kallithea Changeset - b59568e929ef

Changeset - b59568e929ef

Parent rev.

Child rev.

[Not reviewed]

default

0 1 0

Marcin Kuzminski - 12 years ago 2013-07-22 16:01:07
marcin@python-works.com

fixed password refill in login form when wrong password was given

It's better to not refill the passwords on wrong credentials given.
Standard behaviour on all pages are making the password blank

1 file changed with 3 insertions and 0 deletions:

rhodecode/controllers/login.py

0 comments (0 inline, 0 general)

rhodecode/controllers/login.py

➞

Show inline comments

@@ @@ -94,48 +94,51 @@ class LoginController(BaseController): @@
                 headers = None
                 if session.request['set_cookie']:
                     # send set-cookie headers back to response to update cookie
                     headers = [('Set-Cookie', session.request['cookie_out'])]
                 allowed_schemes = ['http', 'https']
                 if c.came_from:
                     parsed = urlparse.urlparse(c.came_from)
                     server_parsed = urlparse.urlparse(url.current())
                     if parsed.scheme and parsed.scheme not in allowed_schemes:
                         log.error(
                             'Suspicious URL scheme detected %s for url %s' %
                             (parsed.scheme, parsed))
                         c.came_from = url('home')
                     elif server_parsed.netloc != parsed.netloc:
                         log.error('Suspicious NETLOC detected %s for url %s'
                                   'server url is: %s' %
                                   (parsed.netloc, parsed, server_parsed))
                         c.came_from = url('home')
                     raise HTTPFound(location=c.came_from, headers=headers)
                 else:
                     raise HTTPFound(location=url('home'), headers=headers)
             except formencode.Invalid, errors:
                 defaults = errors.value
                 # remove password from filling in form again
                 del defaults['password']
                 return htmlfill.render(
                     render('/login.html'),
                     defaults=errors.value,
                     errors=errors.error_dict or {},
                     prefix_error=False,
                     encoding="UTF-8")
             except UserCreationError, e:
                 # container auth or other auth functions that create users on
                 # the fly can throw this exception signaling that there's issue
                 # with user creation, explanation should be provided in
                 # Exception itself
                 h.flash(e, 'error')
         return render('/login.html')
     @HasPermissionAnyDecorator('hg.admin', 'hg.register.auto_activate',
                                'hg.register.manual_activate')
     def register(self):
         c.auto_active = 'hg.register.auto_activate' in User.get_default_user()\
             .AuthUser.permissions['global']
         if request.POST:
             register_form = RegisterForm()()
             try:

0 comments (0 inline, 0 general)