diff --git a/api/handlers.py b/api/handlers.py
index 89e7d88..c376486 100644
--- a/api/handlers.py
+++ b/api/handlers.py
@@ -57,16 +57,16 @@ class LoginHandler(BaseHandler):
             except (User.DoesNotExist, ValueError):
                 return rc.NOT_HERE
 
-        if 'user' in request.GET:
+        if request.GET.get('user', None):
             try:
                 u = User.objects.get(username=request.GET['user'])
             except User.DoesNotExist:
                 return rc.NOT_HERE
 
         d = { 'auth': 'ok', 'id': u.id, 'username': u.username,
-              'password': u.password, 'email': u.email, 'groups': u.groups.all() }
+              'email': u.email, 'groups': u.groups.all() }
 
-        if request.GET['pass'] == user.password:
+        if request.GET.get('pass', None) and request.GET['pass'] == u.password:
             return d
 
         return { 'auth': 'failed' }
diff --git a/api/models.py b/api/models.py
index 65e63b9..7077e5f 100644
--- a/api/models.py
+++ b/api/models.py
@@ -10,7 +10,7 @@ class AuthAPIKey(models.Model):
     key = models.CharField("API Key", max_length=200)
 
     def save(self, *args, **kwargs):
-        if not key or key = '':
+        if not key or key == '':
             self.key = uuid.uuid4()
 
         models.Model.save(self, *args, **kwargs)