- **status**: review --> open - **Reviewer**: Dave Brondsema - **Comment**:
How about doing the check in `PasswordChangeBase.to_python` which is shared between all the forms usage? If we're lucky the existing error handling will just work too, and can clean up the url repetion for `failure_redirect_url`. And if you're able to undo the changes to controllers, that'll avoid conflicts with my TurboGears changes which tweaked controllers calling `to_python`. Careful adding `__future__` to existing files, it may change behavior. Seems to be ok here though. `User-Agent` should probably use `config['site_name']` `hibp_password_check` config should go in development.ini rather than docker-dev, and add an explanation for it. me: test pwd expired and change forms' validation --- ** [tickets:#8274] Add optional HaveIBeenPwned checks for password changes** **Status:** open **Milestone:** unreleased **Created:** Thu Apr 04, 2019 02:43 PM UTC by Kenton Taylor **Last Updated:** Thu Apr 04, 2019 03:14 PM UTC **Owner:** Kenton Taylor --- Sent from forge-allura.apache.org because [email protected] is subscribed to https://forge-allura.apache.org/p/allura/tickets/ To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
