summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMalcolm Tredinnick <malcolm.tredinnick@gmail.com>2006-09-22 12:01:15 +0000
committerMalcolm Tredinnick <malcolm.tredinnick@gmail.com>2006-09-22 12:01:15 +0000
commit9e05fc1598a676246bfbbd4113a5bcf9d3796642 (patch)
tree1321bac8d2fe5e67359c2c9801a52ae99f525c06
parent14be60c4cb68ccd3062fc241ff2b9947fb010b98 (diff)
Fixed #2770 -- Fixed a database connection leak in
django.contrib.auth.handlers.modpython. git-svn-id: http://code.djangoproject.com/svn/django/trunk@3789 bcc190cf-cafb-0310-a4f2-bffc1f526a37
-rw-r--r--django/contrib/auth/handlers/modpython.py31
1 files changed, 18 insertions, 13 deletions
diff --git a/django/contrib/auth/handlers/modpython.py b/django/contrib/auth/handlers/modpython.py
index e6719794a1..c7d921313d 100644
--- a/django/contrib/auth/handlers/modpython.py
+++ b/django/contrib/auth/handlers/modpython.py
@@ -22,6 +22,8 @@ def authenhandler(req, **kwargs):
os.environ['DJANGO_SETTINGS_MODULE'] = settings_module
from django.contrib.auth.models import User
+ from django import db
+ db.reset_queries()
# check that the username is valid
kwargs = {'username': req.user, 'is_active': True}
@@ -30,18 +32,21 @@ def authenhandler(req, **kwargs):
if superuser_only:
kwargs['is_superuser'] = True
try:
- user = User.objects.get(**kwargs)
- except User.DoesNotExist:
- return apache.HTTP_UNAUTHORIZED
-
- # check the password and any permission given
- if user.check_password(req.get_basic_auth_pw()):
- if permission_name:
- if user.has_perm(permission_name):
- return apache.OK
+ try:
+ user = User.objects.get(**kwargs)
+ except User.DoesNotExist:
+ return apache.HTTP_UNAUTHORIZED
+
+ # check the password and any permission given
+ if user.check_password(req.get_basic_auth_pw()):
+ if permission_name:
+ if user.has_perm(permission_name):
+ return apache.OK
+ else:
+ return apache.HTTP_UNAUTHORIZED
else:
- return apache.HTTP_UNAUTHORIZED
+ return apache.OK
else:
- return apache.OK
- else:
- return apache.HTTP_UNAUTHORIZED
+ return apache.HTTP_UNAUTHORIZED
+ finally:
+ db.connection.close()