diff options
| author | silum <deneys.maartens@gmail.com> | 2017-11-03 18:30:44 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-11-03 18:30:44 +0200 |
| commit | b83d693d23b3f1d96cfbe8ea7bd8b9cd404b7b7c (patch) | |
| tree | e41c1fd1d9ddc490bab6d17bde4146fb4eea1d77 /docs/quick_tutorial | |
| parent | 0042089cbba09cdf801f2139169f8c4cde182eb1 (diff) | |
| download | pyramid-b83d693d23b3f1d96cfbe8ea7bd8b9cd404b7b7c.tar.gz pyramid-b83d693d23b3f1d96cfbe8ea7bd8b9cd404b7b7c.tar.bz2 pyramid-b83d693d23b3f1d96cfbe8ea7bd8b9cd404b7b7c.zip | |
views.py: prevent exception on unknown user login
Attempting authentication without specifying a login, or when the login is not known, causes an unhandled exception to be raised in `security.py` because `None` is passed to `check_password()` as the hashed password to check against.
Diffstat (limited to 'docs/quick_tutorial')
| -rw-r--r-- | docs/quick_tutorial/authentication/tutorial/views.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/docs/quick_tutorial/authentication/tutorial/views.py b/docs/quick_tutorial/authentication/tutorial/views.py index b07538d5e..b2d9354ec 100644 --- a/docs/quick_tutorial/authentication/tutorial/views.py +++ b/docs/quick_tutorial/authentication/tutorial/views.py @@ -43,7 +43,8 @@ class TutorialViews: if 'form.submitted' in request.params: login = request.params['login'] password = request.params['password'] - if check_password(password, USERS.get(login)): + hashed_pw = USERS.get(login) + if hashed_pw and check_password(password, hashed_pw): headers = remember(request, login) return HTTPFound(location=came_from, headers=headers) |