Changeset 2710

Timestamp:

19 Nov 2007, 20:29:10 (17 years ago)

Author:

Henrik Bettermann

Message:

see ticket #398

Joachim, please check!

Location:

WAeUP_SRP

Files:

• base/WAeUPTool.py (modified) (3 diffs)
• base/Widgets.py (modified) (2 diffs)
• base/skins/cps_custom/logged_in.py (modified) (2 diffs)
• base/skins/waeup_default/user_logged_in_disabled.pt (added)
• uniben/profiles/default/layouts/members.xml (modified) (1 diff)

WAeUP_SRP/base/WAeUPTool.py

@@ -445 +445 @@
     security.declareProtected(View,'getCredential') ###(
     def getCredential(self,student_id):
-        "return a student password"
         student_entry = getattr(self.portal_directories.students,student_id,None)
         if not self.isStaff():
@@ -458 +457 @@
     ###)
 
-    security.declarePublic('checkPassword') ###(
+    security.declarePublic('checkPassword')
     def checkPassword(self,student_id,password):
-        "return a student password"
         student_entry = getattr(self.portal_directories.students,student_id,None)
         if student_entry is None:
             return False
         return getattr(student_entry,"password","not set") == password
-    ###)
+        
+    security.declarePublic('checkGenericPassword')
+    def checkGenericPassword(self,member_id):
+        member_entry = getattr(self.portal_directories.members,member_id,None)
+        if member_entry is None:
+            return False
+        ltool = getToolByName(self, 'portal_layouts')   
+        unsecure_words = ltool._getOb('members')['w__password'].check_words
+        return getattr(member_entry,"password","not set") in unsecure_words 
 
     security.declareProtected(ModifyPortalContent,'editPassword') ###(
@@ -1829 +1835 @@
                 if not validators[k](ds,mode=mode):
                     if error_count:
-                        error_string += ' ++ ' 
+                        error_string += ' ++ '
                     error_string += "%s: %s" % (k,
                                                   self.translation_service(ds.getError(k),

WAeUP_SRP/base/Widgets.py

@@ -10 +10 @@
 from Products.CMFCore.utils import getToolByName
 from Products.CPSSchemas.BasicWidgets import CPSBooleanWidget, CPSWidget, CPSStringWidget, CPSEmailWidget,CPSImageWidget
-from Products.CPSSchemas.BasicWidgets import CPSFileWidget
+from Products.CPSSchemas.BasicWidgets import CPSFileWidget, CPSPasswordWidget
 from Products.CPSSchemas.BasicWidgets import renderHtmlTag,CPSSelectWidget, CPSStringWidget
 from Products.CPSSchemas.ExtendedWidgets import CPSDateTimeWidget
@@ -29 +29 @@
 
 #from zLOG import LOG, DEBUG
+
+
+class WAeUPPasswordWidget(CPSPasswordWidget):
+    """WAeUP Password Widget"""
+    meta_type = 'WAeUP Password Widget'
+
+    _properties = CPSStringWidget._properties + (
+        {'id': 'password_widget', 'type': 'string', 'mode': 'w',
+         'label': 'Password widget to compare with'},
+        {'id': 'check_lower', 'type': 'boolean', 'mode': 'w',
+         'label': 'Checking at least one lower case [a-z]'},
+        {'id': 'check_upper', 'type': 'boolean', 'mode': 'w',
+         'label': 'Checking at least one upper case [A-Z]'},
+        {'id': 'check_digit', 'type': 'boolean', 'mode': 'w',
+         'label': 'Checking at least one digit [0-9]'},
+        {'id': 'check_extra', 'type': 'boolean', 'mode': 'w',
+         'label': 'Checking at least one extra char other than [a-zA-Z0-9]'},
+        {'id': 'check_words', 'type': 'string', 'mode': 'w',
+         'label': 'Checking for words'},
+        )        
+
+    field_types = ('CPS Password Field',)
+    password_widget = ''
+    check_lower = 0
+    check_upper = 0
+    check_digit = 0
+    check_extra = 0
+    check_words = ''
+    display_width = 8
+    size_min = 5
+    size_max = 8
+
+    def validate(self, datastructure, **kw):
+        """Validate datastructure and update datamodel."""
+        widget_id = self.getWidgetId()
+        value = datastructure[widget_id]
+        err = 0
+        try:
+            v = str(value).strip()
+        except ValueError:
+            err = 'cpsschemas_err_string'
+        else:
+            if self.password_widget:
+                # here we only check that that our confirm match the pwd
+                pwidget_id = self.password_widget
+                pvalue = datastructure[pwidget_id]
+                datastructure[widget_id] = ''
+                datastructure[pwidget_id] = ''
+                pv = str(pvalue).strip()
+                if pv and v != pv:
+                    err = 'cpsschemas_err_password_mismatch'
+            else:
+                if not v:
+                    if self.is_required:
+                        datamodel = datastructure.getDataModel()
+                        if not datamodel[self.fields[0]]:
+                            err = 'cpsschemas_err_required'
+                else:
+                    # checking pw consistancy
+                    len_v = len(v)
+                    if not err and self.size_max and len_v > self.size_max:
+                        err = 'cpsschemas_err_string_too_long'
+                    if not err and self.size_min and len_v < self.size_min:
+                        err = 'cpsschemas_err_password_size_min'
+                    if not err and self.check_lower and not search(r'[a-z]', v):
+                        err = 'cpsschemas_err_password_lower'
+                    if not err and self.check_upper and not search(r'[A-Z]', v):
+                        err = 'cpsschemas_err_password_upper'
+                    if not err and self.check_digit and not search(r'[0-9]', v):
+                        err = 'cpsschemas_err_password_digit'
+                    if not err and self.check_extra and not search(r'[^a-zA-Z0-9]',
+                                                                   v):
+                        err = 'cpsschemas_err_password_extra'
+                    if not err and v in self.check_words:
+                        err = 'Your password is unsecure, please choose another password!'
+
+        if err:
+            datastructure[widget_id] = ''
+            datastructure.setError(widget_id, err)
+        elif v:
+            datamodel = datastructure.getDataModel()
+            datamodel[self.fields[0]] = v
+
+        return not err
+
+InitializeClass(WAeUPPasswordWidget)
+
+widgetRegistry.register(WAeUPPasswordWidget)
+
 
 class CPSSelectWidgetForRecord(CPSSelectWidget): ###(

WAeUP_SRP/base/skins/cps_custom/logged_in.py

@@ -36 +36 @@
 is_anon = mtool.isAnonymousUser()
 member = mtool.getAuthenticatedMember()
+
+if context.isStaff():
+    is_unsecure = context.waeup_tool.checkGenericPassword(str(member))
+    if is_unsecure:
+        response.expireCookie('__ac', path='/')
+        return response.redirect("%s/user_logged_in_disabled" % context.portal_url())
+
 #load_passport = hasattr(context.waeup_tool,'loadStudentFoto')
 
@@ -151 +158 @@
         if s_review_state == "student_created":
             wftool.doActionFor(student,'admit')
-            s_review_state = 'admitted'        
+            s_review_state = 'admitted'
 
         if s_review_state == "admitted" and a_review_state == 'created':

WAeUP_SRP/uniben/profiles/default/layouts/members.xml

@@ -98 +98 @@
   </property>
  </widget>
- <widget name="password" meta_type="Password Widget">
+ <widget name="password" meta_type="WAeUP Password Widget">
   <property name="fields">
    <element value="password"/>