# HG changeset patch
# User Goffi <goffi@goffi.org>
# Date 1573229222 -3600
# Node ID 15f90fd688b5aae7e9ee31392145e9c9d201dcf1
# Parent  011147d7a93126cc1e91e30bad8fb2544ada91d7
pages (login): catch ProfileUnknownError and show a C.PROFILE_AUTH_ERROR:

ProfileUnknownError where not catched, resulting in an internal error when an invalid
profile was entered. This patch fixes it by displaying a PROFILE_AUTH_ERROR, the same one
as for invalid password.

diff -r 011147d7a931 -r 15f90fd688b5 libervia/pages/login/page_meta.py
--- a/libervia/pages/login/page_meta.py	Fri Nov 08 10:52:25 2019 +0100
+++ b/libervia/pages/login/page_meta.py	Fri Nov 08 17:07:02 2019 +0100
@@ -68,9 +68,14 @@
         login, password = self.getPostedData(request, ("login", "password"))
         try:
             status = yield self.host.connect(request, login, password)
+        except exceptions.ProfileUnknownError:
+            # the profile doesn't exist, we return the same error as for invalid password
+            # to avoid bruteforcing valid profiles
+            log.warning(f"login tentative with invalid profile: {login!r}")
+            defer.returnValue(login_error(self, request, C.PROFILE_AUTH_ERROR))
         except ValueError as e:
-            if str(e) in (C.XMPP_AUTH_ERROR, C.PROFILE_AUTH_ERROR):
-                defer.returnValue(login_error(self, request, str(e)))
+            if e.message in (C.XMPP_AUTH_ERROR, C.PROFILE_AUTH_ERROR):
+                defer.returnValue(login_error(self, request, e.message))
             else:
                 # this error was not expected!
                 raise e