Also set login_failed in case of form errors

If we send a POST request to the login page which contained form errors
(e.g. a too short password), the variable "login_failed" was not set to
true. This condition was tested by the test suite however, so we should
make sure that login_failed is set even if the form failed to validate.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>

1 files changed, 12 insertions, 11 deletions

diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py
index 8c2a95ed..d8ad7b51 100644
--- a/mediagoblin/auth/views.py
+++ b/mediagoblin/auth/views.py
@@ -112,20 +112,21 @@ def login(request):
 
     login_failed = False
 
-    if request.method == 'POST' and login_form.validate():
-        user = User.query.filter_by(username=login_form.data['username']).first()
+    if request.method == 'POST':
+        if login_form.validate():
+            user = User.query.filter_by(username=login_form.data['username']).first()
 
-        if user and user.check_login(request.form['password']):
-            # set up login in session
-            request.session['user_id'] = unicode(user.id)
-            request.session.save()
+            if user and user.check_login(request.form['password']):
+                # set up login in session
+                request.session['user_id'] = unicode(user.id)
+                request.session.save()
 
-            if request.form.get('next'):
-                return redirect(request, location=request.form['next'])
-            else:
-                return redirect(request, "index")
+                if request.form.get('next'):
+                    return redirect(request, location=request.form['next'])
+                else:
+                    return redirect(request, "index")
 
-        else:
+            # Some failure during login occured if we are here!
             # Prevent detecting who's on this system by testing login
             # attempt timings
             auth_lib.fake_login_attempt()