aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--mediagoblin/meddleware/csrf.py2
-rw-r--r--mediagoblin/plugins/basic_auth/__init__.py5
-rw-r--r--mediagoblin/plugins/openid/views.py2
3 files changed, 6 insertions, 3 deletions
diff --git a/mediagoblin/meddleware/csrf.py b/mediagoblin/meddleware/csrf.py
index 44d42d75..661f0ba2 100644
--- a/mediagoblin/meddleware/csrf.py
+++ b/mediagoblin/meddleware/csrf.py
@@ -111,7 +111,7 @@ class CsrfMeddleware(BaseMeddleware):
httponly=True)
# update the Vary header
- response.vary = list(getattr(response, 'vary', None) or []) + ['Cookie']
+ response.vary = (getattr(response, 'vary', None) or []) + ['Cookie']
def _make_token(self, request):
"""Generate a new token to use for CSRF protection."""
diff --git a/mediagoblin/plugins/basic_auth/__init__.py b/mediagoblin/plugins/basic_auth/__init__.py
index c16d8855..33a554b0 100644
--- a/mediagoblin/plugins/basic_auth/__init__.py
+++ b/mediagoblin/plugins/basic_auth/__init__.py
@@ -59,7 +59,10 @@ def gen_password_hash(raw_pass, extra_salt=None):
def check_password(raw_pass, stored_hash, extra_salt=None):
- return auth_tools.bcrypt_check_password(raw_pass, stored_hash, extra_salt)
+ if stored_hash:
+ return auth_tools.bcrypt_check_password(raw_pass,
+ stored_hash, extra_salt)
+ return None
def auth():
diff --git a/mediagoblin/plugins/openid/views.py b/mediagoblin/plugins/openid/views.py
index 9566e38e..b639a4cb 100644
--- a/mediagoblin/plugins/openid/views.py
+++ b/mediagoblin/plugins/openid/views.py
@@ -342,7 +342,7 @@ def delete_openid(request):
form.openid.errors.append(
_('That OpenID is not registered to this account.'))
- if not form.errors and not request.session['messages']:
+ if not form.errors and not request.session.get('messages'):
# Okay to continue with deleting openid
return_to = request.urlgen(
'mediagoblin.plugins.openid.finish_delete')
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-15 04:37:24 +0000