Mercurial > p > roundup > code
comparison roundup/cgi/actions.py @ 6684:9ca5cbffa0c4
Switch off using blank passwords for login
There is now a config.ini setting [web] login_empty_passwords to
enable logins for users without a password set. By default it's off
and every user must have a password.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Mon, 23 May 2022 17:31:50 -0400 |
| parents | b336cc98d9d2 |
| children | 3f60a71b0812 |
comparison
equal
deleted
inserted
replaced
| 6683:12c5ddf865b1 | 6684:9ca5cbffa0c4 |
|---|---|
| 1396 if db.config.WEB_MIGRATE_PASSWORDS and stored.needs_migration(): | 1396 if db.config.WEB_MIGRATE_PASSWORDS and stored.needs_migration(): |
| 1397 newpw = password.Password(givenpw, config=db.config) | 1397 newpw = password.Password(givenpw, config=db.config) |
| 1398 db.user.set(userid, password=newpw) | 1398 db.user.set(userid, password=newpw) |
| 1399 db.commit() | 1399 db.commit() |
| 1400 return 1 | 1400 return 1 |
| 1401 if not givenpw and not stored: | 1401 # allow blank password |
| 1402 if db.config.WEB_LOGIN_EMPTY_PASSWORDS and not givenpw and not stored: | |
| 1402 return 1 | 1403 return 1 |
| 1403 return 0 | 1404 return 0 |
| 1404 | 1405 |
| 1405 | 1406 |
| 1406 class ExportCSVAction(Action): | 1407 class ExportCSVAction(Action): |