allow blank passwords again [SF#619714]

Author: Richard Jones

CHANGES.txt

@@ -13,6 +13,7 @@ are given with the most recent entry first.
 - https URLs from config now recognised as valid (sf bug 619829)
 - nicer display of tracker list in roundup-server (sf bug 619769)
 - fixed some missed renaming instance -> tracker (sf bug 619769)
+- allow blank passwords again (sf bug 619714)
 
 
 2002-10-02 0.5.0

doc/customizing.txt

@@ -2,7 +2,7 @@
 Customising Roundup
 ===================
 
-:Version: $Revision: 1.52 $
+:Version: $Revision: 1.53 $
 
 .. This document borrows from the ZopeBook section on ZPT. The original is at:
    http://www.zope.org/Documentation/Books/ZopeBook/current/ZPT.stx
@@ -580,6 +580,10 @@ Example Scenarios
    <option tal:condition="python:request.user.hasPermission('Closer')"
            value="resolved">Resolved</option>
 
+**don't give users who register through email web access**
+ Create a new Role called "Email User" which has all the Permissions of the
+ normal "User" Role minus the "Web Access" Permission. This will allow users
+ to send in emails to the tracker, but not access the web interface.
 
 
 Web Interface

roundup/backends/back_anydbm.py

@@ -15,7 +15,7 @@
 # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE,
 # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
 # 
-#$Id: back_anydbm.py,v 1.88 2002-10-07 00:52:51 richard Exp $
+#$Id: back_anydbm.py,v 1.89 2002-10-08 04:11:14 richard Exp $
 '''
 This module defines a backend that saves the hyperdatabase in a database
 chosen by anydbm. It is guaranteed to always be available in python
@@ -366,7 +366,7 @@ def serialise(self, classname, node):
             # get the property spec
             prop = properties[k]
 
-            if isinstance(prop, Password):
+            if isinstance(prop, Password) and v is not None:
                 d[k] = str(v)
             elif isinstance(prop, Date) and v is not None:
                 d[k] = v.serialise()
@@ -397,7 +397,7 @@ def unserialise(self, classname, node):
                 d[k] = date.Date(v)
             elif isinstance(prop, Interval) and v is not None:
                 d[k] = date.Interval(v)
-            elif isinstance(prop, Password):
+            elif isinstance(prop, Password) and v is not None:
                 p = password.Password()
                 p.unpack(v)
                 d[k] = p

roundup/backends/back_sqlite.py

@@ -1,4 +1,4 @@
-# $Id: back_sqlite.py,v 1.6 2002-09-27 01:04:38 richard Exp $
+# $Id: back_sqlite.py,v 1.7 2002-10-08 04:11:16 richard Exp $
 __doc__ = '''
 See https://pysqlite.sourceforge.net/ for pysqlite info
 '''
@@ -155,7 +155,7 @@ def unserialise(self, classname, node):
                 d[k] = date.Date(v)
             elif isinstance(prop, Interval) and v is not None:
                 d[k] = date.Interval(v)
-            elif isinstance(prop, Password):
+            elif isinstance(prop, Password) and v is not None:
                 p = password.Password()
                 p.unpack(v)
                 d[k] = p

roundup/backends/rdbms_common.py

@@ -1,4 +1,4 @@
-# $Id: rdbms_common.py,v 1.21 2002-10-07 00:52:51 richard Exp $
+# $Id: rdbms_common.py,v 1.22 2002-10-08 04:11:16 richard Exp $
 ''' Relational database (SQL) backend common code.
 
 Basics:
@@ -699,7 +699,7 @@ def serialise(self, classname, node):
             # get the property spec
             prop = properties[k]
 
-            if isinstance(prop, Password):
+            if isinstance(prop, Password) and v is not None:
                 d[k] = str(v)
             elif isinstance(prop, Date) and v is not None:
                 d[k] = v.serialise()
@@ -730,7 +730,7 @@ def unserialise(self, classname, node):
                 d[k] = date.Date(v)
             elif isinstance(prop, Interval) and v is not None:
                 d[k] = date.Interval(v)
-            elif isinstance(prop, Password):
+            elif isinstance(prop, Password) and v is not None:
                 p = password.Password()
                 p.unpack(v)
                 d[k] = p

roundup/cgi/client.py

@@ -1,4 +1,4 @@
-# $Id: client.py,v 1.50 2002-10-07 00:52:51 richard Exp $
+# $Id: client.py,v 1.51 2002-10-08 04:11:17 richard Exp $
 
 __doc__ = """
 WWW request handler (also used in the stand-alone server).
@@ -525,7 +525,8 @@ def loginAction(self):
         # make sure we're allowed to be here
         if not self.loginPermission():
             self.make_user_anonymous()
-            raise Unauthorised, _("You do not have permission to login")
+            self.error_message.append(_("You do not have permission to login"))
+            return
 
         # now we're OK, re-open the database for real, using the user
         self.opendb(self.user)
@@ -536,7 +537,12 @@ def loginAction(self):
     def verifyPassword(self, userid, password):
         ''' Verify the password that the user has supplied
         '''
-        return password == self.db.user.get(self.userid, 'password')
+        stored = self.db.user.get(self.userid, 'password')
+        if password == stored:
+            return 1
+        if not password and not stored:
+            return 1
+        return 0
 
     def loginPermission(self):
         ''' Determine whether the user has permission to log in.

roundup/roundupdb.py

@@ -15,7 +15,7 @@
 # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE,
 # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
 # 
-# $Id: roundupdb.py,v 1.70 2002-10-08 03:27:24 richard Exp $
+# $Id: roundupdb.py,v 1.71 2002-10-08 04:11:13 richard Exp $
 
 __doc__ = """
 Extending hyperdb with types specific to issue-tracking.
@@ -291,7 +291,7 @@ def email_signature(self, nodeid, msgid):
         # then append a trailing slash if it is missing
         base = self.db.config.TRACKER_WEB 
         if (not isinstance(base , type('')) or
-            not base.startswith('http://'):
+            not base.startswith('http://') or
             not base.startswith('https://')):
             base = "Configuration Error: TRACKER_WEB isn't a " \
                 "fully-qualified URL"