Foswiki on GitHub is open for business! Next release meeting: Monday Nov. 17, 1300Z

Item2569: Add strikeone protection for reset password and change email on 1.1

Priority: CurrentState: AppliesTo: Component: WaitingFor:
Enhancement Closed Engine    
There is a good use of also using the already implemented strikeone for password rest and changing email. It makes making spam bots a little more a challenge.

This bug report is for trunk. I already implemented it on release branch for 1.0.9

On trunk I need a hand from Crawford to get it nailed. When I implement the same code I do not get redirected to where I want to go when the validation screen shows. It seems that the needed hidden fields and the target topic is not correctly carried over. You end up on the topic you came from instead of the manage script with the message that things went OK or went wrong.

Crawford I will try to catch you on IRC to address this.

-- KennethLavrsen - 03 Jan 2010

Need more details to comment. Specifically I need to see the code changes you are making; paste a patch here?

-- CrawfordCurrie - 01 Feb 2010

The code is http://trac.foswiki.org/changeset/5922

Two simple code lines in release branch. But I get redirected to the wrong place when I do the same in trunk. You have changed something in trunk and I cannot figure out how to do it now.

-- KennethLavrsen - 20 Mar 2010

Possibly you got caught when strikeone wasn't working properly. I just added validation checks to password reset and change and bulk user registration as well as user deletion.

Were those the cases you were concerned about? If not, the same method should work anywhere else you need it.

-- CrawfordCurrie - 23 May 2010

Yes. The exact cases. And the code you checked in with SVN 7518 is the exact same one liners I could not get to work. So it seems you did fix the bug that gave me trouble.

Except I also see that you reverted the change again because of unit test trouble. We have this validation in 1.0 now so removing it in 1.1 would not fly. It is a security feature and therefore now setting it urgent so we do not forget it.

-- KennethLavrsen - 02 Jun 2010

Yeah, I had to revert it because I had far too many irons in the fire at the time, and had to focus. I thought that since you knew what had to be done......

-- CrawfordCurrie - 02 Jun 2010

Done, this time with unit tests, and more careful positioning of the validation call as well.

-- CrawfordCurrie - 07 Jun 2010

ItemTemplate edit

Summary Add strikeone protection for reset password and change email on 1.1
ReportedBy KennethLavrsen
Codebase trunk
SVN Range
AppliesTo Engine
Component
Priority Enhancement
CurrentState Closed
WaitingFor
Checkins distro:4682a03a4f2a distro:114298190984 distro:c719ad54780d distro:c27e3c17e75b
TargetRelease minor
ReleasedIn 1.1.0
Topic revision: r15 - 04 Oct 2010, KennethLavrsen
 
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. see CopyrightStatement. Creative Commons License