[Erp5-report] r6334 - in /erp5/trunk: bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base...
nobody at svn.erp5.org
nobody at svn.erp5.org
Wed Mar 29 17:49:29 CEST 2006
Author: jerome
Date: Wed Mar 29 17:49:26 2006
New Revision: 6334
URL: http://svn.erp5.org?rev=6334&view=rev
Log:
Improve a bit password management.
* Add password confirmation field and validator.
* Doesn't display current password in page source and set higher security
on password getter.
Added:
erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_validatePasswordsMatch.xml
erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_viewDetails/password_confirm.xml
Modified:
erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_viewDetails.xml
erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_viewDetails/my_password.xml
erp5/trunk/products/ERP5/Document/Person.py
erp5/trunk/products/ERP5/PropertySheet/Person.py
Added: erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_validatePasswordsMatch.xml
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_validatePasswordsMatch.xml?rev=6334&view=auto
==============================================================================
--- erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_validatePasswordsMatch.xml (added)
+++ erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_validatePasswordsMatch.xml Wed Mar 29 17:49:26 2006
@@ -1,0 +1,155 @@
+<?xml version="1.0"?>
+<ZopeData>
+ <record id="1" aka="AAAAAAAAAAE=">
+ <pickle>
+ <tuple>
+ <tuple>
+ <string>Products.PythonScripts.PythonScript</string>
+ <string>PythonScript</string>
+ </tuple>
+ <none/>
+ </tuple>
+ </pickle>
+ <pickle>
+ <dictionary>
+ <item>
+ <key> <string>Python_magic</string> </key>
+ <value> <string encoding="base64">O/INCg==</string> </value>
+ </item>
+ <item>
+ <key> <string>Script_magic</string> </key>
+ <value> <int>3</int> </value>
+ </item>
+ <item>
+ <key> <string>__ac_local_roles__</string> </key>
+ <value>
+ <none/>
+ </value>
+ </item>
+ <item>
+ <key> <string>_bind_names</string> </key>
+ <value>
+ <object>
+ <klass>
+ <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+ </klass>
+ <tuple/>
+ <state>
+ <dictionary>
+ <item>
+ <key> <string>_asgns</string> </key>
+ <value>
+ <dictionary>
+ <item>
+ <key> <string>name_container</string> </key>
+ <value> <string>container</string> </value>
+ </item>
+ <item>
+ <key> <string>name_context</string> </key>
+ <value> <string>context</string> </value>
+ </item>
+ <item>
+ <key> <string>name_m_self</string> </key>
+ <value> <string>script</string> </value>
+ </item>
+ <item>
+ <key> <string>name_subpath</string> </key>
+ <value> <string>traverse_subpath</string> </value>
+ </item>
+ </dictionary>
+ </value>
+ </item>
+ </dictionary>
+ </state>
+ </object>
+ </value>
+ </item>
+ <item>
+ <key> <string>_body</string> </key>
+ <value> <string>"""External Validator for Person_viewDetails/my_password\n
+checks that password and confimation matches.\n
+"""\n
+password_confirm = request.get(\'field_password_confirm\',\n
+ request.get(\'field_password_confirm\'))\n
+\n
+if password_confirm == editor :\n
+ return 1\n
+return 0\n
+</string> </value>
+ </item>
+ <item>
+ <key> <string>_code</string> </key>
+ <value>
+ <none/>
+ </value>
+ </item>
+ <item>
+ <key> <string>_filepath</string> </key>
+ <value> <string>Script (Python):/nexedi/erp5_base/Person_validatePasswordsMatch</string> </value>
+ </item>
+ <item>
+ <key> <string>_owner</string> </key>
+ <value>
+ <none/>
+ </value>
+ </item>
+ <item>
+ <key> <string>_params</string> </key>
+ <value> <string>editor, request</string> </value>
+ </item>
+ <item>
+ <key> <string>errors</string> </key>
+ <value>
+ <tuple/>
+ </value>
+ </item>
+ <item>
+ <key> <string>func_code</string> </key>
+ <value>
+ <object>
+ <klass>
+ <global name="FuncCode" module="Shared.DC.Scripts.Signature"/>
+ </klass>
+ <tuple/>
+ <state>
+ <dictionary>
+ <item>
+ <key> <string>co_argcount</string> </key>
+ <value> <int>2</int> </value>
+ </item>
+ <item>
+ <key> <string>co_varnames</string> </key>
+ <value>
+ <tuple>
+ <string>editor</string>
+ <string>request</string>
+ <string>_getattr_</string>
+ <string>password_confirm</string>
+ </tuple>
+ </value>
+ </item>
+ </dictionary>
+ </state>
+ </object>
+ </value>
+ </item>
+ <item>
+ <key> <string>func_defaults</string> </key>
+ <value>
+ <none/>
+ </value>
+ </item>
+ <item>
+ <key> <string>id</string> </key>
+ <value> <string>Person_validatePasswordsMatch</string> </value>
+ </item>
+ <item>
+ <key> <string>warnings</string> </key>
+ <value>
+ <tuple/>
+ </value>
+ </item>
+ </dictionary>
+ </pickle>
+ </record>
+</ZopeData>
Modified: erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_viewDetails.xml
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_viewDetails.xml?rev=6334&r1=6333&r2=6334&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_viewDetails.xml (original)
+++ erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_viewDetails.xml Wed Mar 29 17:49:26 2006
