##// END OF EJS Templates
password-reset: improved error reporting for captch and empty email
marcink -
r1474:1307b88c default
parent child Browse files
Show More
@@ -321,6 +321,7 class LoginView(object):
321 error_dict = {'recaptcha_field': _msg}
321 error_dict = {'recaptcha_field': _msg}
322 raise formencode.Invalid(
322 raise formencode.Invalid(
323 _msg, _value, None, error_dict=error_dict)
323 _msg, _value, None, error_dict=error_dict)
324
324 # Generate reset URL and send mail.
325 # Generate reset URL and send mail.
325 user = User.get_by_email(user_email)
326 user = User.get_by_email(user_email)
326
327
@@ -346,7 +347,16 class LoginView(object):
346 except formencode.Invalid as errors:
347 except formencode.Invalid as errors:
347 render_ctx.update({
348 render_ctx.update({
348 'defaults': errors.value,
349 'defaults': errors.value,
350 'errors': errors.error_dict,
349 })
351 })
352 if not self.request.params.get('email'):
353 # case of empty email, we want to report that
354 return render_ctx
355
356 if 'recaptcha_field' in errors.error_dict:
357 # case of failed captcha
358 return render_ctx
359
350 log.debug('faking response on invalid password reset')
360 log.debug('faking response on invalid password reset')
351 # make this take 2s, to prevent brute forcing.
361 # make this take 2s, to prevent brute forcing.
352 time.sleep(2)
362 time.sleep(2)
General Comments 0
You need to be logged in to leave comments. Login now