rafaelcaricio/moviewyrm
1
0
Fork 0
forked from mirrors/bookwyrm
Code Issues 4 Pull requests Projects Releases Wiki Activity

Don't error out on invalid login POST

Browse source 
Thanks, log4j exploit scanners, for catching this one
This commit is contained in:
Mouse Reeve 2021-12-28 14:50:28 -08:00
parent 638ea166be
commit 14601a0c31
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
bookwyrm/views/landing/login.py
View file

@ -39,7 +39,8 @@ class Login(View):
return redirect("/") return redirect("/")
login_form = forms.LoginForm(request.POST) login_form = forms.LoginForm(request.POST)
localname = login_form.data["localname"] localname = login_form.data.get("localname")
if "@" in localname: # looks like an email address to me if "@" in localname: # looks like an email address to me
try: try:
username = models.User.objects.get(email=localname).username username = models.User.objects.get(email=localname).username
@ -47,7 +48,7 @@ class Login(View):
username = localname username = localname
else: else:
username = f"{localname}@{DOMAIN}" username = f"{localname}@{DOMAIN}"
password = login_form.data["password"] password = login_form.data.get("password")
# perform authentication # perform authentication
user = authenticate(request, username=username, password=password) user = authenticate(request, username=username, password=password)