@@ -118,6 +118,7 @@
<string>my_partner_count</string>
<string>my_reference</string>
<string>my_password</string>
+ <string>password_confirm</string>
</list>
</value>
</item>
Modified: erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_viewDetails/my_password.xml
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_viewDetails/my_password.xml?rev=6334&r1=6333&r2=6334&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_viewDetails/my_password.xml (original)
+++ erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_viewDetails/my_password.xml Wed Mar 29 17:49:26 2006
@@ -28,7 +28,7 @@
<dictionary>
<item>
<key> <string>external_validator_failed</string> </key>
- <value> <string>The input failed the external validator.</string> </value>
+ <value> <string>Password and confirmation doesn\'t match.</string> </value>
</item>
<item>
<key> <string>required_not_found</string> </key>
@@ -130,7 +130,9 @@
</item>
<item>
<key> <string>default</string> </key>
- <value> <string></string> </value>
+ <value>
+ <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+ </value>
</item>
<item>
<key> <string>description</string> </key>
@@ -229,7 +231,9 @@
</item>
<item>
<key> <string>external_validator</string> </key>
- <value> <string></string> </value>
+ <value>
+ <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
+ </value>
</item>
<item>
<key> <string>extra</string> </key>
@@ -269,4 +273,42 @@
</dictionary>
</pickle>
</record>
+ <record id="2" aka="AAAAAAAAAAI=">
+ <pickle>
+ <tuple>
+ <tuple>
+ <string>Products.Formulator.TALESField</string>
+ <string>TALESMethod</string>
+ </tuple>
+ <none/>
+ </tuple>
+ </pickle>
+ <pickle>
+ <dictionary>
+ <item>
+ <key> <string>_text</string> </key>
+ <value> <string>python: \'\'</string> </value>
+ </item>
+ </dictionary>
+ </pickle>
+ </record>
+ <record id="3" aka="AAAAAAAAAAM=">
+ <pickle>
+ <tuple>
+ <tuple>
+ <string>Products.Formulator.MethodField</string>
+ <string>Method</string>
+ </tuple>
+ <none/>
+ </tuple>
+ </pickle>
+ <pickle>
+ <dictionary>
+ <item>
+ <key> <string>method_name</string> </key>
+ <value> <string>Person_validatePasswordsMatch</string> </value>
+ </item>
+ </dictionary>
+ </pickle>
+ </record>
</ZopeData>
Added: erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_viewDetails/password_confirm.xml
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_viewDetails/password_confirm.xml?rev=6334&view=auto
==============================================================================
--- erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_viewDetails/password_confirm.xml (added)
+++ erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_viewDetails/password_confirm.xml Wed Mar 29 17:49:26 2006
@@ -1,0 +1,293 @@
+<?xml version="1.0"?>
+<ZopeData>
+ <record id="1" aka="AAAAAAAAAAE=">
+ <pickle>
+ <tuple>
+ <tuple>
+ <string>Products.Formulator.StandardFields</string>
+ <string>PasswordField</string>
+ </tuple>
+ <none/>
+ </tuple>
+ </pickle>
+ <pickle>
+ <dictionary>
+ <item>
+ <key> <string>_owner</string> </key>
+ <value>
+ <none/>
+ </value>
+ </item>
+ <item>
+ <key> <string>id</string> </key>
+ <value> <string>password_confirm</string> </value>
+ </item>
+ <item>
+ <key> <string>message_values</string> </key>
+ <value>
+ <dictionary>
+ <item>
+ <key> <string>external_validator_failed</string> </key>
+ <value> <string>The input failed the external validator.</string> </value>
+ </item>
+ <item>
+ <key> <string>required_not_found</string> </key>
+ <value> <string>Input is required but no input given.</string> </value>
+ </item>
+ <item>
+ <key> <string>too_long</string> </key>
+ <value> <string>Too much input was given.</string> </value>
+ </item>
+ </dictionary>
+ </value>
+ </item>
+ <item>
+ <key> <string>overrides</string> </key>
+ <value>
+ <dictionary>
+ <item>
+ <key> <string>alternate_name</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>css_class</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>default</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>description</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>display_maxwidth</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>display_width</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>editable</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>enabled</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>external_validator</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>extra</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>hidden</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>max_length</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>required</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>title</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>truncate</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>unicode</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>whitespace_preserve</string> </key>
+ <value> <string></string> </value>
+ </item>
+ </dictionary>
+ </value>
+ </item>
+ <item>
