Mercurial > p > roundup > code
diff roundup/cgi/client.py @ 1236:dd52bf10f934
Bug fixes.
- fixed bug in login if the username wasn't known
- handle close/rollback of already-closed sqlite database
- added example for external passwd-style user password verification
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Fri, 27 Sep 2002 01:04:38 +0000 |
| parents | 7441653e5330 |
| children | 8dd4f736370b |
line wrap: on
line diff
--- a/roundup/cgi/client.py Thu Sep 26 23:59:08 2002 +0000 +++ b/roundup/cgi/client.py Fri Sep 27 01:04:38 2002 +0000 @@ -1,4 +1,4 @@ -# $Id: client.py,v 1.47 2002-09-26 23:59:08 richard Exp $ +# $Id: client.py,v 1.48 2002-09-27 01:04:38 richard Exp $ __doc__ = """ WWW request handler (also used in the stand-alone server). @@ -485,22 +485,23 @@ self.error_message.append(_('Username required')) return + # get the login info self.user = self.form['__login_name'].value - # re-open the database for real, using the user - self.opendb(self.user) if self.form.has_key('__login_password'): password = self.form['__login_password'].value else: password = '' + # make sure the user exists try: self.userid = self.db.user.lookup(self.user) except KeyError: name = self.user + self.error_message.append(_('No such user "%(name)s"')%locals()) self.make_user_anonymous() - self.error_message.append(_('No such user "%(name)s"')%locals()) return + # verify the password if not self.verifyPassword(self.userid, password): self.make_user_anonymous() self.error_message.append(_('Incorrect password')) @@ -511,6 +512,9 @@ self.make_user_anonymous() raise Unauthorised, _("You do not have permission to login") + # now we're OK, re-open the database for real, using the user + self.opendb(self.user) + # set the session cookie self.set_cookie(self.user)