Closed
Bug 627882
Opened 15 years ago
Closed 14 years ago
Update email and update password take an optional password
Categories
(Cloud Services :: Server: Core, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: telliott, Assigned: tarek)
Details
Attachments
(1 file)
|
3.55 KB,
patch
|
telliott
:
review+
|
Details | Diff | Splinter Review |
def update_email(self, user_id, email, password=None):
if password is None:
return False # we need a password
This is dangerous. It's a silent failure that pretty much requires sticking prints into the code. Is there a case for this? We should do one of two things:
1) At the very least, log something somewhere that this was called without a password.
2) make password non-optional so that it breaks if you don't provide it. This seems like a good thing to do in all these functions.
|
Assignee | |
Comment 1•15 years ago
|
||
the optional password is useful only for the ldap backend. The goal is to be able to use the user auth as an alternative bind, rather than the admin.
I agree that it should not return False here, and it should do like in update_password: http://hg.mozilla.org/services/server-core/file/58b2a967aa6f/services/auth/ldapsql.py#l419
Other backend should ignore it.
|
|
Assignee | |
Comment 2•15 years ago
|
||
Attachment #512787 -
Flags: review?(telliott)
|
Reporter | |
Comment 3•15 years ago
|
||
Comment on attachment 512787 [details] [diff] [review]
Make sure we raise an error if the password is missing when needed
Your comment on the return value for one of the functions refers to a NoneImplementedError, but that's pretty minor. Rest looks good.
Attachment #512787 -
Flags: review?(telliott) → review+
|
|
Assignee | |
Comment 4•14 years ago
|
||
Partially applied, as auth.delete_user now uses the admin auth.
http://hg.mozilla.org/services/server-core/rev/1332db2f42b7
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•