From b3c4cbd5c16d07937fb9486a88deec29f8aaeb0d Mon Sep 17 00:00:00 2001 From: Rodney Ewing Date: Mon, 8 Jul 2013 16:27:43 -0700 Subject: [PATCH 1/3] only check password if there is a store_hash --- mediagoblin/plugins/basic_auth/__init__.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/mediagoblin/plugins/basic_auth/__init__.py b/mediagoblin/plugins/basic_auth/__init__.py index c16d8855..33a554b0 100644 --- a/mediagoblin/plugins/basic_auth/__init__.py +++ b/mediagoblin/plugins/basic_auth/__init__.py @@ -59,7 +59,10 @@ def gen_password_hash(raw_pass, extra_salt=None): def check_password(raw_pass, stored_hash, extra_salt=None): - return auth_tools.bcrypt_check_password(raw_pass, stored_hash, extra_salt) + if stored_hash: + return auth_tools.bcrypt_check_password(raw_pass, + stored_hash, extra_salt) + return None def auth(): From 05ceada051dad011bb9b3e1c93fb42b2d9875939 Mon Sep 17 00:00:00 2001 From: Rodney Ewing Date: Wed, 10 Jul 2013 10:37:13 -0700 Subject: [PATCH 2/3] remove the list from response.vary. not sure why I was getting an error using openid without it, but everything seems to be working fine now --- mediagoblin/meddleware/csrf.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mediagoblin/meddleware/csrf.py b/mediagoblin/meddleware/csrf.py index 44d42d75..661f0ba2 100644 --- a/mediagoblin/meddleware/csrf.py +++ b/mediagoblin/meddleware/csrf.py @@ -111,7 +111,7 @@ class CsrfMeddleware(BaseMeddleware): httponly=True) # update the Vary header - response.vary = list(getattr(response, 'vary', None) or []) + ['Cookie'] + response.vary = (getattr(response, 'vary', None) or []) + ['Cookie'] def _make_token(self, request): """Generate a new token to use for CSRF protection.""" From 537ce5973aef0c392be620d24993831812515df5 Mon Sep 17 00:00:00 2001 From: Rodney Ewing Date: Wed, 10 Jul 2013 11:08:28 -0700 Subject: [PATCH 3/3] need to use .get('messages') to not get a keyerror --- mediagoblin/plugins/openid/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mediagoblin/plugins/openid/views.py b/mediagoblin/plugins/openid/views.py index 9566e38e..b639a4cb 100644 --- a/mediagoblin/plugins/openid/views.py +++ b/mediagoblin/plugins/openid/views.py @@ -342,7 +342,7 @@ def delete_openid(request): form.openid.errors.append( _('That OpenID is not registered to this account.')) - if not form.errors and not request.session['messages']: + if not form.errors and not request.session.get('messages'): # Okay to continue with deleting openid return_to = request.urlgen( 'mediagoblin.plugins.openid.finish_delete')