Only check for valid username/password if username and password POST fields are posted.

CHANGELOG.rst

@@ -18,6 +18,9 @@ Fixed
 * Really pick the last version on Pypi for new version checking.
   We were only sorting version string lexicographically and it would have break when
   we reach version 0.10.N or 0.N.10
+* Only check for valid username/password if username and password POST fields are posted.
+  This fix a bug where posting without it raise a exception are None where passed for
+  username/password verification.
 
 
 v0.7.2 - 2016-08-31

cas_server/forms.py

@@ -122,13 +122,14 @@ class UserCredential(BaseLogin):
             :rtype: dict
         """
         cleaned_data = super(UserCredential, self).clean()
-        auth = utils.import_attr(settings.CAS_AUTH_CLASS)(cleaned_data.get("username"))
-        if auth.test_password(cleaned_data.get("password")):
-            cleaned_data["username"] = auth.username
-        else:
-            raise forms.ValidationError(
-                _(u"The credentials you provided cannot be determined to be authentic.")
-            )
+        if "username" in cleaned_data and "password" in cleaned_data:
+            auth = utils.import_attr(settings.CAS_AUTH_CLASS)(cleaned_data["username"])
+            if auth.test_password(cleaned_data["password"]):
+                cleaned_data["username"] = auth.username
+            else:
+                raise forms.ValidationError(
+                    _(u"The credentials you provided cannot be determined to be authentic.")
+                )
         return cleaned_data