StormpathError results in account deletion on save

[smcoll]

i noticed this issue when using the admin change password form with a password not meeting the Stormpath directory's password requirements.

For example, try entering an invalid password (like 'foo') twice at /admin/django_stormpath/stormpathuser/1/password/

In some cases, the account is removed from Stormpath and the database.

In StormpathUser._update_stormpath_user(), any StormpathError results in an ObjectDoesNotExist. When called from StormpathUser._update_for_db_and_stormpath(), an ObjectDoesNotExist results in a self.delete().

It seems that the solution would be to further inspect the StormpathError before deciding to return an ObjectDoesNotExist, which may not be accurate.

[avojnovicDk]

Hey @smcoll, thanks for your detailed report! StormpathError can occur for various reasons, so it really shouldn't raise this error (and delete account!) without inspecting it. However, I didn't manage to reproduce described scenario - changing password in Django admin did nothing, and my user could still login with old password. Would you mind telling me which stormpath-django version are you using? Thanks!

[smcoll]

@avojnovicDk i was using the latest released version of stormpath_django at the time. i had ported stormpath users from another user model (perhaps incorrectly), so likely the error was related to some edge case resulting from that. Given that you've addressed this ticket with #53, i suppose this ticket can be closed. Thanks for your attention on this issue!