Also set login_failed in case of form errors

If we send a POST request to the login page which contained form errors
(e.g. a too short password), the variable "login_failed" was not set to
true. This condition was tested by the test suite however, so we should
make sure that login_failed is set even if the form failed to validate.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>

mediagoblin/auth/views.py

@@ -112,20 +112,21 @@ def login(request):
 
     login_failed = False
 
-    if request.method == 'POST' and login_form.validate():
+    if request.method == 'POST':
-        user = User.query.filter_by(username=login_form.data['username']).first()
+        if login_form.validate():
+            user = User.query.filter_by(username=login_form.data['username']).first()
 
-        if user and user.check_login(request.form['password']):
+            if user and user.check_login(request.form['password']):
-            # set up login in session
+                # set up login in session
-            request.session['user_id'] = unicode(user.id)
+                request.session['user_id'] = unicode(user.id)
-            request.session.save()
+                request.session.save()
 
-            if request.form.get('next'):
+                if request.form.get('next'):
-                return redirect(request, location=request.form['next'])
+                    return redirect(request, location=request.form['next'])
-            else:
+                else:
-                return redirect(request, "index")
+                    return redirect(request, "index")
 
-        else:
+            # Some failure during login occured if we are here!
             # Prevent detecting who's on this system by testing login
             # attempt timings
             auth_lib.fake_login_attempt()