[Mpuls-commits] r5530 - in base/trunk/mpulsweb: controllers lib

[scm-commit@wald.intevation.org]

Author: ludwig
Date: 2011-11-03 10:22:31 +0100 (Thu, 03 Nov 2011)
New Revision: 5530

Modified:
   base/trunk/mpulsweb/controllers/usersettings.py
   base/trunk/mpulsweb/lib/validators.py
Log:
Issue 2390: An OldPassword validator created. 
This validator checks the input, if it is the user password,
and it is used to check the the input of the oldpasswd field in the
new password dialog.


Modified: base/trunk/mpulsweb/controllers/usersettings.py
===================================================================
--- base/trunk/mpulsweb/controllers/usersettings.py	2011-11-03 08:19:41 UTC (rev 5529)
+++ base/trunk/mpulsweb/controllers/usersettings.py	2011-11-03 09:22:31 UTC (rev 5530)
@@ -36,7 +36,8 @@
 
 from mpulsweb.lib.base import BaseController, c, h, g, render, request, session, _
 
-from mpulsweb.lib.validators import BaseFormValidator, NewPasswordForm
+from mpulsweb.lib.validators import BaseFormValidator, NewPasswordForm, \
+     CheckedNewPasswordForm
 from mpulsweb.lib.security import checkRole
 
 from mpulsweb.model.user import UserListObject, UserObject, UserGroupList, \
@@ -75,18 +76,12 @@
         if not g.mpuls_config.is_enabled('module', 'administration'):
             return self.changePassword()
 
-        validator = NewPasswordForm()
+        validator = CheckedNewPasswordForm()
         try:
             uid = request.params['uid']
             c.uo = UserObject(uid)
             user = session['USER_AUTHORIZED']
-            def validate_oldpasswd(value_dict, userpasswd, validator):
-                if not value_dict.get('oldpasswd') == userpasswd:
-                    return {'oldpasswd':_('You must enter your old password.')}
-            oldpw_validator = \
-                    formencode.schema.SimpleFormValidator(validate_oldpasswd)
-            oldpw_validator.to_python(request.params, user.password)
-            form_result = validator.to_python(request.params)
+            form_result = validator.to_python(request.params, user)
             new_pass = c.uo.setPassword(form_result.get('passwd'))
             if new_pass:
                 # Save new password in the session

Modified: base/trunk/mpulsweb/lib/validators.py
===================================================================
--- base/trunk/mpulsweb/lib/validators.py	2011-11-03 08:19:41 UTC (rev 5529)
+++ base/trunk/mpulsweb/lib/validators.py	2011-11-03 09:22:31 UTC (rev 5530)
@@ -362,7 +362,16 @@
             raise formencode.Invalid(self.message("invalid_time", state),
                                      value, state)
 
+class OldPassword(formencode.schema.FancyValidator):
+    
+    messages = {'oldpasswd': u'Sie müssen das alte Password korrekt eingeben.'}
 
+    def validate_python(self, value, state):
+        if not value == \
+               session['USER_AUTHORIZED'].password:
+            raise formencode.Invalid(self.message('oldpasswd', state),
+                                     value, state)
+
 class SecurePassword(formencode.validators.FancyValidator):
 
     min = 8
@@ -602,6 +611,10 @@
     chained_validators = [FieldsMatch('passwd', 'passwd2')]
 
 
+class CheckedNewPasswordForm(NewPasswordForm):
+
+    oldpasswd = OldPassword ()
+
 class NewUserForm(BaseFormValidator):
 
     def __init__(self):