[Checkins] SVN: PluggableAuthService/trunk/plugins/ #56: Fix method
called when users update their own login / password.
Tres Seaver
tseaver at palladion.com
Mon Apr 23 12:11:38 EDT 2007
Log message for revision 74684:
#56: Fix method called when users update their own login / password.
Changed:
U PluggableAuthService/trunk/plugins/ZODBUserManager.py
U PluggableAuthService/trunk/plugins/tests/test_ZODBUserManager.py
-=-
Modified: PluggableAuthService/trunk/plugins/ZODBUserManager.py
===================================================================
--- PluggableAuthService/trunk/plugins/ZODBUserManager.py 2007-04-23 16:10:14 UTC (rev 74683)
+++ PluggableAuthService/trunk/plugins/ZODBUserManager.py 2007-04-23 16:11:37 UTC (rev 74684)
@@ -497,9 +497,9 @@
login_name = user_id
# XXX: validate 'user_id', 'login_name' against policies?
+ self.updateUser( user_id, login_name )
+ self.updateUserPassword( user_id, password )
- self.updateUserPassword( user_id, login_name, password )
-
message = 'password+updated'
if RESPONSE is not None:
Modified: PluggableAuthService/trunk/plugins/tests/test_ZODBUserManager.py
===================================================================
--- PluggableAuthService/trunk/plugins/tests/test_ZODBUserManager.py 2007-04-23 16:10:14 UTC (rev 74683)
+++ PluggableAuthService/trunk/plugins/tests/test_ZODBUserManager.py 2007-04-23 16:11:37 UTC (rev 74684)
@@ -523,10 +523,49 @@
self.assertEqual(uid_and_info, (USER_ID, USER_ID))
+ def test_manage_updatePassword(self):
+ from AccessControl.SecurityManagement import newSecurityManager
+ from AccessControl.SecurityManagement import noSecurityManager
+ from Acquisition import Implicit
+ # Test that a user can update her own password using the
+ # ZMI-provided form handler: http://www.zope.org/Collectors/PAS/56
+ zum = self._makeOne()
+
+ # Create a user and make sure we can authenticate with it
+ zum.addUser( 'user1', 'user1 at example.com', 'password' )
+ info1 = { 'login' : 'user1 at example.com', 'password' : 'password' }
+ self.failUnless(zum.authenticateCredentials(info1))
+
+ # Give the user a new password; attempting to authenticate with the
+ # old password must fail
+ class FauxUser(Implicit):
+
+ def __init__(self, id):
+ self._id = id
+
+ def getId( self ):
+ return self._id
+
+ newSecurityManager(None, FauxUser('user1'))
+ try:
+ zum.manage_updatePassword('user2 at example.com',
+ 'new_password',
+ 'new_password',
+ )
+ finally:
+ noSecurityManager()
+
+ self.failIf(zum.authenticateCredentials(info1))
+
+ # Try to authenticate with the new password, this must succeed.
+ info2 = { 'login' : 'user2 at example.com', 'password' : 'new_password' }
+ user_id, login = zum.authenticateCredentials(info2)
+ self.assertEqual(user_id, 'user1')
+ self.assertEqual(login, 'user2 at example.com')
+
def testPOSTProtections(self):
from AccessControl.AuthEncoding import pw_encrypt
from zExceptions import Forbidden
-
USER_ID = 'testuser'
PASSWORD = 'password'
More information about the Checkins
mailing list