[Checkins] SVN: PluggableAuthService/branches/1.4/ #56: Fix method
called when users update own passwords.
Tres Seaver
tseaver at palladion.com
Mon Apr 23 12:10:14 EDT 2007
Log message for revision 74683:
#56: Fix method called when users update own passwords.
Changed:
U PluggableAuthService/branches/1.4/doc/CHANGES.txt
U PluggableAuthService/branches/1.4/plugins/ZODBUserManager.py
U PluggableAuthService/branches/1.4/plugins/tests/test_ZODBUserManager.py
-=-
Modified: PluggableAuthService/branches/1.4/doc/CHANGES.txt
===================================================================
--- PluggableAuthService/branches/1.4/doc/CHANGES.txt 2007-04-23 15:35:13 UTC (rev 74682)
+++ PluggableAuthService/branches/1.4/doc/CHANGES.txt 2007-04-23 16:10:14 UTC (rev 74683)
@@ -4,6 +4,10 @@
Bugs Fixed
+ - Fix ZODBUserManager plugin's 'manage_updatePassword', called when
+ users update their own login / password.
+ (http://www.zope.org/Collectors/PAS/56)
+
- Made sure the Extensions.upgrade script does not commit full
transactions but only sets (optimistic) savepoints. Removed bogus
Zope 2.7 compatibility in the process.
Modified: PluggableAuthService/branches/1.4/plugins/ZODBUserManager.py
===================================================================
--- PluggableAuthService/branches/1.4/plugins/ZODBUserManager.py 2007-04-23 15:35:13 UTC (rev 74682)
+++ PluggableAuthService/branches/1.4/plugins/ZODBUserManager.py 2007-04-23 16:10:14 UTC (rev 74683)
@@ -490,7 +490,8 @@
# XXX: validate 'user_id', 'login_name' against policies?
- self.updateUserPassword( user_id, login_name, password )
+ self.updateUser( user_id, login_name )
+ self.updateUserPassword( user_id, password )
message = 'password+updated'
Modified: PluggableAuthService/branches/1.4/plugins/tests/test_ZODBUserManager.py
===================================================================
--- PluggableAuthService/branches/1.4/plugins/tests/test_ZODBUserManager.py 2007-04-23 15:35:13 UTC (rev 74682)
+++ PluggableAuthService/branches/1.4/plugins/tests/test_ZODBUserManager.py 2007-04-23 16:10:14 UTC (rev 74683)
@@ -13,6 +13,9 @@
#
##############################################################################
import unittest
+from AccessControl.SecurityManagement import newSecurityManager
+from AccessControl.SecurityManagement import noSecurityManager
+from Acquisition import Implicit
from Products.PluggableAuthService.tests.conformance \
import IAuthenticationPlugin_conformance
@@ -502,7 +505,44 @@
self.assertEqual(uid_and_info, (USER_ID, USER_ID))
+ def test_manage_updatePassword(self):
+ # Test that a user can update her own password using the
+ # ZMI-provided form handler: http://www.zope.org/Collectors/PAS/56
+ zum = self._makeOne()
+ # Create a user and make sure we can authenticate with it
+ zum.addUser( 'user1', 'user1 at example.com', 'password' )
+ info1 = { 'login' : 'user1 at example.com', 'password' : 'password' }
+ self.failUnless(zum.authenticateCredentials(info1))
+
+ # Give the user a new password; attempting to authenticate with the
+ # old password must fail
+ class FauxUser(Implicit):
+
+ def __init__(self, id):
+ self._id = id
+
+ def getId( self ):
+ return self._id
+
+ newSecurityManager(None, FauxUser('user1'))
+ try:
+ zum.manage_updatePassword('user2 at example.com',
+ 'new_password',
+ 'new_password',
+ )
+ finally:
+ noSecurityManager()
+
+ self.failIf(zum.authenticateCredentials(info1))
+
+ # Try to authenticate with the new password, this must succeed.
+ info2 = { 'login' : 'user2 at example.com', 'password' : 'new_password' }
+ user_id, login = zum.authenticateCredentials(info2)
+ self.assertEqual(user_id, 'user1')
+ self.assertEqual(login, 'user2 at example.com')
+
+
if __name__ == "__main__":
unittest.main()
More information about the Checkins
mailing list