Mercurial > libervia-web
comparison libervia/pages/login/page_meta.py @ 1227:15f90fd688b5
pages (login): catch ProfileUnknownError and show a C.PROFILE_AUTH_ERROR:
ProfileUnknownError where not catched, resulting in an internal error when an invalid
profile was entered. This patch fixes it by displaying a PROFILE_AUTH_ERROR, the same one
as for invalid password.
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Fri, 08 Nov 2019 17:07:02 +0100 |
| parents | b2d067339de3 |
| children | f511f8fbbf8a |
comparison
equal
deleted
inserted
replaced
| 1226:011147d7a931 | 1227:15f90fd688b5 |
|---|---|
| 66 defer.returnValue(C.POST_NO_CONFIRM) | 66 defer.returnValue(C.POST_NO_CONFIRM) |
| 67 elif type_ == "login": | 67 elif type_ == "login": |
| 68 login, password = self.getPostedData(request, ("login", "password")) | 68 login, password = self.getPostedData(request, ("login", "password")) |
| 69 try: | 69 try: |
| 70 status = yield self.host.connect(request, login, password) | 70 status = yield self.host.connect(request, login, password) |
| 71 except exceptions.ProfileUnknownError: | |
| 72 # the profile doesn't exist, we return the same error as for invalid password | |
| 73 # to avoid bruteforcing valid profiles | |
| 74 log.warning(f"login tentative with invalid profile: {login!r}") | |
| 75 defer.returnValue(login_error(self, request, C.PROFILE_AUTH_ERROR)) | |
| 71 except ValueError as e: | 76 except ValueError as e: |
| 72 if str(e) in (C.XMPP_AUTH_ERROR, C.PROFILE_AUTH_ERROR): | 77 if e.message in (C.XMPP_AUTH_ERROR, C.PROFILE_AUTH_ERROR): |
| 73 defer.returnValue(login_error(self, request, str(e))) | 78 defer.returnValue(login_error(self, request, e.message)) |
| 74 else: | 79 else: |
| 75 # this error was not expected! | 80 # this error was not expected! |
| 76 raise e | 81 raise e |
| 77 except exceptions.TimeOutError: | 82 except exceptions.TimeOutError: |
| 78 defer.returnValue(login_error(self, request, C.NO_REPLY)) | 83 defer.returnValue(login_error(self, request, C.NO_REPLY)) |