Ignore:
Timestamp:
20 Nov 2011, 06:49:24 (13 years ago)
Author:
Henrik Bettermann
Message:

Use PasswordValidator? also when adding or editing portal users. This is also a fix because the old UserEditFormPage? did not use the setPassword method but stored passwords as plain text.

Location:
main/waeup.sirp/trunk/src/waeup/sirp
Files:
1 added
3 edited

Legend:

Unmodified
Added
Removed
  • main/waeup.sirp/trunk/src/waeup/sirp/browser/browser.txt

    r7076 r7149  
    125125  >>> browser.getLink("Add user").click()
    126126  >>> browser.getControl(name="form.name").value = 'bob'
    127   >>> browser.getControl(name="form.password").value = 'secret'
     127  >>> browser.getControl(name="password").value = 'secret'
     128  >>> browser.getControl(name="control_password").value = 'secret'
    128129  >>> browser.getControl("Add user").click()
    129130  >>> print browser.contents
     
    136137  >>> browser.getControl("edit", index=0).click()
    137138  >>> browser.getControl("Save", index=0).click()
    138   >>> browser.getControl("Save and return", index=0).click()
    139   >>> browser.getControl("edit", index=0).click()
    140139  >>> browser.getControl("Cancel", index=0).click()
    141140
     
    159158  >>> browser.open('http://localhost/myuniversity/users/add')
    160159  >>> browser.getControl(name="form.name").value = 'bob'
    161   >>> browser.getControl(name="form.password").value = 'secret'
     160  >>> browser.getControl(name="password").value = 'secret'
     161  >>> browser.getControl(name="control_password").value = 'secret'
    162162  >>> browser.getControl("Add user").click()
    163163  >>> 'The userid chosen already exists' in browser.contents
  • main/waeup.sirp/trunk/src/waeup/sirp/browser/pages.py

    r7137 r7149  
    3535    IWAeUPXMLImporter, IWAeUPXMLExporter, IBatchProcessor,
    3636    ILocalRolesAssignable, DuplicationError, IConfigurationContainer,
    37     ISessionConfiguration, ISessionConfigurationAdd, academic_sessions_vocab)
     37    ISessionConfiguration, ISessionConfigurationAdd, academic_sessions_vocab,
     38    IPasswordValidator)
    3839from waeup.sirp.permissions import get_users_with_local_roles, getRoles
    3940from waeup.sirp.university.catalog import search
     
    285286    grok.context(IUserContainer)
    286287    grok.name('add')
     288    grok.template('usereditformpage')
    287289    form_fields = grok.AutoFields(IUserAccount)
    288290    label = 'Add user'
     
    294296        title = data['title']
    295297        description = data['description']
    296         password = data['password']
     298        #password = data['password']
    297299        roles = data['roles']
     300        form = self.request.form
     301        password = form.get('password', None)
     302        password_ctl = form.get('control_password', None)
     303        if password:
     304            validator = getUtility(IPasswordValidator)
     305            errors = validator.validate_password(password, password_ctl)
     306            if errors:
     307                self.flash( ' '.join(errors))
     308                return
    298309        try:
    299310            self.context.addUser(name, password, title=title,
     
    318329    @grok.action('Save')
    319330    def save(self, **data):
     331        form = self.request.form
     332        password = form.get('password', None)
     333        password_ctl = form.get('control_password', None)
     334        if password:
     335            validator = getUtility(IPasswordValidator)
     336            errors = validator.validate_password(password, password_ctl)
     337            if errors:
     338                self.flash( ' '.join(errors))
     339                return
    320340        self.applyData(self.context, **data)
     341        if password:
     342            # Now we know that the form has no errors and can set password ...
     343            self.context.setPassword(password)
    321344        self.flash('User settings have been saved.')
    322         return
    323 
    324     @grok.action('Save and return')
    325     def saveAndReturn(self, **data):
    326         self.applyData(self.context, **data)
    327         self.flash('User settings have been saved.')
    328         self.redirect(self.url(self.context.__parent__))
    329345        return
    330346
  • main/waeup.sirp/trunk/src/waeup/sirp/interfaces.py

    r7147 r7149  
    188188        title = u'Description',
    189189        required = False,)
    190     password = schema.Password(
    191         title = u'Password',
    192         required = True,)
    193190    roles = schema.List(
    194191        title = u'Global roles',
Note: See TracChangeset for help on using the changeset viewer.