`loginUser` success handler is called even when an AuthFailure is returned by `loginByUsername`

snapframework / snap

Top-level package for the official Snap Framework libraries, includes the snaplets API as well as infrastructure for sessions, auth, and templates.

http://snapframework.com/

BSD 3-Clause "New" or "Revised" License

455 stars 68 forks source link

`loginUser` success handler is called even when an AuthFailure is returned by `loginByUsername` #31

Closed noteed closed 12 years ago

noteed commented 12 years ago

In src/Snap/Snaplet/Auth/Handlers.hs, loginUser's implementation uses loginByUsername. The latter returns Either AuthFailure AuthUser. The problem is that the return value is not inspected before calling either the success or failure handler. Even when it is a Left value, the success handler is called. The success handler doesn't take any argument, so it is not possible to know later if it was a success or failure. I think the success handler should not be called when it is a Left.

lukehoersten commented 12 years ago

I'm running into this issue as well.

mightybyte commented 12 years ago

Grrrr, subtle little bug...