Hi Jan
Betreff: [Zope-dev] z3c.password and tracking failed login attempts
Hi,
A while ago I asked some questions and made some suggestions for improving how to track failed login attempts in z3c.password. Most likely these suggestions got buried in now a out-of-sight thread and were never noticed.
My suggestion was that making a request for for example a resource could still trigger the account locked errors, where in my opinion only the login attempts themselves should do that. I created a branch of z3c.password..: http://svn.zope.org/z3c.password/branches/jw-noraise-for-irrel evant-requests/ ..that will check for request relevancy as early as possible. All tests pass without modification, but with this change after an account has been locked out requests for for example resources will still work. Additionally I think the code is a tad more readible now. I added a test to demonstrate the specific behaviour. Would any of the z3c.password users/developers object to having this branch merged to the trunk?
Adam is on holiday this week. I'm sure he will take a look at the branch next monday. Regards Roger Ineichen
regards, jw