From 131c3fdb32a1496f894c4ccad0a5f378428eb172 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 9 May 2020 21:30:12 +0200 Subject: [PATCH] stages/password: fix broken authentication --- passbook/stages/password/stage.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/passbook/stages/password/stage.py b/passbook/stages/password/stage.py index 3d6d96b29..2d721f0eb 100644 --- a/passbook/stages/password/stage.py +++ b/passbook/stages/password/stage.py @@ -45,6 +45,7 @@ def authenticate( # This backend says to stop in our tracks - this user should not be allowed in at all. break if user is None: + LOGGER.debug("Backend returned nothing, continuing") continue # Annotate the user object with the path of the backend. user.backend = backend_path @@ -64,8 +65,14 @@ class PasswordStage(FormView, AuthenticationStage): def form_valid(self, form: PasswordForm) -> HttpResponse: """Authenticate against django's authentication backend""" + if PLAN_CONTEXT_PENDING_USER not in self.executor.plan.context: + return self.executor.stage_invalid() + # Get the pending user's username, which is used as + # an Identifier by most authentication backends + pending_user: User = self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] auth_kwargs = { - "password": form.cleaned_data.get("password"), + "password": form.cleaned_data.get("password", None), + "username": pending_user.username, } try: user = authenticate(