diff options
author | Frederick Yin <fkfd@fkfd.me> | 2022-02-02 23:22:50 +0800 |
---|---|---|
committer | Frederick Yin <fkfd@fkfd.me> | 2022-02-02 23:22:50 +0800 |
commit | dd160916a8f1a9028d95d7e0344d40544078151f (patch) | |
tree | f54617f785c3d5d18d69569bfe8b638f248d2bec /jimbrella/auth.py | |
parent | ac73e8544697a63370b4728188d59df809faf197 (diff) |
Reject auth actions other than login/register
Diffstat (limited to 'jimbrella/auth.py')
-rw-r--r-- | jimbrella/auth.py | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/jimbrella/auth.py b/jimbrella/auth.py index c7e2fa3..39d355b 100644 --- a/jimbrella/auth.py +++ b/jimbrella/auth.py @@ -38,19 +38,22 @@ def auth(action): if not check_password_hash(user["password"], password): return show_error("login", "Incorrect password. Sorry.") - else: + elif action == "register": if not ACCEPT_NEW_USERS: return show_error("register", "Sorry, but user registrations are closed.") try: users.register(username, generate_password_hash(password), "en-US") except UsernameTakenError as e: return show_error("register", e.message) + else: + abort(400) # give access session.clear() session["username"] = username return redirect(url_for("admin.index")) + @bp.route("/logout") def logout(): session.pop("username", None) |