Merge pull request #4765 from camptocamp/improve_login

Improve login
camptocamp · Mar 19, 2019 · 8da3eec · 8da3eec
2 parents e7d4a7a + 089b5fa
commit 8da3eec
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 7 deletions.
diff --git a/geoportal/c2cgeoportal_geoportal/views/entry.py b/geoportal/c2cgeoportal_geoportal/views/entry.py
@@ -1518,8 +1518,9 @@ def login(self):
             raise HTTPBadRequest("See server logs for details")
         username = self.request.registry.validate_user(self.request, login, password)
         if username is not None:
-            user = models.DBSession.query(static.User).filter(static.User.username == username).one()
-            user.update_last_login()
+            user = models.DBSession.query(static.User).filter(static.User.username == username).one_or_none()
+            if user:
+                user.update_last_login()
             headers = remember(self.request, username)
             log.info("User '{0!s}' logged in.".format(username))
             came_from = self.request.params.get("came_from")
@@ -1534,14 +1535,12 @@ def login(self):
                     )), headers=headers),
                 )
         else:
-            raise HTTPBadRequest("See server logs for details")
+            raise HTTPForbidden("See server logs for details")
 
     @view_config(route_name="logout")
     def logout(self):
         headers = forget(self.request)
 
-        # if there is no user to log out, we send a 404 Not Found (which
-        # is the status code that applies best here)
         if not self.request.user:
             log.info("Logout on non login user.")
             raise HTTPBadRequest("See server logs for details")

diff --git a/geoportal/tests/functional/test_entry.py b/geoportal/tests/functional/test_entry.py
@@ -214,7 +214,7 @@ def teardown_method(self, _):
     #
 
     def test_login(self):
-        from pyramid.httpexceptions import HTTPBadRequest
+        from pyramid.httpexceptions import HTTPForbidden
         from c2cgeoportal_geoportal.views.entry import Entry
 
         request = self._create_request_obj(params={
@@ -247,7 +247,7 @@ def test_login(self):
             "password": "bad password",
         })
         entry = Entry(request)
-        self.assertRaises(HTTPBadRequest, entry.login)
+        self.assertRaises(HTTPForbidden, entry.login)
 
     def test_logout_no_auth(self):
         from pyramid.httpexceptions import HTTPBadRequest