[Freeipa-devel] [PATCH] 1006 detect expired passwords in forms login
Rob Crittenden
rcritten at redhat.com
Mon Apr 16 13:16:34 UTC 2012
Petr Vobornik wrote:
> On 04/13/2012 09:28 PM, Rob Crittenden wrote:
>> When doing a forms-based login there is no notification that a password
>> needs to be reset. We don't currently provide a facility for that but we
>> should at least tell users what is going on.
>>
>> This patch adds an LDAP bind to test the password to see if it is
>> expired and returns the string "Password Expired" along with the 401 if
>> it is. I'm told this is all the UI will need to be able to identify this
>> condition.
>>
>> rob
>>
>
> UI can work with it. I have a patch ready. I'll send it when this will
> be ACKed.
>
> Some notes:
>
> 1) The error templates and the 'Password Expired' message are hardcoded
> to be English. It's fine at the moment. Will we internationalize them
> sometime in future? If so, we will run into the same problem again.
No plans to. I can update the patch with a comment specifically to not
internationalize it if you'd like.
> 2) conn.destroy_connection() won't be called if an exception occurs. Not
> sure if it is a problem, GC and __del__ should take care of it.
Hmm, this is due to a late stage change I made. I originally had this
broken out into two blocks where the only thing done in the first
try/except block was the connection, so the only exception that could
happen was a failed connection.
That isn't true any more. I'll update the patch.
rob
More information about the Freeipa-devel
mailing list