Hi, On Apr 25, 2013, at 12:15 AM, Denis Gervalle <[email protected]> wrote:
> On Wed, Apr 24, 2013 at 3:38 PM, Thomas Delafosse < > [email protected]> wrote: > >> Hello all, >> >> I've been working on some improvements on user changing password (see >> XWiki-6882). In particular, I tried to make mandatory, for an user wanting >> to change his password, to submit also his current password, so that I >> could check it. >> The problem is that there is no way to make this check through velocity. I >> tried to use some groovy instead, but it breaks the functional tests. So I >> need to introduce a new method "checkPassword" accessible from velocity >> scripts. The question is, where should I implement it ? >> There are two possibilities >> 1) Wrote a new component >> 2) Add this method in an existing API. >> I don't really like 1), as I feel it would be strange to introduce a new >> service with only one method. >> In the meanwhile, for 2), I don't really know in which API this method >> could fit. Sergiu told me that I could perhaps put it in >> com.xpn.xwiki.plugin.rightsmanager.RightsManagerPluginApi, >> but that it wasn't really good either. Any ideas ? >> > > IMO, you should use an existing API that will be deprecated as soon as we > have a real security authentication module. However, I not think > com.xpn.xwiki.plugin.rightsmanager.RightsManagerPluginApi to be the right > place, I would see it more in com.xpn.xwiki.user.api.XWikiUser, with > the advantage that reaching it will require PR (preventing brute force > attack). > > In the new authentication module, the abstraction should be really > improved, allowing to change the password outside of the XWiki as well, if > the authentication backend support such feature. The notion of password > will need to be abstracted as well, since there is more then just password > for authentication. So, this will surely be another story, and it is > not foreseeable now. I agree with Denis here. Regarding the location in the existing code, I don't have any strong opinion. Thanks -Vincent _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
