On Wed, Apr 24, 2013 at 3:38 PM, Thomas Delafosse < [email protected]> wrote:
> Hello all, > > I've been working on some improvements on user changing password (see > XWiki-6882). In particular, I tried to make mandatory, for an user wanting > to change his password, to submit also his current password, so that I > could check it. > The problem is that there is no way to make this check through velocity. I > tried to use some groovy instead, but it breaks the functional tests. So I > need to introduce a new method "checkPassword" accessible from velocity > scripts. The question is, where should I implement it ? > There are two possibilities > 1) Wrote a new component > 2) Add this method in an existing API. > I don't really like 1), as I feel it would be strange to introduce a new > service with only one method. > In the meanwhile, for 2), I don't really know in which API this method > could fit. Sergiu told me that I could perhaps put it in > com.xpn.xwiki.plugin.rightsmanager.RightsManagerPluginApi, > but that it wasn't really good either. Any ideas ? > IMO, you should use an existing API that will be deprecated as soon as we have a real security authentication module. However, I not think com.xpn.xwiki.plugin.rightsmanager.RightsManagerPluginApi to be the right place, I would see it more in com.xpn.xwiki.user.api.XWikiUser, with the advantage that reaching it will require PR (preventing brute force attack). In the new authentication module, the abstraction should be really improved, allowing to change the password outside of the XWiki as well, if the authentication backend support such feature. The notion of password will need to be abstracted as well, since there is more then just password for authentication. So, this will surely be another story, and it is not foreseeable now. > > Cheers, > > Thomas > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs > -- Denis Gervalle SOFTEC sa - CEO eGuilde sarl - CTO _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
