From 9e05fc1598a676246bfbbd4113a5bcf9d3796642 Mon Sep 17 00:00:00 2001 From: Malcolm Tredinnick Date: Fri, 22 Sep 2006 12:01:15 +0000 Subject: [PATCH] Fixed #2770 -- Fixed a database connection leak in django.contrib.auth.handlers.modpython. git-svn-id: http://code.djangoproject.com/svn/django/trunk@3789 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- django/contrib/auth/handlers/modpython.py | 31 +++++++++++++---------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/django/contrib/auth/handlers/modpython.py b/django/contrib/auth/handlers/modpython.py index e6719794a19..c7d921313d5 100644 --- a/django/contrib/auth/handlers/modpython.py +++ b/django/contrib/auth/handlers/modpython.py @@ -22,6 +22,8 @@ def authenhandler(req, **kwargs): os.environ['DJANGO_SETTINGS_MODULE'] = settings_module from django.contrib.auth.models import User + from django import db + db.reset_queries() # check that the username is valid kwargs = {'username': req.user, 'is_active': True} @@ -30,18 +32,21 @@ def authenhandler(req, **kwargs): if superuser_only: kwargs['is_superuser'] = True try: - user = User.objects.get(**kwargs) - except User.DoesNotExist: - return apache.HTTP_UNAUTHORIZED - - # check the password and any permission given - if user.check_password(req.get_basic_auth_pw()): - if permission_name: - if user.has_perm(permission_name): - return apache.OK + try: + user = User.objects.get(**kwargs) + except User.DoesNotExist: + return apache.HTTP_UNAUTHORIZED + + # check the password and any permission given + if user.check_password(req.get_basic_auth_pw()): + if permission_name: + if user.has_perm(permission_name): + return apache.OK + else: + return apache.HTTP_UNAUTHORIZED else: - return apache.HTTP_UNAUTHORIZED + return apache.OK else: - return apache.OK - else: - return apache.HTTP_UNAUTHORIZED + return apache.HTTP_UNAUTHORIZED + finally: + db.connection.close()