changeset 3819:b3b04ffbecd8

user: fix password validation
author Johannes Berg <johannes AT sipsolutions DOT net>
date Fri, 04 Jul 2008 12:15:57 +0200
parents fe9305d5c7cf
children 2f2c95506713
files MoinMoin/auth/_tests/test_auth.py MoinMoin/user.py
diffstat 2 files changed, 9 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/auth/_tests/test_auth.py	Fri Jul 04 10:42:27 2008 +0200
+++ b/MoinMoin/auth/_tests/test_auth.py	Fri Jul 04 12:15:57 2008 +0200
@@ -210,7 +210,7 @@
         from MoinMoin.user import User
         self.config = self.TestConfig(auth=[MoinAuth()])
         username = u'MoinAuthTestUser'
-        password = u'secret'
+        password = u'ßecretß'
         User(self.request, name=username, password=password).save() # create user
         trail_expected = []
         first = True
--- a/MoinMoin/user.py	Fri Jul 04 10:42:27 2008 +0200
+++ b/MoinMoin/user.py	Fri Jul 04 12:15:57 2008 +0200
@@ -344,10 +344,11 @@
             if self.id:
                 # no password given should fail
                 self.load_from_id(password or u'')
-            else:
-                self.id = self.make_id()
-        else:
+        # Still no ID - make new user
+        if not self.id:
             self.id = self.make_id()
+            if password is not None:
+                self.enc_password = encodePassword(password)
 
         # "may" so we can say "if user.may.read(pagename):"
         if self._cfg.SecurityPolicy:
@@ -442,7 +443,7 @@
 
         if password is not None:
             # Check for a valid password, possibly changing storage
-            valid, changed = self._validatePassword(user_data)
+            valid, changed = self._validatePassword(user_data, password)
             if not valid:
                 return
 
@@ -488,13 +489,14 @@
         if changed:
             self.save()
 
-    def _validatePassword(self, data):
+    def _validatePassword(self, data, password):
         """
         Check user password.
 
         This is a private method and should not be used by clients.
 
         @param data: dict with user data (from storage)
+        @param password: password to verify
         @rtype: 2 tuple (bool, bool)
         @return: password is valid, enc_password changed
         """
@@ -504,9 +506,7 @@
         if not epwd:
             return False, False
 
-        # Get the clear text password from the form (require non empty
-        # password)
-        password = self._request.form.get('password', [None])[0]
+        # require non empty password
         if not password:
             return False, False