Merge pull request #13 from jxs/bugfix/api-http-auth

fix bug on api.rs, only insert username in the session if authentication was successful
This commit is contained in:
Antoine Gersant 2017-10-13 18:53:00 -07:00 committed by GitHub
commit b24f3f1d10

View file

@ -237,11 +237,13 @@ impl Handler for AuthHandler {
if let Some(ref password) = auth.password {
auth_success =
user::auth(self.db.deref(), auth.username.as_str(), password.as_str())?;
if auth_success {
req.extensions
.insert::<SessionKey>(Session { username: auth.username.clone() });
}
}
}
}
// Auth via Session
if !auth_success {