A while ago I asked some questions and made some suggestions for improving how 
to track failed login attempts in z3c.password. Most likely these suggestions 
got buried in now a out-of-sight thread and were never noticed.

My suggestion was that making a request for for example a resource could still 
trigger the account locked errors, where in my opinion only the login attempts 
themselves should do that.
I created a branch of z3c.password..: 
..that will check for request relevancy as early as possible. 
All tests pass without modification, but with this change after an account has 
been locked out requests for for example resources will still work. 
I think the code is a tad more readible now. I added a test to demonstrate the 
specific behaviour.
Would any of the z3c.password users/developers object to having this branch 
merged to the trunk?

regards, jw 

Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - 
 https://mail.zope.org/mailman/listinfo/zope )

Reply via email to