paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-01 20:44:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

auth: Include user-input email in some error messages in the login form.

Browse Source 
Fixes #13126.
This commit is contained in:
Mateusz Mandera
2021-08-23 15:14:05 +02:00
committed by Tim Abbott
parent fb3864ea3c
commit c5806d9728
7 changed files with 63 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
zerver/views/auth.py
View File

@@ -12,15 +12,19 @@ from django.contrib.auth import authenticate
from django.contrib.auth.views import LoginView as DjangoLoginView
from django.contrib.auth.views import PasswordResetView as DjangoPasswordResetView
from django.contrib.auth.views import logout_then_login as django_logout_then_login
from django.core.exceptions import ValidationError
from django.core.validators import validate_email
from django.forms import Form
from django.http import HttpRequest, HttpResponse, HttpResponseRedirect, HttpResponseServerError
from django.shortcuts import redirect, render
from django.template.response import SimpleTemplateResponse
from django.urls import reverse
from django.utils.html import escape
from django.utils.http import url_has_allowed_host_and_scheme
from django.utils.translation import gettext as _
from django.views.decorators.csrf import csrf_exempt
from django.views.decorators.http import require_safe
from jinja2.utils import Markup as mark_safe
from social_django.utils import load_backend, load_strategy
from two_factor.forms import BackupTokenForm
from two_factor.views import LoginView as BaseTwoFactorLoginView
@@ -670,13 +674,22 @@ def redirect_to_deactivation_notice() -> HttpResponse:
def update_login_page_context(request: HttpRequest, context: Dict[str, Any]) -> None:
for key in ("email", "already_registered", "is_deactivated"):
for key in ("email", "already_registered"):
try:
context[key] = request.GET[key]
except KeyError:
pass
context["deactivated_account_error"] = DEACTIVATED_ACCOUNT_ERROR
deactivated_email = request.GET.get("is_deactivated")
if deactivated_email is None:
return
try:
validate_email(deactivated_email)
context["deactivated_account_error"] = mark_safe(
DEACTIVATED_ACCOUNT_ERROR.format(username=escape(deactivated_email))
)
except ValidationError:
logging.info("Invalid email in is_deactivated param to login page: %s", deactivated_email)
class TwoFactorLoginView(BaseTwoFactorLoginView):