login: gracefully handle bad login attempts.
This commit is contained in:
parent
215a260700
commit
15cd41db83
@ -647,7 +647,11 @@ class AuthenticationViewSet(viewsets.ViewSet):
|
|||||||
return Response(content, status=status.HTTP_400_BAD_REQUEST)
|
return Response(content, status=status.HTTP_400_BAD_REQUEST)
|
||||||
|
|
||||||
verify_key = nacl.signing.VerifyKey(bytes(user.userinfo.loginPubkey), encoder=nacl.encoding.RawEncoder)
|
verify_key = nacl.signing.VerifyKey(bytes(user.userinfo.loginPubkey), encoder=nacl.encoding.RawEncoder)
|
||||||
verify_key.verify(response_raw, signature)
|
|
||||||
|
try:
|
||||||
|
verify_key.verify(response_raw, signature)
|
||||||
|
except nacl.exceptions.BadSignatureError:
|
||||||
|
return Response({'code': 'login_bad_signature'}, status=status.HTTP_400_BAD_REQUEST)
|
||||||
|
|
||||||
data = self.login_response_data(user)
|
data = self.login_response_data(user)
|
||||||
return Response(data, status=status.HTTP_200_OK)
|
return Response(data, status=status.HTTP_200_OK)
|
||||||
|
Loading…
Reference in New Issue
Block a user