Prevent login on accounts that have been converted to organizations. Fix a bug in the tags api.

data/model.py

@@ -103,10 +103,13 @@ def convert_user_to_organization(user, admin_user):
   # Change the user to an organization.
   user.organization = True
 
-  # TODO: disable this account for login.
-  user.password = ''
+  # disable this account for login.
+  user.password_hash = None
   user.save()
 
+  # Clear any federated auth pointing to this user
+  FederatedLogin.delete().where(FederatedLogin.user == user).execute()
+
   # Create a team for the owners
   owners_team = create_team('owners', user, 'admin')
 
@@ -695,9 +698,13 @@ def delete_tag(namespace_name, repository_name, tag_name):
 
 
 def delete_all_repository_tags(namespace_name, repository_name):
-  repo = Repository.get(Repository.name == repository_name,
-                        Repository.namespace == namespace_name)
-  RepositoryTag.delete().where(RepositoryTag.repository == repo)
+  try:
+    repo = Repository.get(Repository.name == repository_name,
+                          Repository.namespace == namespace_name)
+  except Repository.DoesNotExist:
+    raise DataModelException('Invalid repository \'%s/%s\'' %
+                             (namespace_name, repository_name))
+  RepositoryTag.delete().where(RepositoryTag.repository == repo).execute()
 
 
 def __entity_permission_repo_query(entity_id, entity_table,