From 69b5623552a86a7cad92571e937384836cf6165c Mon Sep 17 00:00:00 2001 From: Sebastian Spaeth Date: Mon, 21 Jan 2013 16:27:19 +0100 Subject: [PATCH] Also set login_failed in case of form errors If we send a POST request to the login page which contained form errors (e.g. a too short password), the variable "login_failed" was not set to true. This condition was tested by the test suite however, so we should make sure that login_failed is set even if the form failed to validate. Signed-off-by: Sebastian Spaeth --- mediagoblin/auth/views.py | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py index 8c2a95ed..d8ad7b51 100644 --- a/mediagoblin/auth/views.py +++ b/mediagoblin/auth/views.py @@ -112,20 +112,21 @@ def login(request): login_failed = False - if request.method == 'POST' and login_form.validate(): - user = User.query.filter_by(username=login_form.data['username']).first() + if request.method == 'POST': + if login_form.validate(): + user = User.query.filter_by(username=login_form.data['username']).first() - if user and user.check_login(request.form['password']): - # set up login in session - request.session['user_id'] = unicode(user.id) - request.session.save() + if user and user.check_login(request.form['password']): + # set up login in session + request.session['user_id'] = unicode(user.id) + request.session.save() - if request.form.get('next'): - return redirect(request, location=request.form['next']) - else: - return redirect(request, "index") + if request.form.get('next'): + return redirect(request, location=request.form['next']) + else: + return redirect(request, "index") - else: + # Some failure during login occured if we are here! # Prevent detecting who's on this system by testing login # attempt timings auth_lib.fake_login_attempt()