Commit 83190211 authored by Nicolas Delaby's avatar Nicolas Delaby

Password encryption should be managed at _setPassword level

because Password Tool need to bypass setPassword to avoid SetOwnPassword Permission checking.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@24611 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent db4df282
...@@ -192,9 +192,15 @@ class Person(XMLObject): ...@@ -192,9 +192,15 @@ class Person(XMLObject):
if value is not None: if value is not None:
if not _checkPermission(Permissions.SetOwnPassword, self): if not _checkPermission(Permissions.SetOwnPassword, self):
raise AccessControl_Unauthorized('setPassword') raise AccessControl_Unauthorized('setPassword')
self._setPassword(pw_encrypt(value)) self._setPassword(value)
self.reindexObject() self.reindexObject()
def _setPassword(self, value):
"""
Encrypt value
"""
self._baseSetPassword(pw_encrypt(value))
# Time management # Time management
security.declareProtected(Permissions.AccessContentsInformation, security.declareProtected(Permissions.AccessContentsInformation,
'getAvailableTime') 'getAvailableTime')
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment