[Freeipa-devel] [PATCH] 1006 detect expired passwords in forms login
Petr Vobornik
pvoborni at redhat.com
Mon Apr 16 16:54:05 UTC 2012
On 04/16/2012 03:34 PM, Rob Crittenden wrote:
> Rob Crittenden wrote:
>> Petr Vobornik wrote:
>>> On 04/13/2012 09:28 PM, Rob Crittenden wrote:
>>>> When doing a forms-based login there is no notification that a password
>>>> needs to be reset. We don't currently provide a facility for that
>>>> but we
>>>> should at least tell users what is going on.
>>>>
>>>> This patch adds an LDAP bind to test the password to see if it is
>>>> expired and returns the string "Password Expired" along with the 401 if
>>>> it is. I'm told this is all the UI will need to be able to identify
>>>> this
>>>> condition.
>>>>
>>>> rob
>>>>
>>>
>>> UI can work with it. I have a patch ready. I'll send it when this will
>>> be ACKed.
>>>
>>> Some notes:
>>>
>>> 1) The error templates and the 'Password Expired' message are hardcoded
>>> to be English. It's fine at the moment. Will we internationalize them
>>> sometime in future? If so, we will run into the same problem again.
>>
>> No plans to. I can update the patch with a comment specifically to not
>> internationalize it if you'd like.
It isn't necessary. I just wanted to be sure we won't implemented it twice.
>>
>>> 2) conn.destroy_connection() won't be called if an exception occurs. Not
>>> sure if it is a problem, GC and __del__ should take care of it.
>>
>> Hmm, this is due to a late stage change I made. I originally had this
>> broken out into two blocks where the only thing done in the first
>> try/except block was the connection, so the only exception that could
>> happen was a failed connection.
>>
>> That isn't true any more. I'll update the patch.
>
> And here you go.
>
> rob
The patch looks good.
I also opened similar ticket regarding locked status.
https://fedorahosted.org/freeipa/ticket/2643
--
Petr Vobornik
More information about the Freeipa-devel
mailing list