# HG changeset patch
# User Julien Cristau <julien.cristau@logilab.fr>
# Date 1415113782 -3600
# Node ID 3e010722c0713befcc0b355a08cf8d88923fff0d
# Parent  504c4eacbfd823a7bf046027ae6e2ed711d4efa9
[web/auth] stop playing games with locals()

We only want to know if any retriever found something.

diff -r 504c4eacbfd8 -r 3e010722c071 web/views/authentication.py
--- a/web/views/authentication.py	Thu Nov 13 15:48:33 2014 +0100
+++ b/web/views/authentication.py	Tue Nov 04 16:09:42 2014 +0100
@@ -148,11 +148,13 @@
         raise :exc:`cubicweb.AuthenticationError` if authentication failed
         (no authentication info found or wrong user/password)
         """
+        has_auth = False
         for retriever in self.authinforetrievers:
             try:
                 login, authinfo = retriever.authentication_information(req)
             except NoAuthInfo:
                 continue
+            has_auth = True
             try:
                 session = self._authenticate(login, authinfo)
             except AuthenticationError:
@@ -161,9 +163,9 @@
             for retriever_ in self.authinforetrievers:
                 retriever_.authenticated(retriever, req, session, login, authinfo)
             return session, login
-        # false if no authentication info found, eg this is not an
+        # false if no authentication info found, i.e. this is not an
         # authentication failure
-        if 'login' in locals():
+        if has_auth:
             req.set_message(req._('authentication failure'))
         login, authinfo = self.anoninfo
         if login: