summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrederick Yin <fkfd@fkfd.me>2022-02-02 23:22:50 +0800
committerFrederick Yin <fkfd@fkfd.me>2022-02-02 23:22:50 +0800
commitdd160916a8f1a9028d95d7e0344d40544078151f (patch)
treef54617f785c3d5d18d69569bfe8b638f248d2bec
parentac73e8544697a63370b4728188d59df809faf197 (diff)
Reject auth actions other than login/register
-rw-r--r--jimbrella/auth.py5
1 files changed, 4 insertions, 1 deletions
diff --git a/jimbrella/auth.py b/jimbrella/auth.py
index c7e2fa3..39d355b 100644
--- a/jimbrella/auth.py
+++ b/jimbrella/auth.py
@@ -38,19 +38,22 @@ def auth(action):
if not check_password_hash(user["password"], password):
return show_error("login", "Incorrect password. Sorry.")
- else:
+ elif action == "register":
if not ACCEPT_NEW_USERS:
return show_error("register", "Sorry, but user registrations are closed.")
try:
users.register(username, generate_password_hash(password), "en-US")
except UsernameTakenError as e:
return show_error("register", e.message)
+ else:
+ abort(400)
# give access
session.clear()
session["username"] = username
return redirect(url_for("admin.index"))
+
@bp.route("/logout")
def logout():
session.pop("username", None)