mirror of
http://git.carcosa.net/jmcbray/brutaldon.git
synced 2024-11-27 09:10:08 -05:00
Quick fix for a security issue with login form
This commit is contained in:
parent
421d27ef07
commit
8d6ebfc0b2
@ -96,14 +96,19 @@ def login(request):
|
||||
except (Account.DoesNotExist, Account.MultipleObjectsReturned):
|
||||
account = Account(
|
||||
username = username,
|
||||
access_token = access_token,
|
||||
access_token = "",
|
||||
client = client)
|
||||
try:
|
||||
access_token = mastodon.log_in(username,
|
||||
password)
|
||||
account.access_token = access_token
|
||||
account.save()
|
||||
request.session['username'] = username
|
||||
|
||||
return redirect(home)
|
||||
except:
|
||||
# FIXME: add the errors
|
||||
return render(request, 'setup/login.html', {'form': form})
|
||||
else:
|
||||
return render(request, 'setup/login.html', {'form': form})
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user