Merge pull request #13 from jxs/bugfix/api-http-auth

fix bug on api.rs, only insert username in the session if authentication was successful
2024-12-02 17:49:10 +00:00 · 2017-10-13 18:53:00 -07:00 · 2017-10-13 18:53:00 -07:00 · b24f3f1d10
commit b24f3f1d10
parent 953dea1929 130aa70c2b
1 changed files with 4 additions and 2 deletions
--- a/src/api.rs
+++ b/src/api.rs
@ -237,8 +237,10 @@ impl Handler for AuthHandler {
 					if let Some(ref password) = auth.password {
 						auth_success =
 							user::auth(self.db.deref(), auth.username.as_str(), password.as_str())?;
-						req.extensions
-							.insert::<SessionKey>(Session { username: auth.username.clone() });
+						if auth_success {
+							req.extensions
+								.insert::<SessionKey>(Session { username: auth.username.clone() });
+						}
 					}
 				}
 			}