From 8d6ebfc0b28e1ea860a7399269c582ed2c7fee85 Mon Sep 17 00:00:00 2001 From: Jason McBrayer Date: Mon, 30 Apr 2018 20:32:50 -0400 Subject: [PATCH] Quick fix for a security issue with login form --- brutaldon/views.py | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/brutaldon/views.py b/brutaldon/views.py index 303e443..f0af749 100644 --- a/brutaldon/views.py +++ b/brutaldon/views.py @@ -96,14 +96,19 @@ def login(request): except (Account.DoesNotExist, Account.MultipleObjectsReturned): account = Account( username = username, - access_token = access_token, + access_token = "", client = client) + try: access_token = mastodon.log_in(username, password) + account.access_token = access_token account.save() - request.session['username'] = username + request.session['username'] = username - return redirect(home) + return redirect(home) + except: + # FIXME: add the errors + return render(request, 'setup/login.html', {'form': form}) else: return render(request, 'setup/login.html', {'form': form})