# HG changeset patch
# User William Welliver <william@welliver.org>
# Date 1556981574 14400
#      Sat May 04 10:52:54 2019 -0400
# Node ID 29ed3500e1d8af5eea217bc2cd9258b869730d4e
# Parent  3f6ef5cf6dce3199ef63bc5ce9be40a5ce7544be
fix error when user isn't found.

diff --git a/auth/classes/auth/controller.pike b/auth/classes/auth/controller.pike
--- a/auth/classes/auth/controller.pike
+++ b/auth/classes/auth/controller.pike
@@ -1,160 +1,161 @@
 import Fins;
 
-inherit Fins.DocController;
+nherit Fins.DocController;
 
-protected program __default_template = Fins.Template.Simple;
+rotected program __default_template = Fins.Template.Simple;
 
-//! this is a sample authentication handler module which can be customized
-//! to fit the particular needs of your application
-//!
-//! this provider uses a form to gather authentication information
-//! and stores the validated user identifier (what that actually is 
-//! will depend on the behavior of the @[find_user] method) in the 
-//! session.
-//! 
-//! the application may pass "return_to" in the request variable mapping
-//! which will be used to determine the url the application will return to
-//! following a successful authentication.
+/! this is a sample authentication handler module which can be customized
+/! to fit the particular needs of your application
+/!
+/! this provider uses a form to gather authentication information
+/! and stores the validated user identifier (what that actually is 
+/! will depend on the behavior of the @[find_user] method) in the 
+/! session.
+/! 
+/! the application may pass "return_to" in the request variable mapping
+/! which will be used to determine the url the application will return to
+/! following a successful authentication.
 
-//! method which is called to determine if a user should be considered "authenticated".
-//! this method accepts the request object and should return 
-//! zero if the user was not successfully authenticated, or a value
-//! which will be placed in the current session as "user".
-function(Fins.Request,Fins.Response,Fins.Template.View:mixed...) validate_user = default_validate_user;
+/! method which is called to determine if a user should be considered "authenticated".
+/! this method accepts the request object and should return 
+/! zero if the user was not successfully authenticated, or a value
+/! which will be placed in the current session as "user".
+unction(Fins.Request,Fins.Response,Fins.Template.View:mixed...) validate_user = default_validate_user;
 
-//! method which is called to locate a user's password.
-//! this method accepts the request object and should return either a
-//! user object with "email" and "password" fields, or a mapping with these
-//! two indices.
-function(Fins.Request,Fins.Response,Fins.Template.View:mixed...) find_user_password = default_find_user_password;
+/! method which is called to locate a user's password.
+/! this method accepts the request object and should return either a
+/! user object with "email" and "password" fields, or a mapping with these
+/! two indices.
+unction(Fins.Request,Fins.Response,Fins.Template.View:mixed...) find_user_password = default_find_user_password;
 
-//! method which is called to reset a user's password.
-//! 
-//! @returns
-//!   0 upon failure, should also set response flash message describing the difficulty.
-function(Fins.Request,Fins.Response,Fins.Template.View,mixed,string:mixed...) reset_password = default_reset_password;
+/! method which is called to reset a user's password.
+/! 
+/! @returns
+/!   0 upon failure, should also set response flash message describing the difficulty.
+unction(Fins.Request,Fins.Response,Fins.Template.View,mixed,string:mixed...) reset_password = default_reset_password;
 
 
-//! method which is called upon successful login
-function(Fins.Request,Fins.Response,Fins.Template.View,mixed...:void) on_login;
+/! method which is called upon successful login
+unction(Fins.Request,Fins.Response,Fins.Template.View,mixed...:void) on_login;
 
-//! method which is called upon successful logout
-function(Fins.Request,Fins.Response,Fins.Template.View,mixed...:void) on_logout;
+/! method which is called upon successful logout
+unction(Fins.Request,Fins.Response,Fins.Template.View,mixed...:void) on_logout;
 
-//! method which is called upon successful password reset
-function(Fins.Request,Fins.Response,Fins.Template.View,mixed...:void) on_reset;
+/! method which is called upon successful password reset
+unction(Fins.Request,Fins.Response,Fins.Template.View,mixed...:void) on_reset;
 
 
-//! 
-object|function default_action;
+/! 
+bject|function default_action;
 
-//! default startup method. sets @[default_action] to be the root of the 
-//! current application. custom applications should override this method 
-//! and set this value appropriately.
-void start()
-{
-  default_action = app->controller;
-}
+/! default startup method. sets @[default_action] to be the root of the 
+/! current application. custom applications should override this method 
+/! and set this value appropriately.
+oid start()
+
+ default_action = app->controller;
+
 
-//! default user authenticator, for data models where a user object represents 
-//! a user and the password is saved as a plain text string. 
-static mixed default_validate_user(Request id, Response response, Template.View t) 
-{ 
-  mixed r = Fins.Model.find.users( ([ "username": id->variables->username,
-                                      "password": id->variables->password
-                                    ]) );
+/! default user authenticator, for data models where a user object represents 
+/! a user and the password is saved as a plain text string. 
+tatic mixed default_validate_user(Request id, Response response, Template.View t) 
+ 
+ mixed r = Fins.Model.find.users( ([ "username": id->variables->username,
+                                     "password": id->variables->password
+                                   ]) );
 
-  t->add("username", id->variables->username);
+ t->add("username", id->variables->username);
 
