[Zope-dev] z3c.password and tracking failed login attempts

Sat Mar 20 10:59:20 EDT 2010

Hello Jan,

Looks good.

The only weird is to define those constants in the method parameters.

def _isIrrelevantRequest(self, RELEVANT=False, IRRELEVANT=True):

Do you call this method from somewhere else?

Maybe it would be better to change the name (and behavour) to
_isRelevantRequest and go with plain True/False instead of those
constants.

Monday, March 8, 2010, 9:15:06 PM, you wrote:

JWK> Hi,

JWK> A while ago I asked some questions and made some suggestions for improving how
JWK> to track failed login attempts in z3c.password. Most likely these suggestions
JWK> got buried in now a out-of-sight thread and were never noticed.

JWK> My suggestion was that making a request for for example a resource could still
JWK> trigger the account locked errors, where in my opinion only the login attempts
JWK> themselves should do that.
JWK>  
JWK> I created a branch of z3c.password..: 
JWK>  
JWK>  
JWK> http://svn.zope.org/z3c.password/branches/jw-noraise-for-irrelevant-requests/
JWK>  
JWK> ..that will check for request relevancy as early as possible. 
JWK>  
JWK> All tests pass without modification, but with this change after an account has
JWK> been locked out requests for for example resources will still work. Additionally
JWK> I think the code is a tad more readible now. I added a test to demonstrate the
JWK> specific behaviour.
JWK>  
JWK> Would any of the z3c.password users/developers object to having this branch
JWK> merged to the trunk?

JWK> regards, jw 

JWK> _______________________________________________
JWK> Zope-Dev maillist  -  Zope-Dev at zope.org
JWK> https://mail.zope.org/mailman/listinfo/zope-dev
JWK> **  No cross posts or HTML encoding!  **
JWK> (Related lists - 
JWK>  https://mail.zope.org/mailman/listinfo/zope-announce
JWK>  https://mail.zope.org/mailman/listinfo/zope )

-- 
Best regards,
 Adam GROSZER                            mailto:agroszer at gmail.com
--
Quote of the day:
Everything you know is wrong!