piwigo: Return proper error for wrong user/password.

And fix tests.
This commit is contained in:
Elrond 2013-05-20 17:50:04 +02:00
parent 68910f6797
commit 4adc3a85dd
3 changed files with 10 additions and 8 deletions

View File

@ -84,6 +84,7 @@ def response_xml(result):
err = ET.SubElement(r, "err")
err.set("code", str(result.code))
err.set("msg", result.msg)
if result.code >= 100 and result.code < 600:
status = result.code
else:
_fill_element(r, result)

View File

@ -28,8 +28,8 @@ from mediagoblin.media_types import sniff_media
from mediagoblin.submit.lib import check_file_field, prepare_queue_task, \
run_process_media
from .tools import CmdTable, PwgNamedArray, response_xml, check_form, \
PWGSession
from .tools import CmdTable, response_xml, check_form, \
PWGSession, PwgNamedArray, PwgError
from .forms import AddSimpleForm, AddForm
@ -40,15 +40,14 @@ _log = logging.getLogger(__name__)
def pwg_login(request):
username = request.form.get("username")
password = request.form.get("password")
_log.debug("Login for %r/%r...", username, password)
user = request.db.User.query.filter_by(username=username).first()
if not user:
_log.info("User %r not found", username)
fake_login_attempt()
return False
return PwgError(999, 'Invalid username/password')
if not user.check_login(password):
_log.warn("Wrong password for %r", username)
return False
return PwgError(999, 'Invalid username/password')
_log.info("Logging %r in", username)
request.session["user_id"] = user.id
request.session.save()

View File

@ -44,11 +44,13 @@ class Test_PWG(object):
def test_session(self):
resp = self.do_post("pwg.session.login",
{"username": u"nouser", "password": "wrong"})
assert resp.body == XML_PREFIX + '<rsp stat="ok">0</rsp>'
assert resp.body == XML_PREFIX \
+ '<rsp stat="fail"><err code="999" msg="Invalid username/password"/></rsp>'
resp = self.do_post("pwg.session.login",
{"username": self.username, "password": "wrong"})
assert resp.body == XML_PREFIX + '<rsp stat="ok">0</rsp>'
assert resp.body == XML_PREFIX \
+ '<rsp stat="fail"><err code="999" msg="Invalid username/password"/></rsp>'
resp = self.do_get("pwg.session.getStatus")
assert resp.body == XML_PREFIX \