From a2b3c623fd53824ff84d9ac737636d30d0f52999 Mon Sep 17 00:00:00 2001 From: ayleph Date: Sun, 3 Aug 2014 15:55:16 -0700 Subject: [PATCH] Pass validated username to check_login_simple The login function in mediagoblin/auth/views.py grabs the username prior to form validation. If validation passes, the pre-validated username is passed to the check_login_simple function. Lowercasifying of the username occurs as part of form validation. By sending the pre-validated username, there's a chance of sending a username with uppercase letters. This will fail to match any user ids in the database, as all of the usernames are lowercased during the registration process. This change sends the post-validated username to check_login_simple, so that any username that was entered by the user with uppercase letters has a chance to be properly lowercased before being passed. --- mediagoblin/auth/views.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py index a90db0ea..03a46f7b 100644 --- a/mediagoblin/auth/views.py +++ b/mediagoblin/auth/views.py @@ -86,10 +86,11 @@ def login(request): login_failed = False if request.method == 'POST': - username = login_form.username.data if login_form.validate(): - user = check_login_simple(username, login_form.password.data) + user = check_login_simple( + login_form.username.data, + login_form.password.data) if user: # set up login in session -- 2.25.1