On 05/17/2015 02:11 AM, Andrew Shadura wrote:
Hello,
On Sun, 17 May 2015 01:50:56 +0200
Mads Kiilerich <m...@kiilerich.com> wrote:
diff --git a/kallithea/controllers/login.py
b/kallithea/controllers/login.py ---
a/kallithea/controllers/login.py +++
b/kallithea/controllers/login.py @@ -121,9 +121,15 @@ class
LoginController(BaseController): session.invalidate()
c.form_result =
login_form.to_python(dict(request.POST)) # form checks for
username/password, now we're authenticated +
+ username = c.form_result['username']
+ if '@' in username:
+ username = User.get_by_email(username).username
This will still fail if the username not is a valid email address?
No, as this code will never be executed (input rejected by a validator
first).
Correct me if I'm wrong, but if I read the code correctly, the check
here will have no effect (which is why I haven't added it).
Ok. The explanation explains it. The code do however seem fragile and
non-obvious when reading it. An extra check or a clear comment would help.
Next, my first thought is whether the form validation check somehow
should rewrite the login ... but that also seems wrong.
My next (and correct?) thought is that it is wrong to use form
validation for login check. As your patches shows, it is ok that the
login process _not_ is user friendly. How about dropping the login form
validation of usernames/password first (perhaps except for "non-empty")?
What's your thought?
/Mads
_______________________________________________
kallithea-general mailing list
kallithea-general@sfconservancy.org
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
