Merge remote-tracking branch 'refs/remotes/rodney757/misc'

mediagoblin/meddleware/csrf.py

@@ -111,7 +111,7 @@ class CsrfMeddleware(BaseMeddleware):
             httponly=True)
 
         # update the Vary header
-        response.vary = list(getattr(response, 'vary', None) or []) + ['Cookie']
+        response.vary = (getattr(response, 'vary', None) or []) + ['Cookie']
 
     def _make_token(self, request):
         """Generate a new token to use for CSRF protection."""

mediagoblin/plugins/basic_auth/__init__.py

@@ -59,7 +59,10 @@ def gen_password_hash(raw_pass, extra_salt=None):
 
 
 def check_password(raw_pass, stored_hash, extra_salt=None):
-    return auth_tools.bcrypt_check_password(raw_pass, stored_hash, extra_salt)
+    if stored_hash:
+        return auth_tools.bcrypt_check_password(raw_pass,
+                                                stored_hash, extra_salt)
+    return None
 
 
 def auth():

mediagoblin/plugins/openid/views.py

@@ -342,7 +342,7 @@ def delete_openid(request):
             form.openid.errors.append(
                 _('That OpenID is not registered to this account.'))
 
-        if not form.errors and not request.session['messages']:
+        if not form.errors and not request.session.get('messages'):
             # Okay to continue with deleting openid
             return_to = request.urlgen(
                 'mediagoblin.plugins.openid.finish_delete')