My favorites | Sign in
Project Home Downloads Wiki Issues Source
READ-ONLY: This project has been archived. For more information see this post.
Search
for
  Advanced search   Search tips   Subscriptions
Issue 59: PATCH Users passwords are not validated.
1 person starred this issue and may be notified of changes. Back to list
Status:  Fixed
Owner:  ----
Closed:  Apr 2008


 
Reported by edmundo...@gmail.com, Mar 18, 2008
What steps will reproduce the problem?
1. Create an user and give him an empty password or a password shorter than
4 characters or longer than 40.

What is the expected output? What do you see instead?
It should not be accepted, it has validation code for that. It's accepted. 

What version of the product are you using? On what operating system?
trunk. Ubuntu 7.04

validate_users_password.patch
1.1 KB   View   Download
Mar 18, 2008
#1 edmundo...@gmail.com
Hold this one, now the user name change is being blocked because of hidden password
fields empty. I will see how is better to fix it as probably some partials will need
a few changes.
Mar 23, 2008
#2 edmundo...@gmail.com
Here we goes again. Use this patch instead.

Changed the model, the controller and the view.

* The model was corrected, validating all passwords.
* The view broke as it has password fields that are shown/hidden using CSS, so in
some situations (editing an user name, for example) the user ends up not being valid.

Some observations:
* Hiding things using CSS makes the form ALWAYS send fields even when empty. Creating
things on demand using Ajax makes validation very difficult (look at variations in
the products form as an example) because the page must be rendered again and the
changes in the DOM made using Javascript are lost.

* Changed the model and included another attribute accessor to flag if we don't want
to validate the password. Making it always default to validate.
* Linked that attribute in the view using a checkbox and added the hide/show things
in the onchange event.
* Changed the controller to turn off validation only in the edit action (to not show
the checkbox marked and the fields visible unless clicked).
* Changed some deprecated render tags too.


It could be made in another way making another partial and separating the password
change from the login name change, but then Ajax or CSS hiding cannot be used.
validate_users_password_v2.patch
5.5 KB   View   Download
Apr 8, 2008
Project Member #3 subim...@gmail.com
Valid issue - but I think the fix is a bit too complex. Tried to simplify the code and the UI.

Fixed with revision 65 & tested in the UI only.



Status: Fixed

Powered by Google Project Hosting