Whoops. I figured it out. Even though the user is None, it is failing the
form.is_valid() check and so skipping the if statements. So I just need to
include an else clause for the form.is_valid() check to catch the blank
password situation.
Here's hoping this helps someone else.
On Wed, Feb 17, 2010 at 4:33 PM, Timothy Kinney <timothyjkin...@gmail.com>wrote:
> I am using a basic authentication/login scheme in Django 1.1.1 and
> Python 2.5.3. It behaves correctly if I login correctly, or if I use
> use a correct username but wrong password. It also works for an
> unknown username AND any password. However, if I type in a username
> that is not in the database with a BLANK password it skips all of my
> if:else clauses, even though the user is None. Why?
>
> [code]def login_view(request, user=None):
> if request.method == 'POST': # If the form has been submitted...
> form = LoginForm(request.POST) # A form bound to the POST data
> if form.is_valid():
> username = form.cleaned_data['username']
> password = form.cleaned_data['password']
>
> user = authenticate(username=username, password=password)
>
> if user is not None:
> if user.is_active:
> login(request, user)
>
> from userauth.auth.views import userlist
> return HttpResponseRedirectView(userlist)
>
> else:
> return HttpResponse("Your account is inactive.")
>
> else:
> return render_to_response('auth/login.html',
> {'error_message': 'You failed to
> authenticate.'})
>
> else:
> form = LoginForm() # An unbound form
> return render_to_response('login.html', {'form': form,
> 'error_message': 'Login please'})
> return HttpResponse("Error in login_view. User: %s" % user)
> [/code]
>
> From the authenticate step, I type in 'jimmy' (not a known user) and
> hit enter (password field is blank) and the user it returns is None.
> However, this doesn't get caught by the "if user is not None" line and
> so it skips all the way to the last line "Error in login_view".
>
> Can someone tell me why?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com<django-users%2bunsubscr...@googlegroups.com>
> .
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
