Fix order of promises in login to not wrongfully congratulate on failing login
Change-Id: Ia651f25c020158566c97e1f341b57a9f16e64e16
diff --git a/Changes b/Changes
index c0d5a7b..50fefb7 100755
--- a/Changes
+++ b/Changes
@@ -1,4 +1,4 @@
-0.38 2020-05-08
+0.38 2020-05-15
- Support X-Forwarded-Host name for proxy.
- Document API URI.
- Improve redirect handling in proxy.
@@ -18,6 +18,7 @@
- Recommend log in on zero matches in search results
in case not logged in (addresses #67).
- Update Mojolicious requirement for security reasons.
+ - Fix order of promises in login handling.
0.37 2020-01-16
- Removed deprecated 'kalamar_test_port' helper.
diff --git a/lib/Kalamar/Plugin/Auth.pm b/lib/Kalamar/Plugin/Auth.pm
index 070ad32..7f45281 100644
--- a/lib/Kalamar/Plugin/Auth.pm
+++ b/lib/Kalamar/Plugin/Auth.pm
@@ -545,6 +545,16 @@
# Set the tokens and return a promise
return $c->auth->set_tokens_p(shift->result->json)
}
+ )->then(
+ sub {
+ # Set user info
+ $c->session(user => $user);
+ $c->stash(user => $user);
+
+ # Notify on success
+ $c->app->log->debug(qq!Login successful: "$user"!);
+ $c->notify(success => $c->loc('Auth_loginSuccess'));
+ }
)->catch(
sub {
@@ -570,16 +580,6 @@
$c->app->log->debug(qq!Login fail: "$user"!);
}
- )->then(
- sub {
- # Set user info
- $c->session(user => $user);
- $c->stash(user => $user);
-
- # Notify on success
- $c->app->log->debug(qq!Login successful: "$user"!);
- $c->notify(success => $c->loc('Auth_loginSuccess'));
- }
)->finally(
sub {
# Redirect to slash
@@ -1029,7 +1029,6 @@
# Set stash info
$c->stash(user => $user);
$c->stash(auth => $auth);
-
$c->notify(success => $c->loc('Auth_loginSuccess'));
}
)->catch(
diff --git a/t/plugin/auth-oauth.t b/t/plugin/auth-oauth.t
index 802f9d2..f8ad55f 100644
--- a/t/plugin/auth-oauth.t
+++ b/t/plugin/auth-oauth.t
@@ -158,6 +158,7 @@
->text_is('div.notify-error', '2022: LDAP Authentication failed due to unknown user or password!')
->element_exists('input[name=handle_or_email][value=test]')
->element_exists_not('div.button.top a')
+ ->element_exists_not('div.notify-success')
->tx->res->dom->at('input[name=csrf_token]')->attr('value')
;