-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

I came across a problem with the login names. As we use the user's email
addresses as login names, these login names change from time to time.
While we only know the initial user passwords and can not determine the
current password (and don't want to), it is a problem, that login names
can only be changed when knowing the current password (or send the user
a new one).

I was told the old behaviour was to just leave the password, if it is
not entered (the standard values of the form fields are 'password' and
'confirm'). So I re-added that behaviour.

I added a diff of the fix.

Of course that is no complete fix. I neither know, if ZODBGroupManager
(or other plugins) need a similiar fix, nor is the message "password
changed" nice, when only changing the login name (it wasn't nicer before
the fix, when changing the login name...)

Regards,
Sven
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkPM394ACgkQx3fK1szFYvlJWwCdHnIkrpL1WTcnQqv9uKZWjUi6
AFkAn2ctE7q0G1c/alsPJIUbT+ona6uT
=QuPO
-----END PGP SIGNATURE-----
--- PluggableAuthService/plugins/ZODBUserManager_old.py Tue Jan 17 13:01:52 2006
+++ PluggableAuthService/plugins/ZODBUserManager.py     Tue Jan 17 12:53:43 2006
@@ -318,7 +318,7 @@
             self._login_to_userid[ login_name ] = user_id
             self._userid_to_login[ user_id ] = login_name
 
-        if password:
+        if password and password!='password':
             digested = AuthEncoding.pw_encrypt( password )
             self._user_passwords[ user_id ] = digested
 
@@ -384,7 +384,7 @@
                                  ):
         """ Update a user's login name / password via the ZMI.
         """
-        if password and password != confirm:
+        if password and not (password=='password' and confirm=='confirm') and 
password != confirm:
             message = 'password+and+confirm+do+not+match'
 
         else:
_______________________________________________
Zope-PAS mailing list
Zope-PAS@zope.org
http://mail.zope.org/mailman/listinfo/zope-pas

Reply via email to