[Checkins] SVN: z3c.password/branches/adamg-options/ adjust checking logic

Adam Groszer agroszer at gmail.com
Mon Jun 15 09:14:59 EDT 2009 

Log message for revision 100993:
  adjust checking logic

Changed:
  U   z3c.password/branches/adamg-options/CHANGES.txt
  U   z3c.password/branches/adamg-options/src/z3c/password/principal.py
  U   z3c.password/branches/adamg-options/src/z3c/password/principal.txt

-=-
Modified: z3c.password/branches/adamg-options/CHANGES.txt
===================================================================
--- z3c.password/branches/adamg-options/CHANGES.txt	2009-06-15 12:54:19 UTC (rev 100992)
+++ z3c.password/branches/adamg-options/CHANGES.txt	2009-06-15 13:14:59 UTC (rev 100993)
@@ -18,8 +18,8 @@
 
   Password checking goes like this (on the high level):
   1. raise AccountLocked if too many bad tries and account should be locked
-  2. raise TooManyLoginFailures if too many bad tries
-  3. raise PasswordExpired if expired AND password matches
+  2. raise PasswordExpired if expired AND password matches
+  3. raise TooManyLoginFailures if too many bad tries
   4. return whether password matches
   More details in ``principal.txt``
 

Modified: z3c.password/branches/adamg-options/src/z3c/password/principal.py
===================================================================
--- z3c.password/branches/adamg-options/src/z3c/password/principal.py	2009-06-15 12:54:19 UTC (rev 100992)
+++ z3c.password/branches/adamg-options/src/z3c/password/principal.py	2009-06-15 13:14:59 UTC (rev 100993)
@@ -70,11 +70,8 @@
                             self.lastFailedAttempt = self.now()
                         raise interfaces.AccountLocked(self)
 
-        # If this was a failed attempt, record it, otherwise reset the failures
-        if same and self.failedAttempts != 0:
-            self.failedAttempts = 0
-            self.lastFailedAttempt = None
         if same:
+            #successful attempt
             if not ignoreExpiration:
                 if self.passwordExpired:
                     raise interfaces.PasswordExpired(self)
@@ -85,21 +82,28 @@
                     if expiresOn < self.now():
                         raise interfaces.PasswordExpired(self)
         else:
+            #failed attempt
             lockPeriod = self._lockOutPeriod()
             if lockPeriod is not None and self.lastFailedAttempt is not None:
                 if self.lastFailedAttempt + lockPeriod < self.now():
                     #reset count if the tries were outside of the lockPeriod
                     self.failedAttempts = 0
 
+            #record it, increase counter
             self.failedAttempts += 1
             self.lastFailedAttempt = self.now()
 
-            # If the maximum amount of failures has been reached notify the
-            # system by raising an error.
-            if not ignoreFailures:
-                if self.tooManyLoginFailures():
-                    raise interfaces.TooManyLoginFailures(self)
+        # If the maximum amount of failures has been reached notify the
+        # system by raising an error.
+        if not ignoreFailures:
+            if self.tooManyLoginFailures():
+                raise interfaces.TooManyLoginFailures(self)
 
+        if same and self.failedAttempts != 0:
+            #if all nice and good clear failure counter
+            self.failedAttempts = 0
+            self.lastFailedAttempt = None
+
         return same
 
     def tooManyLoginFailures(self):

Modified: z3c.password/branches/adamg-options/src/z3c/password/principal.txt
===================================================================
--- z3c.password/branches/adamg-options/src/z3c/password/principal.txt	2009-06-15 12:54:19 UTC (rev 100992)
+++ z3c.password/branches/adamg-options/src/z3c/password/principal.txt	2009-06-15 13:14:59 UTC (rev 100993)
@@ -141,8 +141,15 @@
   TooManyLoginFailures: The password was entered incorrectly too often.
 
 As you can see, once the maximum mount of attempts is reached, the system does
-not allow you to log in at all anymore. At this point the password has to be
-reset otherwise. However, you can tell the ``check()`` method explicitly to
+not allow you to log in at all anymore.
+
+  >>> user.checkPassword('123123')
+  Traceback (most recent call last):
+  ...
+  TooManyLoginFailures: The password was entered incorrectly too often.
+
+At this point the password has to be reset otherwise.
+However, you can tell the ``check()`` method explicitly to
 ignore the failure count:
 
   >>> user.checkPassword('456456', ignoreFailures=True)
@@ -365,9 +372,18 @@
 
   >>> NOW = datetime.datetime(2009, 6, 14, 13, 0) + datetime.timedelta(days=1)
 
-The user can login again with the right password:
+The user cannot login again with the right password either:
 
   >>> user.checkPassword('123123')
+  Traceback (most recent call last):
+  ...
+  TooManyLoginFailures: The password was entered incorrectly too often.
+
+The admin(?) has to reset the password of the user.
+
+  >>> user.password = '234234'
+
+  >>> user.checkPassword('234234')
   True

More information about the Checkins mailing list