Charlie Clark wrote:
> Am 07.04.2010, 14:27 Uhr, schrieb yuppie<y.2...@wcm-solutions.de>:
>> Maybe I should add them to CMFDefault? I guess they need just a few
>> changes to be ready for checkin.
> Sounds great. As Tres has noted with ursine_globals - Views can have their
> own tests. Oops, more work! ;-)

At least I have some functional doctests. I hope that's sufficient.

LoginFormView and MailPasswordFormView are now checked in on the trunk. 
But so far they are not hooked up by a profile.


These issues still need to be resolved:

- Someone has to modify CookieCrumber to make it work with views.

- Maybe the "Constraint not satisfied" error for invalid member IDs or 
email addresses gives too much information: Anonymous users can check 
that way if a user with a specific email address or member ID exists. 
What do others think? Is that a security hole big enough to care about?

- Maybe the code makes some implicit assumptions about the 
authentication process that are not always correct. Would be nice if 
some people could test the views in their customized context. Right now 
you have to call "path/to/siteroot/login.html" directly for testing.


Zope-CMF maillist  -  Zope-CMF@zope.org

See https://bugs.launchpad.net/zope-cmf/ for bug reports and feature requests

Reply via email to