From cde078317ac9ab6471c8529bc3c51241d28bdf95 Mon Sep 17 00:00:00 2001
From: Rasmus Kaj <kaj@kth.se>
Date: Mon, 25 Sep 2017 19:12:54 +0200
Subject: [PATCH] Add a message for login failure.

---
 src/server/mod.rs       | 17 ++++++++++-------
 templates/login.rs.html |  3 ++-
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/src/server/mod.rs b/src/server/mod.rs
index 1182c29..0988ee6 100644
--- a/src/server/mod.rs
+++ b/src/server/mod.rs
@@ -117,7 +117,7 @@ fn login<'mw>(req: &mut Request,
               -> MiddlewareResult<'mw> {
     res.clear_jwt();
     let next = sanitize_next(req.query().get("next")).map(String::from);
-    res.ok(|o| templates::login(o, req, next))
+    res.ok(|o| templates::login(o, req, next, None))
 }
 
 fn do_login<'mw>(req: &mut Request,
@@ -128,25 +128,28 @@ fn do_login<'mw>(req: &mut Request,
     let form_data = try_with!(res, req.form_body());
     let next = sanitize_next(form_data.get("next")).map(String::from);
     if let (Some(user), Some(pw)) = (form_data.get("user"),
-                                     form_data.get("password")) {
+                                     form_data.get("password"))
+    {
         use schema::users::dsl::*;
         if let Ok(hash) = users.filter(username.eq(user))
-                               .select(password)
-                               .first::<String>(c) {
+            .select(password)
+            .first::<String>(c)
+        {
             debug!("Hash for {} is {}", user, hash);
             if djangohashers::check_password_tolerant(pw, &hash) {
                 info!("User {} logged in", user);
                 res.set_jwt_user(user);
                 return res.redirect(next.unwrap_or("/".to_string()));
             }
-            debug!("Password verification failed");
+            info!("Login failed: Password verification failed for {:?}", user);
         } else {
-            debug!("No hash found for {}", user);
+            info!("Login failed: No hash found for {:?}", user);
         }
     }
         next
     };
-    res.ok(|o| templates::login(o, req, next))
+    let message = Some("Login failed, please try again");
+    res.ok(|o| templates::login(o, req, next, message))
 }
 
 fn sanitize_next(next: Option<&str>) -> Option<&str> {
diff --git a/templates/login.rs.html b/templates/login.rs.html
index 7401c37..d111529 100644
--- a/templates/login.rs.html
+++ b/templates/login.rs.html
@@ -1,10 +1,11 @@
 @use nickel::Request;
 @use templates::page_base;
 
-@(req: &Request, next: Option<String>)
+@(req: &Request, next: Option<String>, message: Option<&str>)
 
 @:page_base(req, "login", &[], {
     <form action="/login" method="post">
+      @if let Some(message) = message {<p>@message</p>}
       <p><label for="user">User:</label>
 	<input id="user" name="user"></p>
       <p><label for="password">Password:</label>