diff options
| author | ayleph <ayleph@thisshitistemp.com> | 2014-08-03 15:55:16 -0700 |
|---|---|---|
| committer | Christopher Allan Webber <cwebber@dustycloud.org> | 2014-10-30 11:34:23 -0500 |
| commit | a2b3c623fd53824ff84d9ac737636d30d0f52999 (patch) | |
| tree | 2e1416a9975de4827843c9f8aedcac2adf056fb0 | |
| parent | aa50cab0dcfcdc3606893b6cbded4227190f8980 (diff) | |
| download | mediagoblin-a2b3c623fd53824ff84d9ac737636d30d0f52999.tar.lz mediagoblin-a2b3c623fd53824ff84d9ac737636d30d0f52999.tar.xz mediagoblin-a2b3c623fd53824ff84d9ac737636d30d0f52999.zip | |
Pass validated username to check_login_simple
The login function in mediagoblin/auth/views.py grabs the username prior to
form validation. If validation passes, the pre-validated username is passed to
the check_login_simple function.
Lowercasifying of the username occurs as part of form validation. By sending
the pre-validated username, there's a chance of sending a username with
uppercase letters. This will fail to match any user ids in the database, as
all of the usernames are lowercased during the registration process.
This change sends the post-validated username to check_login_simple, so that
any username that was entered by the user with uppercase letters has a chance
to be properly lowercased before being passed.
| -rw-r--r-- | mediagoblin/auth/views.py | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py index a90db0ea..03a46f7b 100644 --- a/mediagoblin/auth/views.py +++ b/mediagoblin/auth/views.py @@ -86,10 +86,11 @@ def login(request): login_failed = False if request.method == 'POST': - username = login_form.username.data if login_form.validate(): - user = check_login_simple(username, login_form.password.data) + user = check_login_simple( + login_form.username.data, + login_form.password.data) if user: # set up login in session |