handle 2fa user exception properly

2024-06-16 20:20:44 +00:00 · 2022-10-15 07:35:43 +11:00 · 2022-10-15 07:35:43 +11:00 · 3d95916b55
parent 32e4f7718e
commit 3d95916b55
1 changed files with 3 additions and 2 deletions
--- a/bookwyrm/views/preferences/two_factor_auth.py
+++ b/bookwyrm/views/preferences/two_factor_auth.py
@ -6,6 +6,7 @@ import qrcode.image.svg

 from django.contrib.auth import login
 from django.contrib.auth.decorators import login_required
+from django.core.exceptions import ObjectDoesNotExist
 from django.http import HttpResponseBadRequest
 from django.template.response import TemplateResponse
 from django.shortcuts import redirect
@ -109,8 +110,8 @@ class LoginWith2FA(View):
    def post(self, request):
        """Check 2FA code and allow/disallow login"""
        try:
-            user = models.User.objects.get(username=request.session["2fa_user"])
-        except Exception:
+            user = models.User.objects.get(username=request.session.get("2fa_user"))
+        except ObjectDoesNotExist:
            request.session["2fa_auth_time"] = 0
            return HttpResponseBadRequest("Invalid user")