gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [taler-bank] 03/06: Add manual authentication before loggin

From: gnunet
Subject: [GNUnet-SVN] [taler-bank] 03/06: Add manual authentication before logging a user in. Just calling login() without authenticating the user before, returns 200 even for wrong login attempts.
Date: Mon, 29 May 2017 11:25:18 +0200 
This is an automated email from the git hooks/post-receive script.

marcello pushed a commit to branch master
in repository bank.

commit 40dbd51e22ec5127ea5eba60eebf1d42d0437810
Author: Marcello Stanisci <address@hidden>
AuthorDate: Tue May 23 22:14:37 2017 +0200

    Add manual authentication before logging a user in.
    Just calling login() without authenticating the user before,
    returns 200 even for wrong login attempts.
---
 talerbank/app/views.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/talerbank/app/views.py b/talerbank/app/views.py
index b0d8974..77decc8 100644
--- a/talerbank/app/views.py
+++ b/talerbank/app/views.py
@@ -64,6 +64,15 @@ def javascript_licensing(request):
 
 def login_view(request):
     just_logged_out = get_session_flag(request, "just_logged_out")
+    if "POST" == request.method:
+       login_form = MyAuthenticationForm(request.POST) 
+       if login_form.is_valid():
+           username = login_form.cleaned_data["username"]
+           password = login_form.cleaned_data["password"]
+           logger.info("u:%s, p:%s" % (username, password))
+       else:
+           logger.error("Bad form gotten in POST")
+           return HttpResponseBadRequest("Bad form POSTed")
     response = django.contrib.auth.views.login(
             request,
             authentication_form=MyAuthenticationForm,

-- 
To stop receiving notification emails like this one, please contact
address@hidden
reply via email to
[Prev in Thread] Current Thread [Next in Thread]