-  if(r && sizeof(r)) return r[0];
-  else return 0;
-}
+ if(r && sizeof(r)) return r[0];
+ else return 0;
+
 
 
-//! default user authenticator, for data models where a user object represents
-//! a user and the password field contains a MD5 crypt string.
-static mixed md5_validate_user(Request id, Response response, Template.View t)
-{
-  mixed r = Fins.Model.find.users( ([ "username": id->variables->username,
-                                    ]) );
+/! default user authenticator, for data models where a user object represents
+/! a user and the password field contains a MD5 crypt string.
+tatic mixed md5_validate_user(Request id, Response response, Template.View t)
+
+ mixed r = Fins.Model.find.users( ([ "username": id->variables->username,
+                                   ]) );
 
-  if(r && (sizeof(r)== 1) && Crypto.verify_crypt_md5(id->variables->password, r[0]["password"]))
-  {
-    t->add("username", id->variables->username);
-    return r[0];
-  }
+ if(r && (sizeof(r)== 1) && Crypto.verify_crypt_md5(id->variables->password, r[0]["password"]))
+ {
+   t->add("username", id->variables->username);
+   return r[0];
+ }
 
-  // failure!
-  return 0;
-}
+ // failure!
+ return 0;
+
 
-//! the name of the template to use for sending the password via email.
-string password_template_name = "auth/sendpassword";
+/! the name of the template to use for sending the password via email.
+tring password_template_name = "auth/sendpassword";
 
-//! default password changer
-//!
-//! changes a user's password by setting the text of a field to the new value.
-//! 
-//! @note
-//!  this method receives a password which the user has typed twice (in order
-//!  to prevent typos. This method should perform other QA checks if necessary
-//!  (such as password complexity and aging tests).
-static mixed default_reset_password(Request id, Response response, Template.View t, mixed user, string newpassword)
-{
-  user["password"] = newpassword;
-  return 1;
-}
+/! default password changer
+/!
+/! changes a user's password by setting the text of a field to the new value.
+/! 
+/! @note
+/!  this method receives a password which the user has typed twice (in order
+/!  to prevent typos. This method should perform other QA checks if necessary
+/!  (such as password complexity and aging tests).
+tatic mixed default_reset_password(Request id, Response response, Template.View t, mixed user, string newpassword)
+
+ user["password"] = newpassword;
+ return 1;
+
 
-//! MD5 based password changer
-//!
-//! changes a user's password by setting the password field to an MD5 hash.
-//! 
-//! @note
-//!  this method receives a password which the user has typed twice (in order
-//!  to prevent typos. This method should perform other QA checks if necessary
-//!  (such as password complexity and aging tests).
-//!
-//! @note
-//!  this method requires a field length longer than the maximum acceptable
-//!  password length. 
-static mixed md5_reset_password(Request id, Response response, Template.View t, mixed user, string newpassword)
-{
-  user["password"] = Crypto.make_crypt_md5(newpassword);
-  return 1;
-}
+/! MD5 based password changer
+/!
+/! changes a user's password by setting the password field to an MD5 hash.
+/! 
+/! @note
+/!  this method receives a password which the user has typed twice (in order
+/!  to prevent typos. This method should perform other QA checks if necessary
+/!  (such as password complexity and aging tests).
+/!
+/! @note
+/!  this method requires a field length longer than the maximum acceptable
+/!  password length. 
+tatic mixed md5_reset_password(Request id, Response response, Template.View t, mixed user, string newpassword)
 
-//! default user password locator
-//! 
-static mixed default_find_user_password(Request id, Response response, Template.View t)
-{
+ user["password"] = Crypto.make_crypt_md5(newpassword);
+ return 1;
+
+
+/! default user password locator
+/! 
+tatic mixed default_find_user_password(Request id, Response response, Template.View t)
+
+
+ mixed r = Fins.Model.find.users( ([ "username": id->variables->username
+                                   ]) );
 
-  mixed r = Fins.Model.find.users( ([ "username": id->variables->username
-                                    ]) );
+ t->add("username", id->variables->username);
+
+ if(r && sizeof(r)) return r[0];
+ else return 0;
+
 
-  t->add("username", id->variables->username);
+/! MD5-crypt based user password locator
+/! 
+/! @note
+/!  this method will reset the password of the user, as the original password isn't available.
+tatic mixed md5_find_user_password(Request id, Response response, Template.View t)
 
-  if(r && sizeof(r)) return r[0];
-  else return 0;
-}
 
-//! MD5-crypt based user password locator
-//! 
-//! @note
-//!  this method will reset the password of the user, as the original password isn't available.
-static mixed md5_find_user_password(Request id, Response response, Template.View t)
-{
+ mixed r = Fins.Model.find.users( ([ "username": id->variables->username
+                                   ]) );
+
+ t->add("username", id->variables->username);
+ if(!r || !sizeof(r)) return 0;
 
-  mixed r = Fins.Model.find.users( ([ "username": id->variables->username
-                                    ]) );
-
-  t->add("username", id->variables->username);
+ string newpass = Tools.String.generate_password(10);
 
-  string newpass = Tools.String.generate_password(10);
+ r[0]["password"] = Crypto.make_crypt_md5(newpass);
 
-  r[0]["password"] = Crypto.make_crypt_md5(newpass);
+ return (["email": r[0]["email"], "password": newpass]);
 
-  if(r && sizeof(r)) return (["email": r[0]["email"], "password": newpass]);
-  else return 0;
 }
 
 static string generate_password()