Mercurial > libervia-web
changeset 1227:15f90fd688b5
pages (login): catch ProfileUnknownError and show a C.PROFILE_AUTH_ERROR:
ProfileUnknownError where not catched, resulting in an internal error when an invalid
profile was entered. This patch fixes it by displaying a PROFILE_AUTH_ERROR, the same one
as for invalid password.
author | Goffi <goffi@goffi.org> |
---|---|
date | Fri, 08 Nov 2019 17:07:02 +0100 |
parents | 011147d7a931 |
children | f3edbca73713 |
files | libervia/pages/login/page_meta.py |
diffstat | 1 files changed, 7 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/libervia/pages/login/page_meta.py Fri Nov 08 10:52:25 2019 +0100 +++ b/libervia/pages/login/page_meta.py Fri Nov 08 17:07:02 2019 +0100 @@ -68,9 +68,14 @@ login, password = self.getPostedData(request, ("login", "password")) try: status = yield self.host.connect(request, login, password) + except exceptions.ProfileUnknownError: + # the profile doesn't exist, we return the same error as for invalid password + # to avoid bruteforcing valid profiles + log.warning(f"login tentative with invalid profile: {login!r}") + defer.returnValue(login_error(self, request, C.PROFILE_AUTH_ERROR)) except ValueError as e: - if str(e) in (C.XMPP_AUTH_ERROR, C.PROFILE_AUTH_ERROR): - defer.returnValue(login_error(self, request, str(e))) + if e.message in (C.XMPP_AUTH_ERROR, C.PROFILE_AUTH_ERROR): + defer.returnValue(login_error(self, request, e.message)) else: # this error was not expected! raise e