Mercurial > libervia-backend
comparison src/plugins/plugin_misc_account.py @ 1691:cec204c6360c
plugin misc_account: fixed password verification
author | souliane <souliane@mailoo.org> |
---|---|
date | Fri, 27 Nov 2015 11:21:51 +0100 |
parents | 200efadcab76 |
children | 9a7a27c44611 |
comparison
equal
deleted
inserted
replaced
1690:772c8edd1057 | 1691:cec204c6360c |
---|---|
330 auth = yield PasswordHasher.verify(attempt, sat_cipher) | 330 auth = yield PasswordHasher.verify(attempt, sat_cipher) |
331 defer.returnValue(auth) | 331 defer.returnValue(auth) |
332 | 332 |
333 def error_ui(message=None): | 333 def error_ui(message=None): |
334 if not message: | 334 if not message: |
335 D_("The provided profile password doesn't match.") | 335 message = D_("The provided profile password doesn't match.") |
336 error_ui = xml_tools.XMLUI("popup", title=D_("Attempt failure")) | 336 error_ui = xml_tools.XMLUI("popup", title=D_("Attempt failure")) |
337 error_ui.addText(message) | 337 error_ui.addText(message) |
338 return {'xmlui': error_ui.toXml()} | 338 return {'xmlui': error_ui.toXml()} |
339 | 339 |
340 # check for account deletion | 340 # check for account deletion |
341 delete_passwd = data[xml_tools.SAT_FORM_PREFIX + 'delete_passwd'] | 341 delete_passwd = data[xml_tools.SAT_FORM_PREFIX + 'delete_passwd'] |
342 delete_checkbox = data[xml_tools.SAT_FORM_PREFIX + 'delete_checkbox'] | 342 delete_checkbox = data[xml_tools.SAT_FORM_PREFIX + 'delete_checkbox'] |
343 if delete_checkbox == 'true': | 343 if delete_checkbox == 'true': |
344 if verify(delete_passwd): | 344 verified = yield verify(delete_passwd) |
345 assert isinstance(verified, bool) | |
346 if verified: | |
345 defer.returnValue(self.__deleteAccount(profile)) | 347 defer.returnValue(self.__deleteAccount(profile)) |
346 defer.returnValue(error_ui()) | 348 defer.returnValue(error_ui()) |
347 | 349 |
348 # check for blog posts deletion | 350 # check for blog posts deletion |
349 if 'GROUPBLOG' in self.host.plugins: | 351 if 'GROUPBLOG' in self.host.plugins: |
351 delete_posts_checkbox = data[xml_tools.SAT_FORM_PREFIX + 'delete_posts_checkbox'] | 353 delete_posts_checkbox = data[xml_tools.SAT_FORM_PREFIX + 'delete_posts_checkbox'] |
352 delete_comments_checkbox = data[xml_tools.SAT_FORM_PREFIX + 'delete_comments_checkbox'] | 354 delete_comments_checkbox = data[xml_tools.SAT_FORM_PREFIX + 'delete_comments_checkbox'] |
353 posts = delete_posts_checkbox == 'true' | 355 posts = delete_posts_checkbox == 'true' |
354 comments = delete_comments_checkbox == 'true' | 356 comments = delete_comments_checkbox == 'true' |
355 if posts or comments: | 357 if posts or comments: |
356 if verify(delete_posts_passwd): | 358 verified = yield verify(delete_posts_passwd) |
359 assert isinstance(verified, bool) | |
360 if verified: | |
357 defer.returnValue(self.__deleteBlogPosts(posts, comments, profile)) | 361 defer.returnValue(self.__deleteBlogPosts(posts, comments, profile)) |
358 defer.returnValue(error_ui()) | 362 defer.returnValue(error_ui()) |
359 | 363 |
360 # check for password modification | 364 # check for password modification |
361 current_passwd = data[xml_tools.SAT_FORM_PREFIX + 'current_passwd'] | 365 current_passwd = data[xml_tools.SAT_FORM_PREFIX + 'current_passwd'] |
362 new_passwd1 = data[xml_tools.SAT_FORM_PREFIX + 'new_passwd1'] | 366 new_passwd1 = data[xml_tools.SAT_FORM_PREFIX + 'new_passwd1'] |
363 new_passwd2 = data[xml_tools.SAT_FORM_PREFIX + 'new_passwd2'] | 367 new_passwd2 = data[xml_tools.SAT_FORM_PREFIX + 'new_passwd2'] |
364 if new_passwd1 or new_passwd2: | 368 if new_passwd1 or new_passwd2: |
365 if verify(current_passwd): | 369 verified = yield verify(current_passwd) |
370 assert isinstance(verified, bool) | |
371 if verified: | |
366 if new_passwd1 == new_passwd2: | 372 if new_passwd1 == new_passwd2: |
367 data = yield self.__changePassword(new_passwd1, profile=profile) | 373 data = yield self.__changePassword(new_passwd1, profile=profile) |
368 defer.returnValue(data) | 374 defer.returnValue(data) |
369 else: | 375 else: |
370 defer.returnValue(error_ui(D_("The values entered for the new password are not equal."))) | 376 defer.returnValue(error_ui(D_("The values entered for the new password are not equal."))) |