public-mirrors/NewsBlur-viq
1
0
Fork 0
mirror of https://github.com/viq/NewsBlur.git synced 2025-04-13 09:38:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixing authentication issue on account deletion when using blank passwords.

Browse source
This commit is contained in:
Samuel Clay 2013-04-05 19:23:42 -07:00
parent 8b13f22a59
commit 1cf8d67db1
2 changed files with 8 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
apps/profile/forms.py
View file

@ -48,8 +48,12 @@ class DeleteAccountForm(forms.Form):
super(DeleteAccountForm, self).__init__(*args, **kwargs) super(DeleteAccountForm, self).__init__(*args, **kwargs)
def clean_password(self): def clean_password(self):
from apps.profile.models import blank_authenticate
user_auth = authenticate(username=self.user.username, user_auth = authenticate(username=self.user.username,
password=self.cleaned_data['password']) password=self.cleaned_data['password'])
if not user_auth:
user_auth = blank_authenticate(username=self.user.username)
if not user_auth: if not user_auth:
raise forms.ValidationError('Your password doesn\'t match.') raise forms.ValidationError('Your password doesn\'t match.')

5
apps/profile/models.py
View file

@ -543,8 +543,9 @@ def blank_authenticate(username, password=""):
return user return user
algorithm, salt, hash = user.password.split('$', 2) algorithm, salt, hash = user.password.split('$', 2)
encoded = hashlib.sha1(salt + password).hexdigest() encoded_blank = hashlib.sha1(salt + password).hexdigest()
if encoded == hash: encoded_username = authenticate(username=username, password=username)
if encoded_blank == hash or encoded_username == user:
return user return user
class MSentEmail(mongo.Document): class MSentEmail(mongo.Document):