Mercurial > kallithea
changeset 8302:5b147d0f8927
auth: show a clear "Authentication failed" message if login fails after passing form validation
log_in_user will only set a session cookie after verifying that the user is
valid (for example based on IP). The code is thus safe, but no hint were given
to the user if login failed for that reason.
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Thu, 26 Mar 2020 17:48:16 +0100 |
parents | afe30226491e |
children | 2cb54d157d62 |
files | kallithea/controllers/login.py |
diffstat | 1 files changed, 3 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/controllers/login.py Tue Mar 24 11:24:05 2020 +0100 +++ b/kallithea/controllers/login.py Thu Mar 26 17:48:16 2020 +0100 @@ -103,8 +103,9 @@ h.flash(e, 'error') else: auth_user = log_in_user(user, c.form_result['remember'], is_external_auth=False, ip_addr=request.ip_addr) - # TODO: handle auth_user is None as failed authentication? - raise HTTPFound(location=c.came_from) + if auth_user: + raise HTTPFound(location=c.came_from) + h.flash(_('Authentication failed.'), 'error') else: # redirect if already logged in if not request.authuser.is_anonymous: