# HG changeset patch
# User Søren Løvborg <kwi@kwi.dk>
# Date 2015-07-14 13:59:59
# Node ID 64eba8fcde2bdaf174295a7c2bab4d75cc7d25c0
# Parent  b41bdfdb3b168ea5c1fe3a11b7e3b684e0a57cee

AuthSettingsController: don't validate options for disabled plugins

If the user disables a plugin, any submitted settings for that plugin
should be disregarded (neither validated nor stored in the database).

diff --git a/kallithea/controllers/admin/auth_settings.py b/kallithea/controllers/admin/auth_settings.py
--- a/kallithea/controllers/admin/auth_settings.py
+++ b/kallithea/controllers/admin/auth_settings.py
@@ -100,8 +100,24 @@ class AuthSettingsController(BaseControl
     def auth_settings(self):
         """POST create and store auth settings"""
         self.__load_defaults()
+        log.debug("POST Result: %s", formatted_json(dict(request.POST)))
+
+        # First, parse only the plugin list (not the plugin settings).
+        _auth_plugins_validator = AuthSettingsForm([]).fields['auth_plugins']
+        try:
+            new_enabled_plugins = _auth_plugins_validator.to_python(request.POST.get('auth_plugins'))
+        except formencode.Invalid:
+            pass
+        else:
+            # Hide plugins that the user has asked to be disabled, but
+            # do not show plugins that the user has asked to be enabled
+            # (yet), since that'll cause validation errors and/or wrong
+            # settings being applied (e.g. checkboxes being cleared),
+            # since the plugin settings will not be in the POST data.
+            c.enabled_plugins = [ p for p in c.enabled_plugins if p in new_enabled_plugins ]
+
+        # Next, parse everything including plugin settings.
         _form = AuthSettingsForm(c.enabled_plugins)()
-        log.debug("POST Result: %s" % formatted_json(dict(request.POST)))
 
         try:
             form_result = _form.to_python(dict(request.POST))