+ <key> <string>tales</string> </key>
+ <value>
+ <dictionary>
+ <item>
+ <key> <string>alternate_name</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>css_class</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>default</string> </key>
+ <value>
+ <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+ </value>
+ </item>
+ <item>
+ <key> <string>description</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>display_maxwidth</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>display_width</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>editable</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>enabled</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>external_validator</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>extra</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>hidden</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>max_length</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>required</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>title</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>truncate</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>unicode</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>whitespace_preserve</string> </key>
+ <value> <string></string> </value>
+ </item>
+ </dictionary>
+ </value>
+ </item>
+ <item>
+ <key> <string>values</string> </key>
+ <value>
+ <dictionary>
+ <item>
+ <key> <string>alternate_name</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>css_class</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>default</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>description</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>display_maxwidth</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>display_width</string> </key>
+ <value> <int>20</int> </value>
+ </item>
+ <item>
+ <key> <string>editable</string> </key>
+ <value> <int>1</int> </value>
+ </item>
+ <item>
+ <key> <string>enabled</string> </key>
+ <value> <int>1</int> </value>
+ </item>
+ <item>
+ <key> <string>external_validator</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>extra</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>hidden</string> </key>
+ <value> <int>0</int> </value>
+ </item>
+ <item>
+ <key> <string>max_length</string> </key>
+ <value> <string></string> </value>
+ </item>
+ <item>
+ <key> <string>required</string> </key>
+ <value> <int>0</int> </value>
+ </item>
+ <item>
+ <key> <string>title</string> </key>
+ <value> <string>Password Confirmation</string> </value>
+ </item>
+ <item>
+ <key> <string>truncate</string> </key>
+ <value> <int>0</int> </value>
+ </item>
+ <item>
+ <key> <string>unicode</string> </key>
+ <value> <int>0</int> </value>
+ </item>
+ <item>
+ <key> <string>whitespace_preserve</string> </key>
+ <value> <int>0</int> </value>
+ </item>
+ </dictionary>
+ </value>
+ </item>
+ </dictionary>
+ </pickle>
+ </record>
+ <record id="2" aka="AAAAAAAAAAI=">
+ <pickle>
+ <tuple>
+ <tuple>
+ <string>Products.Formulator.TALESField</string>
+ <string>TALESMethod</string>
+ </tuple>
+ <none/>
+ </tuple>
+ </pickle>
+ <pickle>
+ <dictionary>
+ <item>
+ <key> <string>_text</string> </key>
+ <value> <string>string:</string> </value>
+ </item>
+ </dictionary>
+ </pickle>
+ </record>
+</ZopeData>
Modified: erp5/trunk/products/ERP5/Document/Person.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5/Document/Person.py?rev=6334&r1=6333&r2=6334&view=diff
==============================================================================
--- erp5/trunk/products/ERP5/Document/Person.py (original)
+++ erp5/trunk/products/ERP5/Document/Person.py Wed Mar 29 17:49:26 2006
@@ -164,9 +164,20 @@
PluggableAuthService.interfaces.plugins.IUserEnumerationPlugin)
for plugin_name, plugin_value in plugin_list:
if isinstance(plugin_value, ERP5UserManager):
- user_list = self.acl_users.searchUsers(id = value, exact_match = True)
+ user_list = self.acl_users.searchUsers(id = value,
+ exact_match = True)
if len(user_list) > 0:
raise RuntimeError, 'user id %s already exist' % (value,)
break
self._setReference(value)
self.reindexObject()
+
+ security.declareProtected(Permissions.SetOwnPassword, 'setPassword')
+ def setPassword(self, value) :
+ """
+ Set the password, only if the password is not empty.
+ """
+ if value is not None :
+ self._setPassword(value)
+ self.reindexObject()
+
Modified: erp5/trunk/products/ERP5/PropertySheet/Person.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5/PropertySheet/Person.py?rev=6334&r1=6333&r2=6334&view=diff
==============================================================================
--- erp5/trunk/products/ERP5/PropertySheet/Person.py (original)
+++ erp5/trunk/products/ERP5/PropertySheet/Person.py Wed Mar 29 17:49:26 2006
@@ -39,6 +39,7 @@
, 'description': ''
, 'type' : 'string'
, 'write_permission' : 'Set own password'
+ , 'read_permission' : 'Manage users'
, 'mode' : 'w'
},
{ 'id' : 'first_name'
More information about the Erp5-report
mailing list