-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello,
I came across a problem with the login names. As we use the user's email addresses as login names, these login names change from time to time. While we only know the initial user passwords and can not determine the current password (and don't want to), it is a problem, that login names can only be changed when knowing the current password (or send the user a new one). I was told the old behaviour was to just leave the password, if it is not entered (the standard values of the form fields are 'password' and 'confirm'). So I re-added that behaviour. I added a diff of the fix. Of course that is no complete fix. I neither know, if ZODBGroupManager (or other plugins) need a similiar fix, nor is the message "password changed" nice, when only changing the login name (it wasn't nicer before the fix, when changing the login name...) Regards, Sven -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkPM394ACgkQx3fK1szFYvlJWwCdHnIkrpL1WTcnQqv9uKZWjUi6 AFkAn2ctE7q0G1c/alsPJIUbT+ona6uT =QuPO -----END PGP SIGNATURE-----
--- PluggableAuthService/plugins/ZODBUserManager_old.py Tue Jan 17 13:01:52 2006 +++ PluggableAuthService/plugins/ZODBUserManager.py Tue Jan 17 12:53:43 2006 @@ -318,7 +318,7 @@ self._login_to_userid[ login_name ] = user_id self._userid_to_login[ user_id ] = login_name - if password: + if password and password!='password': digested = AuthEncoding.pw_encrypt( password ) self._user_passwords[ user_id ] = digested @@ -384,7 +384,7 @@ ): """ Update a user's login name / password via the ZMI. """ - if password and password != confirm: + if password and not (password=='password' and confirm=='confirm') and password != confirm: message = 'password+and+confirm+do+not+match' else:
_______________________________________________ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas