mirror of
https://github.com/bookwyrm-social/bookwyrm.git
synced 2024-12-24 00:50:35 +00:00
Don't error out on invalid login POST
Thanks, log4j exploit scanners, for catching this one
This commit is contained in:
parent
638ea166be
commit
14601a0c31
1 changed files with 3 additions and 2 deletions
|
@ -39,7 +39,8 @@ class Login(View):
|
||||||
return redirect("/")
|
return redirect("/")
|
||||||
login_form = forms.LoginForm(request.POST)
|
login_form = forms.LoginForm(request.POST)
|
||||||
|
|
||||||
localname = login_form.data["localname"]
|
localname = login_form.data.get("localname")
|
||||||
|
|
||||||
if "@" in localname: # looks like an email address to me
|
if "@" in localname: # looks like an email address to me
|
||||||
try:
|
try:
|
||||||
username = models.User.objects.get(email=localname).username
|
username = models.User.objects.get(email=localname).username
|
||||||
|
@ -47,7 +48,7 @@ class Login(View):
|
||||||
username = localname
|
username = localname
|
||||||
else:
|
else:
|
||||||
username = f"{localname}@{DOMAIN}"
|
username = f"{localname}@{DOMAIN}"
|
||||||
password = login_form.data["password"]
|
password = login_form.data.get("password")
|
||||||
|
|
||||||
# perform authentication
|
# perform authentication
|
||||||
user = authenticate(request, username=username, password=password)
|
user = authenticate(request, username=username, password=password)
|
||||||
|
|
Loading…
Reference in a new issue