Keep LoginTicket list upon fail authentication

It prevent the next login attemps to fail because of bad LT
This commit is contained in:
Valentin Samir 2016-07-24 22:57:34 +02:00
parent 3ff4bb16a9
commit d3b4e23027

View File

@ -428,7 +428,7 @@ class LoginView(View, LogoutMixin):
# generate a new LT (by posting the LT has been consumed)
self.gen_lt()
# check if send LT is valid
if lt_valid is None or lt_send not in lt_valid:
if lt_send not in lt_valid:
return False
else:
self.request.session['lt'].remove(lt_send)
@ -466,8 +466,12 @@ class LoginView(View, LogoutMixin):
self.ticket = None
self.username = None
self.init_form()
# preserve valid LoginTickets from session flush
lt = self.request.session.get('lt', [])
# On login failure, flush the session
self.logout()
# restore valid LoginTickets
self.request.session['lt'] = lt
elif ret == self.USER_ALREADY_LOGGED:
pass
else: # pragma: no cover (should no happen)
@ -493,10 +497,7 @@ class LoginView(View, LogoutMixin):
:rtype: int
"""
if not self.check_lt():
values = self.request.POST.copy()
# if not set a new LT and fail
values['lt'] = self.request.session['lt'][-1]
self.init_form(values)
self.init_form(self.request.POST)
logger.warning("Receive an invalid login ticket")
return self.INVALID_LOGIN_TICKET
elif not self.request.session.get("authenticated") or self.renew:
@ -579,6 +580,9 @@ class LoginView(View, LogoutMixin):
:param django.http.QueryDict values: A POST or GET QueryDict
"""
if values:
values = values.copy()
values['lt'] = self.request.session['lt'][-1]
form_initial = {
'service': self.service,
'method': self.method,