summaryrefslogtreecommitdiff
path: root/devel
diff options
context:
space:
mode:
authorDan McGee <dan@archlinux.org>2010-05-04 10:25:11 -0500
committerDan McGee <dan@archlinux.org>2010-05-04 10:25:11 -0500
commit8291b1d5b79626a4ac262f15bd0cd0103c0b3949 (patch)
treee15e03899af102a5c169e353bf7a8ffe60b8b301 /devel
parent2b1256434c8fb50e695b9cbaec3f178706a7d5cd (diff)
Ensure changing profile email doesn't reset password
We weren't checking to see if the password form fields were empty before setting the user password, causing it to get reset if anything was filled out and submitted on this page. FS#19345. Signed-off-by: Dan McGee <dan@archlinux.org>
Diffstat (limited to 'devel')
-rw-r--r--devel/views.py15
1 files changed, 6 insertions, 9 deletions
diff --git a/devel/views.py b/devel/views.py
index c202c735..63548c2a 100644
--- a/devel/views.py
+++ b/devel/views.py
@@ -45,19 +45,15 @@ def change_notify(request):
return HttpResponseRedirect('/devel/')
class ProfileForm(forms.Form):
- email = forms.EmailField('E-mail Address')
- passwd1 = forms.CharField('New Password', required=False,
+ email = forms.EmailField(label='E-mail Address')
+ passwd1 = forms.CharField(label='New Password', required=False,
widget=forms.PasswordInput)
- passwd2 = forms.CharField('Confirm Password', required=False,
+ passwd2 = forms.CharField(label='Confirm Password', required=False,
widget=forms.PasswordInput)
def clean(self):
- if ('passwd1' not in self.cleaned_data and
- 'passwd2' not in self.cleaned_data):
- return self.cleaned_data
-
if self.cleaned_data['passwd1'] != self.cleaned_data['passwd2']:
- raise forms.ValidationError('Passwords do not match')
+ raise forms.ValidationError('Passwords do not match.')
return self.cleaned_data
@login_required
@@ -66,7 +62,8 @@ def change_profile(request):
form = ProfileForm(request.POST)
if form.is_valid():
request.user.email = form.cleaned_data['email']
- request.user.set_password(form.cleaned_data['passwd1'])
+ if form.cleaned_data['passwd1']:
+ request.user.set_password(form.cleaned_data['passwd1'])
request.user.save()
return HttpResponseRedirect('/devel/')
else: