[Checkins] SVN: PluggableAuthService/trunk/plugins/ #56: Fix method called when users update their own login / password.

Tres Seaver tseaver at palladion.com
Mon Apr 23 12:11:38 EDT 2007 

Log message for revision 74684:
  #56:  Fix method called when users update their own login / password.

Changed:
  U   PluggableAuthService/trunk/plugins/ZODBUserManager.py
  U   PluggableAuthService/trunk/plugins/tests/test_ZODBUserManager.py

-=-
Modified: PluggableAuthService/trunk/plugins/ZODBUserManager.py
===================================================================
--- PluggableAuthService/trunk/plugins/ZODBUserManager.py	2007-04-23 16:10:14 UTC (rev 74683)
+++ PluggableAuthService/trunk/plugins/ZODBUserManager.py	2007-04-23 16:11:37 UTC (rev 74684)
@@ -497,9 +497,9 @@
                 login_name = user_id
 
             # XXX:  validate 'user_id', 'login_name' against policies?
+            self.updateUser( user_id, login_name )
+            self.updateUserPassword( user_id, password )
 
-            self.updateUserPassword( user_id, login_name, password )
-
             message = 'password+updated'
 
         if RESPONSE is not None:

Modified: PluggableAuthService/trunk/plugins/tests/test_ZODBUserManager.py
===================================================================
--- PluggableAuthService/trunk/plugins/tests/test_ZODBUserManager.py	2007-04-23 16:10:14 UTC (rev 74683)
+++ PluggableAuthService/trunk/plugins/tests/test_ZODBUserManager.py	2007-04-23 16:11:37 UTC (rev 74684)
@@ -523,10 +523,49 @@
 
         self.assertEqual(uid_and_info, (USER_ID, USER_ID))
 
+    def test_manage_updatePassword(self):
+        from AccessControl.SecurityManagement import newSecurityManager
+        from AccessControl.SecurityManagement import noSecurityManager
+        from Acquisition import Implicit
+        # Test that a user can update her own password using the
+        # ZMI-provided form handler: http://www.zope.org/Collectors/PAS/56
+        zum = self._makeOne()
+
+        # Create a user and make sure we can authenticate with it
+        zum.addUser( 'user1', 'user1 at example.com', 'password' )
+        info1 = { 'login' : 'user1 at example.com', 'password' : 'password' }
+        self.failUnless(zum.authenticateCredentials(info1))
+
+        # Give the user a new password; attempting to authenticate with the
+        # old password must fail
+        class FauxUser(Implicit):
+
+            def __init__(self, id):
+                self._id = id
+
+            def getId( self ):
+                return self._id
+
+        newSecurityManager(None, FauxUser('user1'))
+        try:
+            zum.manage_updatePassword('user2 at example.com',
+                                      'new_password',
+                                      'new_password',
+                                     )
+        finally:
+            noSecurityManager()
+
+        self.failIf(zum.authenticateCredentials(info1))
+
+        # Try to authenticate with the new password, this must succeed.
+        info2 = { 'login' : 'user2 at example.com', 'password' : 'new_password' }
+        user_id, login = zum.authenticateCredentials(info2)
+        self.assertEqual(user_id, 'user1')
+        self.assertEqual(login, 'user2 at example.com')
+
     def testPOSTProtections(self):
         from AccessControl.AuthEncoding import pw_encrypt
         from zExceptions import Forbidden
-
         USER_ID = 'testuser'
         PASSWORD = 'password'

More information about the Checkins mailing list