[Checkins] SVN: z3c.password/trunk/ Fix: ``disallowPasswordReuse`` must not check ``None`` passwords.
Adam Groszer
agroszer at gmail.com
Tue Dec 8 08:49:15 EST 2009
Log message for revision 106278:
Fix: ``disallowPasswordReuse`` must not check ``None`` passwords.
Changed:
U z3c.password/trunk/CHANGES.txt
U z3c.password/trunk/src/z3c/password/principal.py
U z3c.password/trunk/src/z3c/password/principal.txt
-=-
Modified: z3c.password/trunk/CHANGES.txt
===================================================================
--- z3c.password/trunk/CHANGES.txt 2009-12-08 12:17:31 UTC (rev 106277)
+++ z3c.password/trunk/CHANGES.txt 2009-12-08 13:49:15 UTC (rev 106278)
@@ -5,7 +5,7 @@
0.8.0 (unreleased)
------------------
-- ...
+- Fix: ``disallowPasswordReuse`` must not check ``None`` passwords.
0.7.2 (2009-08-07)
------------------
Modified: z3c.password/trunk/src/z3c/password/principal.py
===================================================================
--- z3c.password/trunk/src/z3c/password/principal.py 2009-12-08 12:17:31 UTC (rev 106277)
+++ z3c.password/trunk/src/z3c/password/principal.py 2009-12-08 13:49:15 UTC (rev 106278)
@@ -42,7 +42,7 @@
def _checkDisallowedPreviousPassword(self, password):
if self._disallowPasswordReuse():
- if self.previousPasswords is not None:
+ if self.previousPasswords is not None and password is not None:
#hack, but this should work with zope.app.authentication and
#z3c.authenticator
passwordManager = self._getPasswordManager()
@@ -63,7 +63,8 @@
if self.previousPasswords is None:
self.previousPasswords = persistent.list.PersistentList()
- self.previousPasswords.append(self.password)
+ if self.password is not None:
+ self.previousPasswords.append(self.password)
self.passwordSetOn = self.now()
self.failedAttempts = 0
Modified: z3c.password/trunk/src/z3c/password/principal.txt
===================================================================
--- z3c.password/trunk/src/z3c/password/principal.txt 2009-12-08 12:17:31 UTC (rev 106277)
+++ z3c.password/trunk/src/z3c/password/principal.txt 2009-12-08 13:49:15 UTC (rev 106278)
@@ -660,7 +660,27 @@
>>> user.setPassword('789789')
+Corner case. The password ``None`` is a special case, it signals that the
+user is disabled.
+But ``None`` works only with the ``Plain Text`` password manager.
+
+ >>> user.setPassword('790789', passwordManagerName="Plain Text")
+
+That means, it should be possible to set the password to ``None`` anytime,
+regardless of disallowPasswordReuse.
+
+ >>> user.setPassword(None)
+
+ >>> user.setPassword('890789')
+
+ >>> user.setPassword(None)
+
+ >>> user.setPassword('891789')
+
+ >>> user.setPassword(None)
+
+
``passwordOptionsUtilityName``
------------------------------
More information about the checkins
mailing list