Improve a bit password management.

* Add password confirmation field and validator. * Doesn't display current password in page source and set higher security on password getter. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@6334 20353a03-c40f-0410-a6d1-a30d3c3de9de

Improve a bit password management.
* Add password confirmation field and validator. * Doesn't display current password in page source and set higher security on password getter. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@6334 20353a03-c40f-0410-a6d1-a30d3c3de9de
7b891ecf · Jérome Perrin · 495359cd · 7b891ecf · 7b891ecf · 7b891ecf
Commit 7b891ecf authored Mar 29, 2006 by Jérome Perrin
6 changed files
--- a/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_validatePasswordsMatch.xml
+++ b/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_validatePasswordsMatch.xml
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <tuple>
+        <tuple>
+          <string>Products.PythonScripts.PythonScript</string>
+          <string>PythonScript</string>
+        </tuple>
+        <none/>
+      </tuple>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>Python_magic</string> </key>
+            <value> <string encoding="base64">O/INCg==</string> </value>
+        </item>
+        <item>
+            <key> <string>Script_magic</string> </key>
+            <value> <int>3</int> </value>
+        </item>
+        <item>
+            <key> <string>__ac_local_roles__</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>_bind_names</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>_asgns</string> </key>
+                        <value>
+                          <dictionary>
+                            <item>
+                                <key> <string>name_container</string> </key>
+                                <value> <string>container</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_context</string> </key>
+                                <value> <string>context</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_m_self</string> </key>
+                                <value> <string>script</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_subpath</string> </key>
+                                <value> <string>traverse_subpath</string> </value>
+                            </item>
+                          </dictionary>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>_body</string> </key>
+            <value> <string>"""External Validator for Person_viewDetails/my_password\n
+checks that password and confimation matches.\n
+"""\n
+password_confirm = request.get(\'field_password_confirm\',\n
+                               request.get(\'field_password_confirm\'))\n
+\n
+if password_confirm == editor :\n
+  return 1\n
+return 0\n
+</string> </value>
+        </item>
+        <item>
+            <key> <string>_code</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>_filepath</string> </key>
+            <value> <string>Script (Python):/nexedi/erp5_base/Person_validatePasswordsMatch</string> </value>
+        </item>
+        <item>
+            <key> <string>_owner</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>_params</string> </key>
+            <value> <string>editor, request</string> </value>
+        </item>
+        <item>
+            <key> <string>errors</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+        <item>
+            <key> <string>func_code</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="FuncCode" module="Shared.DC.Scripts.Signature"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>co_argcount</string> </key>
+                        <value> <int>2</int> </value>
+                    </item>
+                    <item>
+                        <key> <string>co_varnames</string> </key>
+                        <value>
+                          <tuple>
+                            <string>editor</string>
+                            <string>request</string>
+                            <string>_getattr_</string>
+                            <string>password_confirm</string>
+                          </tuple>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>func_defaults</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>Person_validatePasswordsMatch</string> </value>
+        </item>
+        <item>
+            <key> <string>warnings</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
--- a/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_viewDetails.xml
+++ b/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_viewDetails.xml
@@ -118,6 +118,7 @@
                        <string>my_partner_count</string>
                        <string>my_reference</string>
                        <string>my_password</string>
+                        <string>password_confirm</string>
                      </list>
                    </value>
                </item>

--- a/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_viewDetails/my_password.xml
+++ b/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_viewDetails/my_password.xml
@@ -28,7 +28,7 @@
              <dictionary>
                <item>
                    <key> <string>external_validator_failed</string> </key>
-                    <value> <string>The input failed the external validator.</string> </value>
+                    <value> <string>Password and confirmation doesn\'t match.</string> </value>
                </item>
                <item>
                    <key> <string>required_not_found</string> </key>
@@ -130,7 +130,9 @@
                </item>
                <item>
                    <key> <string>default</string> </key>
-                    <value> <string></string> </value>
+                    <value>
+                      <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+                    </value>
                </item>
                <item>
                    <key> <string>description</string> </key>
@@ -229,7 +231,9 @@
                </item>
                <item>
                    <key> <string>external_validator</string> </key>
-                    <value> <string></string> </value>
+                    <value>
+                      <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
+                    </value>
                </item>
                <item>
                    <key> <string>extra</string> </key>
@@ -269,4 +273,42 @@
      </dictionary>
    </pickle>
  </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <tuple>
+        <tuple>
+          <string>Products.Formulator.TALESField</string>
+          <string>TALESMethod</string>
+        </tuple>
+        <none/>
+      </tuple>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_text</string> </key>
+            <value> <string>python: \'\'</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="3" aka="AAAAAAAAAAM=">
+    <pickle>
+      <tuple>
+        <tuple>
+          <string>Products.Formulator.MethodField</string>
+          <string>Method</string>
+        </tuple>
+        <none/>
+      </tuple>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>method_name</string> </key>
+            <value> <string>Person_validatePasswordsMatch</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
 </ZopeData>
--- a/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_viewDetails/password_confirm.xml
+++ b/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_viewDetails/password_confirm.xml
--- a/product/ERP5/Document/Person.py
+++ b/product/ERP5/Document/Person.py
@@ -164,9 +164,20 @@ class Person(Entity, Node, XMLObject):
              PluggableAuthService.interfaces.plugins.IUserEnumerationPlugin)
          for plugin_name, plugin_value in plugin_list:
            if isinstance(plugin_value, ERP5UserManager):
-              user_list = self.acl_users.searchUsers(id = value, exact_match = True)
+              user_list = self.acl_users.searchUsers(id = value,
+                                                     exact_match = True)
              if len(user_list) > 0:
                raise RuntimeError, 'user id %s already exist' % (value,)
              break
      self._setReference(value)
      self.reindexObject()
+    
+    security.declareProtected(Permissions.SetOwnPassword, 'setPassword')
+    def setPassword(self, value) :
+      """
+        Set the password, only if the password is not empty.
+      """
+      if value is not None :
+        self._setPassword(value)
+        self.reindexObject()
+    
--- a/product/ERP5/PropertySheet/Person.py
+++ b/product/ERP5/PropertySheet/Person.py
@@ -39,6 +39,7 @@ class Person:
    , 'description': ''
    , 'type'       : 'string'
    , 'write_permission' : 'Set own password'
+    , 'read_permission'  : 'Manage users'
    , 'mode'       : 'w'
    },
    { 'id'         : 'first_name'