[Checkins] SVN: z3c.password/branches/adamg-options/ adjust checking logic
Adam Groszer
agroszer at gmail.com
Mon Jun 15 09:14:59 EDT 2009
Log message for revision 100993:
adjust checking logic
Changed:
U z3c.password/branches/adamg-options/CHANGES.txt
U z3c.password/branches/adamg-options/src/z3c/password/principal.py
U z3c.password/branches/adamg-options/src/z3c/password/principal.txt
-=-
Modified: z3c.password/branches/adamg-options/CHANGES.txt
===================================================================
--- z3c.password/branches/adamg-options/CHANGES.txt 2009-06-15 12:54:19 UTC (rev 100992)
+++ z3c.password/branches/adamg-options/CHANGES.txt 2009-06-15 13:14:59 UTC (rev 100993)
@@ -18,8 +18,8 @@
Password checking goes like this (on the high level):
1. raise AccountLocked if too many bad tries and account should be locked
- 2. raise TooManyLoginFailures if too many bad tries
- 3. raise PasswordExpired if expired AND password matches
+ 2. raise PasswordExpired if expired AND password matches
+ 3. raise TooManyLoginFailures if too many bad tries
4. return whether password matches
More details in ``principal.txt``
Modified: z3c.password/branches/adamg-options/src/z3c/password/principal.py
===================================================================
--- z3c.password/branches/adamg-options/src/z3c/password/principal.py 2009-06-15 12:54:19 UTC (rev 100992)
+++ z3c.password/branches/adamg-options/src/z3c/password/principal.py 2009-06-15 13:14:59 UTC (rev 100993)
@@ -70,11 +70,8 @@
self.lastFailedAttempt = self.now()
raise interfaces.AccountLocked(self)
- # If this was a failed attempt, record it, otherwise reset the failures
- if same and self.failedAttempts != 0:
- self.failedAttempts = 0
- self.lastFailedAttempt = None
if same:
+ #successful attempt
if not ignoreExpiration:
if self.passwordExpired:
raise interfaces.PasswordExpired(self)
@@ -85,21 +82,28 @@
if expiresOn < self.now():
raise interfaces.PasswordExpired(self)
else:
+ #failed attempt
lockPeriod = self._lockOutPeriod()
if lockPeriod is not None and self.lastFailedAttempt is not None:
if self.lastFailedAttempt + lockPeriod < self.now():
#reset count if the tries were outside of the lockPeriod
self.failedAttempts = 0
+ #record it, increase counter
self.failedAttempts += 1
self.lastFailedAttempt = self.now()
- # If the maximum amount of failures has been reached notify the
- # system by raising an error.
- if not ignoreFailures:
- if self.tooManyLoginFailures():
- raise interfaces.TooManyLoginFailures(self)
+ # If the maximum amount of failures has been reached notify the
+ # system by raising an error.
+ if not ignoreFailures:
+ if self.tooManyLoginFailures():
+ raise interfaces.TooManyLoginFailures(self)
+ if same and self.failedAttempts != 0:
+ #if all nice and good clear failure counter
+ self.failedAttempts = 0
+ self.lastFailedAttempt = None
+
return same
def tooManyLoginFailures(self):
Modified: z3c.password/branches/adamg-options/src/z3c/password/principal.txt
===================================================================
--- z3c.password/branches/adamg-options/src/z3c/password/principal.txt 2009-06-15 12:54:19 UTC (rev 100992)
+++ z3c.password/branches/adamg-options/src/z3c/password/principal.txt 2009-06-15 13:14:59 UTC (rev 100993)
@@ -141,8 +141,15 @@
TooManyLoginFailures: The password was entered incorrectly too often.
As you can see, once the maximum mount of attempts is reached, the system does
-not allow you to log in at all anymore. At this point the password has to be
-reset otherwise. However, you can tell the ``check()`` method explicitly to
+not allow you to log in at all anymore.
+
+ >>> user.checkPassword('123123')
+ Traceback (most recent call last):
+ ...
+ TooManyLoginFailures: The password was entered incorrectly too often.
+
+At this point the password has to be reset otherwise.
+However, you can tell the ``check()`` method explicitly to
ignore the failure count:
>>> user.checkPassword('456456', ignoreFailures=True)
@@ -365,9 +372,18 @@
>>> NOW = datetime.datetime(2009, 6, 14, 13, 0) + datetime.timedelta(days=1)
-The user can login again with the right password:
+The user cannot login again with the right password either:
>>> user.checkPassword('123123')
+ Traceback (most recent call last):
+ ...
+ TooManyLoginFailures: The password was entered incorrectly too often.
+
+The admin(?) has to reset the password of the user.
+
+ >>> user.password = '234234'
+
+ >>> user.checkPassword('234234')
True
More information about the Checkins
mailing list