| Issue 59: | PATCH Users passwords are not validated. | |
| 1 person starred this issue and may be notified of changes. | Back to list |
What steps will reproduce the problem? 1. Create an user and give him an empty password or a password shorter than 4 characters or longer than 40. What is the expected output? What do you see instead? It should not be accepted, it has validation code for that. It's accepted. What version of the product are you using? On what operating system? trunk. Ubuntu 7.04
Mar 18, 2008
#1
edmundo...@gmail.com
Mar 23, 2008
Here we goes again. Use this patch instead. Changed the model, the controller and the view. * The model was corrected, validating all passwords. * The view broke as it has password fields that are shown/hidden using CSS, so in some situations (editing an user name, for example) the user ends up not being valid. Some observations: * Hiding things using CSS makes the form ALWAYS send fields even when empty. Creating things on demand using Ajax makes validation very difficult (look at variations in the products form as an example) because the page must be rendered again and the changes in the DOM made using Javascript are lost. * Changed the model and included another attribute accessor to flag if we don't want to validate the password. Making it always default to validate. * Linked that attribute in the view using a checkbox and added the hide/show things in the onchange event. * Changed the controller to turn off validation only in the edit action (to not show the checkbox marked and the fields visible unless clicked). * Changed some deprecated render tags too. It could be made in another way making another partial and separating the password change from the login name change, but then Ajax or CSS hiding cannot be used.
Apr 8, 2008
Valid issue - but I think the fix is a bit too complex. Tried to simplify the code and the UI. Fixed with revision 65 & tested in the UI only.
Status:
Fixed
|