From 130aa70c2b4a07792f91f11ca6010a4af201034a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jo=C3=A3o=20Oliveira?= <hello@jxs.pt>
Date: Fri, 13 Oct 2017 18:55:53 +0100
Subject: [PATCH] fix bug on api.rs, only insert username in the session if
 authentication was successful

---
 src/api.rs | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/api.rs b/src/api.rs
index b3083ca..50ed3d9 100644
--- a/src/api.rs
+++ b/src/api.rs
@@ -237,8 +237,10 @@ impl Handler for AuthHandler {
 					if let Some(ref password) = auth.password {
 						auth_success =
 							user::auth(self.db.deref(), auth.username.as_str(), password.as_str())?;
-						req.extensions
-							.insert::<SessionKey>(Session { username: auth.username.clone() });
+						if auth_success {
+							req.extensions
+								.insert::<SessionKey>(Session { username: auth.username.clone() });
+						}
 					}
 				}
 			}