# HG changeset patch
# User Mads Kiilerich <madski@unity3d.com>
# Date 2016-09-12 17:41:19
# Node ID 995254e30c7bfaeb74e3b813fa0ceb53aef4404e
# Parent  940a48e28a03017775606c32446526297619cbb7

user: when updating a user, never set the password to None - the field is not nullable

We also don't allow setting empty password. Setting the database value to empty
string is secure but will never match any password.

diff --git a/kallithea/model/user.py b/kallithea/model/user.py
--- a/kallithea/model/user.py
+++ b/kallithea/model/user.py
@@ -163,7 +163,7 @@ class UserModel(BaseModel):
                 reason = 'new password' if edit else 'new user'
                 log.debug('Updating password reason=>%s', reason)
                 new_user.password = get_crypt_password(password) \
-                    if password else None
+                    if password else ''
 
             self.sa.add(new_user)