0002-Only-perform-login-action-on-explicit-POST.patch

Holger Just, 2017-04-20 13:52

Download (1004 Bytes)

View differences:

app/controllers/account_controller.rb
34 34

  
35 35
  # Login request and validation
36 36
  def login
37
    if request.get?
37
    if request.post?
38
      authenticate_user
39
    else
38 40
      if User.current.logged?
39 41
        redirect_back_or_default home_url, :referer => true
40 42
      end
41
    else
42
      authenticate_user
43 43
    end
44 44
  rescue AuthSourceException => e
45 45
    logger.error "An error occurred when authenticating #{params[:username]}: #{e.message}"
46
-