[Zope-CMF] change_password doesn't (because MemberData makes invalid
assumptions)
Stefan H. Holek
stefan at epy.co.at
Wed Aug 13 16:20:21 EDT 2003
Hi All!
I am suffering from confusion wrt the change_password skin script in CMF
(and Plone, incidently), which does not change the password when used with
anything but the default user folder.
The change_password script calls portal_membership.setPassword() which in
turn calls member.setSecurityProfile(). And - Gasp! - setSecurityProfile()
*assigns to the attributes of the user object*!
While this *does* work for the default user folder (allthough it is
abhorrent), it naturally fails for user folders with non-ZODB data sources
where one *must* call the userFolderEditUser() API to change user
credentials. It also seems to expect user objects to be
a) persistent in the ZODB
b) modifyable after creation
which both are somewhat invalid assumptions IMO.
Nevertheless, while trying to work around these issues, I came accross
portal_membership.credentialsChanged() which seemed like a good place to
call the userFolderEditUser() API. However, there is a comment saying:
"Note that this call should *not* cause any change at all to user
databases."
Now what? Given that setSecurityProfile() doesn't and credentialsChanged()
mustn't, how is one supposed to actually enable a user to change his
password when using, say, LDAPUserFolder (short of bypassing the entire
machinery)?
Thanks,
Stefan
--
The time has come to start talking about whether the emperor is as well
dressed as we are supposed to think he is. /Pete McBreen/
More information about the Zope-CMF
mailing list