From b83d693d23b3f1d96cfbe8ea7bd8b9cd404b7b7c Mon Sep 17 00:00:00 2001
From: silum <deneys.maartens@gmail.com>
Date: Fri, 3 Nov 2017 18:30:44 +0200
Subject: views.py: prevent exception on unknown user login

Attempting authentication without specifying a login, or when the login is not known, causes an unhandled exception to be raised in `security.py` because `None` is passed to `check_password()` as the hashed password to check against.
---
 docs/quick_tutorial/authentication/tutorial/views.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'docs/quick_tutorial/authentication')

diff --git a/docs/quick_tutorial/authentication/tutorial/views.py b/docs/quick_tutorial/authentication/tutorial/views.py
index b07538d5e..b2d9354ec 100644
--- a/docs/quick_tutorial/authentication/tutorial/views.py
+++ b/docs/quick_tutorial/authentication/tutorial/views.py
@@ -43,7 +43,8 @@ class TutorialViews:
         if 'form.submitted' in request.params:
             login = request.params['login']
             password = request.params['password']
-            if check_password(password, USERS.get(login)):
+            hashed_pw = USERS.get(login)
+            if hashed_pw and check_password(password, hashed_pw):
                 headers = remember(request, login)
                 return HTTPFound(location=came_from,
                                  headers=headers)
-- 
cgit v1.2.3