raffinement refus de connexion

2021-10-20 06:11:05 +02:00 · 2021-10-20 06:11:05 +02:00 · 89f562a2e7
commit 89f562a2e7
parent e13172f414
1 changed files with 9 additions and 4 deletions
--- a/app/auth/routes.py
+++ b/app/auth/routes.py
@ -21,7 +21,7 @@ from app.auth.forms import (
 )
 from app.auth.models import Permission
 from app.auth.models import User
-from app.auth.email import send_password_reset_email
+from app.auth.email import send_password_reset_email, is_disabled_email_addr
 from app.decorators import admin_required
 from app.decorators import permission_required

@ -37,9 +37,14 @@ def login():
    if form.validate_on_submit():
        user = User.query.filter_by(user_name=form.user_name.data).first()
        if user is None or not user.check_password(form.password.data):
-            current_app.logger.info("login: invalid (%s)", form.user_name.data)
-            flash(_("Nom ou mot de passe invalide"))
-            return redirect(url_for("auth.login"))
+            if user and is_disabled_email_addr(user.email):
+                current_app.logger.info("login: compte invalidé (email doublonné) (%s)", form.user_name.data)
+                flash(_("compte invalidé pour conflit d'adresse email"))
+                return redirect(url_for("auth.login"))
+            else:
+                current_app.logger.info("login: invalid (%s)", form.user_name.data)
+                flash(_("Nom ou mot de passe invalide"))
+                return redirect(url_for("auth.login"))
        login_user(user, remember=form.remember_me.data)
        current_app.logger.info("login: success (%s)", form.user_name.data)
        next_page = request.args.get("next")