changeset 2915:0b30aa1fa138

fixes #496 Password checker bypassed when user resets password
author Yask Srivastava <yask123@gmail.com>
date Sat, 28 Feb 2015 23:58:11 -0800
parents 80e237a83e9d
children ee6c2b013356
files MoinMoin/apps/frontend/views.py
diffstat 1 files changed, 7 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/apps/frontend/views.py	Fri Feb 20 01:50:28 2015 +0530
+++ b/MoinMoin/apps/frontend/views.py	Sat Feb 28 23:58:11 2015 -0800
@@ -1612,6 +1612,8 @@
     password_problem_msg = L_('New password is unacceptable, could not get processed.')
 
     def validate(self, element, state):
+        password_not_accepted_msg = L_('New password not acceptable: ')
+
         if not (element['password_current'].valid and element['password1'].valid and element['password2'].valid):
             return False
 
@@ -1622,6 +1624,11 @@
             return self.note_error(element, state, 'passwords_mismatch_msg')
 
         password = element['password1'].value
+        pw_checker = app.cfg.password_checker
+        if pw_checker:
+            pw_error = pw_checker(flaskg.user.name[0], password)
+            if pw_error:
+                return self.note_error(element, state, message=password_not_accepted_msg + pw_error)
         try:
             app.cfg.cache.pwd_context.encrypt(password)
         except (ValueError, TypeError) as err: