[Freeipa-devel] [PATCH] 1006 detect expired passwords in forms login
Rob Crittenden
rcritten at redhat.com
Mon Apr 16 13:34:56 UTC 2012
Rob Crittenden wrote:
> Petr Vobornik wrote:
>> On 04/13/2012 09:28 PM, Rob Crittenden wrote:
>>> When doing a forms-based login there is no notification that a password
>>> needs to be reset. We don't currently provide a facility for that but we
>>> should at least tell users what is going on.
>>>
>>> This patch adds an LDAP bind to test the password to see if it is
>>> expired and returns the string "Password Expired" along with the 401 if
>>> it is. I'm told this is all the UI will need to be able to identify this
>>> condition.
>>>
>>> rob
>>>
>>
>> UI can work with it. I have a patch ready. I'll send it when this will
>> be ACKed.
>>
>> Some notes:
>>
>> 1) The error templates and the 'Password Expired' message are hardcoded
>> to be English. It's fine at the moment. Will we internationalize them
>> sometime in future? If so, we will run into the same problem again.
>
> No plans to. I can update the patch with a comment specifically to not
> internationalize it if you'd like.
>
>> 2) conn.destroy_connection() won't be called if an exception occurs. Not
>> sure if it is a problem, GC and __del__ should take care of it.
>
> Hmm, this is due to a late stage change I made. I originally had this
> broken out into two blocks where the only thing done in the first
> try/except block was the connection, so the only exception that could
> happen was a failed connection.
>
> That isn't true any more. I'll update the patch.
And here you go.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-1006-2-expired.patch
Type: text/x-diff
Size: 3827 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120416/866c24f4/attachment.bin>
More information about the Freeipa-devel
mailing list