djsundog/brutaldon
1
0
Fork 0
mirror of http://git.carcosa.net/jmcbray/brutaldon.git synced 2024-11-27 09:10:08 -05:00
Code Issues Projects Releases Wiki Activity

Quick fix for a security issue with login form

Browse Source
This commit is contained in:
Jason McBrayer 2018-04-30 20:32:50 -04:00
parent 421d27ef07
commit 8d6ebfc0b2
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
brutaldon/views.py
View File

@ -96,14 +96,19 @@ def login(request):
except (Account.DoesNotExist, Account.MultipleObjectsReturned): except (Account.DoesNotExist, Account.MultipleObjectsReturned):
account = Account( account = Account(
username = username, username = username,
access_token = access_token, access_token = "",
client = client) client = client)
try:
access_token = mastodon.log_in(username, access_token = mastodon.log_in(username,
password) password)
account.access_token = access_token
account.save() account.save()
request.session['username'] = username request.session['username'] = username
return redirect(home) return redirect(home)
except:
# FIXME: add the errors
return render(request, 'setup/login.html', {'form': form})
else: else:
return render(request, 'setup/login.html', {'form': form}) return render(request, 'setup/login.html', {'form': form})