Commit fc796e1f authored by Jérome Perrin's avatar Jérome Perrin

ERP5: fix type mismatch in encrypted_password.checkPasswordValueAcceptable

isPasswordValid returns a boolean value, so we should check it's true
rather than <= 0
parent cb7cf28c
...@@ -57,17 +57,20 @@ class EncryptedPasswordMixin: ...@@ -57,17 +57,20 @@ class EncryptedPasswordMixin:
security.declareProtected(Permissions.SetOwnPassword, 'checkPasswordValueAcceptable') security.declareProtected(Permissions.SetOwnPassword, 'checkPasswordValueAcceptable')
def checkPasswordValueAcceptable(self, value): def checkPasswordValueAcceptable(self, value):
""" """Check the password.
Check the password. This method is defined explicitly, because:
This method is defined explicitly, because we want to apply an
authentication policy which itself may contain explicit password rules.
- we want to apply an authentication policy which itself may contain explicit password rules Invalid passwords are supposed to be catched earlier in the user interface
and reported properly to the user, this method is just to prevent wrong API
usage.
""" """
if not self.getPortalObject().portal_preferences.isAuthenticationPolicyEnabled(): if not self.getPortalObject().portal_preferences.isAuthenticationPolicyEnabled():
# not a policy so basically all passwords are accceptable # not a policy so basically all passwords are accceptable
return True return True
result = self.isPasswordValid(value) if not self.isPasswordValid(value):
if result <= 0: raise ValueError("Password value doest not comply with password policy")
raise ValueError, "Bad password (%s)." %result
def checkUserCanChangePassword(self): def checkUserCanChangePassword(self):
if not _checkPermission(Permissions.SetOwnPassword, self): if not _checkPermission(Permissions.SetOwnPassword, self):
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment