From 1cf8d67db15c0bc349d8c5200cb2a22fbf7642bc Mon Sep 17 00:00:00 2001
From: Samuel Clay <samuel@ofbrooklyn.com>
Date: Fri, 5 Apr 2013 19:23:42 -0700
Subject: [PATCH] Fixing authentication issue on account deletion when using
 blank passwords.

---
 apps/profile/forms.py  | 4 ++++
 apps/profile/models.py | 7 ++++---
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/apps/profile/forms.py b/apps/profile/forms.py
index a37273e5f..442b12680 100644
--- a/apps/profile/forms.py
+++ b/apps/profile/forms.py
@@ -48,8 +48,12 @@ class DeleteAccountForm(forms.Form):
         super(DeleteAccountForm, self).__init__(*args, **kwargs)
     
     def clean_password(self):
+        from apps.profile.models import blank_authenticate
         user_auth = authenticate(username=self.user.username, 
                                  password=self.cleaned_data['password'])
+        if not user_auth:
+            user_auth = blank_authenticate(username=self.user.username)
+        
         if not user_auth:
             raise forms.ValidationError('Your password doesn\'t match.')
 
diff --git a/apps/profile/models.py b/apps/profile/models.py
index 3269e5e6b..997e90408 100644
--- a/apps/profile/models.py
+++ b/apps/profile/models.py
@@ -532,7 +532,7 @@ def change_password(user, old_password, new_password):
         user_db.set_password(new_password)
         user_db.save()
         return 1
-        
+
 def blank_authenticate(username, password=""):
     try:
         user = User.objects.get(username=username)
@@ -543,8 +543,9 @@ def blank_authenticate(username, password=""):
         return user
         
     algorithm, salt, hash = user.password.split('$', 2)
-    encoded = hashlib.sha1(salt + password).hexdigest()
-    if encoded == hash:
+    encoded_blank = hashlib.sha1(salt + password).hexdigest()
+    encoded_username = authenticate(username=username, password=username)
+    if encoded_blank == hash or encoded_username == user:
         return user
             
 class MSentEmail(mongo.Document):