[Zope-CMF] More browser views
yuppie
y.2010 at wcm-solutions.de
Mon Apr 12 07:43:43 EDT 2010
Hi!
Charlie Clark wrote:
> Am 07.04.2010, 14:27 Uhr, schrieb yuppie<y.2010 at wcm-solutions.de>:
>> Maybe I should add them to CMFDefault? I guess they need just a few
>> changes to be ready for checkin.
>
> Sounds great. As Tres has noted with ursine_globals - Views can have their
> own tests. Oops, more work! ;-)
At least I have some functional doctests. I hope that's sufficient.
LoginFormView and MailPasswordFormView are now checked in on the trunk.
But so far they are not hooked up by a profile.
http://svn.zope.org/?rev=110737&view=rev
These issues still need to be resolved:
- Someone has to modify CookieCrumber to make it work with views.
- Maybe the "Constraint not satisfied" error for invalid member IDs or
email addresses gives too much information: Anonymous users can check
that way if a user with a specific email address or member ID exists.
What do others think? Is that a security hole big enough to care about?
- Maybe the code makes some implicit assumptions about the
authentication process that are not always correct. Would be nice if
some people could test the views in their customized context. Right now
you have to call "path/to/siteroot/login.html" directly for testing.
Cheers,
Yuppie
More information about the Zope-CMF
mailing list