[FIX] res_user: fix password management for wweb client + improve code readability in change_password

bzr revid: odo@openerp.com-20110107121201-wc6rrk8vjek5d2iw
2011-01-07 13:12:01 +01:00 · 2011-01-07 13:12:01 +01:00 · ae0c9ce10f
parent e8f67e8a30
commit ae0c9ce10f
1 changed files with 7 additions and 3 deletions
--- a/bin/addons/base/res/res_user.py
+++ b/bin/addons/base/res/res_user.py
@ -195,8 +195,10 @@ class users(osv.osv):
        return True

    def _set_new_password(self, cr, uid, id, name, value, args, context=None):
-        if not value:
-            raise osv.except_osv(_('Empty new password'), _('Please provide a new password value'))
+        if value is False:
+            # Do not update the password if no value is provided, ignore silently.
+            # For example web client submits False values for all empty fields.
+            return
        if uid == id:
            # To change their own password users must use the client-specific change password wizard,
            # so that the new password is immediately used for further RPC requests, otherwise the user
@ -497,8 +499,10 @@ class users(osv.osv):

        :return: True
        :raise: security.ExceptionNoTb when old password is wrong
+        :raise: except_osv when new password is not set or empty
        """
-        if new_passwd and self.check(cr.dbname, uid, old_passwd):
+        self.check(cr.dbname, uid, old_passwd)
+        if new_passwd:
            return self.write(cr, uid, uid, {'password': new_passwd})
        raise osv.except_osv(_('Warning!'), _("Setting empty passwords is not allowed for security reasons!"))