Changeset - 78bba376a508
Parent rev.
Child rev.
[Not reviewed]
default
0 1 0
Mads Kiilerich - 10 years ago 2016-05-02 23:45:26
madski@unity3d.com
login: don't crash on login POSTs without password
1 file changed with 1 insertions and 1 deletions:
kallithea/controllers/login.py
1
1
0 comments (0 inline, 0 general)
kallithea/controllers/login.py
Show inline comments
 
@@ -74,49 +74,49 @@ class LoginController(BaseController):
 
        if c.came_from:
 
            if not self._validate_came_from(c.came_from):
 
                log.error('Invalid came_from (not server-relative): %r', c.came_from)
 
                raise HTTPBadRequest()
 
        else:
 
            c.came_from = url('home')
 

			




	
	
	
		
 
        ip_allowed = AuthUser.check_ip_allowed(self.authuser, self.ip_addr)

			




	
	
	
		
 

			




	
	
	
		
 
        # redirect if already logged in

			




	
	
	
		
 
        if self.authuser.is_authenticated and ip_allowed:

			




	
	
	
		
 
            raise HTTPFound(location=c.came_from)

			




	
	
	
		
 

			




	
	
	
		
 
        if request.POST:

			




	
	
	
		
 
            # import Login Form validator class

			




	
	
	
		
 
            login_form = LoginForm()

			




	
	
	
		
 
            try:

			




	
	
	
		
 
                c.form_result = login_form.to_python(dict(request.POST))

			




	
	
	
		
 
                # form checks for username/password, now we're authenticated

			




	
	
	
		
 
                username = c.form_result['username']

			




	
	
	
		
 
                user = User.get_by_username_or_email(username, case_insensitive=True)

			




	
	
	
		
 
            except formencode.Invalid as errors:

			




	
	
	
		
 
                defaults = errors.value

			




	
	
	
		
 
                # remove password from filling in form again

			




	
	
	
		
 
                del defaults['password']

			




	
	
	
		
 
                defaults.pop('password', None)

			




	
	
	
		
 
                return htmlfill.render(

			




	
	
	
		
 
                    render('/login.html'),

			




	
	
	
		
 
                    defaults=errors.value,

			




	
	
	
		
 
                    errors=errors.error_dict or {},

			




	
	
	
		
 
                    prefix_error=False,

			




	
	
	
		
 
                    encoding="UTF-8",

			




	
	
	
		
 
                    force_defaults=False)

			




	
	
	
		
 
            except UserCreationError as e:

			




	
	
	
		
 
                # container auth or other auth functions that create users on

			




	
	
	
		
 
                # the fly can throw this exception signaling that there's issue

			




	
	
	
		
 
                # with user creation, explanation should be provided in

			




	
	
	
		
 
                # Exception itself

			




	
	
	
		
 
                h.flash(e, 'error')

			




	
	
	
		
 
            else:

			




	
	
	
		
 
                log_in_user(user, c.form_result['remember'],

			




	
	
	
		
 
                    is_external_auth=False)

			




	
	
	
		
 
                raise HTTPFound(location=c.came_from)

			




	
	
	
		
 

			




	
	
	
		
 
        return render('/login.html')

			




	
	
	
		
 

			




	
	
	
		
 
    @HasPermissionAnyDecorator('hg.admin', 'hg.register.auto_activate',

			




	
	
	
		
 
                               'hg.register.manual_activate')

			




	
	
	
		
 
    def register(self):

			




	
	
	
		
 
        c.auto_active = 'hg.register.auto_activate' in User.get_default_user() \

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.