kallithea Changeset - 8f8ee972820f

Changeset - 8f8ee972820f

Parent rev.

Child rev.

[Not reviewed]

default

0 1 0

Mads Kiilerich - 7 years ago 2018-12-29 16:16:36
mads@kiilerich.com

auth: don't ignore login POSTs if already logged in

This is probably only rarely a big deal, but ignoring an explicit command seems
wrong.

This makes it possible to easily re-authenticate - we will need this ...

1 file changed with 4 insertions and 4 deletions:

kallithea/controllers/login.py

0 comments (0 inline, 0 general)

kallithea/controllers/login.py

➞

Show inline comments

@@ @@ -73,16 +73,12 @@ class LoginController(BaseController): @@
             if not self._validate_came_from(c.came_from):
                 log.error('Invalid came_from (not server-relative): %r', c.came_from)
                 raise HTTPBadRequest()
         else:
             c.came_from = url('home')
         # redirect if already logged in
         if request.authuser.is_authenticated:
             raise HTTPFound(location=c.came_from)
         if request.POST:
             # import Login Form validator class
             login_form = LoginForm()()
             try:
                 c.form_result = login_form.to_python(dict(request.POST))
                 # form checks for username/password, now we're authenticated
@@ @@ -106,12 +102,16 @@ class LoginController(BaseController): @@
                 # Exception itself
                 h.flash(e, 'error')
             else:
                 log_in_user(user, c.form_result['remember'],
                     is_external_auth=False)
                 raise HTTPFound(location=c.came_from)
         else:
             # redirect if already logged in
             if request.authuser.is_authenticated:
                 raise HTTPFound(location=c.came_from)
         return render('/login.html')
     @HasPermissionAnyDecorator('hg.admin', 'hg.register.auto_activate',
                                'hg.register.manual_activate')
     def register(self):

0 comments (0 inline, 0 general)