kumi/django-cas-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Only check for valid username/password if username and password POST fields are posted.

Browse source
This commit is contained in:
Valentin Samir 2016-09-07 17:13:42 +02:00
parent 868a06ea3f
commit 216f38db14
2 changed files with 11 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
CHANGELOG.rst
View file

@ -18,6 +18,9 @@ Fixed
* Really pick the last version on Pypi for new version checking. * Really pick the last version on Pypi for new version checking.
We were only sorting version string lexicographically and it would have break when We were only sorting version string lexicographically and it would have break when
we reach version 0.10.N or 0.N.10 we reach version 0.10.N or 0.N.10
* Only check for valid username/password if username and password POST fields are posted.
This fix a bug where posting without it raise a exception are None where passed for
username/password verification.
v0.7.2 - 2016-08-31 v0.7.2 - 2016-08-31

15
cas_server/forms.py
View file

@ -122,13 +122,14 @@ class UserCredential(BaseLogin):
:rtype: dict :rtype: dict
""" """
cleaned_data = super(UserCredential, self).clean() cleaned_data = super(UserCredential, self).clean()
auth = utils.import_attr(settings.CAS_AUTH_CLASS)(cleaned_data.get("username")) if "username" in cleaned_data and "password" in cleaned_data:
if auth.test_password(cleaned_data.get("password")): auth = utils.import_attr(settings.CAS_AUTH_CLASS)(cleaned_data["username"])
cleaned_data["username"] = auth.username if auth.test_password(cleaned_data["password"]):
else: cleaned_data["username"] = auth.username
raise forms.ValidationError( else:
_(u"The credentials you provided cannot be determined to be authentic.") raise forms.ValidationError(
) _(u"The credentials you provided cannot be determined to be authentic.")
)
return cleaned_data return cleaned_data