diff --git a/CHANGELOG.md b/CHANGELOG.md index 86c9ebba..4a0dcbcd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ All notable changes to this project will be documented in this file. ### Bug Fixes - Add handling for non-latin-1 characters in webhook headers - Fix dark mode bug in selectpicker widgets +- Fix a crash during login when user's profile does not exist (#77) ## v1.22.0 - 2020-08-06 diff --git a/hc/accounts/tests/test_login.py b/hc/accounts/tests/test_login.py index ea7407ca..28c8e06c 100644 --- a/hc/accounts/tests/test_login.py +++ b/hc/accounts/tests/test_login.py @@ -171,3 +171,11 @@ class LoginTestCase(BaseTestCase): # Instead, it should set 2fa_user_id in the session user_id, email, valid_until = self.client.session["2fa_user"] self.assertEqual(user_id, self.alice.id) + + def test_it_handles_missing_profile(self): + self.profile.delete() + + form = {"action": "login", "email": "alice@example.org", "password": "password"} + + r = self.client.post("/accounts/login/", form) + self.assertRedirects(r, self.checks_url) diff --git a/hc/accounts/views.py b/hc/accounts/views.py index 7a7fba64..f5fab7cd 100644 --- a/hc/accounts/views.py +++ b/hc/accounts/views.py @@ -115,7 +115,8 @@ def _redirect_after_login(request): def _check_2fa(request, user): have_keys = user.credentials.exists() - if have_keys or user.profile.totp: + profile = Profile.objects.for_user(user) + if have_keys or profile.totp: # We have verified user's password or token, and now must # verify their security key. We store the following in user's session: # - user.id, to look up the user in the login_webauthn view