stages/password: fix broken authentication

2020-05-09 21:30:12 +02:00
parent 8a6009c278
commit 131c3fdb32
1 changed files with 8 additions and 1 deletions
--- a/passbook/stages/password/stage.py
+++ b/passbook/stages/password/stage.py
@ -45,6 +45,7 @@ def authenticate(
            # This backend says to stop in our tracks - this user should not be allowed in at all.
            break
        if user is None:
+            LOGGER.debug("Backend returned nothing, continuing")
            continue
        # Annotate the user object with the path of the backend.
        user.backend = backend_path
@ -64,8 +65,14 @@ class PasswordStage(FormView, AuthenticationStage):

    def form_valid(self, form: PasswordForm) -> HttpResponse:
        """Authenticate against django's authentication backend"""
+        if PLAN_CONTEXT_PENDING_USER not in self.executor.plan.context:
+            return self.executor.stage_invalid()
+        # Get the pending user's username, which is used as
+        # an Identifier by most authentication backends
+        pending_user: User = self.executor.plan.context[PLAN_CONTEXT_PENDING_USER]
        auth_kwargs = {
-            "password": form.cleaned_data.get("password"),
+            "password": form.cleaned_data.get("password", None),
+            "username": pending_user.username,
        }
        try:
            user = authenticate(