-----BEGIN PGP SIGNED MESSAGE-----
I came across a problem with the login names. As we use the user's email
addresses as login names, these login names change from time to time.
While we only know the initial user passwords and can not determine the
current password (and don't want to), it is a problem, that login names
can only be changed when knowing the current password (or send the user
a new one).
I was told the old behaviour was to just leave the password, if it is
not entered (the standard values of the form fields are 'password' and
'confirm'). So I re-added that behaviour.
I added a diff of the fix.
Of course that is no complete fix. I neither know, if ZODBGroupManager
(or other plugins) need a similiar fix, nor is the message "password
changed" nice, when only changing the login name (it wasn't nicer before
the fix, when changing the login name...)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
--- PluggableAuthService/plugins/ZODBUserManager_old.py Tue Jan 17 13:01:52 2006
+++ PluggableAuthService/plugins/ZODBUserManager.py Tue Jan 17 12:53:43 2006
@@ -318,7 +318,7 @@
self._login_to_userid[ login_name ] = user_id
self._userid_to_login[ user_id ] = login_name
- if password:
+ if password and password!='password':
digested = AuthEncoding.pw_encrypt( password )
self._user_passwords[ user_id ] = digested
@@ -384,7 +384,7 @@
""" Update a user's login name / password via the ZMI.
- if password and password != confirm:
+ if password and not (password=='password' and confirm=='confirm') and
password != confirm:
message = 'password+and+confirm+do+not+match'
Zope-PAS mailing list