From c305498903329fa727b018659a97320ade837c73 Mon Sep 17 00:00:00 2001 From: Henrik Levkowetz Date: Sun, 7 Oct 2018 19:35:54 +0000 Subject: [PATCH] Prevent issues for logins without Person records by not letting Person-less users through login. - Legacy-Id: 15528 --- ietf/ietfauth/views.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ietf/ietfauth/views.py b/ietf/ietfauth/views.py index 687d0bdd9..d68f8ec5d 100644 --- a/ietf/ietfauth/views.py +++ b/ietf/ietfauth/views.py @@ -41,7 +41,7 @@ import django.core.signing from django import forms from django.contrib import messages from django.conf import settings -from django.contrib.auth import update_session_auth_hash +from django.contrib.auth import update_session_auth_hash, logout from django.contrib.auth.decorators import login_required from django.contrib.auth.forms import AuthenticationForm from django.contrib.auth.hashers import identify_hasher @@ -604,6 +604,11 @@ def login(request, extra_context=None): } response = LoginView.as_view(extra_context=extra_context)(request) if isinstance(response, HttpResponseRedirect) and user.is_authenticated: + try: + user.person + except Person.DoesNotExist: + logout(request) + response = render(request, 'registration/missing_person.html') if require_consent: messages.warning(request, mark_safe("""