# HG changeset patch
# User sylvain.thenault@logilab.fr
# Date 1241536417 -7200
# Node ID e4f7d2ddc99abb8095c759c3cf9bdea2f7be786e
# Parent  7ff9f0726ee47ca3cde3d8ee54f675bd49a9a409# Parent  03ebeccf9f1dc7c608aebea41e15b2aa0225fe73
merge

diff -r 7ff9f0726ee4 -r e4f7d2ddc99a server/repository.py
--- a/server/repository.py	Tue May 05 17:13:30 2009 +0200
+++ b/server/repository.py	Tue May 05 17:13:37 2009 +0200
@@ -497,6 +497,7 @@
         given password. This method is designed to be used for anonymous
         registration on public web site.
         """
+        # XXX should not be called from web interface
         session = self.internal_session()
         # for consistency, keep same error as unique check hook (although not required)
         errmsg = session._('the value "%s" is already used, use another one')
diff -r 7ff9f0726ee4 -r e4f7d2ddc99a web/views/authentication.py
--- a/web/views/authentication.py	Tue May 05 17:13:30 2009 +0200
+++ b/web/views/authentication.py	Tue May 05 17:13:37 2009 +0200
@@ -53,11 +53,15 @@
         return cnx
 
     def login_from_email(self, login):
+        # XXX should not be called from web interface
         session = self.repo.internal_session()
-        rset = session.execute('Any L WHERE U login L, U primary_email M, '
-                               'M address %(login)s', {'login': login})
-        if rset.rowcount == 1:
-            login = rset[0][0]
+        try:
+            rset = session.execute('Any L WHERE U login L, U primary_email M, '
+                                   'M address %(login)s', {'login': login})
+            if rset.rowcount == 1:
+                login = rset[0][0]
+        finally:
+            session.close()
         return login
 
     def authenticate(self, req, _login=None, _password=None):