You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kibble.apache.org by hu...@apache.org on 2017/10/20 18:57:05 UTC
[kibble] 02/12: don't allow login if unverified and verify set to
true
This is an automated email from the ASF dual-hosted git repository.
humbedooh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kibble.git
commit e8fd87f633b42b92c8a1e715bf6a0d8cf4b68c4c
Author: Daniel Gruno <hu...@apache.org>
AuthorDate: Fri Oct 20 20:16:54 2017 +0200
don't allow login if unverified and verify set to true
---
api/pages/session.py | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/api/pages/session.py b/api/pages/session.py
index b7c2fec..3b5f432 100644
--- a/api/pages/session.py
+++ b/api/pages/session.py
@@ -114,6 +114,10 @@ def run(API, environ, indata, session):
doc = session.DB.ES.get(index=session.DB.dbname, doc_type='useraccount', id = u)
hp = doc['_source']['password']
if bcrypt.hashpw(p.encode('utf-8'), hp.encode('utf-8')).decode('ascii') == hp:
+ # If verification is enabled, make sure account is verified
+ if session.config['accounts'].get('verify'):
+ if doc['_source']['verified'] == False:
+ raise API.exception(403, "Your account needs to be verified first. Check your inbox!")
sessionDoc = {
'cid': u,
'id': session.cookie,
--
To stop receiving notification emails like this one, please contact
"commits@kibble.apache.org" <co...@kibble.apache.org>.