev.
Child rev.
[Not reviewed]
default
0 1 0
Mads Kiilerich - 6 years ago 2020-03-26 17:48:16
mads@kiilerich.com
auth: show a clear "Authentication failed" message if login fails after passing form validation

log_in_user will only set a session cookie after verifying that the user is
valid (for example based on IP). The code is thus safe, but no hint were given
to the user if login failed for that reason.
1 file changed with 3 insertions and 2 deletions:
kallithea/controllers/login.py
3
2
0 comments (0 inline, 0 general)
kallithea/controllers/login.py
Show inline comments
 
@@ -103,8 +103,9 @@ class LoginController(BaseController):
 
                h.flash(e, 'error')
 
            else:
 
                auth_user = log_in_user(user, c.form_result['remember'], is_external_auth=False, ip_addr=request.ip_addr)
 
                # TODO: handle auth_user is None as failed authentication?
 
                raise HTTPFound(location=c.came_from)
 
                if auth_user:
 
                    raise HTTPFound(location=c.came_from)
 
                h.flash(_('Authentication failed.'), 'error')
 
        else:
 
            # redirect if already logged in
 
            if not request.authuser.is_anonymous:
0 comments (0 inline, 0 general)
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.