Commit 393a2d6e authored by Yusei Tahara's avatar Yusei Tahara

Rename _setPasswordByForce to __setPasswordByForce and edit method cannot call it.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@26886 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent dc365eb8
...@@ -207,7 +207,7 @@ class Person(XMLObject): ...@@ -207,7 +207,7 @@ class Person(XMLObject):
# public method(They are callable from user directly or through edit method) # public method(They are callable from user directly or through edit method)
# _setPasswordByForce is needed to reset password without security check # _setPasswordByForce is needed to reset password without security check
# by Password Tool. # by Password Tool.
def _setPasswordByForce(self, value): def __setPasswordByForce(self, value):
self.password = PersistentMapping() self.password = PersistentMapping()
self._setEncodedPassword(pw_encrypt(value)) self._setEncodedPassword(pw_encrypt(value))
...@@ -215,7 +215,7 @@ class Person(XMLObject): ...@@ -215,7 +215,7 @@ class Person(XMLObject):
if not _checkPermission(Permissions.SetOwnPassword, self): if not _checkPermission(Permissions.SetOwnPassword, self):
raise AccessControl_Unauthorized('setPassword') raise AccessControl_Unauthorized('setPassword')
else: else:
self._setPasswordByForce(value) self.__setPasswordByForce(value)
security.declarePublic('setPassword') security.declarePublic('setPassword')
def setPassword(self, value) : def setPassword(self, value) :
......
...@@ -200,7 +200,11 @@ class PasswordTool(BaseTool): ...@@ -200,7 +200,11 @@ class PasswordTool(BaseTool):
self.password_request_dict.pop(password_key) self.password_request_dict.pop(password_key)
persons = self.acl_users.erp5_users.getUserByLogin(user_login) persons = self.acl_users.erp5_users.getUserByLogin(user_login)
person = persons[0] person = persons[0]
person._setPasswordByForce(password) # Calling private method starts with __ from outside is normally BAD,
# but if we leave the method as a normal method starts with _ and follow
# our naming convention, then the method can be callable through edit
# method without appropriate permission check and then security breaks.
person._Person__setPasswordByForce(password)
person.reindexObject() person.reindexObject()
if REQUEST is not None: if REQUEST is not None:
msg = translateString("Password changed.") msg = translateString("Password changed.")
......
...@@ -145,6 +145,10 @@ class TestPerson(ERP5TypeTestCase): ...@@ -145,6 +145,10 @@ class TestPerson(ERP5TypeTestCase):
# specific permission. # specific permission.
p.setPassword(None) p.setPassword(None)
self.assertFalse(p.getPassword()) self.assertFalse(p.getPassword())
# Make sure that edit method cannot call __setPasswordByForce and nothing
# changes.
p.edit(password_by_force='waaa')
self.assertFalse(p.getPassword())
p.manage_permission(Permissions.SetOwnPassword, ['Anonymous'], 0) p.manage_permission(Permissions.SetOwnPassword, ['Anonymous'], 0)
p.setPassword('secret') p.setPassword('secret')
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment