Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Merge pull request #193 from nickretallack/develop

Fix attempts to log in without a password, or without confirming your email
  • Loading branch information...
commit ce439b7fec8925b0ce5a5f0ee58dd8246ad57f59 2 parents af8e9f7 + 1596ef7
@mattupstate authored
View
2  flask_security/confirmable.py
@@ -58,7 +58,7 @@ def generate_confirmation_token(user):
def requires_confirmation(user):
"""Returns `True` if the user requires confirmation."""
- return _security.confirmable and user.confirmed_at == None
+ return _security.confirmable and not _security.login_without_confirmation and user.confirmed_at == None
def confirm_email_token_status(token):
View
1  flask_security/core.py
@@ -114,6 +114,7 @@
'EMAIL_NOT_PROVIDED': ('Email not provided', 'error'),
'INVALID_EMAIL_ADDRESS': ('Invalid email address', 'error'),
'PASSWORD_NOT_PROVIDED': ('Password not provided', 'error'),
+ 'PASSWORD_NOT_SET': ('No password is set for this user', 'error'),
'PASSWORD_INVALID_LENGTH': ('Password must be at least 6 characters', 'error'),
'USER_DOES_NOT_EXIST': ('Specified user does not exist', 'error'),
'INVALID_PASSWORD': ('Invalid password', 'error'),
View
3  flask_security/forms.py
@@ -228,6 +228,9 @@ def validate(self):
if self.user is None:
self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0])
return False
+ if not self.user.password:
+ self.password.errors.append(get_message('PASSWORD_NOT_SET')[0])
+ return False
if not verify_and_update_password(self.password.data, self.user):
self.password.errors.append(get_message('INVALID_PASSWORD')[0])
return False
Please sign in to comment.
Something went wrong with that request. Please try again.