use default profile by default

moulinette/interfaces/api.py

@@ -256,10 +256,8 @@ class _ActionsMapPlugin(object):
                     kwargs["password"] = request.POST["password"]
                 except KeyError:
                     raise HTTPBadRequestResponse("Missing password parameter")
-                try:
+
-                    kwargs["profile"] = request.POST["profile"]
+                kwargs["profile"] = request.POST.get("profile", "default")
-                except KeyError:
-                    pass
                 return callback(**kwargs)
 
             return wrapper
@@ -351,7 +349,7 @@ class _ActionsMapPlugin(object):
 
     # Routes callbacks
 
-    def login(self, password, profile="default"):
+    def login(self, password, profile):
         """Log in to an authenticator profile
 
         Attempt to authenticate to a given authenticator profile and
@@ -406,13 +404,11 @@ class _ActionsMapPlugin(object):
 
         """
         s_id = request.get_cookie("session.id")
-        try:
+        # We check that there's a (signed) session.hash available
-            # We check that there's a (signed) session.hash available
+        # for additional security ?
-            # for additional security ?
+        # (An attacker could not craft such signed hashed ? (FIXME : need to make sure of this))
-            # (An attacker could not craft such signed hashed ? (FIXME : need to make sure of this))
+        s_secret = self.secrets[s_id]
-            s_secret = self.secrets[s_id]
+        if profile not in request.get_cookie("session.tokens", secret=s_secret, default={}):
-            request.get_cookie("session.tokens", secret=s_secret, default={})[profile]
-        except KeyError:
             raise HTTPUnauthorizedResponse(m18n.g("not_logged_in"))
         else:
             del self.secrets[s_id]