better error handling for access-denied case

2 files changed, 16 insertions, 10 deletions

diff --git a/py-bin/jabberman.py b/py-bin/jabberman.py
index 90d019a..42b305b 100644
--- a/py-bin/jabberman.py
+++ b/py-bin/jabberman.py
@@ -307,15 +307,15 @@ class JabberManager:
 		
 		user_id = self.current_user.email
 		ok, status = self.jadb.change_jid_password(user_id, jid, password)
-		if jid == self.current_user.get_primary_jid():
-			if ok:
+		if ok:
+			if jid == self.current_user.get_primary_jid():
 				self.__set_session(user_id, password = password)
-			else:
+			return (True, "Passwort erfolgreich geaendert.")
+		else:
+			if jid == self.current_user.get_primary_jid():
 				self.__clear_session()
-				return (False, status)
-		
-		return (True, "Passwort erfolgreich geaendert.")
-		
+			return (False, status)
+
 	def is_acceptable_password(self, password, password2):
 		if password != password2:
 			return (False, "Passwoerter nicht identisch.")
diff --git a/py-bin/setup.py b/py-bin/setup.py
index a188a9b..d14bbd7 100644
--- a/py-bin/setup.py
+++ b/py-bin/setup.py
@@ -41,12 +41,18 @@ class SetupMixIn:
 			
 		ok, status = self.jman.is_acceptable_password(password, password2)
 		if not ok:
-			url = self.make_url([("cmd","set_pw_form"), ("error", status)])
+			url = self.make_url([("cmd","set_pw_form"), ("account", jid), ("error", status)])
 			self.redirect_to(req, url)
 			return
 		
-		self.jman.change_password(jid, password)
-		self.__redirect_to_main(req)
+		ok, status = self.jman.change_password(jid, password)
+		if ok:
+			self.__redirect_to_main(req)
+			return
+		else:
+			url = self.make_url([("cmd","set_pw_form"), ("account", jid), ("error", status)])
+			self.redirect_to(req, url)
+			return 
 	set_pw_process.web_callable = True
 	
 	def add_account_form(self, req):