From ad86c14ca0d325cbd87526e5db093e25ecff4111 Mon Sep 17 00:00:00 2001
From: Andrew Williams <andy@tensixtyone.com>
Date: Mon, 18 Oct 2010 15:44:04 +0100
Subject: [PATCH] Limit returned fields on user lookup

---
 sso/views.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/sso/views.py b/sso/views.py
index a4cf4fd..82479c4 100644
--- a/sso/views.py
+++ b/sso/views.py
@@ -308,17 +308,17 @@ def user_lookup(request):
             users = None
             uids = []
             if form.cleaned_data['type'] == '1':
-                users = User.objects.filter(username__icontains=form.cleaned_data['username'])
+                users = User.objects.filter(username__icontains=form.cleaned_data['username']).only('username')
             elif form.cleaned_data['type'] == '2':
                 uid = EVEAccount.objects.filter(characters__name__icontains=form.cleaned_data['username']).values('user')
                 for u in uid: uids.append(u['user'])
-                users = User.objects.filter(id__in=uids)
+                users = User.objects.filter(id__in=uids).only('username')
             elif form.cleaned_data['type'] == '3':
                 uid = RedditAccount.objects.filter(username__icontains=form.cleaned_data['username']).values('user')
                 for u in uid: uids.append(u['user'])
-                users = User.objects.filter(id__in=uids)
+                users = User.objects.filter(id__in=uids).only('username')
             elif form.cleaned_data['type'] == '4':
-                users = User.objects.filter(email__icontains=form.cleaned_data['username'])
+                users = User.objects.filter(email__icontains=form.cleaned_data['username']).only('username')
             else:
                 request.user.message_set.create(message="Error parsing form, Type: %s, Value: %s" % (form.cleaned_data['type'], form.cleaned_data['username']))
                 return HttpResponseRedirect(reverse('sso.views.user_lookup'))