piwigo: Return proper error for wrong user/password.
And fix tests.
This commit is contained in:
parent
68910f6797
commit
4adc3a85dd
@ -84,6 +84,7 @@ def response_xml(result):
|
||||
err = ET.SubElement(r, "err")
|
||||
err.set("code", str(result.code))
|
||||
err.set("msg", result.msg)
|
||||
if result.code >= 100 and result.code < 600:
|
||||
status = result.code
|
||||
else:
|
||||
_fill_element(r, result)
|
||||
|
@ -28,8 +28,8 @@ from mediagoblin.media_types import sniff_media
|
||||
from mediagoblin.submit.lib import check_file_field, prepare_queue_task, \
|
||||
run_process_media
|
||||
|
||||
from .tools import CmdTable, PwgNamedArray, response_xml, check_form, \
|
||||
PWGSession
|
||||
from .tools import CmdTable, response_xml, check_form, \
|
||||
PWGSession, PwgNamedArray, PwgError
|
||||
from .forms import AddSimpleForm, AddForm
|
||||
|
||||
|
||||
@ -40,15 +40,14 @@ _log = logging.getLogger(__name__)
|
||||
def pwg_login(request):
|
||||
username = request.form.get("username")
|
||||
password = request.form.get("password")
|
||||
_log.debug("Login for %r/%r...", username, password)
|
||||
user = request.db.User.query.filter_by(username=username).first()
|
||||
if not user:
|
||||
_log.info("User %r not found", username)
|
||||
fake_login_attempt()
|
||||
return False
|
||||
return PwgError(999, 'Invalid username/password')
|
||||
if not user.check_login(password):
|
||||
_log.warn("Wrong password for %r", username)
|
||||
return False
|
||||
return PwgError(999, 'Invalid username/password')
|
||||
_log.info("Logging %r in", username)
|
||||
request.session["user_id"] = user.id
|
||||
request.session.save()
|
||||
|
@ -44,11 +44,13 @@ class Test_PWG(object):
|
||||
def test_session(self):
|
||||
resp = self.do_post("pwg.session.login",
|
||||
{"username": u"nouser", "password": "wrong"})
|
||||
assert resp.body == XML_PREFIX + '<rsp stat="ok">0</rsp>'
|
||||
assert resp.body == XML_PREFIX \
|
||||
+ '<rsp stat="fail"><err code="999" msg="Invalid username/password"/></rsp>'
|
||||
|
||||
resp = self.do_post("pwg.session.login",
|
||||
{"username": self.username, "password": "wrong"})
|
||||
assert resp.body == XML_PREFIX + '<rsp stat="ok">0</rsp>'
|
||||
assert resp.body == XML_PREFIX \
|
||||
+ '<rsp stat="fail"><err code="999" msg="Invalid username/password"/></rsp>'
|
||||
|
||||
resp = self.do_get("pwg.session.getStatus")
|
||||
assert resp.body == XML_PREFIX \
|
||||
|
Loading…
x
Reference in New Issue
Block a user