[Zope-dev] z3c.password and tracking failed login attempts
Jan-Wijbrand Kolman
janwijbrand at gmail.com
Mon Mar 8 15:15:06 EST 2010
Hi,
A while ago I asked some questions and made some suggestions for improving how
to track failed login attempts in z3c.password. Most likely these suggestions
got buried in now a out-of-sight thread and were never noticed.
My suggestion was that making a request for for example a resource could still
trigger the account locked errors, where in my opinion only the login attempts
themselves should do that.
I created a branch of z3c.password..:
http://svn.zope.org/z3c.password/branches/jw-noraise-for-irrelevant-requests/
..that will check for request relevancy as early as possible.
All tests pass without modification, but with this change after an account has
been locked out requests for for example resources will still work. Additionally
I think the code is a tad more readible now. I added a test to demonstrate the
specific behaviour.
Would any of the z3c.password users/developers object to having this branch
merged to the trunk?
regards, jw
More information about the Zope-Dev
mailing list