Only check for valid username/password if username and password POST fields are posted.

2016-09-07 17:13:42 +02:00
parent 868a06ea3f
commit 216f38db14
2 changed files with 11 additions and 7 deletions
--- a/cas_server/forms.py
+++ b/cas_server/forms.py
@ -122,13 +122,14 @@ class UserCredential(BaseLogin):
            :rtype: dict
        """
        cleaned_data = super(UserCredential, self).clean()
-        auth = utils.import_attr(settings.CAS_AUTH_CLASS)(cleaned_data.get("username"))
-        if auth.test_password(cleaned_data.get("password")):
-            cleaned_data["username"] = auth.username
-        else:
-            raise forms.ValidationError(
-                _(u"The credentials you provided cannot be determined to be authentic.")
-            )
+        if "username" in cleaned_data and "password" in cleaned_data:
+            auth = utils.import_attr(settings.CAS_AUTH_CLASS)(cleaned_data["username"])
+            if auth.test_password(cleaned_data["password"]):
+                cleaned_data["username"] = auth.username
+            else:
+                raise forms.ValidationError(
+                    _(u"The credentials you provided cannot be determined to be authentic.")
+                )
        return cleaned_data