Also set login_failed in case of form errors

If we send a POST request to the login page which contained form errors (e.g. a too short password), the variable "login_failed" was not set to true. This condition was tested by the test suite however, so we should make sure that login_failed is set even if the form failed to validate. Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2013-01-21 16:27:19 +01:00 · 2013-01-21 16:27:19 +01:00 · 69b5623552
commit 69b5623552
parent a89df96132
1 changed files with 12 additions and 11 deletions
--- a/mediagoblin/auth/views.py
+++ b/mediagoblin/auth/views.py
@ -112,7 +112,8 @@ def login(request):

    login_failed = False

-    if request.method == 'POST' and login_form.validate():
+    if request.method == 'POST':
+        if login_form.validate():
            user = User.query.filter_by(username=login_form.data['username']).first()

            if user and user.check_login(request.form['password']):
@ -125,7 +126,7 @@ def login(request):
                else:
                    return redirect(request, "index")

-        else:
+            # Some failure during login occured if we are here!
            # Prevent detecting who's on this system by testing login
            # attempt timings
            auth_lib.fake_login_attempt()