fix bug on api.rs, only insert username in the session if authentication was successful

2024-12-02 17:49:10 +00:00 · 2017-10-13 18:55:53 +01:00 · 2017-10-13 18:55:53 +01:00 · 130aa70c2b
commit 130aa70c2b
parent 953dea1929
1 changed files with 4 additions and 2 deletions
--- a/src/api.rs
+++ b/src/api.rs
@ -237,8 +237,10 @@ impl Handler for AuthHandler {
 					if let Some(ref password) = auth.password {
 						auth_success =
 							user::auth(self.db.deref(), auth.username.as_str(), password.as_str())?;
-						req.extensions
-							.insert::<SessionKey>(Session { username: auth.username.clone() });
+						if auth_success {
+							req.extensions
+								.insert::<SessionKey>(Session { username: auth.username.clone() });
+						}
 					}
 				}
 			}