From 8291b1d5b79626a4ac262f15bd0cd0103c0b3949 Mon Sep 17 00:00:00 2001 From: Dan McGee Date: Tue, 4 May 2010 10:25:11 -0500 Subject: Ensure changing profile email doesn't reset password We weren't checking to see if the password form fields were empty before setting the user password, causing it to get reset if anything was filled out and submitted on this page. FS#19345. Signed-off-by: Dan McGee --- devel/views.py | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/devel/views.py b/devel/views.py index c202c735..63548c2a 100644 --- a/devel/views.py +++ b/devel/views.py @@ -45,19 +45,15 @@ def change_notify(request): return HttpResponseRedirect('/devel/') class ProfileForm(forms.Form): - email = forms.EmailField('E-mail Address') - passwd1 = forms.CharField('New Password', required=False, + email = forms.EmailField(label='E-mail Address') + passwd1 = forms.CharField(label='New Password', required=False, widget=forms.PasswordInput) - passwd2 = forms.CharField('Confirm Password', required=False, + passwd2 = forms.CharField(label='Confirm Password', required=False, widget=forms.PasswordInput) def clean(self): - if ('passwd1' not in self.cleaned_data and - 'passwd2' not in self.cleaned_data): - return self.cleaned_data - if self.cleaned_data['passwd1'] != self.cleaned_data['passwd2']: - raise forms.ValidationError('Passwords do not match') + raise forms.ValidationError('Passwords do not match.') return self.cleaned_data @login_required @@ -66,7 +62,8 @@ def change_profile(request): form = ProfileForm(request.POST) if form.is_valid(): request.user.email = form.cleaned_data['email'] - request.user.set_password(form.cleaned_data['passwd1']) + if form.cleaned_data['passwd1']: + request.user.set_password(form.cleaned_data['passwd1']) request.user.save() return HttpResponseRedirect('/devel/') else: -- cgit v1.1-4-g5e80