~azzar1/unity/add-show-desktop-key

Viewing changes to www/apps/userservice/__init__.py

Committer: me at id
Date: 2009-02-02 04:42:36 UTC
Revision ID: svn-v4:2b9c9e99-6f39-0410-b283-7f802c844ae2:trunk:1190

www/apps/userservice#get_user: Fix fallout from the Storm migration.
    ivle.auth.authenticate.authenticate now wants a store, so we give it one.
    We also perform the old password check before we set attributes on the
    user, as otherwise the new password will always succeed (as the hash has
    already been updated).

files modified:
www/apps/userservice/__init__.py

Show diffs side-by-side

added added

removed removed

www/apps/userservice/__init__.py

361

362

user = ivle.database.User.get_by_login(req.store, login)

363

364

# Make a dict of fields to update

365

364

oldpassword = fields.getfirst('oldpass')

366

for f in fieldlist:

367

val = fields.getfirst(f)

368

if val is not None:

369

# Note: May be rolled back if auth check below fails

370

setattr(user, f, val.value.decode('utf-8'))

371

else:

372

pass

365

if oldpassword is not None: # It was specified.

366

oldpassword = oldpassword.value

373

367

374

368

# If the user is trying to set a new password, check that they have

375

369

# entered old password and it authenticates.

376

370

if fields.getfirst('password') is not None:

377

371

try:

378

authenticate.authenticate(login, oldpassword)

372

authenticate.authenticate(req.store, login, oldpassword)

379

373

except AuthError:

380

374

req.headers_out['X-IVLE-Action-Error'] = \

381

375

urllib.quote("Old password incorrect.")

384

378

req.store.rollback()

385

379

return

386

380

381