From d984abd3718a8432ee7f13b500f039a355916623 Mon Sep 17 00:00:00 2001
From: Holger Just <holger@plan.io>
Date: Thu, 20 Apr 2017 13:51:26 +0200
Subject: [PATCH] Only perform login action on explicit POST

---
 app/controllers/account_controller.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
index c850faf0a..ea1eea13a 100644
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -34,12 +34,12 @@ class AccountController < ApplicationController
 
   # Login request and validation
   def login
-    if request.get?
+    if request.post?
+      authenticate_user
+    else
       if User.current.logged?
         redirect_back_or_default home_url, :referer => true
       end
-    else
-      authenticate_user
     end
   rescue AuthSourceException => e
     logger.error "An error occurred when authenticating #{params[:username]}: #{e.message}"
-- 
2.12.0