Commit 216f38db authored by Valentin Samir's avatar Valentin Samir

Only check for valid username/password if username and password POST fields are posted.

parent 868a06ea
Pipeline #584 passed with stage
in 7 minutes and 31 seconds
......@@ -18,6 +18,9 @@ Fixed
* Really pick the last version on Pypi for new version checking.
We were only sorting version string lexicographically and it would have break when
we reach version 0.10.N or 0.N.10
* Only check for valid username/password if username and password POST fields are posted.
This fix a bug where posting without it raise a exception are None where passed for
username/password verification.
v0.7.2 - 2016-08-31
......
......@@ -122,13 +122,14 @@ class UserCredential(BaseLogin):
:rtype: dict
"""
cleaned_data = super(UserCredential, self).clean()
auth = utils.import_attr(settings.CAS_AUTH_CLASS)(cleaned_data.get("username"))
if auth.test_password(cleaned_data.get("password")):
cleaned_data["username"] = auth.username
else:
raise forms.ValidationError(
_(u"The credentials you provided cannot be determined to be authentic.")
)
if "username" in cleaned_data and "password" in cleaned_data:
auth = utils.import_attr(settings.CAS_AUTH_CLASS)(cleaned_data["username"])
if auth.test_password(cleaned_data["password"]):
cleaned_data["username"] = auth.username
else:
raise forms.ValidationError(
_(u"The credentials you provided cannot be determined to be authentic.")
)
return cleaned_data
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment