Merge branch 'master' into circular

* master: Fixing authentication issue on account deletion when using blank passwords.
2025-09-18 21:43:31 +00:00 · 2013-04-06 12:20:01 -07:00 · 2013-04-06 12:20:01 -07:00 · 537c96c27f
commit 537c96c27f
parent 35158e7a8b 1cf8d67db1
2 changed files with 8 additions and 3 deletions
--- a/apps/profile/forms.py
+++ b/apps/profile/forms.py
@ -48,8 +48,12 @@ class DeleteAccountForm(forms.Form):
        super(DeleteAccountForm, self).__init__(*args, **kwargs)
    
    def clean_password(self):
+        from apps.profile.models import blank_authenticate
        user_auth = authenticate(username=self.user.username, 
                                 password=self.cleaned_data['password'])
+        if not user_auth:
+            user_auth = blank_authenticate(username=self.user.username)
+        
        if not user_auth:
            raise forms.ValidationError('Your password doesn\'t match.')

--- a/apps/profile/models.py
+++ b/apps/profile/models.py
@ -567,7 +567,7 @@ def change_password(user, old_password, new_password):
        user_db.set_password(new_password)
        user_db.save()
        return 1
-        
+
 def blank_authenticate(username, password=""):
    try:
        user = User.objects.get(username=username)
@ -578,8 +578,9 @@ def blank_authenticate(username, password=""):
        return user
        
    algorithm, salt, hash = user.password.split('$', 2)
-    encoded = hashlib.sha1(salt + password).hexdigest()
-    if encoded == hash:
+    encoded_blank = hashlib.sha1(salt + password).hexdigest()
+    encoded_username = authenticate(username=username, password=username)
+    if encoded_blank == hash or encoded_username == user:
        return user
            
 class MSentEmail(mongo.Document):