rhodecode-enterprise-ce Commit - r1474:1307b88c

password-reset: improved error reporting for captch and empty email

marcink -

r1474:1307b88c default

parent child

rhodecode/login/views.py

0 +10 0

                                     error_dict = {'recaptcha_field': _msg}
                                     raise formencode.Invalid(
                                         _msg, _value, None, error_dict=error_dict)
                             # Generate reset URL and send mail.
                             user = User.get_by_email(user_email)
                         except formencode.Invalid as errors:
                             render_ctx.update({
                                 'defaults': errors.value,
+                                'errors': errors.error_dict,
                             })
+                            if not self.request.params.get('email'):
+                                # case of empty email, we want to report that
+                                return render_ctx
+                            if 'recaptcha_field' in errors.error_dict:
+                                # case of failed captcha
+                                return render_ctx
                         log.debug('faking response on invalid password reset')
                         # make this take 2s, to prevent brute forcing.
                         time.sleep(2)

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages