Hello, On Sun, 17 May 2015 01:50:56 +0200 Mads Kiilerich <[email protected]> wrote:
> > diff --git a/kallithea/controllers/login.py > > b/kallithea/controllers/login.py --- > > a/kallithea/controllers/login.py +++ > > b/kallithea/controllers/login.py @@ -121,9 +121,15 @@ class > > LoginController(BaseController): session.invalidate() > > c.form_result = > > login_form.to_python(dict(request.POST)) # form checks for > > username/password, now we're authenticated + > > + username = c.form_result['username'] > > + if '@' in username: > > + username = User.get_by_email(username).username > > This will still fail if the username not is a valid email address? No, as this code will never be executed (input rejected by a validator first). Correct me if I'm wrong, but if I read the code correctly, the check here will have no effect (which is why I haven't added it). -- Cheers, Andrew
pgpyAIKCx4Boy.pgp
Description: OpenPGP digital signature
_______________________________________________ kallithea-general mailing list [email protected] http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
