[web/auth] stop playing games with locals()
We only want to know if any retriever found something.
--- a/web/views/authentication.py Thu Nov 13 15:48:33 2014 +0100
+++ b/web/views/authentication.py Tue Nov 04 16:09:42 2014 +0100
@@ -148,11 +148,13 @@
raise :exc:`cubicweb.AuthenticationError` if authentication failed
(no authentication info found or wrong user/password)
"""
+ has_auth = False
for retriever in self.authinforetrievers:
try:
login, authinfo = retriever.authentication_information(req)
except NoAuthInfo:
continue
+ has_auth = True
try:
session = self._authenticate(login, authinfo)
except AuthenticationError:
@@ -161,9 +163,9 @@
for retriever_ in self.authinforetrievers:
retriever_.authenticated(retriever, req, session, login, authinfo)
return session, login
- # false if no authentication info found, eg this is not an
+ # false if no authentication info found, i.e. this is not an
# authentication failure
- if 'login' in locals():
+ if has_auth:
req.set_message(req._('authentication failure'))
login, authinfo = self.anoninfo
if login: