Changeset 6768 for main/waeup.sirp/trunk/src/waeup

Timestamp:

14 Sep 2011, 12:37:42 (13 years ago)

Author:

uli

Message:

Try to fix problem with input errors on password reset.

File:

• main/waeup.sirp/trunk/src/waeup/sirp/students/authentication.py (modified) (3 diffs)

main/waeup.sirp/trunk/src/waeup/sirp/students/authentication.py

@@ -195 +195 @@
       with credentials set before)
 
+    - no session exists already
+
+    - password and repeated password do not match
+
     Therefore it is mandatory to put this plugin in the line of all
     credentials plugins _before_ other plugins, so that the regular
@@ -209 +213 @@
     loginfield = 'student_id'
     passwordfield = 'form.password'
+    repeatfield = 'form.password_repeat'
 
     def extractCredentials(self, request):
@@ -215 +220 @@
         login = request.get(self.loginfield, None)
         password = request.get(self.passwordfield, None)
+        password_repeat = request.get(self.repeatfield, None)
+
         if not login or not password:
             return None
+
+        if password != password_repeat:
+            # At least protect against erraneous password input
+            return None
+
         session = ISession(request)
         sessionData = session.get(
             'zope.pluggableauth.browserplugins')
+        if not sessionData:
+            return None
+
         old_credentials = sessionData.get('credentials', None)
         if old_credentials is None: