Changeset - 995254e30c7b
Parent rev.
Child rev.
[Not reviewed]
default
0 1 0
Mads Kiilerich - 9 years ago 2016-09-12 17:41:19
madski@unity3d.com
user: when updating a user, never set the password to None - the field is not nullable

We also don't allow setting empty password. Setting the database value to empty
string is secure but will never match any password.
1 file changed with 1 insertions and 1 deletions:
kallithea/model/user.py
1
1
0 comments (0 inline, 0 general)
kallithea/model/user.py
Show inline comments
 
@@ -160,13 +160,13 @@ class UserModel(BaseModel):
 
            password_change = new_user.password and \
 
                not check_password(password, new_user.password)
 
            if not edit or password_change:
 
                reason = 'new password' if edit else 'new user'
 
                log.debug('Updating password reason=>%s', reason)
 
                new_user.password = get_crypt_password(password) \
 
                    if password else None
 
                    if password else ''
 

			




	
	
	
		
 
            self.sa.add(new_user)

			




	
	
	
		
 

			




	
	
	
		
 
            if not edit:

			




	
	
	
		
 
                log_create_user(new_user.get_dict(), cur_user)

			




	
	
	
		
 
            return new_user

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.