Commits

Thomas Waldmann committed c36e869

avoid crash on password change submit if we have no enc_password stored

can happen e.g. when using GivenAuth to just login in (and autocreate)
some specific user. that user won't have a enc_password then.

for the password change form, we require the user to give the old password
and the new one. if we have no enc_password stored, that should just fail
(and it does fail now, but not crash).

  • Participants
  • Parent commits ee71ed6
  • Branches namespaces

Comments (0)

Files changed (1)

         :rtype: 2 tuple (bool, bool)
         :returns: password is valid, enc_password changed
         """
-        pw_hash = data['enc_password']
+        pw_hash = data.get('enc_password')
 
         # If we have no password set, we don't accept login with username.
         # Require non-empty password.