Merge remote-tracking branch 'refs/remotes/rodney757/misc'

2013-07-10 17:50:14 -05:00 · 2013-07-10 17:50:14 -05:00 · 8cd4f195b8
commit 8cd4f195b8
parent a66fbf97d2 537ce5973a
3 changed files with 6 additions and 3 deletions
--- a/mediagoblin/meddleware/csrf.py
+++ b/mediagoblin/meddleware/csrf.py
@ -111,7 +111,7 @@ class CsrfMeddleware(BaseMeddleware):
            httponly=True)

        # update the Vary header
-        response.vary = list(getattr(response, 'vary', None) or []) + ['Cookie']
+        response.vary = (getattr(response, 'vary', None) or []) + ['Cookie']

    def _make_token(self, request):
        """Generate a new token to use for CSRF protection."""
--- a/mediagoblin/plugins/basic_auth/init.py
+++ b/mediagoblin/plugins/basic_auth/init.py
@ -59,7 +59,10 @@ def gen_password_hash(raw_pass, extra_salt=None):


 def check_password(raw_pass, stored_hash, extra_salt=None):
-    return auth_tools.bcrypt_check_password(raw_pass, stored_hash, extra_salt)
+    if stored_hash:
+        return auth_tools.bcrypt_check_password(raw_pass,
+                                                stored_hash, extra_salt)
+    return None


 def auth():
--- a/mediagoblin/plugins/openid/views.py
+++ b/mediagoblin/plugins/openid/views.py
@ -342,7 +342,7 @@ def delete_openid(request):
            form.openid.errors.append(
                _('That OpenID is not registered to this account.'))

-        if not form.errors and not request.session['messages']:
+        if not form.errors and not request.session.get('messages'):
            # Okay to continue with deleting openid
            return_to = request.urlgen(
                'mediagoblin.plugins.openid.finish_delete')