mirror of
https://git.sr.ht/~tsileo/microblog.pub
synced 2024-11-15 03:04:28 +00:00
Fix login
This commit is contained in:
parent
049607e701
commit
0e2ecab78f
1 changed files with 11 additions and 8 deletions
19
app.py
19
app.py
|
@ -597,8 +597,18 @@ def admin_login():
|
|||
u2f_enabled = True if devices else False
|
||||
if request.method == "POST":
|
||||
csrf.protect()
|
||||
# 1. Check regular password login flow
|
||||
pwd = request.form.get("pass")
|
||||
if devices:
|
||||
if pwd:
|
||||
if verify_pass(pwd):
|
||||
session["logged_in"] = True
|
||||
return redirect(
|
||||
request.args.get("redirect") or url_for("admin_notifications")
|
||||
)
|
||||
else:
|
||||
abort(403)
|
||||
# 2. Check for U2F payload, if any
|
||||
elif devices:
|
||||
resp = json.loads(request.form.get("resp"))
|
||||
try:
|
||||
u2f.complete_authentication(session["challenge"], resp)
|
||||
|
@ -613,13 +623,6 @@ def admin_login():
|
|||
return redirect(
|
||||
request.args.get("redirect") or url_for("admin_notifications")
|
||||
)
|
||||
elif pwd and verify_pass(pwd):
|
||||
session["logged_in"] = True
|
||||
return redirect(
|
||||
request.args.get("redirect") or url_for("admin_notifications")
|
||||
)
|
||||
elif pwd:
|
||||
abort(403)
|
||||
else:
|
||||
abort(401)
|
||||
|
||||
|
|
Loading…
Reference in a new issue