From 603f54fade517fe94b620dd0ed51297caceb1f38 Mon Sep 17 00:00:00 2001 From: Vinyl Darkscratch Date: Tue, 29 Jan 2019 02:11:18 -0800 Subject: [PATCH 1/3] Fix login form clearing after failed login --- gluon/tools.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gluon/tools.py b/gluon/tools.py index fb07d303..37653df4 100644 --- a/gluon/tools.py +++ b/gluon/tools.py @@ -2638,7 +2638,7 @@ class Auth(AuthAPI): session.flash = specific_error if self.settings.login_specify_error else self.messages.invalid_login callback(onfail, None) redirect( - self.url(args=request.args, vars=request.get_vars), + self.url(args=request.args, vars=request.post_vars), client_side=settings.client_side) else: # use a central authentication server From 1457e12f702d203c1c6b4eb731f7edb3057bfaf2 Mon Sep 17 00:00:00 2001 From: Vinyl Darkscratch Date: Tue, 29 Jan 2019 17:30:10 -0800 Subject: [PATCH 2/3] Don't remember password on failed login --- gluon/tools.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/gluon/tools.py b/gluon/tools.py index 37653df4..1798d5b2 100644 --- a/gluon/tools.py +++ b/gluon/tools.py @@ -2637,8 +2637,9 @@ class Auth(AuthAPI): # invalid login session.flash = specific_error if self.settings.login_specify_error else self.messages.invalid_login callback(onfail, None) + request.post_vars['password'] = "" redirect( - self.url(args=request.args, vars=request.post_vars), + self.url(args=request.args, get_vars=request.get_vars, post_vars=request.post_vars), client_side=settings.client_side) else: # use a central authentication server From 8852df7a7a436f9ec83df68acf83f4d4da59696d Mon Sep 17 00:00:00 2001 From: Vinyl Darkscratch Date: Mon, 4 Feb 2019 09:56:58 -0800 Subject: [PATCH 3/3] Delete password rather than simply clearing it --- gluon/tools.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/gluon/tools.py b/gluon/tools.py index 1798d5b2..2539aa23 100644 --- a/gluon/tools.py +++ b/gluon/tools.py @@ -2637,7 +2637,8 @@ class Auth(AuthAPI): # invalid login session.flash = specific_error if self.settings.login_specify_error else self.messages.invalid_login callback(onfail, None) - request.post_vars['password'] = "" + if 'password' in request.post_vars: + del request.post_vars['password'] redirect( self.url(args=request.args, get_vars=request.get_vars, post_vars=request.post_vars), client_side=settings.client_side)