In src/Snap/Snaplet/Auth/Handlers.hs, loginUser's implementation uses loginByUsername. The latter returns Either AuthFailure AuthUser. The problem is that the return value is not inspected before calling either the success or failure handler. Even when it is a Left value, the success handler is called. The success handler doesn't take any argument, so it is not possible to know later if it was a success or failure. I think the success handler should not be called when it is a Left.
In
src/Snap/Snaplet/Auth/Handlers.hs
,loginUser
's implementation usesloginByUsername
. The latter returnsEither AuthFailure AuthUser
. The problem is that the return value is not inspected before calling either the success or failure handler. Even when it is a Left value, the success handler is called. The success handler doesn't take any argument, so it is not possible to know later if it was a success or failure. I think the success handler should not be called when it is a Left.