diff options
| author | Christopher Allan Webber <cwebber@dustycloud.org> | 2013-07-10 17:50:14 -0500 |
|---|---|---|
| committer | Christopher Allan Webber <cwebber@dustycloud.org> | 2013-07-10 17:50:14 -0500 |
| commit | 8cd4f195b84c33d64e8d67250e49f3caf9604f07 (patch) | |
| tree | 0946d8cc6a4abbe93a39e3c662a543eaf23195f3 | |
| parent | a66fbf97d277222106002805723723b4b5bef726 (diff) | |
| parent | 537ce5973aef0c392be620d24993831812515df5 (diff) | |
| download | mediagoblin-8cd4f195b84c33d64e8d67250e49f3caf9604f07.tar.lz mediagoblin-8cd4f195b84c33d64e8d67250e49f3caf9604f07.tar.xz mediagoblin-8cd4f195b84c33d64e8d67250e49f3caf9604f07.zip | |
Merge remote-tracking branch 'refs/remotes/rodney757/misc'
| -rw-r--r-- | mediagoblin/meddleware/csrf.py | 2 | ||||
| -rw-r--r-- | mediagoblin/plugins/basic_auth/__init__.py | 5 | ||||
| -rw-r--r-- | mediagoblin/plugins/openid/views.py | 2 |
3 files changed, 6 insertions, 3 deletions
diff --git a/mediagoblin/meddleware/csrf.py b/mediagoblin/meddleware/csrf.py index 44d42d75..661f0ba2 100644 --- a/mediagoblin/meddleware/csrf.py +++ b/mediagoblin/meddleware/csrf.py @@ -111,7 +111,7 @@ class CsrfMeddleware(BaseMeddleware): httponly=True) # update the Vary header - response.vary = list(getattr(response, 'vary', None) or []) + ['Cookie'] + response.vary = (getattr(response, 'vary', None) or []) + ['Cookie'] def _make_token(self, request): """Generate a new token to use for CSRF protection.""" diff --git a/mediagoblin/plugins/basic_auth/__init__.py b/mediagoblin/plugins/basic_auth/__init__.py index c16d8855..33a554b0 100644 --- a/mediagoblin/plugins/basic_auth/__init__.py +++ b/mediagoblin/plugins/basic_auth/__init__.py @@ -59,7 +59,10 @@ def gen_password_hash(raw_pass, extra_salt=None): def check_password(raw_pass, stored_hash, extra_salt=None): - return auth_tools.bcrypt_check_password(raw_pass, stored_hash, extra_salt) + if stored_hash: + return auth_tools.bcrypt_check_password(raw_pass, + stored_hash, extra_salt) + return None def auth(): diff --git a/mediagoblin/plugins/openid/views.py b/mediagoblin/plugins/openid/views.py index 9566e38e..b639a4cb 100644 --- a/mediagoblin/plugins/openid/views.py +++ b/mediagoblin/plugins/openid/views.py @@ -342,7 +342,7 @@ def delete_openid(request): form.openid.errors.append( _('That OpenID is not registered to this account.')) - if not form.errors and not request.session['messages']: + if not form.errors and not request.session.get('messages'): # Okay to continue with deleting openid return_to = request.urlgen( 'mediagoblin.plugins.openid.finish_delete') |