changeset 1227:15f90fd688b5

pages (login): catch ProfileUnknownError and show a C.PROFILE_AUTH_ERROR: ProfileUnknownError where not catched, resulting in an internal error when an invalid profile was entered. This patch fixes it by displaying a PROFILE_AUTH_ERROR, the same one as for invalid password.
author Goffi <goffi@goffi.org>
date Fri, 08 Nov 2019 17:07:02 +0100
parents 011147d7a931
children f3edbca73713
files libervia/pages/login/page_meta.py
diffstat 1 files changed, 7 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/libervia/pages/login/page_meta.py	Fri Nov 08 10:52:25 2019 +0100
+++ b/libervia/pages/login/page_meta.py	Fri Nov 08 17:07:02 2019 +0100
@@ -68,9 +68,14 @@
         login, password = self.getPostedData(request, ("login", "password"))
         try:
             status = yield self.host.connect(request, login, password)
+        except exceptions.ProfileUnknownError:
+            # the profile doesn't exist, we return the same error as for invalid password
+            # to avoid bruteforcing valid profiles
+            log.warning(f"login tentative with invalid profile: {login!r}")
+            defer.returnValue(login_error(self, request, C.PROFILE_AUTH_ERROR))
         except ValueError as e:
-            if str(e) in (C.XMPP_AUTH_ERROR, C.PROFILE_AUTH_ERROR):
-                defer.returnValue(login_error(self, request, str(e)))
+            if e.message in (C.XMPP_AUTH_ERROR, C.PROFILE_AUTH_ERROR):
+                defer.returnValue(login_error(self, request, e.message))
             else:
                 # this error was not expected!
                 raise e