Only perform login action on explicit POST (#25653).

author Jean-Philippe Lang <jp_lang@yahoo.fr>

Sat, 13 May 2017 09:32:09 +0000 (09:32 +0000)

committer Jean-Philippe Lang <jp_lang@yahoo.fr>

Sat, 13 May 2017 09:32:09 +0000 (09:32 +0000)
author Jean-Philippe Lang <jp_lang@yahoo.fr>
Sat, 13 May 2017 09:32:09 +0000 (09:32 +0000)
committer Jean-Philippe Lang <jp_lang@yahoo.fr>
Sat, 13 May 2017 09:32:09 +0000 (09:32 +0000)
diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb

index 842df60450c568fdbcff31be256571fb1ee107ee..fd5c48d593a99d1883bebf4e893ebcb44e6c6192 100644 (file)
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -34,12 +34,12 @@ class AccountController < ApplicationController
  
    # Login request and validation
    def login
-    if request.get?
+    if request.post?
+      authenticate_user
+    else
        if User.current.logged?
          redirect_back_or_default home_url, :referer => true
        end
-    else
-      authenticate_user
      end
    rescue AuthSourceException => e
      logger.error "An error occurred when authenticating #{params[:username]}: #{e.message}"
author	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Sat, 13 May 2017 09:32:09 +0000 (09:32 +0000)
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Sat, 13 May 2017 09:32:09 +0000 (09:32 +0000)