PapaTutuWawa/etesync-server
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

login: gracefully handle bad login attempts.

Browse Source
This commit is contained in:
Tom Hacohen 2020-05-31 16:28:54 +03:00
parent 215a260700
commit 15cd41db83
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
django_etesync/views.py
View File

@ -647,7 +647,11 @@ class AuthenticationViewSet(viewsets.ViewSet):
return Response(content, status=status.HTTP_400_BAD_REQUEST) return Response(content, status=status.HTTP_400_BAD_REQUEST)
verify_key = nacl.signing.VerifyKey(bytes(user.userinfo.loginPubkey), encoder=nacl.encoding.RawEncoder) verify_key = nacl.signing.VerifyKey(bytes(user.userinfo.loginPubkey), encoder=nacl.encoding.RawEncoder)
try:
verify_key.verify(response_raw, signature) verify_key.verify(response_raw, signature)
except nacl.exceptions.BadSignatureError:
return Response({'code': 'login_bad_signature'}, status=status.HTTP_400_BAD_REQUEST)
data = self.login_response_data(user) data = self.login_response_data(user)
return Response(data, status=status.HTTP_200_OK) return Response(data, status=status.HTTP_200_OK)