Mercurial > kallithea
changeset 6203:995254e30c7b
user: when updating a user, never set the password to None - the field is not nullable
We also don't allow setting empty password. Setting the database value to empty
string is secure but will never match any password.
author | Mads Kiilerich <madski@unity3d.com> |
---|---|
date | Mon, 12 Sep 2016 17:41:19 +0200 |
parents | 940a48e28a03 |
children | 09dc083f461f |
files | kallithea/model/user.py |
diffstat | 1 files changed, 1 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/model/user.py Mon Sep 12 17:41:19 2016 +0200 +++ b/kallithea/model/user.py Mon Sep 12 17:41:19 2016 +0200 @@ -163,7 +163,7 @@ reason = 'new password' if edit else 'new user' log.debug('Updating password reason=>%s', reason) new_user.password = get_crypt_password(password) \ - if password else None + if password else '' self.sa.add(new_user)