You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@kibble.apache.org by hu...@apache.org on 2017/10/20 18:57:05 UTC

[kibble] 02/12: don't allow login if unverified and verify set to true

This is an automated email from the ASF dual-hosted git repository.

humbedooh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kibble.git

commit e8fd87f633b42b92c8a1e715bf6a0d8cf4b68c4c
Author: Daniel Gruno <hu...@apache.org>
AuthorDate: Fri Oct 20 20:16:54 2017 +0200

    don't allow login if unverified and verify set to true
---
 api/pages/session.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/api/pages/session.py b/api/pages/session.py
index b7c2fec..3b5f432 100644
--- a/api/pages/session.py
+++ b/api/pages/session.py
@@ -114,6 +114,10 @@ def run(API, environ, indata, session):
             doc = session.DB.ES.get(index=session.DB.dbname, doc_type='useraccount', id = u)
             hp = doc['_source']['password']
             if bcrypt.hashpw(p.encode('utf-8'), hp.encode('utf-8')).decode('ascii') == hp:
+                # If verification is enabled, make sure account is verified
+                if session.config['accounts'].get('verify'):
+                    if doc['_source']['verified'] == False:
+                        raise API.exception(403, "Your account needs to be verified first. Check your inbox!")
                 sessionDoc = {
                     'cid': u,
                     'id': session.cookie,

-- 
To stop receiving notification emails like this one, please contact
"commits@kibble.apache.org" <co...@kibble.apache.org>.