[Zope-PAS] ZODBUserManager fix to let the Manager change the login name without changing the password

Sven Deichmann deichmann at werkbank.com
Tue Jan 17 07:15:26 EST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

I came across a problem with the login names. As we use the user's email
addresses as login names, these login names change from time to time.
While we only know the initial user passwords and can not determine the
current password (and don't want to), it is a problem, that login names
can only be changed when knowing the current password (or send the user
a new one).

I was told the old behaviour was to just leave the password, if it is
not entered (the standard values of the form fields are 'password' and
'confirm'). So I re-added that behaviour.

I added a diff of the fix.

Of course that is no complete fix. I neither know, if ZODBGroupManager
(or other plugins) need a similiar fix, nor is the message "password
changed" nice, when only changing the login name (it wasn't nicer before
the fix, when changing the login name...)

Regards,
Sven
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkPM394ACgkQx3fK1szFYvlJWwCdHnIkrpL1WTcnQqv9uKZWjUi6
AFkAn2ctE7q0G1c/alsPJIUbT+ona6uT
=QuPO
-----END PGP SIGNATURE-----
-------------- next part --------------
--- PluggableAuthService/plugins/ZODBUserManager_old.py	Tue Jan 17 13:01:52 2006
+++ PluggableAuthService/plugins/ZODBUserManager.py	Tue Jan 17 12:53:43 2006
@@ -318,7 +318,7 @@
             self._login_to_userid[ login_name ] = user_id
             self._userid_to_login[ user_id ] = login_name
 
-        if password:
+        if password and password!='password':
             digested = AuthEncoding.pw_encrypt( password )
             self._user_passwords[ user_id ] = digested
 
@@ -384,7 +384,7 @@
                                  ):
         """ Update a user's login name / password via the ZMI.
         """
-        if password and password != confirm:
+        if password and not (password=='password' and confirm=='confirm') and password != confirm:
             message = 'password+and+confirm+do+not+match'
 
         else:


More information about the Zope-PAS mailing list