Commit f3dc7d8b authored by Yusei Tahara's avatar Yusei Tahara Committed by Vincent Pelletier

ERP5Security: Do not call notifyLoginFailure multiple times.

parent e9531ee8
...@@ -27,6 +27,7 @@ ...@@ -27,6 +27,7 @@
############################################################################## ##############################################################################
from functools import partial from functools import partial
from Products.ERP5Type.Globals import InitializeClass from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type.TransactionalVariable import getTransactionalVariable
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from AccessControl.AuthEncoding import pw_validate from AccessControl.AuthEncoding import pw_validate
from Products.PageTemplates.PageTemplateFile import PageTemplateFile from Products.PageTemplates.PageTemplateFile import PageTemplateFile
...@@ -132,7 +133,11 @@ class ERP5LoginUserManager(BasePlugin): ...@@ -132,7 +133,11 @@ class ERP5LoginUserManager(BasePlugin):
or login_password is None or login_password is None
or not pw_validate(login_password, password)): or not pw_validate(login_password, password)):
if is_authentication_policy_enabled: if is_authentication_policy_enabled:
tv = getTransactionalVariable()
login_failure_key = 'notified_login_failure_' + login_value.getRelativeUrl()
if tv.get(login_failure_key) is None:
login_value.notifyLoginFailure() login_value.notifyLoginFailure()
tv[login_failure_key] = 1
return return
if is_authentication_policy_enabled: if is_authentication_policy_enabled:
if login_value.isPasswordExpired(): if login_value.isPasswordExpired():
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment