From 75c56182392988b9e82ec309109410b7f4371e7d Mon Sep 17 00:00:00 2001
From: Simon Brooke <simon@journeyman.cc>
Date: Mon, 11 Sep 2017 07:53:36 +0100
Subject: [PATCH] Fixed bug where password could be blanked if a user was
 edited and no new password set

---
 resources/passwd             |  2 +-
 src/smeagol/authenticate.clj |  4 +++-
 src/smeagol/routes/admin.clj | 10 ++++++++--
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/resources/passwd b/resources/passwd
index fe61aaf..6b5e6ac 100644
--- a/resources/passwd
+++ b/resources/passwd
@@ -1 +1 @@
-{:admin {:admin true, :email "info@weft.scot", :password "admin"}}
+{:admin {:admin true, :email "info@weft.scot", :password "admin"}, :jenny {:email "jenny@auchencairn.org", :admin false, :password "$s0$f0801$1uniQfftB37G5e5GklJANQ==$kQ0+/YcCuaz2x5iYjwhNlDlnWX/exE/8pSC+R4C0WvQ="}}
\ No newline at end of file
diff --git a/src/smeagol/authenticate.clj b/src/smeagol/authenticate.clj
index 9b82fcd..8f83703 100644
--- a/src/smeagol/authenticate.clj
+++ b/src/smeagol/authenticate.clj
@@ -133,7 +133,9 @@
 
 
 (defn add-user
-  "Add a user to the passwd file with this `username`, initial password and `email` address and `admin`  flag."
+  "Add a user to the passwd file with this `username`, initial password `newpass`,
+  `email` address and `admin`  flag; *or*, modify an existing user. Return true
+  if user is successfully stored, false otherwise."
   [username newpass email admin]
   (timbre/info  "Trying to add user " username)
   (cond
diff --git a/src/smeagol/routes/admin.clj b/src/smeagol/routes/admin.clj
index 2ca7d40..9491116 100644
--- a/src/smeagol/routes/admin.clj
+++ b/src/smeagol/routes/admin.clj
@@ -69,10 +69,16 @@
             check-pass (auth/evaluate-password pass1 pass2)
             password (if (and pass1 (true? check-pass)) pass1)
             stored (if
-                     (:email params)
+                     (and
+                      (:email params)
+                      (or
+                       (nil? pass1)
+                       (zero? (count pass1))
+                       (true? check-pass)))
                      (auth/add-user target password (:email params) (:admin params)))
             message (if stored (str (:save-user-success (util/get-messages request)) " " target "."))
-            error (if (and (:email params) (not stored))
+            error (if
+                    (and (:email params) (not stored))
                     (str
                       (:save-user-fail (util/get-messages request))
                       " " target ". "